344 files changed, 51144 insertions, 8180 deletions

diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
new file mode 100644
index 0000000000..dddb07842b
--- /dev/null
+++ b/src/lib/libssl/LICENSE
@@ -0,0 +1,127 @@
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts. Actually both licenses are BSD-style
+  Open Source licenses. In case of any license issues related to OpenSSL
+  please contact openssl-core@openssl.org.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
new file mode 100644
index 0000000000..80fb532c3c
--- /dev/null
+++ b/src/lib/libssl/Makefile
@@ -0,0 +1,11 @@
+# $OpenBSD: Makefile,v 1.13 2002/09/03 18:59:55 markus Exp $
+
+SUBDIR=crypto ssl man
+
+distribution:
+        ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
+           ${.CURDIR}/openssl.cnf ${DESTDIR}/etc/ssl/openssl.cnf && \
+        ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
+           ${.CURDIR}/x509v3.cnf ${DESTDIR}/etc/ssl/x509v3.cnf
+
+.include <bsd.subdir.mk>
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
new file mode 100644
index 0000000000..d683ee43e1
--- /dev/null
+++ b/src/lib/libssl/bio_ssl.c
@@ -0,0 +1,598 @@
+/* ssl/bio_ssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+static int ssl_write(BIO *h, const char *buf, int num);
+static int ssl_read(BIO *h, char *buf, int size);
+static int ssl_puts(BIO *h, const char *str);
+static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ssl_new(BIO *h);
+static int ssl_free(BIO *data);
+static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+typedef struct bio_ssl_st
+        {
+        SSL *ssl; /* The ssl handle :-) */
+        /* re-negotiate every time the total number of bytes is this size */
+        int num_renegotiates;
+        unsigned long renegotiate_count;
+        unsigned long byte_count;
+        unsigned long renegotiate_timeout;
+        unsigned long last_time;
+        } BIO_SSL;
+
+static BIO_METHOD methods_sslp=
+        {
+        BIO_TYPE_SSL,"ssl",
+        ssl_write,
+        ssl_read,
+        ssl_puts,
+        NULL, /* ssl_gets, */
+        ssl_ctrl,
+        ssl_new,
+        ssl_free,
+        ssl_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_ssl(void)
+        {
+        return(&methods_sslp);
+        }
+
+static int ssl_new(BIO *bi)
+        {
+        BIO_SSL *bs;
+
+        bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
+        if (bs == NULL)
+                {
+                BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        memset(bs,0,sizeof(BIO_SSL));
+        bi->init=0;
+        bi->ptr=(char *)bs;
+        bi->flags=0;
+        return(1);
+        }
+
+static int ssl_free(BIO *a)
+        {
+        BIO_SSL *bs;
+
+        if (a == NULL) return(0);
+        bs=(BIO_SSL *)a->ptr;
+        if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
+        if (a->shutdown)
+                {
+                if (a->init && (bs->ssl != NULL))
+                        SSL_free(bs->ssl);
+                a->init=0;
+                a->flags=0;
+                }
+        if (a->ptr != NULL)
+                OPENSSL_free(a->ptr);
+        return(1);
+        }
+        
+static int ssl_read(BIO *b, char *out, int outl)
+        {
+        int ret=1;
+        BIO_SSL *sb;
+        SSL *ssl;
+        int retry_reason=0;
+        int r=0;
+
+        if (out == NULL) return(0);
+        sb=(BIO_SSL *)b->ptr;
+        ssl=sb->ssl;
+
+        BIO_clear_retry_flags(b);
+
+#if 0
+        if (!SSL_is_init_finished(ssl))
+                {
+/*              ret=SSL_do_handshake(ssl); */
+                if (ret > 0)
+                        {
+
+                        outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
+                        ret= -1;
+                        goto end;
+                        }
+                }
+#endif
+/*      if (ret > 0) */
+        ret=SSL_read(ssl,out,outl);
+
+        switch (SSL_get_error(ssl,ret))
+                {
+        case SSL_ERROR_NONE:
+                if (ret <= 0) break;
+                if (sb->renegotiate_count > 0)
+                        {
+                        sb->byte_count+=ret;
+                        if (sb->byte_count > sb->renegotiate_count)
+                                {
+                                sb->byte_count=0;
+                                sb->num_renegotiates++;
+                                SSL_renegotiate(ssl);
+                                r=1;
+                                }
+                        }
+                if ((sb->renegotiate_timeout > 0) && (!r))
+                        {
+                        unsigned long tm;
+
+                        tm=(unsigned long)time(NULL);
+                        if (tm > sb->last_time+sb->renegotiate_timeout)
+                                {
+                                sb->last_time=tm;
+                                sb->num_renegotiates++;
+                                SSL_renegotiate(ssl);
+                                }
+                        }
+
+                break;
+        case SSL_ERROR_WANT_READ:
+                BIO_set_retry_read(b);
+                break;
+        case SSL_ERROR_WANT_WRITE:
+                BIO_set_retry_write(b);
+                break;
+        case SSL_ERROR_WANT_X509_LOOKUP:
+                BIO_set_retry_special(b);
+                retry_reason=BIO_RR_SSL_X509_LOOKUP;
+                break;
+        case SSL_ERROR_WANT_ACCEPT:
+                BIO_set_retry_special(b);
+                retry_reason=BIO_RR_ACCEPT;
+                break;
+        case SSL_ERROR_WANT_CONNECT:
+                BIO_set_retry_special(b);
+                retry_reason=BIO_RR_CONNECT;
+                break;
+        case SSL_ERROR_SYSCALL:
+        case SSL_ERROR_SSL:
+        case SSL_ERROR_ZERO_RETURN:
+        default:
+                break;
+                }
+
+        b->retry_reason=retry_reason;
+        return(ret);
+        }
+
+static int ssl_write(BIO *b, const char *out, int outl)
+        {
+        int ret,r=0;
+        int retry_reason=0;
+        SSL *ssl;
+        BIO_SSL *bs;
+
+        if (out == NULL) return(0);
+        bs=(BIO_SSL *)b->ptr;
+        ssl=bs->ssl;
+
+        BIO_clear_retry_flags(b);
+
+/*      ret=SSL_do_handshake(ssl);
+        if (ret > 0) */
+        ret=SSL_write(ssl,out,outl);
+
+        switch (SSL_get_error(ssl,ret))
+                {
+        case SSL_ERROR_NONE:
+                if (ret <= 0) break;
+                if (bs->renegotiate_count > 0)
+                        {
+                        bs->byte_count+=ret;
+                        if (bs->byte_count > bs->renegotiate_count)
+                                {
+                                bs->byte_count=0;
+                                bs->num_renegotiates++;
+                                SSL_renegotiate(ssl);
+                                r=1;
+                                }
+                        }
+                if ((bs->renegotiate_timeout > 0) && (!r))
+                        {
+                        unsigned long tm;
+
+                        tm=(unsigned long)time(NULL);
+                        if (tm > bs->last_time+bs->renegotiate_timeout)
+                                {
+                                bs->last_time=tm;
+                                bs->num_renegotiates++;
+                                SSL_renegotiate(ssl);
+                                }
+                        }
+                break;
+        case SSL_ERROR_WANT_WRITE:
+                BIO_set_retry_write(b);
+                break;
+        case SSL_ERROR_WANT_READ:
+                BIO_set_retry_read(b);
+                break;
+        case SSL_ERROR_WANT_X509_LOOKUP:
+                BIO_set_retry_special(b);
+                retry_reason=BIO_RR_SSL_X509_LOOKUP;
+                break;
+        case SSL_ERROR_WANT_CONNECT:
+                BIO_set_retry_special(b);
+                retry_reason=BIO_RR_CONNECT;
+        case SSL_ERROR_SYSCALL:
+        case SSL_ERROR_SSL:
+        default:
+                break;
+                }
+
+        b->retry_reason=retry_reason;
+        return(ret);
+        }
+
+static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        SSL **sslp,*ssl;
+        BIO_SSL *bs;
+        BIO *dbio,*bio;
+        long ret=1;
+
+        bs=(BIO_SSL *)b->ptr;
+        ssl=bs->ssl;
+        if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))
+                return(0);
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                SSL_shutdown(ssl);
+
+                if (ssl->handshake_func == ssl->method->ssl_connect)
+                        SSL_set_connect_state(ssl);
+                else if (ssl->handshake_func == ssl->method->ssl_accept)
+                        SSL_set_accept_state(ssl);
+
+                SSL_clear(ssl);
+
+                if (b->next_bio != NULL)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                else if (ssl->rbio != NULL)
+                        ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
+                else
+                        ret=1;
+                break;
+        case BIO_CTRL_INFO:
+                ret=0;
+                break;
+        case BIO_C_SSL_MODE:
+                if (num) /* client mode */
+                        SSL_set_connect_state(ssl);
+                else
+                        SSL_set_accept_state(ssl);
+                break;
+        case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
+                ret=bs->renegotiate_timeout;
+                if (num < 60) num=5;
+                bs->renegotiate_timeout=(unsigned long)num;
+                bs->last_time=(unsigned long)time(NULL);
+                break;
+        case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
+                ret=bs->renegotiate_count;
+                if ((long)num >=512)
+                        bs->renegotiate_count=(unsigned long)num;
+                break;
+        case BIO_C_GET_SSL_NUM_RENEGOTIATES:
+                ret=bs->num_renegotiates;
+                break;
+        case BIO_C_SET_SSL:
+                if (ssl != NULL)
+                        ssl_free(b);
+                b->shutdown=(int)num;
+                ssl=(SSL *)ptr;
+                ((BIO_SSL *)b->ptr)->ssl=ssl;
+                bio=SSL_get_rbio(ssl);
+                if (bio != NULL)
+                        {
+                        if (b->next_bio != NULL)
+                                BIO_push(bio,b->next_bio);
+                        b->next_bio=bio;
+                        CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
+                        }
+                b->init=1;
+                break;
+        case BIO_C_GET_SSL:
+                if (ptr != NULL)
+                        {
+                        sslp=(SSL **)ptr;
+                        *sslp=ssl;
+                        }
+                else
+                        ret=0;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_WPENDING:
+                ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_PENDING:
+                ret=SSL_pending(ssl);
+                if (ret == 0)
+                        ret=BIO_pending(ssl->rbio);
+                break;
+        case BIO_CTRL_FLUSH:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_PUSH:
+                if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
+                        {
+                        SSL_set_bio(ssl,b->next_bio,b->next_bio);
+                        CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
+                        }
+                break;
+        case BIO_CTRL_POP:
+                /* ugly bit of a hack */
+                if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
+                        {
+                        BIO_free_all(ssl->wbio);
+                        }
+                if (b->next_bio != NULL)
+                        {
+                        CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
+                        }
+                ssl->wbio=NULL;
+                ssl->rbio=NULL;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+
+                b->retry_reason=0;
+                ret=(int)SSL_do_handshake(ssl);
+
+                switch (SSL_get_error(ssl,(int)ret))
+                        {
+                case SSL_ERROR_WANT_READ:
+                        BIO_set_flags(b,
+                                BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
+                        break;
+                case SSL_ERROR_WANT_WRITE:
+                        BIO_set_flags(b,
+                                BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
+                        break;
+                case SSL_ERROR_WANT_CONNECT:
+                        BIO_set_flags(b,
+                                BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
+                        b->retry_reason=b->next_bio->retry_reason;
+                        break;
+                default:
+                        break;
+                        }
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
+                        SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
+                ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
+                ((BIO_SSL *)dbio->ptr)->renegotiate_count=
+                        ((BIO_SSL *)b->ptr)->renegotiate_count;
+                ((BIO_SSL *)dbio->ptr)->byte_count=
+                        ((BIO_SSL *)b->ptr)->byte_count;
+                ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
+                        ((BIO_SSL *)b->ptr)->renegotiate_timeout;
+                ((BIO_SSL *)dbio->ptr)->last_time=
+                        ((BIO_SSL *)b->ptr)->last_time;
+                ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
+                break;
+        case BIO_C_GET_FD:
+                ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_SET_CALLBACK:
+                {
+#if 0 /* FIXME: Should this be used?  -- Richard Levitte */
+                BIOerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ret = -1;
+#else
+                ret=0;
+#endif
+                }
+                break;
+        case BIO_CTRL_GET_CALLBACK:
+                {
+                void (**fptr)();
+
+                fptr=(void (**)())ptr;
+                *fptr=SSL_get_info_callback(ssl);
+                }
+                break;
+        default:
+                ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+
+static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        SSL *ssl;
+        BIO_SSL *bs;
+        long ret=1;
+
+        bs=(BIO_SSL *)b->ptr;
+        ssl=bs->ssl;
+        switch (cmd)
+                {
+        case BIO_CTRL_SET_CALLBACK:
+                {
+                /* FIXME: setting this via a completely different prototype
+                   seems like a crap idea */
+                SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
+                }
+                break;
+        default:
+                ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+
+static int ssl_puts(BIO *bp, const char *str)
+        {
+        int n,ret;
+
+        n=strlen(str);
+        ret=BIO_write(bp,str,n);
+        return(ret);
+        }
+
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
+        {
+#ifndef OPENSSL_NO_SOCK
+        BIO *ret=NULL,*buf=NULL,*ssl=NULL;
+
+        if ((buf=BIO_new(BIO_f_buffer())) == NULL)
+                return(NULL);
+        if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
+                goto err;
+        if ((ret=BIO_push(buf,ssl)) == NULL)
+                goto err;
+        return(ret);
+err:
+        if (buf != NULL) BIO_free(buf);
+        if (ssl != NULL) BIO_free(ssl);
+#endif
+        return(NULL);
+        }
+
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
+        {
+        BIO *ret=NULL,*con=NULL,*ssl=NULL;
+
+        if ((con=BIO_new(BIO_s_connect())) == NULL)
+                return(NULL);
+        if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
+                goto err;
+        if ((ret=BIO_push(ssl,con)) == NULL)
+                goto err;
+        return(ret);
+err:
+        if (con != NULL) BIO_free(con);
+        if (ret != NULL) BIO_free(ret);
+        return(NULL);
+        }
+
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
+        {
+        BIO *ret;
+        SSL *ssl;
+
+        if ((ret=BIO_new(BIO_f_ssl())) == NULL)
+                return(NULL);
+        if ((ssl=SSL_new(ctx)) == NULL)
+                {
+                BIO_free(ret);
+                return(NULL);
+                }
+        if (client)
+                SSL_set_connect_state(ssl);
+        else
+                SSL_set_accept_state(ssl);
+                
+        BIO_set_ssl(ret,ssl,BIO_CLOSE);
+        return(ret);
+        }
+
+int BIO_ssl_copy_session_id(BIO *t, BIO *f)
+        {
+        t=BIO_find_type(t,BIO_TYPE_SSL);
+        f=BIO_find_type(f,BIO_TYPE_SSL);
+        if ((t == NULL) || (f == NULL))
+                return(0);
+        if (    (((BIO_SSL *)t->ptr)->ssl == NULL) || 
+                (((BIO_SSL *)f->ptr)->ssl == NULL))
+                return(0);
+        SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
+        return(1);
+        }
+
+void BIO_ssl_shutdown(BIO *b)
+        {
+        SSL *s;
+
+        while (b != NULL)
+                {
+                if (b->method->type == BIO_TYPE_SSL)
+                        {
+                        s=((BIO_SSL *)b->ptr)->ssl;
+                        SSL_shutdown(s);
+                        break;
+                        }
+                b=b->next_bio;
+                }
+        }
diff --git a/src/lib/libssl/crypto/Makefile b/src/lib/libssl/crypto/Makefile
new file mode 100644
index 0000000000..dead23398f
--- /dev/null
+++ b/src/lib/libssl/crypto/Makefile
@@ -0,0 +1,265 @@
+# $OpenBSD: Makefile,v 1.31 2003/06/02 08:45:58 markus Exp $
+
+LIB=    crypto
+
+SSLEAYDIST=     src
+SSL_SRC=        ${.CURDIR}/../${SSLEAYDIST}
+LCRYPTO_SRC=    ${SSL_SRC}/crypto
+
+.if ${MACHINE_ARCH} == "i386"
+CFLAGS+= -DL_ENDIAN
+.else
+.if ${MACHINE_ARCH} == "mips"
+CFLAGS+= -DL_ENDIAN
+.else
+.if ${MACHINE_ARCH} == "vax"
+CFLAGS+= -DL_ENDIAN
+.else
+.if ${MACHINE_ARCH} == "alpha"
+# no ENDIAN stuff defined for alpha
+.else
+CFLAGS+= -DB_ENDIAN
+.endif
+.endif
+.endif
+.endif 
+
+CFLAGS+= -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
+CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DSO_DLFCN -DHAVE_DLFCN_H 
+CFLAGS+= -DOPENSSL_NO_MDC2
+CFLAGS+= -DNO_WINDOWS_BRAINDEATH
+CFLAGS+= -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER -DOPENSSL_NO_HW_ATALLA
+CFLAGS+= -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC -DOPENSSL_NO_HW_AEP
+CFLAGS+= -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
+CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST}
+CFLAGS+= -I${LCRYPTO_SRC}
+SRCS+= o_time.c
+SRCS+=  cryptlib.c ex_data.c cpt_err.c mem.c mem_dbg.c mem_clr.c
+SRCS+=  tmdiff.c cversion.c uid.c
+SRCS+=  md2_dgst.c md2_one.c                                    
+SRCS+=  md5_dgst.c md5_one.c                                    
+SRCS+=  sha_dgst.c sha1dgst.c sha_one.c sha1_one.c      
+#SRCS+= mdc2dgst.c mdc2_one.c                                   
+SRCS+=  hmac.c                                                  
+SRCS+=  rmd_dgst.c rmd_one.c                            
+SRCS+= aes_cbc.c aes_cfb.c aes_ctr.c aes_ecb.c aes_ofb.c aes_misc.c aes_core.c
+SRCS+=  cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \
+        ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c \
+        ofb64enc.c ofb_enc.c pcbc_enc.c \
+        qud_cksm.c rand_key.c rpc_enc.c set_key.c \
+        des_enc.c des_old2.c fcrypt_b.c \
+        fcrypt.c xcbc_enc.c ede_cbcm_enc.c \
+        str2key.c cfb64ede.c ofb64ede.c \
+        des_old.c read2pwd.c
+SRCS+=  rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c
+SRCS+=  rc2ofb64.c                                                      
+SRCS+=  rc4_skey.c rc4_enc.c
+#SRCS+= rc5_skey.c rc5_ecb.c rc5cfb64.c rc5cfb64.c      
+#SRCS+= rc5ofb64.c rc5_enc.c
+#SRCS+= i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c             
+#SRCS+= i_skey.c                                                        
+SRCS+=  bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c bf_enc.c               
+SRCS+=  c_skey.c c_ecb.c c_cfb64.c c_ofb64.c c_enc.c    
+SRCS+=  bn_add.c bn_div.c bn_exp.c bn_lib.c
+SRCS+=  bn_mul.c bn_print.c bn_rand.c bn_shift.c
+SRCS+=  bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c
+SRCS+=  bn_sqr.c bn_recp.c bn_mont.c bn_mpi.c bn_asm.c bn_mod.c
+SRCS+=  bn_exp2.c bn_ctx.c
+SRCS+=  bn_sqrt.c bn_kron.c
+SRCS+=  rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c
+SRCS+=  rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c
+SRCS+=  rsa_none.c rsa_chk.c rsa_oaep.c rsa_null.c rsa_asn1.c
+SRCS+=  dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c         
+SRCS+=  dsa_sign.c dsa_err.c dsa_asn1.c dsa_ossl.c
+SRCS+=  dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_asn1.c
+SRCS+=  buffer.c buf_err.c                              
+SRCS+=  bio_lib.c bio_cb.c bio_err.c bss_mem.c          
+SRCS+=  bss_null.c bss_fd.c bss_file.c bss_sock.c       
+SRCS+=  bss_conn.c bf_null.c bf_buff.c 
+SRCS+=  b_print.c b_dump.c b_sock.c bss_acpt.c          
+SRCS+=  bf_nbio.c bss_bio.c bss_log.c
+SRCS+=  stack.c                                                 
+SRCS+=  lhash.c lh_stats.c                                      
+SRCS+=  md_rand.c randfile.c rand_lib.c rand_egd.c rand_err.c rand_unix.c
+SRCS+=  err.c err_all.c err_prn.c                               
+SRCS+=  obj_dat.c obj_lib.c obj_err.c o_names.c
+SRCS+= bio_b64.c e_bf.c m_sha.c p_open.c
+SRCS+= bio_enc.c e_cast.c e_xcbc_d.c m_dss.c m_sha1.c p_seal.c
+SRCS+= bio_md.c e_des.c encode.c m_dss1.c names.c p_sign.c
+SRCS+= bio_ok.c e_des3.c evp_enc.c m_md2.c p_verify.c
+SRCS+= c_all.c evp_err.c evp_acnf.c m_md4.c p5_crpt.c
+SRCS+= c_allc.c evp_key.c m_md5.c p5_crpt2.c
+SRCS+= c_alld.c e_null.c evp_lib.c p_dec.c
+SRCS+= digest.c e_rc2.c evp_pbe.c m_null.c p_enc.c
+SRCS+= e_aes.c e_rc4.c evp_pkey.c m_ripemd.c p_lib.c
+SRCS+= md4_dgst.c md4_one.c
+SRCS+=  pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_pkey.c   
+SRCS+=  pem_all.c pem_err.c pem_x509.c pem_pk8.c pem_oth.c pem_xaux.c
+SRCS+=  ui_err.c ui_lib.c ui_openssl.c ui_compat.c ui_util.c
+SRCS+= a_bitstr.c a_mbstr.c a_utctm.c f_enum.c t_bitst.c x_name.c
+SRCS+= a_bool.c a_meth.c a_utf8.c f_int.c t_crl.c tasn_typ.c x_pkey.c
+SRCS+= a_bytes.c a_object.c a_verify.c f_string.c t_pkey.c tasn_utl.c x_pubkey.c
+SRCS+= a_d2i_fp.c a_octet.c asn1_err.c i2d_pr.c t_req.c x_algor.c x_req.c
+SRCS+= a_digest.c a_print.c asn1_lib.c i2d_pu.c t_spki.c x_attrib.c x_sig.c
+SRCS+= a_dup.c a_set.c asn1_par.c n_pkey.c t_x509.c x_bignum.c x_spki.c
+SRCS+= a_enum.c a_sign.c asn_pack.c nsseq.c t_x509a.c x_val.c
+SRCS+= a_gentm.c a_strex.c d2i_pr.c p5_pbe.c tasn_dec.c x_crl.c x_x509.c
+SRCS+= a_hdr.c a_strnid.c d2i_pu.c p5_pbev2.c tasn_enc.c x_exten.c x_x509a.c
+SRCS+= a_i2d_fp.c a_time.c evp_asn1.c tasn_fre.c x_info.c
+SRCS+=a_int.c a_type.c p8_pkey.c tasn_new.c x_long.c asn_moid.c
+SRCS+= x509_d2.c x509_lu.c x509_set.c x509_vfy.c x509spki.c by_dir.c
+SRCS+= x509_def.c x509_obj.c x509_trs.c x509cset.c x509type.c by_file.c
+SRCS+= x509_att.c x509_err.c x509_r2x.c x509_txt.c x509name.c x_all.c
+SRCS+= x509_cmp.c x509_ext.c x509_req.c x509_v3.c x509rset.c
+SRCS+=  v3_akey.c v3_alt.c v3_bcons.c v3_bitst.c v3_conf.c v3_cpols.c
+SRCS+=  v3_crld.c v3_enum.c v3_extku.c v3_genn.c v3_ia5.c v3_int.c
+SRCS+=  v3_lib.c v3_pku.c v3_prn.c v3_skey.c v3_sxnet.c v3_utl.c
+SRCS+=  v3err.c v3_info.c v3_purp.c v3_ocsp.c v3_akeya.c
+SRCS+=  conf_err.c conf_lib.c conf_def.c conf_api.c conf_mod.c conf_mall.c
+SRCS+=  conf_sap.c
+SRCS+=  txt_db.c                                                        
+SRCS+= pk7_lib.c pkcs7err.c
+SRCS+= pk7_asn1.c pk7_doit.c pk7_mime.c 
+SRCS+= pk7_attr.c pk7_smime.c
+SRCS+=  c_rle.c c_zlib.c comp_lib.c comp_err.c
+SRCS+=  p12_add.c p12_crpt.c p12_init.c p12_mutl.c p12_p8e.c
+SRCS+=  p12_asn.c p12_crt.c p12_key.c p12_npas.c p12_utl.c
+SRCS+=  p12_attr.c p12_decr.c p12_kiss.c p12_p8d.c pk12err.c
+SRCS+= eng_all.c eng_openssl.c eng_ctrl.c eng_pkey.c
+SRCS+= eng_dyn.c eng_table.c tb_cipher.c eng_err.c tb_rsa.c
+SRCS+= hw_cryptodev.c eng_cnf.c
+SRCS+= tb_dh.c eng_fat.c tb_digest.c eng_init.c
+SRCS+= tb_dsa.c eng_lib.c tb_rand.c eng_list.c
+SRCs+= tb_rsa.c
+SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c
+SRCS+= dso_openssl.c dso_win32.c dso_vms.c
+SRCS+= ocsp_asn.c ocsp_err.c ocsp_ht.c ocsp_prn.c ocsp_vfy.c
+SRCS+= ocsp_cl.c ocsp_ext.c ocsp_lib.c ocsp_srv.c
+SRCS+= ec_cvt.c ec_lib.c ecp_mont.c ecp_recp.c
+SRCS+= ec_err.c ec_mult.c ecp_nist.c ecp_smpl.c
+
+.PATH:  ${LCRYPTO_SRC}/md2 ${LCRYPTO_SRC}/md5 ${LCRYPTO_SRC}/sha \
+        ${LCRYPTO_SRC}/mdc2 ${LCRYPTO_SRC}/hmac ${LCRYPTO_SRC}/ripemd \
+        ${LCRYPTO_SRC}/des ${LCRYPTO_SRC}/rc2 ${LCRYPTO_SRC}/rc4 \
+        ${LCRYPTO_SRC}/rc5 ${LCRYPTO_SRC}/idea ${LCRYPTO_SRC}/bf \
+        ${LCRYPTO_SRC}/cast ${LCRYPTO_SRC}/bn ${LCRYPTO_SRC}/rsa \
+        ${LCRYPTO_SRC}/dsa ${LCRYPTO_SRC}/dh ${LCRYPTO_SRC}/buffer \
+        ${LCRYPTO_SRC}/bio ${LCRYPTO_SRC}/stack ${LCRYPTO_SRC}/lhash \
+        ${LCRYPTO_SRC}/rand ${LCRYPTO_SRC}/err ${LCRYPTO_SRC}/objects \
+        ${LCRYPTO_SRC}/evp ${LCRYPTO_SRC}/pem ${LCRYPTO_SRC}/asn1 \
+        ${LCRYPTO_SRC}/asn1 ${LCRYPTO_SRC}/x509 ${LCRYPTO_SRC}/conf \
+        ${LCRYPTO_SRC}/pkcs7 ${LCRYPTO_SRC}/x509v3 ${LCRYPTO_SRC}/pkcs12 \
+        ${LCRYPTO_SRC}/comp ${LCRYPTO_SRC}/txt_db ${LCRYPTO_SRC}/md4 \
+        ${LCRYPTO_SRC}/engine ${LCRYPTO_SRC}/dso ${LCRYPTO_SRC}/ui \
+        ${LCRYPTO_SRC}/ocsp ${LCRYPTO_SRC}/ec ${LCRYPTO_SRC}/aes ${LCRYPTO_SRC}
+
+HDRS=\
+        crypto/aes/aes.h \
+        crypto/asn1/asn1.h \
+        crypto/asn1/asn1_mac.h \
+        crypto/asn1/asn1t.h \
+        crypto/bf/blowfish.h \
+        crypto/bio/bio.h \
+        crypto/bn/bn.h \
+        crypto/buffer/buffer.h \
+        crypto/cast/cast.h \
+        crypto/comp/comp.h \
+        crypto/conf/conf.h \
+        crypto/conf/conf_api.h \
+        crypto/crypto.h \
+        crypto/des/des.h \
+        crypto/des/des_old.h \
+        crypto/dh/dh.h \
+        crypto/dsa/dsa.h \
+        crypto/dso/dso.h \
+        crypto/ebcdic.h \
+        crypto/ec/ec.h \
+        crypto/engine/engine.h \
+        crypto/err/err.h \
+        crypto/evp/evp.h \
+        crypto/hmac/hmac.h \
+        crypto/idea/idea.h \
+        crypto/lhash/lhash.h \
+        crypto/md2/md2.h \
+        crypto/md4/md4.h \
+        crypto/md5/md5.h \
+        crypto/mdc2/mdc2.h \
+        crypto/objects/objects.h \
+        crypto/ocsp/ocsp.h \
+        crypto/opensslv.h \
+        crypto/ossl_typ.h \
+        crypto/pem/pem.h \
+        crypto/pem/pem2.h \
+        crypto/pkcs12/pkcs12.h \
+        crypto/pkcs7/pkcs7.h \
+        crypto/rand/rand.h \
+        crypto/rc2/rc2.h \
+        crypto/rc4/rc4.h \
+        crypto/rc5/rc5.h \
+        crypto/ripemd/ripemd.h \
+        crypto/rsa/rsa.h \
+        crypto/sha/sha.h \
+        crypto/stack/safestack.h \
+        crypto/stack/stack.h \
+        crypto/symhacks.h \
+        crypto/tmdiff.h \
+        crypto/txt_db/txt_db.h \
+        crypto/ui/ui.h \
+        crypto/ui/ui_compat.h \
+        crypto/x509/x509.h \
+        crypto/x509/x509_vfy.h \
+        crypto/x509v3/x509v3.h \
+        e_os2.h
+
+HDRS_GEN=\
+        ${.CURDIR}/arch/${MACHINE_ARCH}/opensslconf.h \
+        ${.OBJDIR}/obj_mac.h
+
+includes: obj_mac.h
+        @test -d ${DESTDIR}/usr/include/openssl || \
+            mkdir ${DESTDIR}/usr/include/openssl
+        @cd ${SSL_SRC}; \
+        for i in $(HDRS); do \
+            j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \
+            ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\
+                ${DESTDIR}/usr/include/openssl"; \
+            echo $$j; \
+            eval "$$j"; \
+        done; \
+        for i in $(HDRS_GEN); do \
+            j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \
+            ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\
+                ${DESTDIR}/usr/include/openssl"; \
+            echo $$j; \
+            eval "$$j"; \
+        done;
+
+# generated
+CFLAGS+= -I${.OBJDIR}
+
+GENERATED=obj_mac.h obj_dat.h
+CLEANFILES=${GENERATED} obj_mac.num.tmp
+SSL_OBJECTS=${SSL_SRC}/crypto/objects
+
+obj_mac.h: ${SSL_OBJECTS}/objects.h ${SSL_OBJECTS}/obj_mac.num ${SSL_OBJECTS}/objects.txt
+        cat ${SSL_OBJECTS}/obj_mac.num > obj_mac.num.tmp
+        /usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt obj_mac.num.tmp obj_mac.h
+
+obj_dat.h: obj_mac.h
+        /usr/bin/perl ${SSL_OBJECTS}/obj_dat.pl obj_mac.h obj_dat.h
+
+.if (${MACHINE_ARCH} == "vax")
+# egcs bombs optimising this file on vax
+a_strnid.o:
+        ${CC} ${CFLAGS} -O0 ${CPPFLAGS} -c ${.IMPSRC}
+a_strnid.po:           
+        ${CC} ${CFLAGS} -O0 ${CPPFLAGS} -c ${.IMPSRC} -o $@
+des_enc.o:             
+        ${CC} ${CFLAGS} -O1 ${CPPFLAGS} -c ${.IMPSRC}
+des_enc.po:            
+        ${CC} ${CFLAGS} -O1 ${CPPFLAGS} -c ${.IMPSRC} -o $@
+.endif  
+
+all beforedepend: ${GENERATED}
+
+.include <bsd.lib.mk>
diff --git a/src/lib/libssl/crypto/arch/alpha/opensslconf.h b/src/lib/libssl/crypto/arch/alpha/opensslconf.h
new file mode 100644
index 0000000000..c33ccc8a0f
--- /dev/null
+++ b/src/lib/libssl/crypto/arch/alpha/opensslconf.h
@@ -0,0 +1,180 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libssl/src/crypto/opensslconf.h b/src/lib/libssl/crypto/arch/hppa/opensslconf.h
index 492041bc7c..0334dbdfc6 100644
--- a/src/lib/libssl/src/crypto/opensslconf.h
+++ b/src/lib/libssl/crypto/arch/hppa/opensslconf.h
@@ -27,7 +27,7 @@
 
 #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/usr/local/ssl"
+#define OPENSSLDIR "/etc/ssl"
 #endif
 #endif
 
@@ -69,7 +69,7 @@
 #endif
 #endif
 
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
 /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
  * %20 speed up (longs are 8 bytes, int's are 4). */
 #ifndef DES_LONG
@@ -79,7 +79,7 @@
 
 #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
 #define CONFIG_HEADER_BN_H
-#undef BN_LLONG
+#define BN_LLONG
 
 /* Should we define BN_DIV2W here? */
 
@@ -98,7 +98,7 @@
 #define CONFIG_HEADER_RC4_LOCL_H
 /* if this is defined data[i] is used instead of *data, this is a %20
  * speedup on x86 */
-#undef RC4_INDEX
+#define RC4_INDEX
 #endif
 
 #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
@@ -133,7 +133,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 /* Unroll the inner loop, this sometimes helps, sometimes hinders.
  * Very mucy CPU dependant */
 #ifndef DES_UNROLL
-#undef DES_UNROLL
+#define DES_UNROLL
 #endif
 
 /* These default values were supplied by
diff --git a/src/lib/libssl/crypto/arch/i386/opensslconf.h b/src/lib/libssl/crypto/arch/i386/opensslconf.h
new file mode 100644
index 0000000000..7361ac56a1
--- /dev/null
+++ b/src/lib/libssl/crypto/arch/i386/opensslconf.h
@@ -0,0 +1,180 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libssl/crypto/arch/m68k/opensslconf.h b/src/lib/libssl/crypto/arch/m68k/opensslconf.h
new file mode 100644
index 0000000000..47a6dd8596
--- /dev/null
+++ b/src/lib/libssl/crypto/arch/m68k/opensslconf.h
@@ -0,0 +1,180 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libssl/crypto/arch/m88k/opensslconf.h b/src/lib/libssl/crypto/arch/m88k/opensslconf.h
new file mode 100644
index 0000000000..47a6dd8596
--- /dev/null
+++ b/src/lib/libssl/crypto/arch/m88k/opensslconf.h
@@ -0,0 +1,180 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libssl/crypto/arch/mips/opensslconf.h b/src/lib/libssl/crypto/arch/mips/opensslconf.h
new file mode 100644
index 0000000000..2b030ba088
--- /dev/null
+++ b/src/lib/libssl/crypto/arch/mips/opensslconf.h
@@ -0,0 +1,180 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libssl/crypto/arch/powerpc/opensslconf.h b/src/lib/libssl/crypto/arch/powerpc/opensslconf.h
new file mode 100644
index 0000000000..47a6dd8596
--- /dev/null
+++ b/src/lib/libssl/crypto/arch/powerpc/opensslconf.h
@@ -0,0 +1,180 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libssl/crypto/arch/sparc/opensslconf.h b/src/lib/libssl/crypto/arch/sparc/opensslconf.h
new file mode 100644
index 0000000000..47a6dd8596
--- /dev/null
+++ b/src/lib/libssl/crypto/arch/sparc/opensslconf.h
@@ -0,0 +1,180 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libssl/crypto/arch/sparc64/opensslconf.h b/src/lib/libssl/crypto/arch/sparc64/opensslconf.h
new file mode 100644
index 0000000000..053308653b
--- /dev/null
+++ b/src/lib/libssl/crypto/arch/sparc64/opensslconf.h
@@ -0,0 +1,180 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#define BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libssl/crypto/arch/vax/opensslconf.h b/src/lib/libssl/crypto/arch/vax/opensslconf.h
new file mode 100644
index 0000000000..47a6dd8596
--- /dev/null
+++ b/src/lib/libssl/crypto/arch/vax/opensslconf.h
@@ -0,0 +1,180 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libssl/crypto/shlib_version b/src/lib/libssl/crypto/shlib_version
new file mode 100644
index 0000000000..c10074d52a
--- /dev/null
+++ b/src/lib/libssl/crypto/shlib_version
@@ -0,0 +1,2 @@
+major=10
+minor=0
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
new file mode 100644
index 0000000000..eca51c3322
--- /dev/null
+++ b/src/lib/libssl/doc/openssl.cnf
@@ -0,0 +1,255 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME                    = .
+RANDFILE                = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file               = $ENV::HOME/.oid
+oid_section             = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions            = 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca      = CA_default            # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir             = ./demoCA              # Where everything is kept
+certs           = $dir/certs            # Where the issued certs are kept
+crl_dir         = $dir/crl              # Where the issued crl are kept
+database        = $dir/index.txt        # database index file.
+new_certs_dir   = $dir/newcerts         # default place for new certs.
+
+certificate     = $dir/cacert.pem       # The CA certificate
+serial          = $dir/serial           # The current serial number
+crl             = $dir/crl.pem          # The current CRL
+private_key     = $dir/private/cakey.pem# The private key
+RANDFILE        = $dir/private/.rand    # private random number file
+
+x509_extensions = usr_cert              # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt        = ca_default            # Subject Name options
+cert_opt        = ca_default            # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions        = crl_ext
+
+default_days    = 365                   # how long to certify for
+default_crl_days= 30                    # how long before next CRL
+default_md      = md5                   # which md to use.
+preserve        = no                    # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy          = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+####################################################################
+[ req ]
+default_bits            = 1024
+default_keyfile         = privkey.pem
+distinguished_name      = req_distinguished_name
+attributes              = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix   : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+countryName_default             = AU
+countryName_min                 = 2
+countryName_max                 = 2
+
+stateOrProvinceName             = State or Province Name (full name)
+stateOrProvinceName_default     = Some-State
+
+localityName                    = Locality Name (eg, city)
+
+0.organizationName              = Organization Name (eg, company)
+0.organizationName_default      = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName             = Second Organization Name (eg, company)
+#1.organizationName_default     = World Wide Web Pty Ltd
+
+organizationalUnitName          = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName                      = Common Name (eg, YOUR name)
+commonName_max                  = 64
+
+emailAddress                    = Email Address
+emailAddress_max                = 64
+
+# SET-ex3                       = SET extension number 3
+
+[ req_attributes ]
+challengePassword               = A challenge password
+challengePassword_min           = 4
+challengePassword_max           = 20
+
+unstructuredName                = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType                    = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment                       = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl              = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
new file mode 100644
index 0000000000..432a17b66c
--- /dev/null
+++ b/src/lib/libssl/doc/openssl.txt
@@ -0,0 +1,1235 @@
+
+This is some preliminary documentation for OpenSSL.
+
+Contents:
+
+ OpenSSL X509V3 extension configuration
+ X509V3 Extension code: programmers guide
+ PKCS#12 Library
+
+
+==============================================================================
+               OpenSSL X509V3 extension configuration
+==============================================================================
+
+OpenSSL X509V3 extension configuration: preliminary documentation.
+
+INTRODUCTION.
+
+For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
+possible to add and print out common X509 V3 certificate and CRL extensions.
+
+BEGINNERS NOTE
+
+For most simple applications you don't need to know too much about extensions:
+the default openssl.cnf values will usually do sensible things.
+
+If you want to know more you can initially quickly look through the sections
+describing how the standard OpenSSL utilities display and add extensions and
+then the list of supported extensions.
+
+For more technical information about the meaning of extensions see:
+
+http://www.imc.org/ietf-pkix/
+http://home.netscape.com/eng/security/certs.html
+
+PRINTING EXTENSIONS.
+
+Extension values are automatically printed out for supported extensions.
+
+openssl x509 -in cert.pem -text
+openssl crl -in crl.pem -text
+
+will give information in the extension printout, for example:
+
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
+            X509v3 Authority Key Identifier: 
+                keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Subject Alternative Name: 
+                email:email@1.address, email:email@2.address
+
+CONFIGURATION FILES.
+
+The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
+which certificate extensions to include. In each case a line:
+
+x509_extensions = extension_section
+
+indicates which section contains the extensions. In the case of 'req' the
+extension section is used when the -x509 option is present to create a
+self signed root certificate.
+
+The 'x509' utility also supports extensions when it signs a certificate.
+The -extfile option is used to set the configuration file containing the
+extensions. In this case a line with:
+
+extensions = extension_section
+
+in the nameless (default) section is used. If no such line is included then
+it uses the default section.
+
+You can also add extensions to CRLs: a line
+
+crl_extensions = crl_extension_section
+
+will include extensions when the -gencrl option is used with the 'ca' utility.
+You can add any extension to a CRL but of the supported extensions only
+issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
+CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
+CRL entry extensions can be displayed.
+
+NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
+you should not include a crl_extensions line in the configuration file.
+
+As with all configuration files you can use the inbuilt environment expansion
+to allow the values to be passed in the environment. Therefore if you have
+several extension sections used for different purposes you can have a line:
+
+x509_extensions = $ENV::ENV_EXT
+
+and set the ENV_EXT environment variable before calling the relevant utility.
+
+EXTENSION SYNTAX.
+
+Extensions have the basic form:
+
+extension_name=[critical,] extension_options
+
+the use of the critical option makes the extension critical. Extreme caution
+should be made when using the critical flag. If an extension is marked
+as critical then any client that does not understand the extension should
+reject it as invalid. Some broken software will reject certificates which
+have *any* critical extensions (these violates PKIX but we have to live
+with it).
+
+There are three main types of extension: string extensions, multi-valued
+extensions, and raw extensions.
+
+String extensions simply have a string which contains either the value itself
+or how it is obtained.
+
+For example:
+
+nsComment="This is a Comment"
+
+Multi-valued extensions have a short form and a long form. The short form
+is a list of names and values:
+
+basicConstraints=critical,CA:true,pathlen:1
+
+The long form allows the values to be placed in a separate section:
+
+basicConstraints=critical,@bs_section
+
+[bs_section]
+
+CA=true
+pathlen=1
+
+Both forms are equivalent. However it should be noted that in some cases the
+same name can appear multiple times, for example,
+
+subjectAltName=email:steve@here,email:steve@there
+
+in this case an equivalent long form is:
+
+subjectAltName=@alt_section
+
+[alt_section]
+
+email.1=steve@here
+email.2=steve@there
+
+This is because the configuration file code cannot handle the same name
+occurring twice in the same section.
+
+The syntax of raw extensions is governed by the extension code: it can
+for example contain data in multiple sections. The correct syntax to
+use is defined by the extension code itself: check out the certificate
+policies extension for an example.
+
+In addition it is also possible to use the word DER to include arbitrary
+data in any extension.
+
+1.2.3.4=critical,DER:01:02:03:04
+1.2.3.4=DER:01020304
+
+The value following DER is a hex dump of the DER encoding of the extension
+Any extension can be placed in this form to override the default behaviour.
+For example:
+
+basicConstraints=critical,DER:00:01:02:03
+
+WARNING: DER should be used with caution. It is possible to create totally
+invalid extensions unless care is taken.
+
+CURRENTLY SUPPORTED EXTENSIONS.
+
+If you aren't sure about extensions then they can be largely ignored: its only
+when you want to do things like restrict certificate usage when you need to
+worry about them. 
+
+The only extension that a beginner might want to look at is Basic Constraints.
+If in addition you want to try Netscape object signing the you should also
+look at Netscape Certificate Type.
+
+Literal String extensions.
+
+In each case the 'value' of the extension is placed directly in the
+extension. Currently supported extensions in this category are: nsBaseUrl,
+nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
+nsSslServerName and nsComment.
+
+For example:
+
+nsComment="This is a test comment"
+
+Bit Strings.
+
+Bit string extensions just consist of a list of supported bits, currently
+two extensions are in this category: PKIX keyUsage and the Netscape specific
+nsCertType.
+
+nsCertType (netscape certificate type) takes the flags: client, server, email,
+objsign, reserved, sslCA, emailCA, objCA.
+
+keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
+keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
+encipherOnly, decipherOnly.
+
+For example:
+
+nsCertType=server
+
+keyUsage=digitalSignature, nonRepudiation
+
+Hints on Netscape Certificate Type.
+
+Other than Basic Constraints this is the only extension a beginner might
+want to use, if you want to try Netscape object signing, otherwise it can
+be ignored.
+
+If you want a certificate that can be used just for object signing then:
+
+nsCertType=objsign
+
+will do the job. If you want to use it as a normal end user and server
+certificate as well then
+
+nsCertType=objsign,email,server
+
+is more appropriate. You cannot use a self signed certificate for object
+signing (well Netscape signtool can but it cheats!) so you need to create
+a CA certificate and sign an end user certificate with it.
+
+Side note: If you want to conform to the Netscape specifications then you
+should really also set:
+
+nsCertType=objCA
+
+in the *CA* certificate for just an object signing CA and
+
+nsCertType=objCA,emailCA,sslCA
+
+for everything. Current Netscape software doesn't enforce this so it can
+be omitted.
+
+Basic Constraints.
+
+This is generally the only extension you need to worry about for simple
+applications. If you want your certificate to be usable as a CA certificate
+(in addition to an end user certificate) then you set this to:
+
+basicConstraints=CA:TRUE
+
+if you want to be certain the certificate cannot be used as a CA then do:
+
+basicConstraints=CA:FALSE
+
+The rest of this section describes more advanced usage.
+
+Basic constraints is a multi-valued extension that supports a CA and an
+optional pathlen option. The CA option takes the values true and false and
+pathlen takes an integer. Note if the CA option is false the pathlen option
+should be omitted. 
+
+The pathlen parameter indicates the maximum number of CAs that can appear
+below this one in a chain. So if you have a CA with a pathlen of zero it can
+only be used to sign end user certificates and not further CAs. This all
+assumes that the software correctly interprets this extension of course.
+
+Examples:
+
+basicConstraints=CA:TRUE
+basicConstraints=critical,CA:TRUE, pathlen:0
+
+NOTE: for a CA to be considered valid it must have the CA option set to
+TRUE. An end user certificate MUST NOT have the CA value set to true.
+According to PKIX recommendations it should exclude the extension entirely,
+however some software may require CA set to FALSE for end entity certificates.
+
+Extended Key Usage.
+
+This extensions consists of a list of usages.
+
+These can either be object short names of the dotted numerical form of OIDs.
+While any OID can be used only certain values make sense. In particular the
+following PKIX, NS and MS values are meaningful:
+
+Value                   Meaning
+-----                   -------
+serverAuth              SSL/TLS Web Server Authentication.
+clientAuth              SSL/TLS Web Client Authentication.
+codeSigning             Code signing.
+emailProtection         E-mail Protection (S/MIME).
+timeStamping            Trusted Timestamping
+msCodeInd               Microsoft Individual Code Signing (authenticode)
+msCodeCom               Microsoft Commercial Code Signing (authenticode)
+msCTLSign               Microsoft Trust List Signing
+msSGC                   Microsoft Server Gated Crypto
+msEFS                   Microsoft Encrypted File System
+nsSGC                   Netscape Server Gated Crypto
+
+For example, under IE5 a CA can be used for any purpose: by including a list
+of the above usages the CA can be restricted to only authorised uses.
+
+Note: software packages may place additional interpretations on certificate 
+use, in particular some usages may only work for selected CAs. Don't for example
+expect just including msSGC or nsSGC will automatically mean that a certificate
+can be used for SGC ("step up" encryption) otherwise anyone could use it.
+
+Examples:
+
+extendedKeyUsage=critical,codeSigning,1.2.3.4
+extendedKeyUsage=nsSGC,msSGC
+
+Subject Key Identifier.
+
+This is really a string extension and can take two possible values. Either
+a hex string giving details of the extension value to include or the word
+'hash' which then automatically follow PKIX guidelines in selecting and
+appropriate key identifier. The use of the hex string is strongly discouraged.
+
+Example: subjectKeyIdentifier=hash
+
+Authority Key Identifier.
+
+The authority key identifier extension permits two options. keyid and issuer:
+both can take the optional value "always".
+
+If the keyid option is present an attempt is made to copy the subject key
+identifier from the parent certificate. If the value "always" is present
+then an error is returned if the option fails.
+
+The issuer option copies the issuer and serial number from the issuer
+certificate. Normally this will only be done if the keyid option fails or
+is not included: the "always" flag will always include the value.
+
+Subject Alternative Name.
+
+The subject alternative name extension allows various literal values to be
+included in the configuration file. These include "email" (an email address)
+"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
+registered ID: OBJECT IDENTIFIER) and IP (and IP address).
+
+Also the email option include a special 'copy' value. This will automatically
+include and email addresses contained in the certificate subject name in
+the extension.
+
+Examples:
+
+subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+subjectAltName=email:my@other.address,RID:1.2.3.4
+
+Issuer Alternative Name.
+
+The issuer alternative name option supports all the literal options of
+subject alternative name. It does *not* support the email:copy option because
+that would not make sense. It does support an additional issuer:copy option
+that will copy all the subject alternative name values from the issuer 
+certificate (if possible).
+
+Example:
+
+issuserAltName = issuer:copy
+
+Authority Info Access.
+
+The authority information access extension gives details about how to access
+certain information relating to the CA. Its syntax is accessOID;location
+where 'location' has the same syntax as subject alternative name (except
+that email:copy is not supported). accessOID can be any valid OID but only
+certain values are meaningful for example OCSP and caIssuers. OCSP gives the
+location of an OCSP responder: this is used by Netscape PSM and other software.
+
+Example:
+
+authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
+
+CRL distribution points.
+
+This is a multi-valued extension that supports all the literal options of
+subject alternative name. Of the few software packages that currently interpret
+this extension most only interpret the URI option.
+
+Currently each option will set a new DistributionPoint with the fullName
+field set to the given value.
+
+Other fields like cRLissuer and reasons cannot currently be set or displayed:
+at this time no examples were available that used these fields.
+
+If you see this extension with <UNSUPPORTED> when you attempt to print it out
+or it doesn't appear to display correctly then let me know, including the
+certificate (mail me at steve@openssl.org) .
+
+Examples:
+
+crlDistributionPoints=URI:http://www.myhost.com/myca.crl
+crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
+
+Certificate Policies.
+
+This is a RAW extension. It attempts to display the contents of this extension:
+unfortunately this extension is often improperly encoded.
+
+The certificate policies extension will rarely be used in practice: few
+software packages interpret it correctly or at all. IE5 does partially
+support this extension: but it needs the 'ia5org' option because it will
+only correctly support a broken encoding. Of the options below only the
+policy OID, explicitText and CPS options are displayed with IE5.
+
+All the fields of this extension can be set by using the appropriate syntax.
+
+If you follow the PKIX recommendations of not including any qualifiers and just
+using only one OID then you just include the value of that OID. Multiple OIDs
+can be set separated by commas, for example:
+
+certificatePolicies= 1.2.4.5, 1.1.3.4
+
+If you wish to include qualifiers then the policy OID and qualifiers need to
+be specified in a separate section: this is done by using the @section syntax
+instead of a literal OID value.
+
+The section referred to must include the policy OID using the name
+policyIdentifier, cPSuri qualifiers can be included using the syntax:
+
+CPS.nnn=value
+
+userNotice qualifiers can be set using the syntax:
+
+userNotice.nnn=@notice
+
+The value of the userNotice qualifier is specified in the relevant section.
+This section can include explicitText, organization and noticeNumbers
+options. explicitText and organization are text strings, noticeNumbers is a
+comma separated list of numbers. The organization and noticeNumbers options
+(if included) must BOTH be present. If you use the userNotice option with IE5
+then you need the 'ia5org' option at the top level to modify the encoding:
+otherwise it will not be interpreted properly.
+
+Example:
+
+certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
+
+[polsect]
+
+policyIdentifier = 1.3.5.8
+CPS.1="http://my.host.name/"
+CPS.2="http://my.your.name/"
+userNotice.1=@notice
+
+[notice]
+
+explicitText="Explicit Text Here"
+organization="Organisation Name"
+noticeNumbers=1,2,3,4
+
+TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
+according to PKIX it should be of type DisplayText but Verisign uses an 
+IA5STRING and IE5 needs this too.
+
+Display only extensions.
+
+Some extensions are only partially supported and currently are only displayed
+but cannot be set. These include private key usage period, CRL number, and
+CRL reason.
+
+==============================================================================
+                X509V3 Extension code: programmers guide
+==============================================================================
+
+The purpose of the extension code is twofold. It allows an extension to be
+created from a string or structure describing its contents and it prints out an
+extension in a human or machine readable form.
+
+1. Initialisation and cleanup.
+
+No special initialisation is needed before calling the extension functions.
+You used to have to call X509V3_add_standard_extensions(); but this is no longer
+required and this function no longer does anything.
+
+void X509V3_EXT_cleanup(void);
+
+This function should be called to cleanup the extension code if any custom
+extensions have been added. If no custom extensions have been added then this
+call does nothing. After this call all custom extension code is freed up but
+you can still use the standard extensions.
+
+2. Printing and parsing extensions.
+
+The simplest way to print out extensions is via the standard X509 printing
+routines: if you use the standard X509_print() function, the supported
+extensions will be printed out automatically.
+
+The following functions allow finer control over extension display:
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+
+These two functions print out an individual extension to a BIO or FILE pointer.
+Currently the flag argument is unused and should be set to 0. The 'indent'
+argument is the number of spaces to indent each line.
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+
+This function parses an extension and returns its internal structure. The
+precise structure you get back depends on the extension being parsed. If the
+extension if basicConstraints you will get back a pointer to a
+BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
+details about the structures returned. The returned structure should be freed
+after use using the relevant free function, BASIC_CONSTRAINTS_free() for 
+example.
+
+void    *       X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+void    *       X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+void    *       X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+void    *       X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
+
+These functions combine the operations of searching for extensions and
+parsing them. They search a certificate, a CRL a CRL entry or a stack
+of extensions respectively for extension whose NID is 'nid' and return
+the parsed result of NULL if an error occurred. For example:
+
+BASIC_CONSTRAINTS *bs;
+bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
+
+This will search for the basicConstraints extension and either return
+it value or NULL. NULL can mean either the extension was not found, it
+occurred more than once or it could not be parsed.
+
+If 'idx' is NULL then an extension is only parsed if it occurs precisely
+once. This is standard behaviour because extensions normally cannot occur
+more than once. If however more than one extension of the same type can
+occur it can be used to parse successive extensions for example:
+
+int i;
+void *ext;
+
+i = -1;
+for(;;) {
+        ext = X509_get_ext_d2i(x, nid, crit, &idx);
+        if(ext == NULL) break;
+         /* Do something with ext */
+}
+
+If 'crit' is not NULL and the extension was found then the int it points to
+is set to 1 for critical extensions and 0 for non critical. Therefore if the
+function returns NULL but 'crit' is set to 0 or 1 then the extension was
+found but it could not be parsed.
+
+The int pointed to by crit will be set to -1 if the extension was not found
+and -2 if the extension occurred more than once (this will only happen if
+idx is NULL). In both cases the function will return NULL.
+
+3. Generating extensions.
+
+An extension will typically be generated from a configuration file, or some
+other kind of configuration database.
+
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+                                                                 X509 *cert);
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+                                                                 X509_CRL *crl);
+
+These functions add all the extensions in the given section to the given
+certificate or CRL. They will normally be called just before the certificate
+or CRL is due to be signed. Both return 0 on error on non zero for success.
+
+In each case 'conf' is the LHASH pointer of the configuration file to use
+and 'section' is the section containing the extension details.
+
+See the 'context functions' section for a description of the ctx parameter.
+
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+                                                                 char *value);
+
+This function returns an extension based on a name and value pair, if the
+pair will not need to access other sections in a config file (or there is no
+config file) then the 'conf' parameter can be set to NULL.
+
+X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
+                                                                 char *value);
+
+This function creates an extension in the same way as X509V3_EXT_conf() but
+takes the NID of the extension rather than its name.
+
+For example to produce basicConstraints with the CA flag and a path length of
+10:
+
+x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
+
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+
+This function sets up an extension from its internal structure. The ext_nid
+parameter is the NID of the extension and 'crit' is the critical flag.
+
+4. Context functions.
+
+The following functions set and manipulate an extension context structure.
+The purpose of the extension context is to allow the extension code to
+access various structures relating to the "environment" of the certificate:
+for example the issuers certificate or the certificate request.
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+                                 X509_REQ *req, X509_CRL *crl, int flags);
+
+This function sets up an X509V3_CTX structure with details of the certificate
+environment: specifically the issuers certificate, the subject certificate,
+the certificate request and the CRL: if these are not relevant or not
+available then they can be set to NULL. The 'flags' parameter should be set
+to zero.
+
+X509V3_set_ctx_test(ctx)
+
+This macro is used to set the 'ctx' structure to a 'test' value: this is to
+allow the syntax of an extension (or configuration file) to be tested.
+
+X509V3_set_ctx_nodb(ctx)
+
+This macro is used when no configuration database is present.
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+
+This function is used to set the configuration database when it is an LHASH
+structure: typically a configuration file.
+
+The following functions are used to access a configuration database: they
+should only be used in RAW extensions.
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+
+This function returns the value of the parameter "name" in "section", or NULL
+if there has been an error.
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+
+This function frees up the string returned by the above function.
+
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
+
+This function returns a whole section as a STACK_OF(CONF_VALUE) .
+
+void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+
+This function frees up the STACK returned by the above function.
+
+Note: it is possible to use the extension code with a custom configuration
+database. To do this the "db_meth" element of the X509V3_CTX structure should
+be set to an X509V3_CTX_METHOD structure. This structure contains the following
+function pointers:
+
+char * (*get_string)(void *db, char *section, char *value);
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
+void (*free_string)(void *db, char * string);
+void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
+
+these will be called and passed the 'db' element in the X509V3_CTX structure
+to access the database. If a given function is not implemented or not required
+it can be set to NULL.
+
+5. String helper functions.
+
+There are several "i2s" and "s2i" functions that convert structures to and
+from ASCII strings. In all the "i2s" cases the returned string should be
+freed using Free() after use. Since some of these are part of other extension
+code they may take a 'method' parameter. Unless otherwise stated it can be
+safely set to NULL.
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
+
+This returns a hex string from an ASN1_OCTET_STRING.
+
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
+char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+
+These return a string decimal representations of an ASN1_INTEGER and an
+ASN1_ENUMERATED type, respectively.
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                                   X509V3_CTX *ctx, char *str);
+
+This converts an ASCII hex string to an ASN1_OCTET_STRING.
+
+ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
+
+This converts a decimal ASCII string into an ASN1_INTEGER.
+
+6. Multi valued extension helper functions.
+
+The following functions can be used to manipulate STACKs of CONF_VALUE
+structures, as used by multi valued extensions.
+
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+
+This function expects a boolean value in 'value' and sets 'asn1_bool' to
+it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
+strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
+"false", "N", "n", "NO" or "no".
+
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+
+This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
+
+int X509V3_add_value(const char *name, const char *value,
+                                                STACK_OF(CONF_VALUE) **extlist);
+
+This simply adds a string name and value pair.
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                                                STACK_OF(CONF_VALUE) **extlist);
+
+The same as above but for an unsigned character value.
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+                                                STACK_OF(CONF_VALUE) **extlist);
+
+This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+                                                STACK_OF(CONF_VALUE) **extlist);
+
+This is the same as above except it adds nothing if asn1_bool is FALSE.
+
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+                                                STACK_OF(CONF_VALUE) **extlist);
+
+This function adds the value of the ASN1_INTEGER in decimal form.
+
+7. Other helper functions.
+
+<to be added>
+
+ADDING CUSTOM EXTENSIONS.
+
+Currently there are three types of supported extensions. 
+
+String extensions are simple strings where the value is placed directly in the
+extensions, and the string returned is printed out.
+
+Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
+or return a STACK_OF(CONF_VALUE).
+
+Raw extensions are just passed a BIO or a value and it is the extensions
+responsibility to handle all the necessary printing.
+
+There are two ways to add an extension. One is simply as an alias to an already
+existing extension. An alias is an extension that is identical in ASN1 structure
+to an existing extension but has a different OBJECT IDENTIFIER. This can be
+done by calling:
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+
+'nid_to' is the new extension NID and 'nid_from' is the already existing
+extension NID.
+
+Alternatively an extension can be written from scratch. This involves writing
+the ASN1 code to encode and decode the extension and functions to print out and
+generate the extension from strings. The relevant functions are then placed in
+a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+called.
+
+The X509V3_EXT_METHOD structure is described below.
+
+strut {
+int ext_nid;
+int ext_flags;
+X509V3_EXT_NEW ext_new;
+X509V3_EXT_FREE ext_free;
+X509V3_EXT_D2I d2i;
+X509V3_EXT_I2D i2d;
+X509V3_EXT_I2S i2s;
+X509V3_EXT_S2I s2i;
+X509V3_EXT_I2V i2v;
+X509V3_EXT_V2I v2i;
+X509V3_EXT_R2I r2i;
+X509V3_EXT_I2R i2r;
+
+void *usr_data;
+};
+
+The elements have the following meanings.
+
+ext_nid         is the NID of the object identifier of the extension.
+
+ext_flags       is set of flags. Currently the only external flag is
+                X509V3_EXT_MULTILINE which means a multi valued extensions
+                should be printed on separate lines.
+
+usr_data        is an extension specific pointer to any relevant data. This
+                allows extensions to share identical code but have different
+                uses. An example of this is the bit string extension which uses
+                usr_data to contain a list of the bit names.
+
+All the remaining elements are function pointers.
+
+ext_new         is a pointer to a function that allocates memory for the
+                extension ASN1 structure: for example ASN1_OBJECT_new().
+
+ext_free        is a pointer to a function that free up memory of the extension
+                ASN1 structure: for example ASN1_OBJECT_free().
+
+d2i             is the standard ASN1 function that converts a DER buffer into
+                the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
+
+i2d             is the standard ASN1 function that converts the internal
+                structure into the DER representation: for example
+                i2d_ASN1_IA5STRING().
+
+The remaining functions are depend on the type of extension. One i2X and
+one X2i should be set and the rest set to NULL. The types set do not need
+to match up, for example the extension could be set using the multi valued
+v2i function and printed out using the raw i2r.
+
+All functions have the X509V3_EXT_METHOD passed to them in the 'method'
+parameter and an X509V3_CTX structure. Extension code can then access the
+parent structure via the 'method' parameter to for example make use of the value
+of usr_data. If the code needs to use detail relating to the request it can
+use the 'ctx' parameter.
+
+A note should be given here about the 'flags' member of the 'ctx' parameter.
+If it has the value CTX_TEST then the configuration syntax is being checked
+and no actual certificate or CRL exists. Therefore any attempt in the config
+file to access such information should silently succeed. If the syntax is OK
+then it should simply return a (possibly bogus) extension, otherwise it
+should return NULL.
+
+char *i2s(struct v3_ext_method *method, void *ext);
+
+This function takes the internal structure in the ext parameter and returns
+a Malloc'ed string representing its value.
+
+void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+This function takes the string representation in the ext parameter and returns
+an allocated internal structure: ext_free() will be used on this internal
+structure after use.
+
+i2v and v2i handle a STACK_OF(CONF_VALUE):
+
+typedef struct
+{
+        char *section;
+        char *name;
+        char *value;
+} CONF_VALUE;
+
+Only the name and value members are currently used.
+
+STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
+
+This function is passed the internal structure in the ext parameter and
+returns a STACK of CONF_VALUE structures. The values of name, value,
+section and the structure itself will be freed up with Free after use.
+Several helper functions are available to add values to this STACK.
+
+void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
+                                                STACK_OF(CONF_VALUE) *values);
+
+This function takes a STACK_OF(CONF_VALUE) structures and should set the
+values of the external structure. This typically uses the name element to
+determine which structure element to set and the value element to determine
+what to set it to. Several helper functions are available for this
+purpose (see above).
+
+int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
+
+This function is passed the internal extension structure in the ext parameter
+and sends out a human readable version of the extension to out. The 'indent'
+parameter should be noted to determine the necessary amount of indentation
+needed on the output.
+
+void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+This is just passed the string representation of the extension. It is intended
+to be used for more elaborate extensions where the standard single and multi
+valued options are insufficient. They can use the 'ctx' parameter to parse the
+configuration database themselves. See the context functions section for details
+of how to do this.
+
+Note: although this type takes the same parameters as the "r2s" function there
+is a subtle difference. Whereas an "r2i" function can access a configuration
+database an "s2i" function MUST NOT. This is so the internal code can safely
+assume that an "s2i" function will work without a configuration database.
+
+==============================================================================
+                            PKCS#12 Library
+==============================================================================
+
+This section describes the internal PKCS#12 support. There are very few
+differences between the old external library and the new internal code at
+present. This may well change because the external library will not be updated
+much in future.
+
+This version now includes a couple of high level PKCS#12 functions which
+generally "do the right thing" and should make it much easier to handle PKCS#12
+structures.
+
+HIGH LEVEL FUNCTIONS.
+
+For most applications you only need concern yourself with the high level
+functions. They can parse and generate simple PKCS#12 files as produced by
+Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
+private key and certificate pair.
+
+1. Initialisation and cleanup.
+
+No special initialisation is needed for the internal PKCS#12 library: the 
+standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
+add all algorithms (you should at least add SHA1 though) then you can manually
+initialise the PKCS#12 library with:
+
+PKCS12_PBE_add();
+
+The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
+called or it can be directly freed with:
+
+EVP_PBE_cleanup();
+
+after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
+be called.
+
+2. I/O functions.
+
+i2d_PKCS12_bio(bp, p12)
+
+This writes out a PKCS12 structure to a BIO.
+
+i2d_PKCS12_fp(fp, p12)
+
+This is the same but for a FILE pointer.
+
+d2i_PKCS12_bio(bp, p12)
+
+This reads in a PKCS12 structure from a BIO.
+
+d2i_PKCS12_fp(fp, p12)
+
+This is the same but for a FILE pointer.
+
+3. High level functions.
+
+3.1 Parsing with PKCS12_parse().
+
+int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
+                                                                 STACK **ca);
+
+This function takes a PKCS12 structure and a password (ASCII, null terminated)
+and returns the private key, the corresponding certificate and any CA
+certificates. If any of these is not required it can be passed as a NULL.
+The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
+structure. Typically to read in a PKCS#12 file you might do:
+
+p12 = d2i_PKCS12_fp(fp, NULL);
+PKCS12_parse(p12, password, &pkey, &cert, NULL);        /* CAs not wanted */
+PKCS12_free(p12);
+
+3.2 PKCS#12 creation with PKCS12_create().
+
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+                        STACK *ca, int nid_key, int nid_cert, int iter,
+                                                 int mac_iter, int keytype);
+
+This function will create a PKCS12 structure from a given password, name,
+private key, certificate and optional STACK of CA certificates. The remaining
+5 parameters can be set to 0 and sensible defaults will be used.
+
+The parameters nid_key and nid_cert are the key and certificate encryption
+algorithms, iter is the encryption iteration count, mac_iter is the MAC
+iteration count and keytype is the type of private key. If you really want
+to know what these last 5 parameters do then read the low level section.
+
+Typically to create a PKCS#12 file the following could be used:
+
+p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
+i2d_PKCS12_fp(fp, p12);
+PKCS12_free(p12);
+
+3.3 Changing a PKCS#12 structure password.
+
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
+
+This changes the password of an already existing PKCS#12 structure. oldpass
+is the old password and newpass is the new one. An error occurs if the old
+password is incorrect.
+
+LOW LEVEL FUNCTIONS.
+
+In some cases the high level functions do not provide the necessary
+functionality. For example if you want to generate or parse more complex
+PKCS#12 files. The sample pkcs12 application uses the low level functions
+to display details about the internal structure of a PKCS#12 file.
+
+Introduction.
+
+This is a brief description of how a PKCS#12 file is represented internally:
+some knowledge of PKCS#12 is assumed.
+
+A PKCS#12 object contains several levels.
+
+At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
+CRL, a private key, encrypted or unencrypted, a set of safebags (so the
+structure can be nested) or other secrets (not documented at present). 
+A safebag can optionally have attributes, currently these are: a unicode
+friendlyName (a Unicode string) or a localKeyID (a string of bytes).
+
+At the next level is an authSafe which is a set of safebags collected into
+a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
+
+At the top level is the PKCS12 structure itself which contains a set of
+authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
+contains a MAC which is a kind of password protected digest to preserve
+integrity (so any unencrypted stuff below can't be tampered with).
+
+The reason for these levels is so various objects can be encrypted in various
+ways. For example you might want to encrypt a set of private keys with
+triple-DES and then include the related certificates either unencrypted or
+with lower encryption. Yes it's the dreaded crypto laws at work again which
+allow strong encryption on private keys and only weak encryption on other
+stuff.
+
+To build one of these things you turn all certificates and keys into safebags
+(with optional attributes). You collect the safebags into (one or more) STACKS
+and convert these into authsafes (encrypted or unencrypted).  The authsafes
+are collected into a STACK and added to a PKCS12 structure.  Finally a MAC
+inserted.
+
+Pulling one apart is basically the reverse process. The MAC is verified against
+the given password. The authsafes are extracted and each authsafe split into
+a set of safebags (possibly involving decryption). Finally the safebags are
+decomposed into the original keys and certificates and the attributes used to
+match up private key and certificate pairs.
+
+Anyway here are the functions that do the dirty work.
+
+1. Construction functions.
+
+1.1 Safebag functions.
+
+M_PKCS12_x5092certbag(x509)
+
+This macro takes an X509 structure and returns a certificate bag. The
+X509 structure can be freed up after calling this function.
+
+M_PKCS12_x509crl2certbag(crl)
+
+As above but for a CRL.
+
+PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
+
+Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
+Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
+structure contains a private key data in plain text form it should be free'd
+up as soon as it has been encrypted for security reasons (freeing up the
+structure zeros out the sensitive data). This can be done with
+PKCS8_PRIV_KEY_INFO_free().
+
+PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
+
+This sets the key type when a key is imported into MSIE or Outlook 98. Two
+values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
+key that can also be used for signing but its size is limited in the export
+versions of MS software to 512 bits, it is also the default. KEY_SIG is a
+signing only key but the keysize is unlimited (well 16K is supposed to work).
+If you are using the domestic version of MSIE then you can ignore this because
+KEY_EX is not limited and can be used for both.
+
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
+
+Convert a PKCS8 private key structure into a keybag. This routine embeds the
+p8 structure in the keybag so p8 should not be freed up or used after it is
+called.  The p8 structure will be freed up when the safebag is freed.
+
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
+
+Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
+embedded and can be freed up after use.
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
+int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
+
+Add a local key id or a friendlyname to a safebag.
+
+1.2 Authsafe functions.
+
+PKCS7 *PKCS12_pack_p7data(STACK *sk)
+Take a stack of safebags and convert them into an unencrypted authsafe. The
+stack of safebags can be freed up after calling this function.
+
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
+
+As above but encrypted.
+
+1.3 PKCS12 functions.
+
+PKCS12 *PKCS12_init(int mode)
+
+Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
+
+M_PKCS12_pack_authsafes(p12, safes)
+
+This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
+
+int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
+
+Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
+that SHA-1 should be used.
+
+2. Extraction Functions.
+
+2.1 Safebags.
+
+M_PKCS12_bag_type(bag)
+
+Return the type of "bag". Returns one of the following
+
+NID_keyBag
+NID_pkcs8ShroudedKeyBag                 7
+NID_certBag                             8
+NID_crlBag                              9
+NID_secretBag                           10
+NID_safeContentsBag                     11
+
+M_PKCS12_cert_bag_type(bag)
+
+Returns type of certificate bag, following are understood.
+
+NID_x509Certificate                     14
+NID_sdsiCertificate                     15
+
+M_PKCS12_crl_bag_type(bag)
+
+Returns crl bag type, currently only NID_crlBag is recognised.
+
+M_PKCS12_certbag2x509(bag)
+
+This macro extracts an X509 certificate from a certificate bag.
+
+M_PKCS12_certbag2x509crl(bag)
+
+As above but for a CRL.
+
+EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
+
+Extract a private key from a PKCS8 private key info structure.
+
+M_PKCS12_decrypt_skey(bag, pass, passlen) 
+
+Decrypt a shrouded key bag and return a PKCS8 private key info structure.
+Works with both RSA and DSA keys
+
+char *PKCS12_get_friendlyname(bag)
+
+Returns the friendlyName of a bag if present or NULL if none. The returned
+string is a null terminated ASCII string allocated with Malloc(). It should 
+thus be freed up with Free() after use.
+
+2.2 AuthSafe functions.
+
+M_PKCS12_unpack_p7data(p7)
+
+Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
+
+#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
+
+As above but for an encrypted content info.
+
+2.3 PKCS12 functions.
+
+M_PKCS12_unpack_authsafes(p12)
+
+Extract a STACK of authsafes from a PKCS12 structure.
+
+M_PKCS12_mac_present(p12)
+
+Check to see if a MAC is present.
+
+int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
+
+Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
+
+
+Notes.
+
+1. All the function return 0 or NULL on error.
+2. Encryption based functions take a common set of parameters. These are
+described below.
+
+pass, passlen
+ASCII password and length. The password on the MAC is called the "integrity
+password" the encryption password is called the "privacy password" in the
+PKCS#12 documentation. The passwords do not have to be the same. If -1 is
+passed for the length it is worked out by the function itself (currently
+this is sometimes done whatever is passed as the length but that may change).
+
+salt, saltlen
+A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
+default length is used.
+
+iter
+Iteration count. This is a measure of how many times an internal function is
+called to encrypt the data. The larger this value is the longer it takes, it
+makes dictionary attacks on passwords harder. NOTE: Some implementations do
+not support an iteration count on the MAC. If the password for the MAC and
+encryption is the same then there is no point in having a high iteration
+count for encryption if the MAC has no count. The MAC could be attacked
+and the password used for the main decryption.
+
+pbe_nid
+This is the NID of the password based encryption method used. The following are
+supported.
+NID_pbe_WithSHA1And128BitRC4
+NID_pbe_WithSHA1And40BitRC4
+NID_pbe_WithSHA1And3_Key_TripleDES_CBC
+NID_pbe_WithSHA1And2_Key_TripleDES_CBC
+NID_pbe_WithSHA1And128BitRC2_CBC
+NID_pbe_WithSHA1And40BitRC2_CBC
+
+Which you use depends on the implementation you are exporting to. "Export
+grade" (i.e. cryptographically challenged) products cannot support all
+algorithms. Typically you may be able to use any encryption on shrouded key
+bags but they must then be placed in an unencrypted authsafe. Other authsafes
+may only support 40bit encryption. Of course if you are using SSLeay
+throughout you can strongly encrypt everything and have high iteration counts
+on everything.
+
+3. For decryption routines only the password and length are needed.
+
+4. Unlike the external version the nid's of objects are the values of the
+constants: that is NID_certBag is the real nid, therefore there is no 
+PKCS12_obj_offset() function.  Note the object constants are not the same as
+those of the external version. If you use these constants then you will need
+to recompile your code.
+
+5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or 
+macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
+reused or freed up safely.
+
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
new file mode 100644
index 0000000000..edbe2f3a57
--- /dev/null
+++ b/src/lib/libssl/doc/standards.txt
@@ -0,0 +1,257 @@
+Standards related to OpenSSL
+============================
+
+[Please, this is currently a draft.  I made a first try at finding
+ documents that describe parts of what OpenSSL implements.  There are
+ big gaps, and I've most certainly done something wrong.  Please
+ correct whatever is...  Also, this note should be removed when this
+ file is reaching a somewhat correct state.        -- Richard Levitte]
+
+
+All pointers in here will be either URL's or blobs of text borrowed
+from miscellaneous indexes, like rfc-index.txt (index of RFCs),
+1id-index.txt (index of Internet drafts) and the like.
+
+To find the latest possible RFCs, it's recommended to either browse
+ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
+use the search mechanism found there.
+To find the latest possible Internet drafts, it's recommended to
+browse ftp://ftp.isi.edu/internet-drafts/.
+To find the latest possible PKCS, it's recommended to browse
+http://www.rsasecurity.com/rsalabs/pkcs/.
+
+
+Implemented:
+------------
+
+These are documents that describe things that are implemented (in
+whole or at least great parts) in OpenSSL.
+
+1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
+     (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
+
+1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
+     TXT=32407 bytes) (Status: INFORMATIONAL)
+
+1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
+     TXT=35222 bytes) (Status: INFORMATIONAL)
+
+2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
+     (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
+
+2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
+     January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
+
+2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
+     March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
+
+PKCS#8: Private-Key Information Syntax Standard
+
+PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
+
+2560 X.509 Internet Public Key Infrastructure Online Certificate
+     Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
+     C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
+     STANDARD)
+
+2712 Addition of Kerberos Cipher Suites to Transport Layer Security
+     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
+     (Status: PROPOSED STANDARD)
+
+2898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
+     B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
+     INFORMATIONAL)
+
+2986 PKCS #10: Certification Request Syntax Specification Version 1.7.
+     M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
+     (Obsoletes RFC2314) (Status: INFORMATIONAL)
+
+3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
+     September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
+
+3268 Advanced Encryption Standard (AES) Ciphersuites for Transport
+     Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
+     (Status: PROPOSED STANDARD)
+
+3279 Algorithms and Identifiers for the Internet X.509 Public Key
+     Infrastructure Certificate and Certificate Revocation List (CRL)
+     Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
+     TXT=53833 bytes) (Status: PROPOSED STANDARD)
+
+3280 Internet X.509 Public Key Infrastructure Certificate and
+     Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
+     Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
+     RFC2459) (Status: PROPOSED STANDARD)
+
+3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
+     Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
+     (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:           
+     INFORMATIONAL)                                         
+
+
+Related:
+--------
+
+These are documents that are close to OpenSSL, for example the
+STARTTLS documents.
+
+1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
+     Encryption and Authentication Procedures. J. Linn. February 1993.
+     (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
+     STANDARD)
+
+1422 Privacy Enhancement for Internet Electronic Mail: Part II:
+     Certificate-Based Key Management. S. Kent. February 1993. (Format:
+     TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
+
+1423 Privacy Enhancement for Internet Electronic Mail: Part III:
+     Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
+     (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
+     STANDARD)
+
+1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
+     Certification and Related Services. B. Kaliski. February 1993.
+     (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
+
+2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
+     1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
+
+2510 Internet X.509 Public Key Infrastructure Certificate Management
+     Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
+     bytes) (Status: PROPOSED STANDARD)
+
+2511 Internet X.509 Certificate Request Message Format. M. Myers, C.
+     Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
+     (Status: PROPOSED STANDARD)
+
+2527 Internet X.509 Public Key Infrastructure Certificate Policy and
+     Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
+     (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
+
+2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
+     3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
+     PROPOSED STANDARD)
+
+2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
+     D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
+     PROPOSED STANDARD)
+
+2559 Internet X.509 Public Key Infrastructure Operational Protocols -
+     LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
+     TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
+
+2585 Internet X.509 Public Key Infrastructure Operational Protocols:
+     FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
+     bytes) (Status: PROPOSED STANDARD)
+
+2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
+     Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
+     (Status: PROPOSED STANDARD)
+
+2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
+     (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
+
+2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
+     (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
+
+2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
+     1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
+
+2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
+     1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
+
+2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
+     February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
+     EXPERIMENTAL)
+
+2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
+     Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
+     PROPOSED STANDARD)
+
+2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
+     2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
+     STANDARD)
+
+2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
+     (Status: INFORMATIONAL)
+
+2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
+     2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
+
+2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
+     October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
+
+2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
+     M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
+     (Status: INFORMATIONAL)
+
+3029 Internet X.509 Public Key Infrastructure Data Validation and
+     Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
+     R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
+     EXPERIMENTAL)
+
+3039 Internet X.509 Public Key Infrastructure Qualified Certificates
+     Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
+     (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
+
+3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
+     Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
+     (Status: INFORMATIONAL)
+
+3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
+     (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
+     (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
+
+3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
+     October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
+
+3207 SMTP Service Extension for Secure SMTP over Transport Layer
+     Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
+     (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
+
+3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
+     (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
+
+3274 Compressed Data Content Type for Cryptographic Message Syntax
+     (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
+     PROPOSED STANDARD)
+
+3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
+     Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
+     Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
+     INFORMATIONAL)
+
+3281 An Internet Attribute Certificate Profile for Authorization. S.
+     Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
+     PROPOSED STANDARD)
+
+3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
+     (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
+     PROPOSED STANDARD)
+
+3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
+     2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
+     PROPOSED STANDARD)
+
+3377 Lightweight Directory Access Protocol (v3): Technical
+     Specification. J. Hodges, R. Morgan. September 2002. (Format:
+     TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
+     RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
+
+3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
+     R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
+     INFORMATIONAL)
+
+3436 Transport Layer Security over Stream Control Transmission
+     Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
+     (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
+
+  "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
+ 
+
+To be implemented:
+------------------
+
+These are documents that describe things that are planed to be
+implemented in the hopefully short future.
+
diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile
new file mode 100644
index 0000000000..b591fc36ba
--- /dev/null
+++ b/src/lib/libssl/man/Makefile
@@ -0,0 +1,881 @@
+# $OpenBSD: Makefile,v 1.5 2003/07/02 02:15:51 deraadt Exp $
+
+.include <bsd.own.mk>           # for NOMAN
+
+.ifndef NOMAN
+MANALL= \
+        BN_CTX_new.cat3 \
+        BN_CTX_start.cat3 \
+        BN_add.cat3 \
+        BN_add_word.cat3 \
+        BN_bn2bin.cat3 \
+        BN_cmp.cat3 \
+        BN_copy.cat3 \
+        BN_generate_prime.cat3 \
+        BN_mod_inverse.cat3 \
+        BN_mod_mul_montgomery.cat3 \
+        BN_mod_mul_reciprocal.cat3 \
+        BN_new.cat3 \
+        BN_num_bytes.cat3 \
+        BN_rand.cat3 \
+        BN_set_bit.cat3 \
+        BN_swap.cat3 \
+        BN_zero.cat3 \
+        BUF_MEM_new.cat3 \
+        BUF_MEM_new.cat3 \
+        CRYPTO_set_ex_data.cat3 \
+        CRYPTO_set_locking_callback.cat3 \
+        DH_generate_key.cat3 \
+        DH_generate_parameters.cat3 \
+        DH_get_ex_new_index.cat3 \
+        DH_new.cat3 \
+        DH_set_method.cat3 \
+        DH_size.cat3 \
+        DSA_SIG_new.cat3 \
+        DSA_do_sign.cat3 \
+        DSA_dup_DH.cat3 \
+        DSA_generate_key.cat3 \
+        DSA_generate_parameters.cat3 \
+        DSA_get_ex_new_index.cat3 \
+        DSA_new.cat3 \
+        DSA_set_method.cat3 \
+        DSA_sign.cat3 \
+        DSA_size.cat3 \
+        ERR_GET_LIB.cat3 \
+        ERR_clear_error.cat3 \
+        ERR_error_string.cat3 \
+        ERR_get_error.cat3 \
+        ERR_load_crypto_strings.cat3 \
+        ERR_load_strings.cat3 \
+        ERR_print_errors.cat3 \
+        ERR_put_error.cat3 \
+        ERR_remove_state.cat3 \
+        EVP_BytesToKey.cat3 \
+        EVP_DigestInit.cat3 \
+        EVP_EncryptInit.cat3 \
+        EVP_OpenInit.cat3 \
+        EVP_SealInit.cat3 \
+        EVP_SignInit.cat3 \
+        EVP_VerifyInit.cat3 \
+        HMAC.cat3 \
+        MD5.cat3 \
+        OPENSSL_VERSION_NUMBER.cat3 \
+        OpenSSL_add_all_algorithms.cat3 \
+        RAND_add.cat3 \
+        RAND_bytes.cat3 \
+        RAND_cleanup.cat3 \
+        RAND_egd.cat3 \
+        RAND_load_file.cat3 \
+        RAND_set_rand_method.cat3 \
+        RC4.cat3 \
+        RIPEMD160.cat3 \
+        RSA_blinding_on.cat3 \
+        RSA_check_key.cat3 \
+        RSA_generate_key.cat3 \
+        RSA_get_ex_new_index.cat3 \
+        RSA_new.cat3 \
+        RSA_padding_add_PKCS1_type_1.cat3 \
+        RSA_print.cat3 \
+        RSA_private_encrypt.cat3 \
+        RSA_public_encrypt.cat3 \
+        RSA_set_method.cat3 \
+        RSA_sign.cat3 \
+        RSA_sign_ASN1_OCTET_STRING.cat3 \
+        RSA_size.cat3 \
+        SHA1.cat3 \
+        SSL_CIPHER_get_name.cat3 \
+        SSL_COMP_add_compression_method.cat3 \
+        SSL_CTX_add_extra_chain_cert.cat3 \
+        SSL_CTX_add_session.cat3 \
+        SSL_CTX_ctrl.cat3 \
+        SSL_CTX_flush_sessions.cat3 \
+        SSL_CTX_free.cat3 \
+        SSL_CTX_get_ex_new_index.cat3 \
+        SSL_CTX_get_verify_mode.cat3 \
+        SSL_CTX_load_verify_locations.cat3 \
+        SSL_CTX_new.cat3 \
+        SSL_CTX_sess_number.cat3 \
+        SSL_CTX_sess_set_cache_size.cat3 \
+        SSL_CTX_sess_set_get_cb.cat3 \
+        SSL_CTX_sessions.cat3 \
+        SSL_CTX_set_cert_store.cat3 \
+        SSL_CTX_set_cert_verify_callback.cat3 \
+        SSL_CTX_set_cipher_list.cat3 \
+        SSL_CTX_set_client_CA_list.cat3 \
+        SSL_CTX_set_client_cert_cb.cat3 \
+        SSL_CTX_set_default_passwd_cb.cat3 \
+        SSL_CTX_set_generate_session_id.cat3 \
+        SSL_CTX_set_info_callback.cat3 \
+        SSL_CTX_set_max_cert_list.cat3 \
+        SSL_CTX_set_mode.cat3 \
+        SSL_CTX_set_msg_callback.cat3 \
+        SSL_CTX_set_options.cat3 \
+        SSL_CTX_set_quiet_shutdown.cat3 \
+        SSL_CTX_set_session_cache_mode.cat3 \
+        SSL_CTX_set_session_id_context.cat3 \
+        SSL_CTX_set_ssl_version.cat3 \
+        SSL_CTX_set_timeout.cat3 \
+        SSL_CTX_set_tmp_dh_callback.cat3 \
+        SSL_CTX_set_tmp_rsa_callback.cat3 \
+        SSL_CTX_set_verify.cat3 \
+        SSL_CTX_use_certificate.cat3 \
+        SSL_SESSION_free.cat3 \
+        SSL_SESSION_get_ex_new_index.cat3 \
+        SSL_SESSION_get_time.cat3 \
+        SSL_accept.cat3 \
+        SSL_alert_type_string.cat3 \
+        SSL_clear.cat3 \
+        SSL_connect.cat3 \
+        SSL_do_handshake.cat3 \
+        SSL_free.cat3 \
+        SSL_get_SSL_CTX.cat3 \
+        SSL_get_ciphers.cat3 \
+        SSL_get_client_CA_list.cat3 \
+        SSL_get_current_cipher.cat3 \
+        SSL_get_default_timeout.cat3 \
+        SSL_get_error.cat3 \
+        SSL_get_ex_data_X509_STORE_CTX_idx.cat3 \
+        SSL_get_ex_new_index.cat3 \
+        SSL_get_fd.cat3 \
+        SSL_get_peer_cert_chain.cat3 \
+        SSL_get_peer_certificate.cat3 \
+        SSL_get_rbio.cat3 \
+        SSL_get_session.cat3 \
+        SSL_get_verify_result.cat3 \
+        SSL_get_version.cat3 \
+        SSL_library_init.cat3 \
+        SSL_load_client_CA_file.cat3 \
+        SSL_new.cat3 \
+        SSL_pending.cat3 \
+        SSL_read.cat3 \
+        SSL_rstate_string.cat3 \
+        SSL_session_reused.cat3 \
+        SSL_set_bio.cat3 \
+        SSL_set_connect_state.cat3 \
+        SSL_set_fd.cat3 \
+        SSL_set_session.cat3 \
+        SSL_set_shutdown.cat3 \
+        SSL_set_verify_result.cat3 \
+        SSL_shutdown.cat3 \
+        SSL_state_string.cat3 \
+        SSL_want.cat3 \
+        SSL_write.cat3 \
+        blowfish.cat3 \
+        bn.cat3 \
+        bn_internal.cat3 \
+        crypto.cat3 \
+        d2i_DHparams.cat3 \
+        d2i_RSAPublicKey.cat3 \
+        d2i_SSL_SESSION.cat3 \
+        des_modes.cat7 \
+        des_random_key.cat3 \
+        dh.cat3 \
+        dsa.cat3 \
+        lh_stats.cat3 \
+        lhash.cat3 \
+        rsa.cat3 \
+        ssl.cat3
+
+.if MANPS
+PSALL=  ${MANALL:S/.cat1/.ps1/g:S/.cat2/.ps2/g:S/.cat3/.ps3/g:S/.cat4/.ps4/g:S/.cat5/.ps5/g:S/.cat6/.ps6/g:S/.cat7/.ps7/g:S/.cat8/.ps8/g:S/.cat9/.ps9/g}
+.endif
+
+# these are is a real problem, since they re-document functions described in
+# other pages.
+#
+# err.pod -> ERR_get_error.pod
+# ERR_peek_error ERR_get_error_line
+# ERR_peek_error_line ERR_get_error_line_data ERR_peek_error_line_data
+# ERR_GET_LIB ERR_GET_FUNC ERR_GET_REASON ERR_clear_error ERR_error_string
+# ERR_lib_error_string ERR_func_error_string ERR_reason_error_string
+# ERR_print_errors ERR_print_errors_fp ERR_load_crypto_strings ERR_free_strings
+# ERR_remove_state ERR_put_error ERR_add_error_data ERR_load_strings ERR_PACK
+# ERR_get_next_error_library
+#
+# rand.pod -> RAND_bytes.pod
+# RAND_pseudo_bytes RAND_seed RAND_add RAND_status RAND_event
+# RAND_screen RAND_load_file RAND_write_file RAND_file_name RAND_egd
+# RAND_set_rand_method RAND_get_rand_method RAND_SSLeay RAND_cleanup
+
+# buffer.pod -> BUF_MEM_new.pod
+# BUF_MEM_free BUF_MEM_grow BUF_strdup
+BUF_MEM_new.cat3: buffer.pod
+        ( cp ${.ALLSRC} BUF_MEM_new.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          BUF_MEM_new.pm ) | nroff -Tascii -man > ${.TARGET}
+.if MANPS
+BUF_MEM_new.ps3: buffer.pod
+        ( cp ${.ALLSRC} BUF_MEM_new.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          BUF_MEM_new.pm ) | nroff -Tps -man > ${.TARGET}
+.endif
+
+# rc4.pod -> RC4.pod
+# RC4_set_key
+RC4.cat3: rc4.pod
+        ( cp ${.ALLSRC} RC4.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          RC4.pm ) | nroff -Tascii -man > ${.TARGET}
+.if MANPS
+RC4.ps3: rc4.pod
+        ( cp ${.ALLSRC} RC4.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          RC4.pm ) | nroff -Tps -man > ${.TARGET}
+.endif
+
+# threads.pod -> CRYPTO_set_locking_callback.pod
+# CRYPTO_set_id_callback CRYPTO_num_locks
+CRYPTO_set_locking_callback.cat3: threads.pod
+        ( cp ${.ALLSRC} CRYPTO_set_locking_callback.pm && \
+          pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          CRYPTO_set_locking_callback.pm ) | nroff -Tascii -man > ${.TARGET}
+.if MANPS
+CRYPTO_set_locking_callback.ps3: threads.pod
+        ( cp ${.ALLSRC} CRYPTO_set_locking_callback.pm && \
+          pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          CRYPTO_set_locking_callback.pm ) | nroff -Tps -man > ${.TARGET}
+.endif
+
+# ripemd.pod -> RIPEMD160.pod
+# RIPEMD160_Init RIPEMD160_Update RIPEMD160_Final
+RIPEMD160.cat3: ripemd.pod
+        ( cp ${.ALLSRC} RIPEMD160.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          RIPEMD160.pm ) | nroff -Tascii -man > ${.TARGET}
+.if MANPS
+RIPEMD160.ps3: ripemd.pod
+        ( cp ${.ALLSRC} RIPEMD160.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          RIPEMD160.pm ) | nroff -Tps -man > ${.TARGET}
+.endif
+
+# sha.pod -> SHA1.pod
+SHA1.cat3: sha.pod
+        ( cp ${.ALLSRC} SHA1.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          SHA1.pm ) | nroff -Tascii -man > ${.TARGET}
+.if MANPS
+SHA1.ps3: sha.pod
+        ( cp ${.ALLSRC} SHA1.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          SHA1.pm ) | nroff -Tps -man > ${.TARGET}
+.endif
+
+# md5.pod -> MD5.pod
+MD5.cat3: md5.pod
+        ( cp ${.ALLSRC} MD5.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          MD5.pm ) | nroff -Tascii -man > ${.TARGET}
+.if MANPS
+MD5.ps3: md5.pod
+        ( cp ${.ALLSRC} MD5.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          MD5.pm ) | nroff -Tps -man > ${.TARGET}
+.endif
+
+# hmac.pod -> HMAC.pod
+HMAC.cat3: hmac.pod
+        ( cp ${.ALLSRC} HMAC.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          HMAC.pm ) | nroff -Tascii -man > ${.TARGET}
+.if MANPS
+HMAC.ps3: hmac.pod
+        ( cp ${.ALLSRC} HMAC.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          HMAC.pm ) | nroff -Tps -man > ${.TARGET}
+.endif
+
+# des.pod -> des_random_key, des_set_key, des_key_sched, des_set_key_checked,
+# des_set_key_unchecked, des_set_odd_parity, des_is_weak_key, des_ecb_encrypt,
+# des_ecb2_encrypt, des_ecb3_encrypt, des_ncbc_encrypt, des_cfb_encrypt,
+# des_ofb_encrypt, des_pcbc_encrypt, des_cfb64_encrypt, des_ofb64_encrypt,
+# des_xcbc_encrypt, des_ede2_cbc_encrypt, des_ede2_cfb64_encrypt,
+# des_ede2_ofb64_encrypt, des_ede3_cbc_encrypt, des_ede3_cbcm_encrypt,
+# des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt, des_read_password,
+# des_read_2passwords, des_read_pw_string, des_cbc_cksum, des_quad_cksum,
+# des_string_to_key, des_string_to_2keys, des_fcrypt, des_crypt,
+# des_enc_read, des_enc_write
+des_random_key.cat3: des.pod
+        ( cp ${.ALLSRC} des_random_key.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          des_random_key.pm ) | nroff -Tascii -man > ${.TARGET}
+.if MANPS
+des_random_key.ps3: des.pod
+        ( cp ${.ALLSRC} des_random_key.pm && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          des_random_key.pm ) | nroff -Tps -man > ${.TARGET}
+.endif
+
+MLINKS+=\
+        BN_CTX_new.3 BN_CTX_free.3 \
+        BN_CTX_new.3 BN_CTX_init.3 \
+        BN_CTX_start.3 BN_CTX_end.3 \
+        BN_CTX_start.3 BN_CTX_get.3 \
+        BN_add.3 BN_div.3 \
+        BN_add.3 BN_exp.3 \
+        BN_add.3 BN_gcd.3 \
+        BN_add.3 BN_mod.3 \
+        BN_add.3 BN_mod_exp.3 \
+        BN_add.3 BN_mod_mul.3 \
+        BN_add.3 BN_mul.3 \
+        BN_add.3 BN_sqr.3 \
+        BN_add.3 BN_sub.3 \
+        BN_add_word.3 BN_div_word.3 \
+        BN_add_word.3 BN_mod_word.3 \
+        BN_add_word.3 BN_mul_word.3 \
+        BN_add_word.3 BN_sub_word.3 \
+        BN_bn2bin.3 BN_bin2bn.3 \
+        BN_bn2bin.3 BN_bn2dec.3 \
+        BN_bn2bin.3 BN_bn2hex.3 \
+        BN_bn2bin.3 BN_bn2mpi.3 \
+        BN_bn2bin.3 BN_dec2bn.3 \
+        BN_bn2bin.3 BN_hex2bn.3 \
+        BN_bn2bin.3 BN_mpi2bn.3 \
+        BN_bn2bin.3 BN_print.3 \
+        BN_bn2bin.3 BN_print_fp.3 \
+        BN_cmp.3 BN_is_odd.3 \
+        BN_cmp.3 BN_is_one.3 \
+        BN_cmp.3 BN_is_word.3 \
+        BN_cmp.3 BN_is_zero.3 \
+        BN_cmp.3 BN_ucmp.3 \
+        BN_copy.3 BN_dup.3 \
+        BN_generate_prime.3 BN_is_prime.3 \
+        BN_generate_prime.3 BN_is_prime_fasttest.3 \
+        BN_mod_mul_montgomery.3 BN_MONT_CTX_copy.3 \
+        BN_mod_mul_montgomery.3 BN_MONT_CTX_free.3 \
+        BN_mod_mul_montgomery.3 BN_MONT_CTX_init.3 \
+        BN_mod_mul_montgomery.3 BN_MONT_CTX_new.3 \
+        BN_mod_mul_montgomery.3 BN_MONT_CTX_set.3 \
+        BN_mod_mul_montgomery.3 BN_from_montgomery.3 \
+        BN_mod_mul_montgomery.3 BN_to_montgomery.3 \
+        BN_mod_mul_reciprocal.3 BN_RECP_CTX_free.3 \
+        BN_mod_mul_reciprocal.3 BN_RECP_CTX_init.3 \
+        BN_mod_mul_reciprocal.3 BN_RECP_CTX_new.3 \
+        BN_mod_mul_reciprocal.3 BN_RECP_CTX_set.3 \
+        BN_mod_mul_reciprocal.3 BN_div_recp.3 \
+        BN_new.3 BN_clear.3 \
+        BN_new.3 BN_clear_free.3 \
+        BN_new.3 BN_free.3 \
+        BN_new.3 BN_init.3 \
+        BN_num_bytes.3 BN_num_bits.3 \
+        BN_num_bytes.3 BN_num_bits_word.3 \
+        BN_rand.3 BN_pseudo_rand.3 \
+        BN_rand.3 BN_rand_range.3 \
+        BN_set_bit.3 BN_clear_bit.3 \
+        BN_set_bit.3 BN_is_bit_set.3 \
+        BN_set_bit.3 BN_lshift.3 \
+        BN_set_bit.3 BN_lshift1.3 \
+        BN_set_bit.3 BN_mask_bits.3 \
+        BN_set_bit.3 BN_rshift.3 \
+        BN_set_bit.3 BN_rshift1.3 \
+        BN_zero.3 BN_get_word.3 \
+        BN_zero.3 BN_one.3 \
+        BN_zero.3 BN_set_word.3 \
+        BN_zero.3 BN_value_one.3 \
+        BUF_MEM_new.3 BUF_MEM_free.3 \
+        BUF_MEM_new.3 BUF_MEM_grow.3 \
+        BUF_MEM_new.3 BUF_strdup.3 \
+        CRYPTO_set_ex_data.3 CRYPTO_get_ex_data.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_add.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_add_lock.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_destroy_dynlockid.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_get_new_dynlockid.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_lock.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_num_locks.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_r_lock.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_r_unlock.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_set_dynlock_create_callback.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_set_dynlock_destroy_callback.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_set_dynlock_lock_callback.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_set_id_callback.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_w_lock.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_w_unlock.3 \
+        DH_generate_key.3 DH_compute_key.3 \
+        DH_generate_parameters.3 DH_check.3 \
+        DH_get_ex_new_index.3 DH_get_ex_data.3 \
+        DH_get_ex_new_index.3 DH_set_ex_data.3 \
+        DH_new.3 DH_free.3 \
+        DH_set_method.3 DH_OpenSSL.3 \
+        DH_set_method.3 DH_get_default_method.3 \
+        DH_set_method.3 DH_get_default_openssl_method.3 \
+        DH_set_method.3 DH_new_method.3 \
+        DH_set_method.3 DH_set_default_method.3 \
+        DH_set_method.3 DH_set_default_openssl_method.3 \
+        DSA_new.3 DSA_free.3 \
+        DSA_set_method.3 DSA_OpenSSL.3 \
+        DSA_set_method.3 DSA_get_default_method.3 \
+        DSA_set_method.3 DSA_get_default_openssl_method.3 \
+        DSA_set_method.3 DSA_new_method.3 \
+        DSA_set_method.3 DSA_set_default_method.3 \
+        DSA_set_method.3 DSA_set_default_openssl_method.3 \
+        DSA_sign.3 DSA_sign_setup.3 \
+        DSA_sign.3 DSA_verify.3 \
+        ERR_GET_LIB.3 ERR_GET_FUNC.3 \
+        ERR_GET_LIB.3 ERR_GET_REASON.3 \
+        ERR_error_string.3 ERR_error_string_n.3 \
+        ERR_error_string.3 ERR_func_error_string.3 \
+        ERR_error_string.3 ERR_lib_error_string.3 \
+        ERR_error_string.3 ERR_reason_error_string.3 \
+        ERR_get_error.3 ERR_get_error_line.3 \
+        ERR_get_error.3 ERR_get_error_line_data.3 \
+        ERR_get_error.3 ERR_peek_error.3 \
+        ERR_get_error.3 ERR_peek_error_line.3 \
+        ERR_get_error.3 ERR_peek_error_line_data.3 \
+        ERR_load_crypto_strings.3 ERR_free_strings.3 \
+        ERR_load_crypto_strings.3 SSL_load_error_strings.3 \
+        ERR_load_strings.3 ERR_PACK.3 \
+        ERR_load_strings.3 ERR_get_next_error_library.3 \
+        ERR_print_errors.3 ERR_print_errors_fp.3 \
+        ERR_put_error.3 ERR_add_error_data.3 \
+        EVP_DigestInit.3 EVP_DigestFinal.3 \
+        EVP_DigestInit.3 EVP_DigestUpdate.3 \
+        EVP_DigestInit.3 EVP_MD_CTX_block_size.3 \
+        EVP_DigestInit.3 EVP_MD_CTX_copy.3 \
+        EVP_DigestInit.3 EVP_MD_CTX_md.3 \
+        EVP_DigestInit.3 EVP_MD_CTX_size.3 \
+        EVP_DigestInit.3 EVP_MD_CTX_type.3 \
+        EVP_DigestInit.3 EVP_MD_block_size.3 \
+        EVP_DigestInit.3 EVP_MD_block_size.3 \
+        EVP_DigestInit.3 EVP_MD_pkey_type.3 \
+        EVP_DigestInit.3 EVP_MD_size.3 \
+        EVP_DigestInit.3 EVP_MD_size.3 \
+        EVP_DigestInit.3 EVP_MD_type.3 \
+        EVP_DigestInit.3 EVP_MD_type.3 \
+        EVP_DigestInit.3 EVP_dss.3 \
+        EVP_DigestInit.3 EVP_dss1.3 \
+        EVP_DigestInit.3 EVP_get_digestbyname.3 \
+        EVP_DigestInit.3 EVP_get_digestbyname.3 \
+        EVP_DigestInit.3 EVP_get_digestbynid.3 \
+        EVP_DigestInit.3 EVP_get_digestbynid.3 \
+        EVP_DigestInit.3 EVP_get_digestbyobj.3 \
+        EVP_DigestInit.3 EVP_md2.3 \
+        EVP_DigestInit.3 EVP_md5.3 \
+        EVP_DigestInit.3 EVP_md_null.3 \
+        EVP_DigestInit.3 EVP_mdc2.3 \
+        EVP_DigestInit.3 EVP_ripemd160.3 \
+        EVP_DigestInit.3 EVP_sha.3 \
+        EVP_DigestInit.3 EVP_sha1.3 \
+        EVP_DigestInit.3 OBJ_nid2sn.3 \
+        EVP_DigestInit.3 OBJ_obj2nid.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_block_size.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_cipher.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_cipher.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_cleanup.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_ctrl.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_iv_length.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_key_length.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_nid.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_set_key_length.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_type.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_asn1_to_param.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_block_size.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_iv_length.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_key_length.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_nid.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_param_to_asn1.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_type.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_type.3 \
+        EVP_EncryptInit.3 EVP_CipherFinal.3 \
+        EVP_EncryptInit.3 EVP_CipherInit.3 \
+        EVP_EncryptInit.3 EVP_CipherUpdate.3 \
+        EVP_EncryptInit.3 EVP_DecryptFinal.3 \
+        EVP_EncryptInit.3 EVP_DecryptInit.3 \
+        EVP_EncryptInit.3 EVP_DecryptUpdate.3 \
+        EVP_EncryptInit.3 EVP_EncryptFinal.3 \
+        EVP_EncryptInit.3 EVP_EncryptUpdate.3 \
+        EVP_EncryptInit.3 EVP_get_cipherbyname.3 \
+        EVP_EncryptInit.3 EVP_get_cipherbyname.3 \
+        EVP_EncryptInit.3 EVP_get_cipherbynid.3 \
+        EVP_EncryptInit.3 EVP_get_cipherbynid.3 \
+        EVP_EncryptInit.3 EVP_get_cipherbyobj.3 \
+        EVP_EncryptInit.3 OBJ_nid2sn.3 \
+        EVP_EncryptInit.3 OBJ_obj2nid.3 \
+        EVP_OpenInit.3 EVP_OpenFinal.3 \
+        EVP_OpenInit.3 EVP_OpenUpdate.3 \
+        EVP_SealInit.3 EVP_SealFinal.3 \
+        EVP_SealInit.3 EVP_SealUpdate.3 \
+        EVP_SignInit.3 EVP_PKEY_size.3 \
+        EVP_SignInit.3 EVP_SignFinal.3 \
+        EVP_SignInit.3 EVP_SignUpdate.3 \
+        EVP_VerifyInit.3 EVP_VerifyFinal.3 \
+        EVP_VerifyInit.3 EVP_VerifyUpdate.3 \
+        HMAC.3 HMAC_Final.3 \
+        HMAC.3 HMAC_Init.3 \
+        HMAC.3 HMAC_Update.3 \
+        HMAC.3 HMAC_cleanup.3 \
+        MD5.3 MD2.3 \
+        MD5.3 MD2_Final.3 \
+        MD5.3 MD2_Init.3 \
+        MD5.3 MD2_Update.3 \
+        MD5.3 MD4.3 \
+        MD5.3 MD4_Final.3 \
+        MD5.3 MD4_Init.3 \
+        MD5.3 MD4_Update.3 \
+        MD5.3 MD5_Final.3 \
+        MD5.3 MD5_Init.3 \
+        MD5.3 MD5_Update.3 \
+        OPENSSL_VERSION_NUMBER.3 SSLeay.3 \
+        OPENSSL_VERSION_NUMBER.3 SSLeay_version.3 \
+        OpenSSL_add_all_algorithms.3 EVP_cleanup.3 \
+        OpenSSL_add_all_algorithms.3 OpenSSL_add_all_ciphers.3 \
+        OpenSSL_add_all_algorithms.3 OpenSSL_add_all_digests.3 \
+        RAND_add.3 RAND_event.3 \
+        RAND_add.3 RAND_screen.3 \
+        RAND_add.3 RAND_seed.3 \
+        RAND_add.3 RAND_status.3 \
+        RAND_bytes.3 RAND_pseudo_bytes.3 \
+        RAND_bytes.3 RAND_pseudo_bytes.3 \
+        RAND_egd.3 RAND_egd_bytes.3 \
+        RAND_load_file.3 RAND_file_name.3 \
+        RAND_load_file.3 RAND_file_name.3 \
+        RAND_load_file.3 RAND_write_file.3 \
+        RAND_load_file.3 RAND_write_file.3 \
+        RAND_set_rand_method.3 RAND_SSLeay.3 \
+        RAND_set_rand_method.3 RAND_SSLeay.3 \
+        RAND_set_rand_method.3 RAND_get_rand_method.3 \
+        RAND_set_rand_method.3 RAND_get_rand_method.3 \
+        RC4.3 RC4_set_key.3 \
+        RIPEMD160.3 RIPEMD160_Final.3 \
+        RIPEMD160.3 RIPEMD160_Init.3 \
+        RIPEMD160.3 RIPEMD160_Update.3 \
+        RSA_blinding_on.3 RSA_blinding_off.3 \
+        RSA_get_ex_new_index.3 RSA_get_ex_data.3 \
+        RSA_get_ex_new_index.3 RSA_set_ex_data.3 \
+        RSA_new.3 RSA_free.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_OAEP.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_type_2.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_SSLv23.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_none.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_OAEP.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_1.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_2.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_SSLv23.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_none.3 \
+        RSA_print.3 DHparams_print.3 \
+        RSA_print.3 DHparams_print.3 \
+        RSA_print.3 DHparams_print_fp.3 \
+        RSA_print.3 DHparams_print_fp.3 \
+        RSA_print.3 DSA_print.3 \
+        RSA_print.3 DSA_print_fp.3 \
+        RSA_print.3 DSA_print_fp.3 \
+        RSA_print.3 DSAparams_print.3 \
+        RSA_print.3 DSAparams_print.3 \
+        RSA_print.3 DSAparams_print_fp.3 \
+        RSA_print.3 DSAparams_print_fp.3 \
+        RSA_print.3 RSA_print_fp.3 \
+        RSA_print.3 RSA_print_fp.3 \
+        RSA_private_encrypt.3 RSA_public_decrypt.3 \
+        RSA_public_encrypt.3 RSA_private_decrypt.3 \
+        RSA_set_method.3 RSA_PKCS1_RSAref.3 \
+        RSA_set_method.3 RSA_PKCS1_SSLeay.3 \
+        RSA_set_method.3 RSA_flags.3 \
+        RSA_set_method.3 RSA_get_default_method.3 \
+        RSA_set_method.3 RSA_get_default_openssl_method.3 \
+        RSA_set_method.3 RSA_get_method.3 \
+        RSA_set_method.3 RSA_new_method.3 \
+        RSA_set_method.3 RSA_null_method.3 \
+        RSA_set_method.3 RSA_set_default_method.3 \
+        RSA_set_method.3 RSA_set_default_openssl_method.3 \
+        RSA_sign.3 RSA_verify.3 \
+        RSA_sign_ASN1_OCTET_STRING.3 RSA_verify_ASN1_OCTET_STRING.3 \
+        SHA1.3 SHA1_Final.3 \
+        SHA1.3 SHA1_Init.3 \
+        SHA1.3 SHA1_Update.3 \
+        SSL_CIPHER_get_name.3 SSL_CIPHER_description.3 \
+        SSL_CIPHER_get_name.3 SSL_CIPHER_get_bits.3 \
+        SSL_CIPHER_get_name.3 SSL_CIPHER_get_version.3 \
+        SSL_CTX_add_session.3 SSL_CTX_remove_session.3 \
+        SSL_CTX_add_session.3 SSL_add_session.3 \
+        SSL_CTX_add_session.3 SSL_remove_session.3 \
+        SSL_CTX_ctrl.3 SSL_CTX_callback_ctrl.3 \
+        SSL_CTX_ctrl.3 SSL_callback_ctrl.3 \
+        SSL_CTX_ctrl.3 SSL_ctrl.3 \
+        SSL_CTX_flush_sessions.3 SSL_flush_sessions.3 \
+        SSL_CTX_get_ex_new_index.3 SSL_CTX_get_ex_data.3 \
+        SSL_CTX_get_ex_new_index.3 SSL_CTX_set_ex_data.3 \
+        SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_callback.3 \
+        SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_depth.3 \
+        SSL_CTX_get_verify_mode.3 SSL_get_verify_callback.3 \
+        SSL_CTX_get_verify_mode.3 SSL_get_verify_depth.3 \
+        SSL_CTX_get_verify_mode.3 SSL_get_verify_mode.3 \
+        SSL_CTX_sess_number.3 SSL_CTX_sess_accept.3 \
+        SSL_CTX_sess_number.3 SSL_CTX_sess_accept_good.3 \
+        SSL_CTX_sess_number.3 SSL_CTX_sess_accept_renegotiate.3 \
+        SSL_CTX_sess_number.3 SSL_CTX_sess_cache_full.3 \
+        SSL_CTX_sess_number.3 SSL_CTX_sess_cb_hits.3 \
+        SSL_CTX_sess_number.3 SSL_CTX_sess_connect.3 \
+        SSL_CTX_sess_number.3 SSL_CTX_sess_connect_good.3 \
+        SSL_CTX_sess_number.3 SSL_CTX_sess_connect_renegotiate.3 \
+        SSL_CTX_sess_number.3 SSL_CTX_sess_hits.3 \
+        SSL_CTX_sess_number.3 SSL_CTX_sess_misses.3 \
+        SSL_CTX_sess_number.3 SSL_CTX_sess_timeouts.3 \
+        SSL_CTX_sess_set_cache_size.3 SSL_CTX_sess_get_cache_size.3 \
+        SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_get_cb.3 \
+        SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_new_cb.3 \
+        SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_remove_cb.3 \
+        SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_new_cb.3 \
+        SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_remove.3 \
+        SSL_CTX_set_cert_store.3 SSL_CTX_get_cert_store.3 \
+        SSL_CTX_set_cipher_list.3 SSL_set_cipher_list.3 \
+        SSL_CTX_set_client_CA_list.3 SSL_CTX_add_client_CA.3 \
+        SSL_CTX_set_client_CA_list.3 SSL_add_client_CA.3 \
+        SSL_CTX_set_client_CA_list.3 SSL_set_client_CA_list.3 \
+        SSL_CTX_set_default_passwd_cb.3 \
+        SSL_CTX_set_default_passwd_cb_userdata.3 \
+        SSL_CTX_set_max_cert_list.3 SSL_CTX_get_max_cert_list.3 \
+        SSL_CTX_set_max_cert_list.3 SSL_get_max_cert_list.3 \
+        SSL_CTX_set_max_cert_list.3 SSL_set_max_cert_list.3 \
+        SSL_CTX_set_mode.3 SSL_CTX_get_mode.3 \
+        SSL_CTX_set_mode.3 SSL_get_mode.3 \
+        SSL_CTX_set_mode.3 SSL_set_mode.3 \
+        SSL_CTX_set_msg_callback.3 SSL_CTX_set_msg_callback_arg.3 \
+        SSL_CTX_set_msg_callback.3 SSL_set_msg_callback.3 \
+        SSL_CTX_set_msg_callback.3 SSL_set_msg_callback_arg.3 \
+        SSL_CTX_set_options.3 SSL_CTX_get_options.3 \
+        SSL_CTX_set_options.3 SSL_get_options.3 \
+        SSL_CTX_set_options.3 SSL_set_options.3 \
+        SSL_CTX_set_quiet_shutdown.3 SSL_CTX_get_quiet_shutdown.3 \
+        SSL_CTX_set_quiet_shutdown.3 SSL_get_quiet_shutdown.3 \
+        SSL_CTX_set_quiet_shutdown.3 SSL_set_quiet_shutdown.3 \
+        SSL_CTX_set_session_cache_mode.3 SSL_CTX_get_session_cache_mode.3 \
+        SSL_CTX_set_session_id_context.3 SSL_set_session_id_context.3 \
+        SSL_CTX_set_ssl_version.3 SSL_get_ssl_method.3 \
+        SSL_CTX_set_ssl_version.3 SSL_set_ssl_method.3 \
+        SSL_CTX_set_timeout.3 SSL_CTX_get_timeout.3 \
+        SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_dh.3 \
+        SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh.3 \
+        SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh_callback.3 \
+        SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_need_tmp_rsa.3 \
+        SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_tmp_rsa.3 \
+        SSL_CTX_set_tmp_rsa_callback.3 SSL_need_tmp_rsa.3 \
+        SSL_CTX_set_tmp_rsa_callback.3 SSL_set_tmp_rsa.3 \
+        SSL_CTX_set_tmp_rsa_callback.3 SSL_set_tmp_rsa_callback.3 \
+        SSL_CTX_set_verify.3 SSL_CTX_set_verify_depth.3 \
+        SSL_CTX_set_verify.3 SSL_set_verify.3 \
+        SSL_CTX_set_verify.3 SSL_set_verify_depth.3 \
+        SSL_CTX_use_certificate.3 SSL_CTX_check_private_key.3 \
+        SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey.3 \
+        SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_ASN1.3 \
+        SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_file.3 \
+        SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey.3 \
+        SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey_ASN1.3 \
+        SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey_file.3 \
+        SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_ASN1.3 \
+        SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_chain_file.3 \
+        SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_file.3 \
+        SSL_CTX_use_certificate.3 SSL_check_private_key.3 \
+        SSL_CTX_use_certificate.3 SSL_use_PrivateKey.3 \
+        SSL_CTX_use_certificate.3 SSL_use_PrivateKey_ASN1.3 \
+        SSL_CTX_use_certificate.3 SSL_use_PrivateKey_file.3 \
+        SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey.3 \
+        SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_ASN1.3 \
+        SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_file.3 \
+        SSL_CTX_use_certificate.3 SSL_use_certificate.3 \
+        SSL_CTX_use_certificate.3 SSL_use_certificate_ASN1.3 \
+        SSL_CTX_use_certificate.3 SSL_use_certificate_file.3 \
+        SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_ex_data.3 \
+        SSL_SESSION_get_ex_new_index.3 SSL_SESSION_set_ex_data.3 \
+        SSL_SESSION_get_time.3 SSL_SESSION_get_timeout.3 \
+        SSL_SESSION_get_time.3 SSL_SESSION_set_time.3 \
+        SSL_SESSION_get_time.3 SSL_SESSION_set_timeout.3 \
+        SSL_SESSION_get_time.3 SSL_get_time.3 \
+        SSL_SESSION_get_time.3 SSL_get_timeout.3 \
+        SSL_SESSION_get_time.3 SSL_set_time.3 \
+        SSL_SESSION_get_time.3 SSL_set_timeout.3 \
+        SSL_alert_type_string.3 SSL_alert_desc_string.3 \
+        SSL_alert_type_string.3 SSL_alert_desc_string_long.3 \
+        SSL_alert_type_string.3 SSL_alert_type_string_long.3 \
+        SSL_get_ciphers.3 SSL_get_cipher_list.3 \
+        SSL_get_client_CA_list.3 SSL_CTX_get_client_CA_list.3 \
+        SSL_get_current_cipher.3 SSL_get_cipher.3 \
+        SSL_get_current_cipher.3 SSL_get_cipher_bits.3 \
+        SSL_get_current_cipher.3 SSL_get_cipher_name.3 \
+        SSL_get_current_cipher.3 SSL_get_cipher_version.3 \
+        SSL_get_ex_new_index.3 SSL_get_ex_data.3 \
+        SSL_get_ex_new_index.3 SSL_set_ex_data.3 \
+        SSL_get_fd.3 SSL_get_rfd.3 \
+        SSL_get_fd.3 SSL_get_wfd.3 \
+        SSL_get_rbio.3 SSL_get_wbio.3 \
+        SSL_get_session.3 SSL_get0_session.3 \
+        SSL_get_session.3 SSL_get1_session.3 \
+        SSL_library_init.3 OpenSSL_add_ssl_algorithms.3 \
+        SSL_library_init.3 SSLeay_add_ssl_algorithms.3 \
+        SSL_rstate_string.3 SSL_rstate_string_long.3 \
+        SSL_set_connect_state.3 SSL_set_accept_state.3 \
+        SSL_set_fd.3 SSL_set_rfd.3 \
+        SSL_set_fd.3 SSL_set_wfd.3 \
+        SSL_set_shutdown.3 SSL_get_shutdown.3 \
+        SSL_state_string.3 SSL_state_string_long.3 \
+        SSL_want.3 SSL_want_nothing.3 \
+        SSL_want.3 SSL_want_read.3 \
+        SSL_want.3 SSL_want_write.3 \
+        SSL_want.3 SSL_want_x509_lookup.3 \
+        blowfish.3 BF_cbc.3 \
+        blowfish.3 BF_cbc_encrypt.3 \
+        blowfish.3 BF_cfb64_encrypt.3 \
+        blowfish.3 BF_decrypt.3 \
+        blowfish.3 BF_ecb.3 \
+        blowfish.3 BF_ecb_encrypt.3 \
+        blowfish.3 BF_encrypt.3 \
+        blowfish.3 BF_ofb64_encrypt.3 \
+        blowfish.3 BF_options.3 \
+        blowfish.3 BF_set_key.3 \
+        bn_internal.3 bn_add_words.3 \
+        bn_internal.3 bn_check_top.3 \
+        bn_internal.3 bn_cmp_words.3 \
+        bn_internal.3 bn_div_words.3 \
+        bn_internal.3 bn_dump.3 \
+        bn_internal.3 bn_expand.3 \
+        bn_internal.3 bn_expand2.3 \
+        bn_internal.3 bn_fix_top.3 \
+        bn_internal.3 bn_mul_add_words.3 \
+        bn_internal.3 bn_mul_comba4.3 \
+        bn_internal.3 bn_mul_comba8.3 \
+        bn_internal.3 bn_mul_high.3 \
+        bn_internal.3 bn_mul_low_normal.3 \
+        bn_internal.3 bn_mul_low_recursive.3 \
+        bn_internal.3 bn_mul_normal.3 \
+        bn_internal.3 bn_mul_part_recursive.3 \
+        bn_internal.3 bn_mul_recursive.3 \
+        bn_internal.3 bn_mul_words.3 \
+        bn_internal.3 bn_print.3 \
+        bn_internal.3 bn_set_high.3 \
+        bn_internal.3 bn_set_low.3 \
+        bn_internal.3 bn_set_max.3 \
+        bn_internal.3 bn_sqr_comba4.3 \
+        bn_internal.3 bn_sqr_comba8.3 \
+        bn_internal.3 bn_sqr_normal.3 \
+        bn_internal.3 bn_sqr_recursive.3 \
+        bn_internal.3 bn_sqr_words.3 \
+        bn_internal.3 bn_sub_words.3 \
+        bn_internal.3 bn_wexpand.3 \
+        bn_internal.3 mul.3 \
+        bn_internal.3 mul_add.3 \
+        bn_internal.3 sqr.3 \
+        d2i_DHparams.3 i2d_DHparams.3 \
+        d2i_RSAPublicKey.3 d2i_Netscape_RSA.3 \
+        d2i_RSAPublicKey.3 d2i_RSAPrivateKey.3 \
+        d2i_RSAPublicKey.3 i2d_Netscape_RSA.3 \
+        d2i_RSAPublicKey.3 i2d_RSAPrivateKey.3 \
+        d2i_RSAPublicKey.3 i2d_RSAPublicKey.3 \
+        d2i_SSL_SESSION.3 i2d_SSL_SESSION.3 \
+        des_crypt.3 des_string_to_2keys.3 \
+        des_random_key.3 des_cbc_cksum.3 \
+        des_random_key.3 des_cfb64_encrypt.3 \
+        des_random_key.3 des_cfb_encrypt.3 \
+        des_random_key.3 des_crypt.3 \
+        des_random_key.3 des_ecb2_encrypt.3 \
+        des_random_key.3 des_ecb3_encrypt.3 \
+        des_random_key.3 des_ecb_encrypt.3 \
+        des_random_key.3 des_ede2_cbc_encrypt.3 \
+        des_random_key.3 des_ede2_cfb64_encrypt.3 \
+        des_random_key.3 des_ede2_ofb64_encrypt.3 \
+        des_random_key.3 des_ede3_cbc_encrypt.3 \
+        des_random_key.3 des_ede3_cbcm_encrypt.3 \
+        des_random_key.3 des_ede3_cfb64_encrypt.3 \
+        des_random_key.3 des_ede3_ofb64_encrypt.3 \
+        des_random_key.3 des_enc_read.3 \
+        des_random_key.3 des_enc_write.3 \
+        des_random_key.3 des_fcrypt.3 \
+        des_random_key.3 des_is_weak_key.3 \
+        des_random_key.3 des_key_sched.3 \
+        des_random_key.3 des_ncbc_encrypt.3 \
+        des_random_key.3 des_ofb64_encrypt.3 \
+        des_random_key.3 des_ofb_encrypt.3 \
+        des_random_key.3 des_pcbc_encrypt.3 \
+        des_random_key.3 des_quad_cksum.3 \
+        des_random_key.3 des_read_2passwords.3 \
+        des_random_key.3 des_read_password.3 \
+        des_random_key.3 des_read_pw_string.3 \
+        des_random_key.3 des_set_key.3 \
+        des_random_key.3 des_set_key_checked.3 \
+        des_random_key.3 des_set_key_unchecked.3 \
+        des_random_key.3 des_set_odd_parity.3 \
+        des_random_key.3 des_string_to_2keys.3 \
+        des_random_key.3 des_string_to_key.3 \
+        des_random_key.3 des_xcbc_encrypt.3 \
+        dsa.3 DSA_OpenSSL.3 \
+        dsa.3 DSA_SIG_free.3 \
+        dsa.3 DSA_do_verify.3 \
+        dsa.3 DSA_free.3 \
+        dsa.3 DSA_get_default_method.3 \
+        dsa.3 DSA_get_ex_data.3 \
+        dsa.3 DSA_new_method.3 \
+        dsa.3 DSA_set_default_method.3 \
+        dsa.3 DSA_set_ex_data.3 \
+        dsa.3 DSA_sign_setup.3 \
+        dsa.3 DSA_verify.3 \
+        dsa.3 d2i_DSAPrivateKey.3 \
+        dsa.3 d2i_DSAPublicKey.3 \
+        dsa.3 d2i_DSA_SIG.3 \
+        dsa.3 d2i_DSAparams.3 \
+        dsa.3 i2d_DSAPrivateKey.3 \
+        dsa.3 i2d_DSAPublicKey.3 \
+        dsa.3 i2d_DSA_SIG.3 \
+        dsa.3 i2d_DSAparams.3 \
+        lh_stats.3 lh_node_stats.3 \
+        lh_stats.3 lh_node_stats_bio.3 \
+        lh_stats.3 lh_node_usage_stats.3 \
+        lh_stats.3 lh_node_usage_stats_bio.3 \
+        lh_stats.3 lh_stats_bio.3 \
+        lhash.3 lh_delete.3 \
+        lhash.3 lh_doall.3 \
+        lhash.3 lh_doall_arg.3 \
+        lhash.3 lh_error.3 \
+        lhash.3 lh_free.3 \
+        lhash.3 lh_insert.3 \
+        lhash.3 lh_new.3 \
+        lhash.3 lh_retrieve.3
+
+.include <bsd.man.mk>
+.else
+maninstall:
+
+.endif
+
+# XXX .PATH order is critical because of non-unique filenames
+.PATH: ${.CURDIR}/../src/doc/crypto ${.CURDIR}/../src/doc/ssl ${.CURDIR}/../src/doc/apps
+.SUFFIXES: .pod
+.pod.cat3:
+        ( cd `dirname ${.ALLSRC}` && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          `basename ${.ALLSRC}` ) | nroff -Tascii -man > ${.TARGET}
+.pod.cat7:
+        ( cd `dirname ${.ALLSRC}` && pod2man --section=7 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          `basename ${.ALLSRC}` ) | nroff -Tascii -man > ${.TARGET}
+.pod.cat1:
+        ( cd `dirname ${.ALLSRC}` && pod2man --section=1 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          `basename ${.ALLSRC}` ) | nroff -Tascii -man > ${.TARGET}
+
+.pod.ps3:
+        ( cd `dirname ${.ALLSRC}` && pod2man --section=3 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          `basename ${.ALLSRC}` ) | nroff -Tps -man > ${.TARGET}
+.pod.ps7:
+        ( cd `dirname ${.ALLSRC}` && pod2man --section=7 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          `basename ${.ALLSRC}` ) | nroff -Tps -man > ${.TARGET}
+.pod.ps1:
+        ( cd `dirname ${.ALLSRC}` && pod2man --section=1 --official \
+          --center='OpenSSL' --release="OpenBSD `uname -r`" \
+          `basename ${.ALLSRC}` ) | nroff -Tps -man > ${.TARGET}
+
+.include <bsd.obj.mk>
+.include <bsd.subdir.mk>
+
+CLEANFILES+=\
+        BUF_MEM_new.pm \
+        CRYPTO_set_locking_callback.pm \
+        HMAC.pm \
+        RC4.pm \
+        RIPEMD160.pm \
+        SHA1.pm \
+        des_random_key.pm \
+        MD5.pm \
+
+clean cleandir:
+        rm -f ${CLEANFILES}
diff --git a/src/lib/libssl/openssl.cnf b/src/lib/libssl/openssl.cnf
new file mode 100644
index 0000000000..bb97b155b8
--- /dev/null
+++ b/src/lib/libssl/openssl.cnf
@@ -0,0 +1,65 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE                = /dev/arandom
+
+####################################################################
+[ req ]
+default_bits            = 1024
+default_keyfile         = privkey.pem
+distinguished_name      = req_distinguished_name
+attributes              = req_attributes
+
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+#countryName_default            = AU
+countryName_min                 = 2
+countryName_max                 = 2
+
+stateOrProvinceName             = State or Province Name (full name)
+#stateOrProvinceName_default    = Some-State
+
+localityName                    = Locality Name (eg, city)
+
+0.organizationName              = Organization Name (eg, company)
+#0.organizationName_default     = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName             = Second Organization Name (eg, company)
+#1.organizationName_default     = CryptSoft Pty Ltd
+
+organizationalUnitName          = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName                      = Common Name (eg, fully qualified host name)
+commonName_max                  = 64
+
+emailAddress                    = Email Address
+emailAddress_max                = 64
+
+[ req_attributes ]
+challengePassword               = A challenge password
+challengePassword_min           = 4
+challengePassword_max           = 20
+
+unstructuredName                = An optional company name
+
+[ x509v3_extensions ]
+
+nsCaRevocationUrl               = http://www.cryptsoft.com/ca-crl.pem
+nsComment                       = "This is a comment"
+
+# under ASN.1, the 0 bit would be encoded as 80
+nsCertType                      = 0x40
+
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+#nsCertSequence
+#nsCertExt
+#nsDataType
+
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
new file mode 100644
index 0000000000..64ee4269ec
--- /dev/null
+++ b/src/lib/libssl/s23_clnt.c
@@ -0,0 +1,490 @@
+/* ssl/s23_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+
+static SSL_METHOD *ssl23_get_client_method(int ver);
+static int ssl23_client_hello(SSL *s);
+static int ssl23_get_server_hello(SSL *s);
+static SSL_METHOD *ssl23_get_client_method(int ver)
+        {
+#ifndef OPENSSL_NO_SSL2
+        if (ver == SSL2_VERSION)
+                return(SSLv2_client_method());
+#endif
+        if (ver == SSL3_VERSION)
+                return(SSLv3_client_method());
+        else if (ver == TLS1_VERSION)
+                return(TLSv1_client_method());
+        else
+                return(NULL);
+        }
+
+SSL_METHOD *SSLv23_client_method(void)
+        {
+        static int init=1;
+        static SSL_METHOD SSLv23_client_data;
+
+        if (init)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&SSLv23_client_data,
+                                (char *)sslv23_base_method(),sizeof(SSL_METHOD));
+                        SSLv23_client_data.ssl_connect=ssl23_connect;
+                        SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+                        init=0;
+                        }
+
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+                }
+        return(&SSLv23_client_data);
+        }
+
+int ssl23_connect(SSL *s)
+        {
+        BUF_MEM *buf=NULL;
+        unsigned long Time=time(NULL);
+        void (*cb)(const SSL *ssl,int type,int val)=NULL;
+        int ret= -1;
+        int new_state,state;
+
+        RAND_add(&Time,sizeof(Time),0);
+        ERR_clear_error();
+        clear_sys_error();
+
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+        
+        s->in_handshake++;
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+
+        for (;;)
+                {
+                state=s->state;
+
+                switch(s->state)
+                        {
+                case SSL_ST_BEFORE:
+                case SSL_ST_CONNECT:
+                case SSL_ST_BEFORE|SSL_ST_CONNECT:
+                case SSL_ST_OK|SSL_ST_CONNECT:
+
+                        if (s->session != NULL)
+                                {
+                                SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
+                                ret= -1;
+                                goto end;
+                                }
+                        s->server=0;
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+                        /* s->version=TLS1_VERSION; */
+                        s->type=SSL_ST_CONNECT;
+
+                        if (s->init_buf == NULL)
+                                {
+                                if ((buf=BUF_MEM_new()) == NULL)
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                s->init_buf=buf;
+                                buf=NULL;
+                                }
+
+                        if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+
+                        ssl3_init_finished_mac(s);
+
+                        s->state=SSL23_ST_CW_CLNT_HELLO_A;
+                        s->ctx->stats.sess_connect++;
+                        s->init_num=0;
+                        break;
+
+                case SSL23_ST_CW_CLNT_HELLO_A:
+                case SSL23_ST_CW_CLNT_HELLO_B:
+
+                        s->shutdown=0;
+                        ret=ssl23_client_hello(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL23_ST_CR_SRVR_HELLO_A;
+                        s->init_num=0;
+
+                        break;
+
+                case SSL23_ST_CR_SRVR_HELLO_A:
+                case SSL23_ST_CR_SRVR_HELLO_B:
+                        ret=ssl23_get_server_hello(s);
+                        if (ret >= 0) cb=NULL;
+                        goto end;
+                        /* break; */
+
+                default:
+                        SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
+                        ret= -1;
+                        goto end;
+                        /* break; */
+                        }
+
+                if (s->debug) { (void)BIO_flush(s->wbio); }
+
+                if ((cb != NULL) && (s->state != state))
+                        {
+                        new_state=s->state;
+                        s->state=state;
+                        cb(s,SSL_CB_CONNECT_LOOP,1);
+                        s->state=new_state;
+                        }
+                }
+end:
+        s->in_handshake--;
+        if (buf != NULL)
+                BUF_MEM_free(buf);
+        if (cb != NULL)
+                cb(s,SSL_CB_CONNECT_EXIT,ret);
+        return(ret);
+        }
+
+
+static int ssl23_client_hello(SSL *s)
+        {
+        unsigned char *buf;
+        unsigned char *p,*d;
+        int i,ch_len;
+        int ret;
+
+        buf=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+                {
+#if 0
+                /* don't reuse session-id's */
+                if (!ssl_get_new_session(s,0))
+                        {
+                        return(-1);
+                        }
+#endif
+
+                p=s->s3->client_random;
+                RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
+
+                /* Do the message type and length last */
+                d= &(buf[2]);
+                p=d+9;
+
+                *(d++)=SSL2_MT_CLIENT_HELLO;
+                if (!(s->options & SSL_OP_NO_TLSv1))
+                        {
+                        *(d++)=TLS1_VERSION_MAJOR;
+                        *(d++)=TLS1_VERSION_MINOR;
+                        s->client_version=TLS1_VERSION;
+                        }
+                else if (!(s->options & SSL_OP_NO_SSLv3))
+                        {
+                        *(d++)=SSL3_VERSION_MAJOR;
+                        *(d++)=SSL3_VERSION_MINOR;
+                        s->client_version=SSL3_VERSION;
+                        }
+                else if (!(s->options & SSL_OP_NO_SSLv2))
+                        {
+                        *(d++)=SSL2_VERSION_MAJOR;
+                        *(d++)=SSL2_VERSION_MINOR;
+                        s->client_version=SSL2_VERSION;
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
+                        return(-1);
+                        }
+
+                /* Ciphers supported */
+                i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p);
+                if (i == 0)
+                        {
+                        /* no ciphers */
+                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+                        return(-1);
+                        }
+                s2n(i,d);
+                p+=i;
+
+                /* put in the session-id, zero since there is no
+                 * reuse. */
+#if 0
+                s->session->session_id_length=0;
+#endif
+                s2n(0,d);
+
+                if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+                        ch_len=SSL2_CHALLENGE_LENGTH;
+                else
+                        ch_len=SSL2_MAX_CHALLENGE_LENGTH;
+
+                /* write out sslv2 challenge */
+                if (SSL3_RANDOM_SIZE < ch_len)
+                        i=SSL3_RANDOM_SIZE;
+                else
+                        i=ch_len;
+                s2n(i,d);
+                memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
+                RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+                memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+                p+=i;
+
+                i= p- &(buf[2]);
+                buf[0]=((i>>8)&0xff)|0x80;
+                buf[1]=(i&0xff);
+
+                s->state=SSL23_ST_CW_CLNT_HELLO_B;
+                /* number of bytes to write */
+                s->init_num=i+2;
+                s->init_off=0;
+
+                ssl3_finish_mac(s,&(buf[2]),i);
+                }
+
+        /* SSL3_ST_CW_CLNT_HELLO_B */
+        ret = ssl23_write_bytes(s);
+        if (ret >= 2)
+                if (s->msg_callback)
+                        s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
+        return ret;
+        }
+
+static int ssl23_get_server_hello(SSL *s)
+        {
+        char buf[8];
+        unsigned char *p;
+        int i;
+        int n;
+
+        n=ssl23_read_bytes(s,7);
+
+        if (n != 7) return(n);
+        p=s->packet;
+
+        memcpy(buf,p,n);
+
+        if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
+                (p[5] == 0x00) && (p[6] == 0x02))
+                {
+#ifdef OPENSSL_NO_SSL2
+                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+                goto err;
+#else
+                /* we are talking sslv2 */
+                /* we need to clean up the SSLv3 setup and put in the
+                 * sslv2 stuff. */
+                int ch_len;
+
+                if (s->options & SSL_OP_NO_SSLv2)
+                        {
+                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+                        goto err;
+                        }
+                if (s->s2 == NULL)
+                        {
+                        if (!ssl2_new(s))
+                                goto err;
+                        }
+                else
+                        ssl2_clear(s);
+
+                if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+                        ch_len=SSL2_CHALLENGE_LENGTH;
+                else
+                        ch_len=SSL2_MAX_CHALLENGE_LENGTH;
+
+                /* write out sslv2 challenge */
+                i=(SSL3_RANDOM_SIZE < ch_len)
+                        ?SSL3_RANDOM_SIZE:ch_len;
+                s->s2->challenge_length=i;
+                memcpy(s->s2->challenge,
+                        &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+
+                if (s->s3 != NULL) ssl3_free(s);
+
+                if (!BUF_MEM_grow_clean(s->init_buf,
+                        SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+                        {
+                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
+                        goto err;
+                        }
+
+                s->state=SSL2_ST_GET_SERVER_HELLO_A;
+                if (!(s->client_version == SSL2_VERSION))
+                        /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
+                        s->s2->ssl2_rollback=1;
+
+                /* setup the 5 bytes we have read so we get them from
+                 * the sslv2 buffer */
+                s->rstate=SSL_ST_READ_HEADER;
+                s->packet_length=n;
+                s->packet= &(s->s2->rbuf[0]);
+                memcpy(s->packet,buf,n);
+                s->s2->rbuf_left=n;
+                s->s2->rbuf_offs=0;
+
+                /* we have already written one */
+                s->s2->write_sequence=1;
+
+                s->method=SSLv2_client_method();
+                s->handshake_func=s->method->ssl_connect;
+#endif
+                }
+        else if ((p[0] == SSL3_RT_HANDSHAKE) &&
+                 (p[1] == SSL3_VERSION_MAJOR) &&
+                 ((p[2] == SSL3_VERSION_MINOR) ||
+                  (p[2] == TLS1_VERSION_MINOR)) &&
+                 (p[5] == SSL3_MT_SERVER_HELLO))
+                {
+                /* we have sslv3 or tls1 */
+
+                if (!ssl_init_wbio_buffer(s,1)) goto err;
+
+                /* we are in this state */
+                s->state=SSL3_ST_CR_SRVR_HELLO_A;
+
+                /* put the 5 bytes we have read into the input buffer
+                 * for SSLv3 */
+                s->rstate=SSL_ST_READ_HEADER;
+                s->packet_length=n;
+                s->packet= &(s->s3->rbuf.buf[0]);
+                memcpy(s->packet,buf,n);
+                s->s3->rbuf.left=n;
+                s->s3->rbuf.offset=0;
+
+                if ((p[2] == SSL3_VERSION_MINOR) &&
+                        !(s->options & SSL_OP_NO_SSLv3))
+                        {
+                        s->version=SSL3_VERSION;
+                        s->method=SSLv3_client_method();
+                        }
+                else if ((p[2] == TLS1_VERSION_MINOR) &&
+                        !(s->options & SSL_OP_NO_TLSv1))
+                        {
+                        s->version=TLS1_VERSION;
+                        s->method=TLSv1_client_method();
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+                        goto err;
+                        }
+                        
+                s->handshake_func=s->method->ssl_connect;
+                }
+        else if ((p[0] == SSL3_RT_ALERT) &&
+                 (p[1] == SSL3_VERSION_MAJOR) &&
+                 ((p[2] == SSL3_VERSION_MINOR) ||
+                  (p[2] == TLS1_VERSION_MINOR)) &&
+                 (p[3] == 0) &&
+                 (p[4] == 2))
+                {
+                void (*cb)(const SSL *ssl,int type,int val)=NULL;
+                int j;
+
+                /* An alert */
+                if (s->info_callback != NULL)
+                        cb=s->info_callback;
+                else if (s->ctx->info_callback != NULL)
+                        cb=s->ctx->info_callback;
+ 
+                i=p[5];
+                if (cb != NULL)
+                        {
+                        j=(i<<8)|p[6];
+                        cb(s,SSL_CB_READ_ALERT,j);
+                        }
+
+                s->rwstate=SSL_NOTHING;
+                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
+                goto err;
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
+                goto err;
+                }
+        s->init_num=0;
+
+        /* Since, if we are sending a ssl23 client hello, we are not
+         * reusing a session-id */
+        if (!ssl_get_new_session(s,0))
+                goto err;
+
+        s->first_packet=1;
+        return(SSL_connect(s));
+err:
+        return(-1);
+        }
+
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
new file mode 100644
index 0000000000..b70002a647
--- /dev/null
+++ b/src/lib/libssl/s23_lib.c
@@ -0,0 +1,236 @@
+/* ssl/s23_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+static int ssl23_num_ciphers(void );
+static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+static int ssl23_read(SSL *s, void *buf, int len);
+static int ssl23_peek(SSL *s, void *buf, int len);
+static int ssl23_write(SSL *s, const void *buf, int len);
+static long ssl23_default_timeout(void );
+static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
+
+static SSL_METHOD SSLv23_data= {
+        TLS1_VERSION,
+        tls1_new,
+        tls1_clear,
+        tls1_free,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl23_read,
+        ssl23_peek,
+        ssl23_write,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl_ok,
+        ssl3_ctrl,
+        ssl3_ctx_ctrl,
+        ssl23_get_cipher_by_char,
+        ssl23_put_cipher_by_char,
+        ssl_undefined_function,
+        ssl23_num_ciphers,
+        ssl23_get_cipher,
+        ssl_bad_method,
+        ssl23_default_timeout,
+        &ssl3_undef_enc_method,
+        ssl_undefined_function,
+        ssl3_callback_ctrl,
+        ssl3_ctx_callback_ctrl,
+        };
+
+static long ssl23_default_timeout(void)
+        {
+        return(300);
+        }
+
+SSL_METHOD *sslv23_base_method(void)
+        {
+        return(&SSLv23_data);
+        }
+
+static int ssl23_num_ciphers(void)
+        {
+        return(ssl3_num_ciphers()
+#ifndef OPENSSL_NO_SSL2
+               + ssl2_num_ciphers()
+#endif
+            );
+        }
+
+static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
+        {
+        unsigned int uu=ssl3_num_ciphers();
+
+        if (u < uu)
+                return(ssl3_get_cipher(u));
+        else
+#ifndef OPENSSL_NO_SSL2
+                return(ssl2_get_cipher(u-uu));
+#else
+                return(NULL);
+#endif
+        }
+
+/* This function needs to check if the ciphers required are actually
+ * available */
+static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
+        {
+        SSL_CIPHER c,*cp;
+        unsigned long id;
+        int n;
+
+        n=ssl3_num_ciphers();
+        id=0x03000000|((unsigned long)p[0]<<16L)|
+                ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
+        c.id=id;
+        cp=ssl3_get_cipher_by_char(p);
+#ifndef OPENSSL_NO_SSL2
+        if (cp == NULL)
+                cp=ssl2_get_cipher_by_char(p);
+#endif
+        return(cp);
+        }
+
+static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+        {
+        long l;
+
+        /* We can write SSLv2 and SSLv3 ciphers */
+        if (p != NULL)
+                {
+                l=c->id;
+                p[0]=((unsigned char)(l>>16L))&0xFF;
+                p[1]=((unsigned char)(l>> 8L))&0xFF;
+                p[2]=((unsigned char)(l     ))&0xFF;
+                }
+        return(3);
+        }
+
+static int ssl23_read(SSL *s, void *buf, int len)
+        {
+        int n;
+
+        clear_sys_error();
+        if (SSL_in_init(s) && (!s->in_handshake))
+                {
+                n=s->handshake_func(s);
+                if (n < 0) return(n);
+                if (n == 0)
+                        {
+                        SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+                return(SSL_read(s,buf,len));
+                }
+        else
+                {
+                ssl_undefined_function(s);
+                return(-1);
+                }
+        }
+
+static int ssl23_peek(SSL *s, void *buf, int len)
+        {
+        int n;
+
+        clear_sys_error();
+        if (SSL_in_init(s) && (!s->in_handshake))
+                {
+                n=s->handshake_func(s);
+                if (n < 0) return(n);
+                if (n == 0)
+                        {
+                        SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+                return(SSL_peek(s,buf,len));
+                }
+        else
+                {
+                ssl_undefined_function(s);
+                return(-1);
+                }
+        }
+
+static int ssl23_write(SSL *s, const void *buf, int len)
+        {
+        int n;
+
+        clear_sys_error();
+        if (SSL_in_init(s) && (!s->in_handshake))
+                {
+                n=s->handshake_func(s);
+                if (n < 0) return(n);
+                if (n == 0)
+                        {
+                        SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+                return(SSL_write(s,buf,len));
+                }
+        else
+                {
+                ssl_undefined_function(s);
+                return(-1);
+                }
+        }
diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c
new file mode 100644
index 0000000000..4ca6a1b258
--- /dev/null
+++ b/src/lib/libssl/s23_pkt.c
@@ -0,0 +1,117 @@
+/* ssl/s23_pkt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+
+int ssl23_write_bytes(SSL *s)
+        {
+        int i,num,tot;
+        char *buf;
+
+        buf=s->init_buf->data;
+        tot=s->init_off;
+        num=s->init_num;
+        for (;;)
+                {
+                s->rwstate=SSL_WRITING;
+                i=BIO_write(s->wbio,&(buf[tot]),num);
+                if (i <= 0)
+                        {
+                        s->init_off=tot;
+                        s->init_num=num;
+                        return(i);
+                        }
+                s->rwstate=SSL_NOTHING;
+                if (i == num) return(tot+i);
+
+                num-=i;
+                tot+=i;
+                }
+        }
+
+/* return regularly only when we have read (at least) 'n' bytes */
+int ssl23_read_bytes(SSL *s, int n)
+        {
+        unsigned char *p;
+        int j;
+
+        if (s->packet_length < (unsigned int)n)
+                {
+                p=s->packet;
+
+                for (;;)
+                        {
+                        s->rwstate=SSL_READING;
+                        j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
+                                n-s->packet_length);
+                        if (j <= 0)
+                                return(j);
+                        s->rwstate=SSL_NOTHING;
+                        s->packet_length+=j;
+                        if (s->packet_length >= (unsigned int)n)
+                                return(s->packet_length);
+                        }
+                }
+        return(n);
+        }
+
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
new file mode 100644
index 0000000000..c5404ca0bc
--- /dev/null
+++ b/src/lib/libssl/s23_srvr.c
@@ -0,0 +1,596 @@
+/* ssl/s23_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+
+static SSL_METHOD *ssl23_get_server_method(int ver);
+int ssl23_get_client_hello(SSL *s);
+static SSL_METHOD *ssl23_get_server_method(int ver)
+        {
+#ifndef OPENSSL_NO_SSL2
+        if (ver == SSL2_VERSION)
+                return(SSLv2_server_method());
+#endif
+        if (ver == SSL3_VERSION)
+                return(SSLv3_server_method());
+        else if (ver == TLS1_VERSION)
+                return(TLSv1_server_method());
+        else
+                return(NULL);
+        }
+
+SSL_METHOD *SSLv23_server_method(void)
+        {
+        static int init=1;
+        static SSL_METHOD SSLv23_server_data;
+
+        if (init)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&SSLv23_server_data,
+                                (char *)sslv23_base_method(),sizeof(SSL_METHOD));
+                        SSLv23_server_data.ssl_accept=ssl23_accept;
+                        SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+                        init=0;
+                        }
+
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+                }
+        return(&SSLv23_server_data);
+        }
+
+int ssl23_accept(SSL *s)
+        {
+        BUF_MEM *buf;
+        unsigned long Time=time(NULL);
+        void (*cb)(const SSL *ssl,int type,int val)=NULL;
+        int ret= -1;
+        int new_state,state;
+
+        RAND_add(&Time,sizeof(Time),0);
+        ERR_clear_error();
+        clear_sys_error();
+
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+        
+        s->in_handshake++;
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+
+        for (;;)
+                {
+                state=s->state;
+
+                switch(s->state)
+                        {
+                case SSL_ST_BEFORE:
+                case SSL_ST_ACCEPT:
+                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
+                case SSL_ST_OK|SSL_ST_ACCEPT:
+
+                        s->server=1;
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+                        /* s->version=SSL3_VERSION; */
+                        s->type=SSL_ST_ACCEPT;
+
+                        if (s->init_buf == NULL)
+                                {
+                                if ((buf=BUF_MEM_new()) == NULL)
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                s->init_buf=buf;
+                                }
+
+                        ssl3_init_finished_mac(s);
+
+                        s->state=SSL23_ST_SR_CLNT_HELLO_A;
+                        s->ctx->stats.sess_accept++;
+                        s->init_num=0;
+                        break;
+
+                case SSL23_ST_SR_CLNT_HELLO_A:
+                case SSL23_ST_SR_CLNT_HELLO_B:
+
+                        s->shutdown=0;
+                        ret=ssl23_get_client_hello(s);
+                        if (ret >= 0) cb=NULL;
+                        goto end;
+                        /* break; */
+
+                default:
+                        SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
+                        ret= -1;
+                        goto end;
+                        /* break; */
+                        }
+
+                if ((cb != NULL) && (s->state != state))
+                        {
+                        new_state=s->state;
+                        s->state=state;
+                        cb(s,SSL_CB_ACCEPT_LOOP,1);
+                        s->state=new_state;
+                        }
+                }
+end:
+        s->in_handshake--;
+        if (cb != NULL)
+                cb(s,SSL_CB_ACCEPT_EXIT,ret);
+        return(ret);
+        }
+
+
+int ssl23_get_client_hello(SSL *s)
+        {
+        char buf_space[11]; /* Request this many bytes in initial read.
+                             * We can detect SSL 3.0/TLS 1.0 Client Hellos
+                             * ('type == 3') correctly only when the following
+                             * is in a single record, which is not guaranteed by
+                             * the protocol specification:
+                             * Byte  Content
+                             *  0     type            \
+                             *  1/2   version          > record header
+                             *  3/4   length          /
+                             *  5     msg_type        \
+                             *  6-8   length           > Client Hello message
+                             *  9/10  client_version  /
+                             */
+        char *buf= &(buf_space[0]);
+        unsigned char *p,*d,*d_len,*dd;
+        unsigned int i;
+        unsigned int csl,sil,cl;
+        int n=0,j;
+        int type=0;
+        int v[2];
+#ifndef OPENSSL_NO_RSA
+        int use_sslv2_strong=0;
+#endif
+
+        if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
+                {
+                /* read the initial header */
+                v[0]=v[1]=0;
+
+                if (!ssl3_setup_buffers(s)) goto err;
+
+                n=ssl23_read_bytes(s, sizeof buf_space);
+                if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
+
+                p=s->packet;
+
+                memcpy(buf,p,n);
+
+                if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
+                        {
+                        /*
+                         * SSLv2 header
+                         */
+                        if ((p[3] == 0x00) && (p[4] == 0x02))
+                                {
+                                v[0]=p[3]; v[1]=p[4];
+                                /* SSLv2 */
+                                if (!(s->options & SSL_OP_NO_SSLv2))
+                                        type=1;
+                                }
+                        else if (p[3] == SSL3_VERSION_MAJOR)
+                                {
+                                v[0]=p[3]; v[1]=p[4];
+                                /* SSLv3/TLSv1 */
+                                if (p[4] >= TLS1_VERSION_MINOR)
+                                        {
+                                        if (!(s->options & SSL_OP_NO_TLSv1))
+                                                {
+                                                s->version=TLS1_VERSION;
+                                                /* type=2; */ /* done later to survive restarts */
+                                                s->state=SSL23_ST_SR_CLNT_HELLO_B;
+                                                }
+                                        else if (!(s->options & SSL_OP_NO_SSLv3))
+                                                {
+                                                s->version=SSL3_VERSION;
+                                                /* type=2; */
+                                                s->state=SSL23_ST_SR_CLNT_HELLO_B;
+                                                }
+                                        else if (!(s->options & SSL_OP_NO_SSLv2))
+                                                {
+                                                type=1;
+                                                }
+                                        }
+                                else if (!(s->options & SSL_OP_NO_SSLv3))
+                                        {
+                                        s->version=SSL3_VERSION;
+                                        /* type=2; */
+                                        s->state=SSL23_ST_SR_CLNT_HELLO_B;
+                                        }
+                                else if (!(s->options & SSL_OP_NO_SSLv2))
+                                        type=1;
+
+                                }
+                        }
+                else if ((p[0] == SSL3_RT_HANDSHAKE) &&
+                         (p[1] == SSL3_VERSION_MAJOR) &&
+                         (p[5] == SSL3_MT_CLIENT_HELLO) &&
+                         ((p[3] == 0 && p[4] < 5 /* silly record length? */)
+                                || (p[9] == p[1])))
+                        {
+                        /*
+                         * SSLv3 or tls1 header
+                         */
+                        
+                        v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
+                        /* We must look at client_version inside the Client Hello message
+                         * to get the correct minor version.
+                         * However if we have only a pathologically small fragment of the
+                         * Client Hello message, this would be difficult, and we'd have
+                         * to read more records to find out.
+                         * No known SSL 3.0 client fragments ClientHello like this,
+                         * so we simply assume TLS 1.0 to avoid protocol version downgrade
+                         * attacks. */
+                        if (p[3] == 0 && p[4] < 6)
+                                {
+#if 0
+                                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
+                                goto err;
+#else
+                                v[1] = TLS1_VERSION_MINOR;
+#endif
+                                }
+                        else
+                                v[1]=p[10]; /* minor version according to client_version */
+                        if (v[1] >= TLS1_VERSION_MINOR)
+                                {
+                                if (!(s->options & SSL_OP_NO_TLSv1))
+                                        {
+                                        s->version=TLS1_VERSION;
+                                        type=3;
+                                        }
+                                else if (!(s->options & SSL_OP_NO_SSLv3))
+                                        {
+                                        s->version=SSL3_VERSION;
+                                        type=3;
+                                        }
+                                }
+                        else
+                                {
+                                /* client requests SSL 3.0 */
+                                if (!(s->options & SSL_OP_NO_SSLv3))
+                                        {
+                                        s->version=SSL3_VERSION;
+                                        type=3;
+                                        }
+                                else if (!(s->options & SSL_OP_NO_TLSv1))
+                                        {
+                                        /* we won't be able to use TLS of course,
+                                         * but this will send an appropriate alert */
+                                        s->version=TLS1_VERSION;
+                                        type=3;
+                                        }
+                                }
+                        }
+                else if ((strncmp("GET ", (char *)p,4) == 0) ||
+                         (strncmp("POST ",(char *)p,5) == 0) ||
+                         (strncmp("HEAD ",(char *)p,5) == 0) ||
+                         (strncmp("PUT ", (char *)p,4) == 0))
+                        {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
+                        goto err;
+                        }
+                else if (strncmp("CONNECT",(char *)p,7) == 0)
+                        {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
+                        goto err;
+                        }
+                }
+
+        if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
+                {
+                /* we have SSLv3/TLSv1 in an SSLv2 header
+                 * (other cases skip this state) */
+
+                type=2;
+                p=s->packet;
+                v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
+                v[1] = p[4];
+
+                n=((p[0]&0x7f)<<8)|p[1];
+                if (n > (1024*4))
+                        {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
+                        goto err;
+                        }
+
+                j=ssl23_read_bytes(s,n+2);
+                if (j <= 0) return(j);
+
+                ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
+                if (s->msg_callback)
+                        s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
+
+                p=s->packet;
+                p+=5;
+                n2s(p,csl);
+                n2s(p,sil);
+                n2s(p,cl);
+                d=(unsigned char *)s->init_buf->data;
+                if ((csl+sil+cl+11) != s->packet_length)
+                        {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
+                        goto err;
+                        }
+
+                /* record header: msg_type ... */
+                *(d++) = SSL3_MT_CLIENT_HELLO;
+                /* ... and length (actual value will be written later) */
+                d_len = d;
+                d += 3;
+
+                /* client_version */
+                *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
+                *(d++) = v[1];
+
+                /* lets populate the random area */
+                /* get the challenge_length */
+                i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
+                memset(d,0,SSL3_RANDOM_SIZE);
+                memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
+                d+=SSL3_RANDOM_SIZE;
+
+                /* no session-id reuse */
+                *(d++)=0;
+
+                /* ciphers */
+                j=0;
+                dd=d;
+                d+=2;
+                for (i=0; i<csl; i+=3)
+                        {
+                        if (p[i] != 0) continue;
+                        *(d++)=p[i+1];
+                        *(d++)=p[i+2];
+                        j+=2;
+                        }
+                s2n(j,dd);
+
+                /* COMPRESSION */
+                *(d++)=1;
+                *(d++)=0;
+                
+                i = (d-(unsigned char *)s->init_buf->data) - 4;
+                l2n3((long)i, d_len);
+
+                /* get the data reused from the init_buf */
+                s->s3->tmp.reuse_message=1;
+                s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
+                s->s3->tmp.message_size=i;
+                }
+
+        /* imaginary new state (for program structure): */
+        /* s->state = SSL23_SR_CLNT_HELLO_C */
+
+        if (type == 1)
+                {
+#ifdef OPENSSL_NO_SSL2
+                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+                goto err;
+#else
+                /* we are talking sslv2 */
+                /* we need to clean up the SSLv3/TLSv1 setup and put in the
+                 * sslv2 stuff. */
+
+                if (s->s2 == NULL)
+                        {
+                        if (!ssl2_new(s))
+                                goto err;
+                        }
+                else
+                        ssl2_clear(s);
+
+                if (s->s3 != NULL) ssl3_free(s);
+
+                if (!BUF_MEM_grow_clean(s->init_buf,
+                        SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+                        {
+                        goto err;
+                        }
+
+                s->state=SSL2_ST_GET_CLIENT_HELLO_A;
+                if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
+                        use_sslv2_strong ||
+                        (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+                        s->s2->ssl2_rollback=0;
+                else
+                        /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
+                         * (SSL 3.0 draft/RFC 2246, App. E.2) */
+                        s->s2->ssl2_rollback=1;
+
+                /* setup the n bytes we have read so we get them from
+                 * the sslv2 buffer */
+                s->rstate=SSL_ST_READ_HEADER;
+                s->packet_length=n;
+                s->packet= &(s->s2->rbuf[0]);
+                memcpy(s->packet,buf,n);
+                s->s2->rbuf_left=n;
+                s->s2->rbuf_offs=0;
+
+                s->method=SSLv2_server_method();
+                s->handshake_func=s->method->ssl_accept;
+#endif
+                }
+
+        if ((type == 2) || (type == 3))
+                {
+                /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
+
+                if (!ssl_init_wbio_buffer(s,1)) goto err;
+
+                /* we are in this state */
+                s->state=SSL3_ST_SR_CLNT_HELLO_A;
+
+                if (type == 3)
+                        {
+                        /* put the 'n' bytes we have read into the input buffer
+                         * for SSLv3 */
+                        s->rstate=SSL_ST_READ_HEADER;
+                        s->packet_length=n;
+                        s->packet= &(s->s3->rbuf.buf[0]);
+                        memcpy(s->packet,buf,n);
+                        s->s3->rbuf.left=n;
+                        s->s3->rbuf.offset=0;
+                        }
+                else
+                        {
+                        s->packet_length=0;
+                        s->s3->rbuf.left=0;
+                        s->s3->rbuf.offset=0;
+                        }
+
+                if (s->version == TLS1_VERSION)
+                        s->method = TLSv1_server_method();
+                else
+                        s->method = SSLv3_server_method();
+#if 0 /* ssl3_get_client_hello does this */
+                s->client_version=(v[0]<<8)|v[1];
+#endif
+                s->handshake_func=s->method->ssl_accept;
+                }
+        
+        if ((type < 1) || (type > 3))
+                {
+                /* bad, very bad */
+                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
+                goto err;
+                }
+        s->init_num=0;
+
+        if (buf != buf_space) OPENSSL_free(buf);
+        s->first_packet=1;
+        return(SSL_accept(s));
+err:
+        if (buf != buf_space) OPENSSL_free(buf);
+        return(-1);
+        }
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
new file mode 100644
index 0000000000..64d317b7ac
--- /dev/null
+++ b/src/lib/libssl/s3_both.c
@@ -0,0 +1,635 @@
+/* ssl/s3_both.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
+int ssl3_do_write(SSL *s, int type)
+        {
+        int ret;
+
+        ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
+                             s->init_num);
+        if (ret < 0) return(-1);
+        if (type == SSL3_RT_HANDSHAKE)
+                /* should not be done for 'Hello Request's, but in that case
+                 * we'll ignore the result anyway */
+                ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
+        
+        if (ret == s->init_num)
+                {
+                if (s->msg_callback)
+                        s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
+                return(1);
+                }
+        s->init_off+=ret;
+        s->init_num-=ret;
+        return(0);
+        }
+
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
+        {
+        unsigned char *p,*d;
+        int i;
+        unsigned long l;
+
+        if (s->state == a)
+                {
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[4]);
+
+                i=s->method->ssl3_enc->final_finish_mac(s,
+                        &(s->s3->finish_dgst1),
+                        &(s->s3->finish_dgst2),
+                        sender,slen,s->s3->tmp.finish_md);
+                s->s3->tmp.finish_md_len = i;
+                memcpy(p, s->s3->tmp.finish_md, i);
+                p+=i;
+                l=i;
+
+#ifdef OPENSSL_SYS_WIN16
+                /* MSVC 1.5 does not clear the top bytes of the word unless
+                 * I do this.
+                 */
+                l&=0xffff;
+#endif
+
+                *(d++)=SSL3_MT_FINISHED;
+                l2n3(l,d);
+                s->init_num=(int)l+4;
+                s->init_off=0;
+
+                s->state=b;
+                }
+
+        /* SSL3_ST_SEND_xxxxxx_HELLO_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+int ssl3_get_finished(SSL *s, int a, int b)
+        {
+        int al,i,ok;
+        long n;
+        unsigned char *p;
+
+        /* the mac has already been generated when we received the
+         * change cipher spec message and is in s->s3->tmp.peer_finish_md
+         */ 
+
+        n=ssl3_get_message(s,
+                a,
+                b,
+                SSL3_MT_FINISHED,
+                64, /* should actually be 36+4 :-) */
+                &ok);
+
+        if (!ok) return((int)n);
+
+        /* If this occurs, we have missed a message */
+        if (!s->s3->change_cipher_spec)
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
+                goto f_err;
+                }
+        s->s3->change_cipher_spec=0;
+
+        p = (unsigned char *)s->init_msg;
+        i = s->s3->tmp.peer_finish_md_len;
+
+        if (i != n)
+                {
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
+                goto f_err;
+                }
+
+        if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+                {
+                al=SSL_AD_DECRYPT_ERROR;
+                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
+                goto f_err;
+                }
+
+        return(1);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+        return(0);
+        }
+
+/* for these 2 messages, we need to
+ * ssl->enc_read_ctx                    re-init
+ * ssl->s3->read_sequence               zero
+ * ssl->s3->read_mac_secret             re-init
+ * ssl->session->read_sym_enc           assign
+ * ssl->session->read_compression       assign
+ * ssl->session->read_hash              assign
+ */
+int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
+        { 
+        unsigned char *p;
+
+        if (s->state == a)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                *p=SSL3_MT_CCS;
+                s->init_num=1;
+                s->init_off=0;
+
+                s->state=b;
+                }
+
+        /* SSL3_ST_CW_CHANGE_B */
+        return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
+        }
+
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
+        {
+        unsigned char *p;
+        int n,i;
+        unsigned long l=7;
+        BUF_MEM *buf;
+        X509_STORE_CTX xs_ctx;
+        X509_OBJECT obj;
+
+        int no_chain;
+
+        if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
+                no_chain = 1;
+        else
+                no_chain = 0;
+
+        /* TLSv1 sends a chain with nothing in it, instead of an alert */
+        buf=s->init_buf;
+        if (!BUF_MEM_grow_clean(buf,10))
+                {
+                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                return(0);
+                }
+        if (x != NULL)
+                {
+                if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+                        {
+                        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+                        return(0);
+                        }
+
+                for (;;)
+                        {
+                        n=i2d_X509(x,NULL);
+                        if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
+                                {
+                                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                                return(0);
+                                }
+                        p=(unsigned char *)&(buf->data[l]);
+                        l2n3(n,p);
+                        i2d_X509(x,&p);
+                        l+=n+3;
+
+                        if (no_chain)
+                                break;
+
+                        if (X509_NAME_cmp(X509_get_subject_name(x),
+                                X509_get_issuer_name(x)) == 0) break;
+
+                        i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
+                                X509_get_issuer_name(x),&obj);
+                        if (i <= 0) break;
+                        x=obj.data.x509;
+                        /* Count is one too high since the X509_STORE_get uped the
+                         * ref count */
+                        X509_free(x);
+                        }
+                if (!no_chain)
+                        X509_STORE_CTX_cleanup(&xs_ctx);
+                }
+
+        /* Thawte special :-) */
+        if (s->ctx->extra_certs != NULL)
+        for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
+                {
+                x=sk_X509_value(s->ctx->extra_certs,i);
+                n=i2d_X509(x,NULL);
+                if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
+                        {
+                        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                        return(0);
+                        }
+                p=(unsigned char *)&(buf->data[l]);
+                l2n3(n,p);
+                i2d_X509(x,&p);
+                l+=n+3;
+                }
+
+        l-=7;
+        p=(unsigned char *)&(buf->data[4]);
+        l2n3(l,p);
+        l+=3;
+        p=(unsigned char *)&(buf->data[0]);
+        *(p++)=SSL3_MT_CERTIFICATE;
+        l2n3(l,p);
+        l+=4;
+        return(l);
+        }
+
+/* Obtain handshake message of message type 'mt' (any if mt == -1),
+ * maximum acceptable body length 'max'.
+ * The first four bytes (msg_type and length) are read in state 'st1',
+ * the body is read in state 'stn'.
+ */
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
+        {
+        unsigned char *p;
+        unsigned long l;
+        long n;
+        int i,al;
+
+        if (s->s3->tmp.reuse_message)
+                {
+                s->s3->tmp.reuse_message=0;
+                if ((mt >= 0) && (s->s3->tmp.message_type != mt))
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+                        goto f_err;
+                        }
+                *ok=1;
+                s->init_msg = s->init_buf->data + 4;
+                s->init_num = (int)s->s3->tmp.message_size;
+                return s->init_num;
+                }
+
+        p=(unsigned char *)s->init_buf->data;
+
+        if (s->state == st1) /* s->init_num < 4 */
+                {
+                int skip_message;
+
+                do
+                        {
+                        while (s->init_num < 4)
+                                {
+                                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
+                                        4 - s->init_num, 0);
+                                if (i <= 0)
+                                        {
+                                        s->rwstate=SSL_READING;
+                                        *ok = 0;
+                                        return i;
+                                        }
+                                s->init_num+=i;
+                                }
+                        
+                        skip_message = 0;
+                        if (!s->server)
+                                if (p[0] == SSL3_MT_HELLO_REQUEST)
+                                        /* The server may always send 'Hello Request' messages --
+                                         * we are doing a handshake anyway now, so ignore them
+                                         * if their format is correct. Does not count for
+                                         * 'Finished' MAC. */
+                                        if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
+                                                {
+                                                s->init_num = 0;
+                                                skip_message = 1;
+
+                                                if (s->msg_callback)
+                                                        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
+                                                }
+                        }
+                while (skip_message);
+
+                /* s->init_num == 4 */
+
+                if ((mt >= 0) && (*p != mt))
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+                        goto f_err;
+                        }
+                if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
+                                        (st1 == SSL3_ST_SR_CERT_A) &&
+                                        (stn == SSL3_ST_SR_CERT_B))
+                        {
+                        /* At this point we have got an MS SGC second client
+                         * hello (maybe we should always allow the client to
+                         * start a new handshake?). We need to restart the mac.
+                         * Don't increment {num,total}_renegotiations because
+                         * we have not completed the handshake. */
+                        ssl3_init_finished_mac(s);
+                        }
+
+                s->s3->tmp.message_type= *(p++);
+
+                n2l3(p,l);
+                if (l > (unsigned long)max)
+                        {
+                        al=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                        goto f_err;
+                        }
+                if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
+                        {
+                        al=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                        goto f_err;
+                        }
+                if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
+                        goto err;
+                        }
+                s->s3->tmp.message_size=l;
+                s->state=stn;
+
+                s->init_msg = s->init_buf->data + 4;
+                s->init_num = 0;
+                }
+
+        /* next state (stn) */
+        p = s->init_msg;
+        n = s->s3->tmp.message_size - s->init_num;
+        while (n > 0)
+                {
+                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
+                if (i <= 0)
+                        {
+                        s->rwstate=SSL_READING;
+                        *ok = 0;
+                        return i;
+                        }
+                s->init_num += i;
+                n -= i;
+                }
+        ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
+        if (s->msg_callback)
+                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
+        *ok=1;
+        return s->init_num;
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        *ok=0;
+        return(-1);
+        }
+
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
+        {
+        EVP_PKEY *pk;
+        int ret= -1,i,j;
+
+        if (pkey == NULL)
+                pk=X509_get_pubkey(x);
+        else
+                pk=pkey;
+        if (pk == NULL) goto err;
+
+        i=pk->type;
+        if (i == EVP_PKEY_RSA)
+                {
+                ret=SSL_PKEY_RSA_ENC;
+                if (x != NULL)
+                        {
+                        j=X509_get_ext_count(x);
+                        /* check to see if this is a signing only certificate */
+                        /* EAY EAY EAY EAY */
+                        }
+                }
+        else if (i == EVP_PKEY_DSA)
+                {
+                ret=SSL_PKEY_DSA_SIGN;
+                }
+        else if (i == EVP_PKEY_DH)
+                {
+                /* if we just have a key, we needs to be guess */
+
+                if (x == NULL)
+                        ret=SSL_PKEY_DH_DSA;
+                else
+                        {
+                        j=X509_get_signature_type(x);
+                        if (j == EVP_PKEY_RSA)
+                                ret=SSL_PKEY_DH_RSA;
+                        else if (j== EVP_PKEY_DSA)
+                                ret=SSL_PKEY_DH_DSA;
+                        else ret= -1;
+                        }
+                }
+        else
+                ret= -1;
+
+err:
+        if(!pkey) EVP_PKEY_free(pk);
+        return(ret);
+        }
+
+int ssl_verify_alarm_type(long type)
+        {
+        int al;
+
+        switch(type)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        case X509_V_ERR_UNABLE_TO_GET_CRL:
+        case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+                al=SSL_AD_UNKNOWN_CA;
+                break;
+        case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+        case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+        case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+        case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_CRL_NOT_YET_VALID:
+        case X509_V_ERR_CERT_UNTRUSTED:
+        case X509_V_ERR_CERT_REJECTED:
+                al=SSL_AD_BAD_CERTIFICATE;
+                break;
+        case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+        case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+                al=SSL_AD_DECRYPT_ERROR;
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_CRL_HAS_EXPIRED:
+                al=SSL_AD_CERTIFICATE_EXPIRED;
+                break;
+        case X509_V_ERR_CERT_REVOKED:
+                al=SSL_AD_CERTIFICATE_REVOKED;
+                break;
+        case X509_V_ERR_OUT_OF_MEM:
+                al=SSL_AD_INTERNAL_ERROR;
+                break;
+        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+        case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+        case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+        case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        case X509_V_ERR_INVALID_CA:
+                al=SSL_AD_UNKNOWN_CA;
+                break;
+        case X509_V_ERR_APPLICATION_VERIFICATION:
+                al=SSL_AD_HANDSHAKE_FAILURE;
+                break;
+        case X509_V_ERR_INVALID_PURPOSE:
+                al=SSL_AD_UNSUPPORTED_CERTIFICATE;
+                break;
+        default:
+                al=SSL_AD_CERTIFICATE_UNKNOWN;
+                break;
+                }
+        return(al);
+        }
+
+int ssl3_setup_buffers(SSL *s)
+        {
+        unsigned char *p;
+        unsigned int extra;
+        size_t len;
+
+        if (s->s3->rbuf.buf == NULL)
+                {
+                if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+                        extra=SSL3_RT_MAX_EXTRA;
+                else
+                        extra=0;
+                len = SSL3_RT_MAX_PACKET_SIZE + extra;
+                if ((p=OPENSSL_malloc(len)) == NULL)
+                        goto err;
+                s->s3->rbuf.buf = p;
+                s->s3->rbuf.len = len;
+                }
+
+        if (s->s3->wbuf.buf == NULL)
+                {
+                len = SSL3_RT_MAX_PACKET_SIZE;
+                len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
+                if ((p=OPENSSL_malloc(len)) == NULL)
+                        goto err;
+                s->s3->wbuf.buf = p;
+                s->s3->wbuf.len = len;
+                }
+        s->packet= &(s->s3->rbuf.buf[0]);
+        return(1);
+err:
+        SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
new file mode 100644
index 0000000000..d51b60e343
--- /dev/null
+++ b/src/lib/libssl/s3_clnt.c
@@ -0,0 +1,1980 @@
+/* ssl/s3_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+
+static SSL_METHOD *ssl3_get_client_method(int ver);
+static int ssl3_client_hello(SSL *s);
+static int ssl3_get_server_hello(SSL *s);
+static int ssl3_get_certificate_request(SSL *s);
+static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
+static int ssl3_get_server_done(SSL *s);
+static int ssl3_send_client_verify(SSL *s);
+static int ssl3_send_client_certificate(SSL *s);
+static int ssl3_send_client_key_exchange(SSL *s);
+static int ssl3_get_key_exchange(SSL *s);
+static int ssl3_get_server_certificate(SSL *s);
+static int ssl3_check_cert_and_algorithm(SSL *s);
+static SSL_METHOD *ssl3_get_client_method(int ver)
+        {
+        if (ver == SSL3_VERSION)
+                return(SSLv3_client_method());
+        else
+                return(NULL);
+        }
+
+SSL_METHOD *SSLv3_client_method(void)
+        {
+        static int init=1;
+        static SSL_METHOD SSLv3_client_data;
+
+        if (init)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+                                sizeof(SSL_METHOD));
+                        SSLv3_client_data.ssl_connect=ssl3_connect;
+                        SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+                        init=0;
+                        }
+
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+                }
+        return(&SSLv3_client_data);
+        }
+
+int ssl3_connect(SSL *s)
+        {
+        BUF_MEM *buf=NULL;
+        unsigned long Time=time(NULL),l;
+        long num1;
+        void (*cb)(const SSL *ssl,int type,int val)=NULL;
+        int ret= -1;
+        int new_state,state,skip=0;
+
+        RAND_add(&Time,sizeof(Time),0);
+        ERR_clear_error();
+        clear_sys_error();
+
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+        
+        s->in_handshake++;
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+
+        for (;;)
+                {
+                state=s->state;
+
+                switch(s->state)
+                        {
+                case SSL_ST_RENEGOTIATE:
+                        s->new_session=1;
+                        s->state=SSL_ST_CONNECT;
+                        s->ctx->stats.sess_connect_renegotiate++;
+                        /* break */
+                case SSL_ST_BEFORE:
+                case SSL_ST_CONNECT:
+                case SSL_ST_BEFORE|SSL_ST_CONNECT:
+                case SSL_ST_OK|SSL_ST_CONNECT:
+
+                        s->server=0;
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+                        if ((s->version & 0xff00 ) != 0x0300)
+                                {
+                                SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
+                                ret = -1;
+                                goto end;
+                                }
+                                
+                        /* s->version=SSL3_VERSION; */
+                        s->type=SSL_ST_CONNECT;
+
+                        if (s->init_buf == NULL)
+                                {
+                                if ((buf=BUF_MEM_new()) == NULL)
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                s->init_buf=buf;
+                                buf=NULL;
+                                }
+
+                        if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+
+                        /* setup buffing BIO */
+                        if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
+
+                        /* don't push the buffering BIO quite yet */
+
+                        ssl3_init_finished_mac(s);
+
+                        s->state=SSL3_ST_CW_CLNT_HELLO_A;
+                        s->ctx->stats.sess_connect++;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CW_CLNT_HELLO_A:
+                case SSL3_ST_CW_CLNT_HELLO_B:
+
+                        s->shutdown=0;
+                        ret=ssl3_client_hello(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CR_SRVR_HELLO_A;
+                        s->init_num=0;
+
+                        /* turn on buffering for the next lot of output */
+                        if (s->bbio != s->wbio)
+                                s->wbio=BIO_push(s->bbio,s->wbio);
+
+                        break;
+
+                case SSL3_ST_CR_SRVR_HELLO_A:
+                case SSL3_ST_CR_SRVR_HELLO_B:
+                        ret=ssl3_get_server_hello(s);
+                        if (ret <= 0) goto end;
+                        if (s->hit)
+                                s->state=SSL3_ST_CR_FINISHED_A;
+                        else
+                                s->state=SSL3_ST_CR_CERT_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CR_CERT_A:
+                case SSL3_ST_CR_CERT_B:
+                        /* Check if it is anon DH */
+                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                                {
+                                ret=ssl3_get_server_certificate(s);
+                                if (ret <= 0) goto end;
+                                }
+                        else
+                                skip=1;
+                        s->state=SSL3_ST_CR_KEY_EXCH_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CR_KEY_EXCH_A:
+                case SSL3_ST_CR_KEY_EXCH_B:
+                        ret=ssl3_get_key_exchange(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CR_CERT_REQ_A;
+                        s->init_num=0;
+
+                        /* at this point we check that we have the
+                         * required stuff from the server */
+                        if (!ssl3_check_cert_and_algorithm(s))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+                        break;
+
+                case SSL3_ST_CR_CERT_REQ_A:
+                case SSL3_ST_CR_CERT_REQ_B:
+                        ret=ssl3_get_certificate_request(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CR_SRVR_DONE_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CR_SRVR_DONE_A:
+                case SSL3_ST_CR_SRVR_DONE_B:
+                        ret=ssl3_get_server_done(s);
+                        if (ret <= 0) goto end;
+                        if (s->s3->tmp.cert_req)
+                                s->state=SSL3_ST_CW_CERT_A;
+                        else
+                                s->state=SSL3_ST_CW_KEY_EXCH_A;
+                        s->init_num=0;
+
+                        break;
+
+                case SSL3_ST_CW_CERT_A:
+                case SSL3_ST_CW_CERT_B:
+                case SSL3_ST_CW_CERT_C:
+                case SSL3_ST_CW_CERT_D:
+                        ret=ssl3_send_client_certificate(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_KEY_EXCH_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CW_KEY_EXCH_A:
+                case SSL3_ST_CW_KEY_EXCH_B:
+                        ret=ssl3_send_client_key_exchange(s);
+                        if (ret <= 0) goto end;
+                        l=s->s3->tmp.new_cipher->algorithms;
+                        /* EAY EAY EAY need to check for DH fix cert
+                         * sent back */
+                        /* For TLS, cert_req is set to 2, so a cert chain
+                         * of nothing is sent, but no verify packet is sent */
+                        if (s->s3->tmp.cert_req == 1)
+                                {
+                                s->state=SSL3_ST_CW_CERT_VRFY_A;
+                                }
+                        else
+                                {
+                                s->state=SSL3_ST_CW_CHANGE_A;
+                                s->s3->change_cipher_spec=0;
+                                }
+
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CW_CERT_VRFY_A:
+                case SSL3_ST_CW_CERT_VRFY_B:
+                        ret=ssl3_send_client_verify(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_CHANGE_A;
+                        s->init_num=0;
+                        s->s3->change_cipher_spec=0;
+                        break;
+
+                case SSL3_ST_CW_CHANGE_A:
+                case SSL3_ST_CW_CHANGE_B:
+                        ret=ssl3_send_change_cipher_spec(s,
+                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_FINISHED_A;
+                        s->init_num=0;
+
+                        s->session->cipher=s->s3->tmp.new_cipher;
+                        if (s->s3->tmp.new_compression == NULL)
+                                s->session->compress_meth=0;
+                        else
+                                s->session->compress_meth=
+                                        s->s3->tmp.new_compression->id;
+                        if (!s->method->ssl3_enc->setup_key_block(s))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+
+                        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+
+                        break;
+
+                case SSL3_ST_CW_FINISHED_A:
+                case SSL3_ST_CW_FINISHED_B:
+                        ret=ssl3_send_finished(s,
+                                SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
+                                s->method->ssl3_enc->client_finished_label,
+                                s->method->ssl3_enc->client_finished_label_len);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_FLUSH;
+
+                        /* clear flags */
+                        s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
+                        if (s->hit)
+                                {
+                                s->s3->tmp.next_state=SSL_ST_OK;
+                                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
+                                        {
+                                        s->state=SSL_ST_OK;
+                                        s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
+                                        s->s3->delay_buf_pop_ret=0;
+                                        }
+                                }
+                        else
+                                {
+                                s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
+                                }
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CR_FINISHED_A:
+                case SSL3_ST_CR_FINISHED_B:
+
+                        ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
+                                SSL3_ST_CR_FINISHED_B);
+                        if (ret <= 0) goto end;
+
+                        if (s->hit)
+                                s->state=SSL3_ST_CW_CHANGE_A;
+                        else
+                                s->state=SSL_ST_OK;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CW_FLUSH:
+                        /* number of bytes to be flushed */
+                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+                        if (num1 > 0)
+                                {
+                                s->rwstate=SSL_WRITING;
+                                num1=BIO_flush(s->wbio);
+                                if (num1 <= 0) { ret= -1; goto end; }
+                                s->rwstate=SSL_NOTHING;
+                                }
+
+                        s->state=s->s3->tmp.next_state;
+                        break;
+
+                case SSL_ST_OK:
+                        /* clean a few things up */
+                        ssl3_cleanup_key_block(s);
+
+                        if (s->init_buf != NULL)
+                                {
+                                BUF_MEM_free(s->init_buf);
+                                s->init_buf=NULL;
+                                }
+
+                        /* If we are not 'joining' the last two packets,
+                         * remove the buffering now */
+                        if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+                                ssl_free_wbio_buffer(s);
+                        /* else do it later in ssl3_write */
+
+                        s->init_num=0;
+                        s->new_session=0;
+
+                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
+                        if (s->hit) s->ctx->stats.sess_hit++;
+
+                        ret=1;
+                        /* s->server=0; */
+                        s->handshake_func=ssl3_connect;
+                        s->ctx->stats.sess_connect_good++;
+
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+
+                        goto end;
+                        /* break; */
+                        
+                default:
+                        SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
+                        ret= -1;
+                        goto end;
+                        /* break; */
+                        }
+
+                /* did we do anything */
+                if (!s->s3->tmp.reuse_message && !skip)
+                        {
+                        if (s->debug)
+                                {
+                                if ((ret=BIO_flush(s->wbio)) <= 0)
+                                        goto end;
+                                }
+
+                        if ((cb != NULL) && (s->state != state))
+                                {
+                                new_state=s->state;
+                                s->state=state;
+                                cb(s,SSL_CB_CONNECT_LOOP,1);
+                                s->state=new_state;
+                                }
+                        }
+                skip=0;
+                }
+end:
+        s->in_handshake--;
+        if (buf != NULL)
+                BUF_MEM_free(buf);
+        if (cb != NULL)
+                cb(s,SSL_CB_CONNECT_EXIT,ret);
+        return(ret);
+        }
+
+
+static int ssl3_client_hello(SSL *s)
+        {
+        unsigned char *buf;
+        unsigned char *p,*d;
+        int i,j;
+        unsigned long Time,l;
+        SSL_COMP *comp;
+
+        buf=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
+                {
+                if ((s->session == NULL) ||
+                        (s->session->ssl_version != s->version) ||
+                        (s->session->not_resumable))
+                        {
+                        if (!ssl_get_new_session(s,0))
+                                goto err;
+                        }
+                /* else use the pre-loaded session */
+
+                p=s->s3->client_random;
+                Time=time(NULL);                        /* Time */
+                l2n(Time,p);
+                RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+
+                /* Do the message type and length last */
+                d=p= &(buf[4]);
+
+                *(p++)=s->version>>8;
+                *(p++)=s->version&0xff;
+                s->client_version=s->version;
+
+                /* Random stuff */
+                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+
+                /* Session ID */
+                if (s->new_session)
+                        i=0;
+                else
+                        i=s->session->session_id_length;
+                *(p++)=i;
+                if (i != 0)
+                        {
+                        if (i > sizeof s->session->session_id)
+                                {
+                                SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+                        memcpy(p,s->session->session_id,i);
+                        p+=i;
+                        }
+                
+                /* Ciphers supported */
+                i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+                        goto err;
+                        }
+                s2n(i,p);
+                p+=i;
+
+                /* COMPRESSION */
+                if (s->ctx->comp_methods == NULL)
+                        j=0;
+                else
+                        j=sk_SSL_COMP_num(s->ctx->comp_methods);
+                *(p++)=1+j;
+                for (i=0; i<j; i++)
+                        {
+                        comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
+                        *(p++)=comp->id;
+                        }
+                *(p++)=0; /* Add the NULL method */
+                
+                l=(p-d);
+                d=buf;
+                *(d++)=SSL3_MT_CLIENT_HELLO;
+                l2n3(l,d);
+
+                s->state=SSL3_ST_CW_CLNT_HELLO_B;
+                /* number of bytes to write */
+                s->init_num=p-buf;
+                s->init_off=0;
+                }
+
+        /* SSL3_ST_CW_CLNT_HELLO_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+
+static int ssl3_get_server_hello(SSL *s)
+        {
+        STACK_OF(SSL_CIPHER) *sk;
+        SSL_CIPHER *c;
+        unsigned char *p,*d;
+        int i,al,ok;
+        unsigned int j;
+        long n;
+        SSL_COMP *comp;
+
+        n=ssl3_get_message(s,
+                SSL3_ST_CR_SRVR_HELLO_A,
+                SSL3_ST_CR_SRVR_HELLO_B,
+                SSL3_MT_SERVER_HELLO,
+                300, /* ?? */
+                &ok);
+
+        if (!ok) return((int)n);
+        d=p=(unsigned char *)s->init_msg;
+
+        if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
+                {
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
+                s->version=(s->version&0xff00)|p[1];
+                al=SSL_AD_PROTOCOL_VERSION;
+                goto f_err;
+                }
+        p+=2;
+
+        /* load the server hello data */
+        /* load the server random */
+        memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+
+        /* get the session-id */
+        j= *(p++);
+
+        if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
+                {
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
+                goto f_err;
+                }
+
+        if (j != 0 && j == s->session->session_id_length
+            && memcmp(p,s->session->session_id,j) == 0)
+            {
+            if(s->sid_ctx_length != s->session->sid_ctx_length
+               || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
+                {
+                /* actually a client application bug */
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+                goto f_err;
+                }
+            s->hit=1;
+            }
+        else    /* a miss or crap from the other end */
+                {
+                /* If we were trying for session-id reuse, make a new
+                 * SSL_SESSION so we don't stuff up other people */
+                s->hit=0;
+                if (s->session->session_id_length > 0)
+                        {
+                        if (!ssl_get_new_session(s,0))
+                                {
+                                al=SSL_AD_INTERNAL_ERROR;
+                                goto f_err;
+                                }
+                        }
+                s->session->session_id_length=j;
+                memcpy(s->session->session_id,p,j); /* j could be 0 */
+                }
+        p+=j;
+        c=ssl_get_cipher_by_char(s,p);
+        if (c == NULL)
+                {
+                /* unknown cipher */
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
+                goto f_err;
+                }
+        p+=ssl_put_cipher_by_char(s,NULL,NULL);
+
+        sk=ssl_get_ciphers_by_id(s);
+        i=sk_SSL_CIPHER_find(sk,c);
+        if (i < 0)
+                {
+                /* we did not say we would use this cipher */
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
+                goto f_err;
+                }
+
+        /* Depending on the session caching (internal/external), the cipher
+           and/or cipher_id values may not be set. Make sure that
+           cipher_id is set and use it for comparison. */
+        if (s->session->cipher)
+                s->session->cipher_id = s->session->cipher->id;
+        if (s->hit && (s->session->cipher_id != c->id))
+                {
+                if (!(s->options &
+                        SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+                        {
+                        al=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
+                        goto f_err;
+                        }
+                }
+        s->s3->tmp.new_cipher=c;
+
+        /* lets get the compression algorithm */
+        /* COMPRESSION */
+        j= *(p++);
+        if (j == 0)
+                comp=NULL;
+        else
+                comp=ssl3_comp_find(s->ctx->comp_methods,j);
+        
+        if ((j != 0) && (comp == NULL))
+                {
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+                goto f_err;
+                }
+        else
+                {
+                s->s3->tmp.new_compression=comp;
+                }
+
+        if (p != (d+n))
+                {
+                /* wrong packet length */
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
+                goto err;
+                }
+
+        return(1);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(-1);
+        }
+
+static int ssl3_get_server_certificate(SSL *s)
+        {
+        int al,i,ok,ret= -1;
+        unsigned long n,nc,llen,l;
+        X509 *x=NULL;
+        unsigned char *p,*d,*q;
+        STACK_OF(X509) *sk=NULL;
+        SESS_CERT *sc;
+        EVP_PKEY *pkey=NULL;
+        int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
+
+        n=ssl3_get_message(s,
+                SSL3_ST_CR_CERT_A,
+                SSL3_ST_CR_CERT_B,
+                -1,
+                s->max_cert_list,
+                &ok);
+
+        if (!ok) return((int)n);
+
+        if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
+                {
+                s->s3->tmp.reuse_message=1;
+                return(1);
+                }
+
+        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
+                goto f_err;
+                }
+        d=p=(unsigned char *)s->init_msg;
+
+        if ((sk=sk_X509_new_null()) == NULL)
+                {
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        n2l3(p,llen);
+        if (llen+3 != n)
+                {
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+                }
+        for (nc=0; nc<llen; )
+                {
+                n2l3(p,l);
+                if ((l+nc+3) > llen)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+                        goto f_err;
+                        }
+
+                q=p;
+                x=d2i_X509(NULL,&q,l);
+                if (x == NULL)
+                        {
+                        al=SSL_AD_BAD_CERTIFICATE;
+                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
+                        goto f_err;
+                        }
+                if (q != (p+l))
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+                        goto f_err;
+                        }
+                if (!sk_X509_push(sk,x))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                x=NULL;
+                nc+=l+3;
+                p=q;
+                }
+
+        i=ssl_verify_cert_chain(s,sk);
+        if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
+#ifndef OPENSSL_NO_KRB5
+                && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                != (SSL_aKRB5|SSL_kKRB5)
+#endif /* OPENSSL_NO_KRB5 */
+                )
+                {
+                al=ssl_verify_alarm_type(s->verify_result);
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
+                goto f_err; 
+                }
+        ERR_clear_error(); /* but we keep s->verify_result */
+
+        sc=ssl_sess_cert_new();
+        if (sc == NULL) goto err;
+
+        if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
+        s->session->sess_cert=sc;
+
+        sc->cert_chain=sk;
+        /* Inconsistency alert: cert_chain does include the peer's
+         * certificate, which we don't include in s3_srvr.c */
+        x=sk_X509_value(sk,0);
+        sk=NULL;
+        /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
+
+        pkey=X509_get_pubkey(x);
+
+        /* VRS: allow null cert if auth == KRB5 */
+        need_cert =     ((s->s3->tmp.new_cipher->algorithms
+                        & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                        == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
+
+#ifdef KSSL_DEBUG
+        printf("pkey,x = %p, %p\n", pkey,x);
+        printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
+        printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
+                s->s3->tmp.new_cipher->algorithms, need_cert);
+#endif    /* KSSL_DEBUG */
+
+        if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
+                {
+                x=NULL;
+                al=SSL3_AL_FATAL;
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+                        SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+                goto f_err;
+                }
+
+        i=ssl_cert_type(x,pkey);
+        if (need_cert && i < 0)
+                {
+                x=NULL;
+                al=SSL3_AL_FATAL;
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+                        SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+                goto f_err;
+                }
+
+        if (need_cert)
+                {
+                sc->peer_cert_type=i;
+                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+                /* Why would the following ever happen?
+                 * We just created sc a couple of lines ago. */
+                if (sc->peer_pkeys[i].x509 != NULL)
+                        X509_free(sc->peer_pkeys[i].x509);
+                sc->peer_pkeys[i].x509=x;
+                sc->peer_key= &(sc->peer_pkeys[i]);
+
+                if (s->session->peer != NULL)
+                        X509_free(s->session->peer);
+                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+                s->session->peer=x;
+                }
+        else
+                {
+                sc->peer_cert_type=i;
+                sc->peer_key= NULL;
+
+                if (s->session->peer != NULL)
+                        X509_free(s->session->peer);
+                s->session->peer=NULL;
+                }
+        s->session->verify_result = s->verify_result;
+
+        x=NULL;
+        ret=1;
+
+        if (0)
+                {
+f_err:
+                ssl3_send_alert(s,SSL3_AL_FATAL,al);
+                }
+err:
+        EVP_PKEY_free(pkey);
+        X509_free(x);
+        sk_X509_pop_free(sk,X509_free);
+        return(ret);
+        }
+
+static int ssl3_get_key_exchange(SSL *s)
+        {
+#ifndef OPENSSL_NO_RSA
+        unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
+#endif
+        EVP_MD_CTX md_ctx;
+        unsigned char *param,*p;
+        int al,i,j,param_len,ok;
+        long n,alg;
+        EVP_PKEY *pkey=NULL;
+#ifndef OPENSSL_NO_RSA
+        RSA *rsa=NULL;
+#endif
+#ifndef OPENSSL_NO_DH
+        DH *dh=NULL;
+#endif
+
+        /* use same message size as in ssl3_get_certificate_request()
+         * as ServerKeyExchange message may be skipped */
+        n=ssl3_get_message(s,
+                SSL3_ST_CR_KEY_EXCH_A,
+                SSL3_ST_CR_KEY_EXCH_B,
+                -1,
+                s->max_cert_list,
+                &ok);
+
+        if (!ok) return((int)n);
+
+        if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
+                {
+                s->s3->tmp.reuse_message=1;
+                return(1);
+                }
+
+        param=p=(unsigned char *)s->init_msg;
+
+        if (s->session->sess_cert != NULL)
+                {
+#ifndef OPENSSL_NO_RSA
+                if (s->session->sess_cert->peer_rsa_tmp != NULL)
+                        {
+                        RSA_free(s->session->sess_cert->peer_rsa_tmp);
+                        s->session->sess_cert->peer_rsa_tmp=NULL;
+                        }
+#endif
+#ifndef OPENSSL_NO_DH
+                if (s->session->sess_cert->peer_dh_tmp)
+                        {
+                        DH_free(s->session->sess_cert->peer_dh_tmp);
+                        s->session->sess_cert->peer_dh_tmp=NULL;
+                        }
+#endif
+                }
+        else
+                {
+                s->session->sess_cert=ssl_sess_cert_new();
+                }
+
+        param_len=0;
+        alg=s->s3->tmp.new_cipher->algorithms;
+        EVP_MD_CTX_init(&md_ctx);
+
+#ifndef OPENSSL_NO_RSA
+        if (alg & SSL_kRSA)
+                {
+                if ((rsa=RSA_new()) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                n2s(p,i);
+                param_len=i+2;
+                if (param_len > n)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
+                        goto f_err;
+                        }
+                if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                        goto err;
+                        }
+                p+=i;
+
+                n2s(p,i);
+                param_len+=i+2;
+                if (param_len > n)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
+                        goto f_err;
+                        }
+                if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                        goto err;
+                        }
+                p+=i;
+                n-=param_len;
+
+                /* this should be because we are using an export cipher */
+                if (alg & SSL_aRSA)
+                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+                else
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                s->session->sess_cert->peer_rsa_tmp=rsa;
+                rsa=NULL;
+                }
+#else /* OPENSSL_NO_RSA */
+        if (0)
+                ;
+#endif
+#ifndef OPENSSL_NO_DH
+        else if (alg & SSL_kEDH)
+                {
+                if ((dh=DH_new()) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
+                        goto err;
+                        }
+                n2s(p,i);
+                param_len=i+2;
+                if (param_len > n)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
+                        goto f_err;
+                        }
+                if (!(dh->p=BN_bin2bn(p,i,NULL)))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                        goto err;
+                        }
+                p+=i;
+
+                n2s(p,i);
+                param_len+=i+2;
+                if (param_len > n)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
+                        goto f_err;
+                        }
+                if (!(dh->g=BN_bin2bn(p,i,NULL)))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                        goto err;
+                        }
+                p+=i;
+
+                n2s(p,i);
+                param_len+=i+2;
+                if (param_len > n)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
+                        goto f_err;
+                        }
+                if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                        goto err;
+                        }
+                p+=i;
+                n-=param_len;
+
+#ifndef OPENSSL_NO_RSA
+                if (alg & SSL_aRSA)
+                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+#else
+                if (0)
+                        ;
+#endif
+#ifndef OPENSSL_NO_DSA
+                else if (alg & SSL_aDSS)
+                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
+#endif
+                /* else anonymous DH, so no certificate or pkey. */
+
+                s->session->sess_cert->peer_dh_tmp=dh;
+                dh=NULL;
+                }
+        else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
+                {
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
+                goto f_err;
+                }
+#endif /* !OPENSSL_NO_DH */
+        if (alg & SSL_aFZA)
+                {
+                al=SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
+                goto f_err;
+                }
+
+
+        /* p points to the next byte, there are 'n' bytes left */
+
+
+        /* if it was signed, check the signature */
+        if (pkey != NULL)
+                {
+                n2s(p,i);
+                n-=2;
+                j=EVP_PKEY_size(pkey);
+
+                if ((i != n) || (n > j) || (n <= 0))
+                        {
+                        /* wrong packet length */
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
+                        goto f_err;
+                        }
+
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        int num;
+
+                        j=0;
+                        q=md_buf;
+                        for (num=2; num > 0; num--)
+                                {
+                                EVP_DigestInit_ex(&md_ctx,(num == 2)
+                                        ?s->ctx->md5:s->ctx->sha1, NULL);
+                                EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_DigestUpdate(&md_ctx,param,param_len);
+                                EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
+                                q+=i;
+                                j+=i;
+                                }
+                        i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
+                                                                pkey->pkey.rsa);
+                        if (i < 0)
+                                {
+                                al=SSL_AD_DECRYPT_ERROR;
+                                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
+                                goto f_err;
+                                }
+                        if (i == 0)
+                                {
+                                /* bad signature */
+                                al=SSL_AD_DECRYPT_ERROR;
+                                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
+                                goto f_err;
+                                }
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                        if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        /* lets do DSS */
+                        EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
+                        EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                        EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                        EVP_VerifyUpdate(&md_ctx,param,param_len);
+                        if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+                                {
+                                /* bad signature */
+                                al=SSL_AD_DECRYPT_ERROR;
+                                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
+                                goto f_err;
+                                }
+                        }
+                else
+#endif
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                }
+        else
+                {
+                /* still data left over */
+                if (!(alg & SSL_aNULL))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                if (n != 0)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
+                        goto f_err;
+                        }
+                }
+        EVP_PKEY_free(pkey);
+        EVP_MD_CTX_cleanup(&md_ctx);
+        return(1);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        EVP_PKEY_free(pkey);
+#ifndef OPENSSL_NO_RSA
+        if (rsa != NULL)
+                RSA_free(rsa);
+#endif
+#ifndef OPENSSL_NO_DH
+        if (dh != NULL)
+                DH_free(dh);
+#endif
+        EVP_MD_CTX_cleanup(&md_ctx);
+        return(-1);
+        }
+
+static int ssl3_get_certificate_request(SSL *s)
+        {
+        int ok,ret=0;
+        unsigned long n,nc,l;
+        unsigned int llen,ctype_num,i;
+        X509_NAME *xn=NULL;
+        unsigned char *p,*d,*q;
+        STACK_OF(X509_NAME) *ca_sk=NULL;
+
+        n=ssl3_get_message(s,
+                SSL3_ST_CR_CERT_REQ_A,
+                SSL3_ST_CR_CERT_REQ_B,
+                -1,
+                s->max_cert_list,
+                &ok);
+
+        if (!ok) return((int)n);
+
+        s->s3->tmp.cert_req=0;
+
+        if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
+                {
+                s->s3->tmp.reuse_message=1;
+                return(1);
+                }
+
+        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
+                {
+                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
+                goto err;
+                }
+
+        /* TLS does not like anon-DH with client cert */
+        if (s->version > SSL3_VERSION)
+                {
+                l=s->s3->tmp.new_cipher->algorithms;
+                if (l & SSL_aNULL)
+                        {
+                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
+                        goto err;
+                        }
+                }
+
+        d=p=(unsigned char *)s->init_msg;
+
+        if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
+                {
+                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        /* get the certificate types */
+        ctype_num= *(p++);
+        if (ctype_num > SSL3_CT_NUMBER)
+                ctype_num=SSL3_CT_NUMBER;
+        for (i=0; i<ctype_num; i++)
+                s->s3->tmp.ctype[i]= p[i];
+        p+=ctype_num;
+
+        /* get the CA RDNs */
+        n2s(p,llen);
+#if 0
+{
+FILE *out;
+out=fopen("/tmp/vsign.der","w");
+fwrite(p,1,llen,out);
+fclose(out);
+}
+#endif
+
+        if ((llen+ctype_num+2+1) != n)
+                {
+                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
+                goto err;
+                }
+
+        for (nc=0; nc<llen; )
+                {
+                n2s(p,l);
+                if ((l+nc+2) > llen)
+                        {
+                        if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
+                                goto cont; /* netscape bugs */
+                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
+                        goto err;
+                        }
+
+                q=p;
+
+                if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
+                        {
+                        /* If netscape tolerance is on, ignore errors */
+                        if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
+                                goto cont;
+                        else
+                                {
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
+                                goto err;
+                                }
+                        }
+
+                if (q != (p+l))
+                        {
+                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
+                        goto err;
+                        }
+                if (!sk_X509_NAME_push(ca_sk,xn))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+
+                p+=l;
+                nc+=l+2;
+                }
+
+        if (0)
+                {
+cont:
+                ERR_clear_error();
+                }
+
+        /* we should setup a certificate to return.... */
+        s->s3->tmp.cert_req=1;
+        s->s3->tmp.ctype_num=ctype_num;
+        if (s->s3->tmp.ca_names != NULL)
+                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+        s->s3->tmp.ca_names=ca_sk;
+        ca_sk=NULL;
+
+        ret=1;
+err:
+        if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
+        return(ret);
+        }
+
+static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
+        {
+        return(X509_NAME_cmp(*a,*b));
+        }
+
+static int ssl3_get_server_done(SSL *s)
+        {
+        int ok,ret=0;
+        long n;
+
+        n=ssl3_get_message(s,
+                SSL3_ST_CR_SRVR_DONE_A,
+                SSL3_ST_CR_SRVR_DONE_B,
+                SSL3_MT_SERVER_DONE,
+                30, /* should be very small, like 0 :-) */
+                &ok);
+
+        if (!ok) return((int)n);
+        if (n > 0)
+                {
+                /* should contain no data */
+                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
+                return -1;
+                }
+        ret=1;
+        return(ret);
+        }
+
+static int ssl3_send_client_key_exchange(SSL *s)
+        {
+        unsigned char *p,*d;
+        int n;
+        unsigned long l;
+#ifndef OPENSSL_NO_RSA
+        unsigned char *q;
+        EVP_PKEY *pkey=NULL;
+#endif
+#ifndef OPENSSL_NO_KRB5
+        KSSL_ERR kssl_err;
+#endif /* OPENSSL_NO_KRB5 */
+
+        if (s->state == SSL3_ST_CW_KEY_EXCH_A)
+                {
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[4]);
+
+                l=s->s3->tmp.new_cipher->algorithms;
+
+                /* Fool emacs indentation */
+                if (0) {}
+#ifndef OPENSSL_NO_RSA
+                else if (l & SSL_kRSA)
+                        {
+                        RSA *rsa;
+                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+
+                        if (s->session->sess_cert->peer_rsa_tmp != NULL)
+                                rsa=s->session->sess_cert->peer_rsa_tmp;
+                        else
+                                {
+                                pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+                                if ((pkey == NULL) ||
+                                        (pkey->type != EVP_PKEY_RSA) ||
+                                        (pkey->pkey.rsa == NULL))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                                        goto err;
+                                        }
+                                rsa=pkey->pkey.rsa;
+                                EVP_PKEY_free(pkey);
+                                }
+                                
+                        tmp_buf[0]=s->client_version>>8;
+                        tmp_buf[1]=s->client_version&0xff;
+                        if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
+                                        goto err;
+
+                        s->session->master_key_length=sizeof tmp_buf;
+
+                        q=p;
+                        /* Fix buf for TLS and beyond */
+                        if (s->version > SSL3_VERSION)
+                                p+=2;
+                        n=RSA_public_encrypt(sizeof tmp_buf,
+                                tmp_buf,p,rsa,RSA_PKCS1_PADDING);
+#ifdef PKCS1_CHECK
+                        if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
+                        if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
+#endif
+                        if (n <= 0)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
+                                goto err;
+                                }
+
+                        /* Fix buf for TLS and beyond */
+                        if (s->version > SSL3_VERSION)
+                                {
+                                s2n(n,q);
+                                n+=2;
+                                }
+
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key,
+                                        tmp_buf,sizeof tmp_buf);
+                        OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
+                        }
+#endif
+#ifndef OPENSSL_NO_KRB5
+                else if (l & SSL_kKRB5)
+                        {
+                        krb5_error_code krb5rc;
+                        KSSL_CTX        *kssl_ctx = s->kssl_ctx;
+                        /*  krb5_data   krb5_ap_req;  */
+                        krb5_data       *enc_ticket;
+                        krb5_data       authenticator, *authp = NULL;
+                        EVP_CIPHER_CTX  ciph_ctx;
+                        EVP_CIPHER      *enc = NULL;
+                        unsigned char   iv[EVP_MAX_IV_LENGTH];
+                        unsigned char   tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+                        unsigned char   epms[SSL_MAX_MASTER_KEY_LENGTH 
+                                                + EVP_MAX_IV_LENGTH];
+                        int             padl, outl = sizeof(epms);
+
+                        EVP_CIPHER_CTX_init(&ciph_ctx);
+
+#ifdef KSSL_DEBUG
+                        printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+                                l, SSL_kKRB5);
+#endif  /* KSSL_DEBUG */
+
+                        authp = NULL;
+#ifdef KRB5SENDAUTH
+                        if (KRB5SENDAUTH)  authp = &authenticator;
+#endif  /* KRB5SENDAUTH */
+
+                        krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
+                                &kssl_err);
+                        enc = kssl_map_enc(kssl_ctx->enctype);
+                        if (enc == NULL)
+                            goto err;
+#ifdef KSSL_DEBUG
+                        {
+                        printf("kssl_cget_tkt rtn %d\n", krb5rc);
+                        if (krb5rc && kssl_err.text)
+                          printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
+                        }
+#endif  /* KSSL_DEBUG */
+
+                        if (krb5rc)
+                                {
+                                ssl3_send_alert(s,SSL3_AL_FATAL,
+                                                SSL_AD_HANDSHAKE_FAILURE);
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                                kssl_err.reason);
+                                goto err;
+                                }
+
+                        /*  20010406 VRS - Earlier versions used KRB5 AP_REQ
+                        **  in place of RFC 2712 KerberosWrapper, as in:
+                        **
+                        **  Send ticket (copy to *p, set n = length)
+                        **  n = krb5_ap_req.length;
+                        **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+                        **  if (krb5_ap_req.data)  
+                        **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
+                        **
+                        **  Now using real RFC 2712 KerberosWrapper
+                        **  (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
+                        **  Note: 2712 "opaque" types are here replaced
+                        **  with a 2-byte length followed by the value.
+                        **  Example:
+                        **  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
+                        **  Where "xx xx" = length bytes.  Shown here with
+                        **  optional authenticator omitted.
+                        */
+
+                        /*  KerberosWrapper.Ticket              */
+                        s2n(enc_ticket->length,p);
+                        memcpy(p, enc_ticket->data, enc_ticket->length);
+                        p+= enc_ticket->length;
+                        n = enc_ticket->length + 2;
+
+                        /*  KerberosWrapper.Authenticator       */
+                        if (authp  &&  authp->length)  
+                                {
+                                s2n(authp->length,p);
+                                memcpy(p, authp->data, authp->length);
+                                p+= authp->length;
+                                n+= authp->length + 2;
+                                
+                                free(authp->data);
+                                authp->data = NULL;
+                                authp->length = 0;
+                                }
+                        else
+                                {
+                                s2n(0,p);/*  null authenticator length  */
+                                n+=2;
+                                }
+ 
+                        if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
+                            goto err;
+
+                        /*  20010420 VRS.  Tried it this way; failed.
+                        **      EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+                        **      EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+                        **                              kssl_ctx->length);
+                        **      EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+                        */
+
+                        memset(iv, 0, sizeof iv);  /* per RFC 1510 */
+                        EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
+                                kssl_ctx->key,iv);
+                        EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
+                                sizeof tmp_buf);
+                        EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
+                        outl += padl;
+                        if (outl > sizeof epms)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+                        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+                        /*  KerberosWrapper.EncryptedPreMasterSecret    */
+                        s2n(outl,p);
+                        memcpy(p, epms, outl);
+                        p+=outl;
+                        n+=outl + 2;
+
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key,
+                                        tmp_buf, sizeof tmp_buf);
+
+                        OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+                        OPENSSL_cleanse(epms, outl);
+                        }
+#endif
+#ifndef OPENSSL_NO_DH
+                else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                        {
+                        DH *dh_srvr,*dh_clnt;
+
+                        if (s->session->sess_cert->peer_dh_tmp != NULL)
+                                dh_srvr=s->session->sess_cert->peer_dh_tmp;
+                        else
+                                {
+                                /* we get them from the cert */
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
+                                goto err;
+                                }
+                        
+                        /* generate a new random key */
+                        if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+                        if (!DH_generate_key(dh_clnt))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+
+                        /* use the 'p' output buffer for the DH key, but
+                         * make sure to clear it out afterwards */
+
+                        n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
+
+                        if (n <= 0)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+
+                        /* generate master key from the result */
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key,p,n);
+                        /* clean up */
+                        memset(p,0,n);
+
+                        /* send off the data */
+                        n=BN_num_bytes(dh_clnt->pub_key);
+                        s2n(n,p);
+                        BN_bn2bin(dh_clnt->pub_key,p);
+                        n+=2;
+
+                        DH_free(dh_clnt);
+
+                        /* perhaps clean things up a bit EAY EAY EAY EAY*/
+                        }
+#endif
+                else
+                        {
+                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                
+                *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
+                l2n3(n,d);
+
+                s->state=SSL3_ST_CW_KEY_EXCH_B;
+                /* number of bytes to write */
+                s->init_num=n+4;
+                s->init_off=0;
+                }
+
+        /* SSL3_ST_CW_KEY_EXCH_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+
+static int ssl3_send_client_verify(SSL *s)
+        {
+        unsigned char *p,*d;
+        unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+        EVP_PKEY *pkey;
+#ifndef OPENSSL_NO_RSA
+        unsigned u=0;
+#endif
+        unsigned long n;
+#ifndef OPENSSL_NO_DSA
+        int j;
+#endif
+
+        if (s->state == SSL3_ST_CW_CERT_VRFY_A)
+                {
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[4]);
+                pkey=s->cert->key->privatekey;
+
+                s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
+                        &(data[MD5_DIGEST_LENGTH]));
+
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        s->method->ssl3_enc->cert_verify_mac(s,
+                                &(s->s3->finish_dgst1),&(data[0]));
+                        if (RSA_sign(NID_md5_sha1, data,
+                                         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
+                                        &(p[2]), &u, pkey->pkey.rsa) <= 0 )
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
+                                goto err;
+                                }
+                        s2n(u,p);
+                        n=u+2;
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                        if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        if (!DSA_sign(pkey->save_type,
+                                &(data[MD5_DIGEST_LENGTH]),
+                                SHA_DIGEST_LENGTH,&(p[2]),
+                                (unsigned int *)&j,pkey->pkey.dsa))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
+                                goto err;
+                                }
+                        s2n(j,p);
+                        n=j+2;
+                        }
+                else
+#endif
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
+                l2n3(n,d);
+
+                s->state=SSL3_ST_CW_CERT_VRFY_B;
+                s->init_num=(int)n+4;
+                s->init_off=0;
+                }
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+
+static int ssl3_send_client_certificate(SSL *s)
+        {
+        X509 *x509=NULL;
+        EVP_PKEY *pkey=NULL;
+        int i;
+        unsigned long l;
+
+        if (s->state == SSL3_ST_CW_CERT_A)
+                {
+                if ((s->cert == NULL) ||
+                        (s->cert->key->x509 == NULL) ||
+                        (s->cert->key->privatekey == NULL))
+                        s->state=SSL3_ST_CW_CERT_B;
+                else
+                        s->state=SSL3_ST_CW_CERT_C;
+                }
+
+        /* We need to get a client cert */
+        if (s->state == SSL3_ST_CW_CERT_B)
+                {
+                /* If we get an error, we need to
+                 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
+                 * We then get retied later */
+                i=0;
+                if (s->ctx->client_cert_cb != NULL)
+                        i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+                if (i < 0)
+                        {
+                        s->rwstate=SSL_X509_LOOKUP;
+                        return(-1);
+                        }
+                s->rwstate=SSL_NOTHING;
+                if ((i == 1) && (pkey != NULL) && (x509 != NULL))
+                        {
+                        s->state=SSL3_ST_CW_CERT_B;
+                        if (    !SSL_use_certificate(s,x509) ||
+                                !SSL_use_PrivateKey(s,pkey))
+                                i=0;
+                        }
+                else if (i == 1)
+                        {
+                        i=0;
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+                        }
+
+                if (x509 != NULL) X509_free(x509);
+                if (pkey != NULL) EVP_PKEY_free(pkey);
+                if (i == 0)
+                        {
+                        if (s->version == SSL3_VERSION)
+                                {
+                                s->s3->tmp.cert_req=0;
+                                ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
+                                return(1);
+                                }
+                        else
+                                {
+                                s->s3->tmp.cert_req=2;
+                                }
+                        }
+
+                /* Ok, we have a cert */
+                s->state=SSL3_ST_CW_CERT_C;
+                }
+
+        if (s->state == SSL3_ST_CW_CERT_C)
+                {
+                s->state=SSL3_ST_CW_CERT_D;
+                l=ssl3_output_cert_chain(s,
+                        (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+                s->init_num=(int)l;
+                s->init_off=0;
+                }
+        /* SSL3_ST_CW_CERT_D */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+#define has_bits(i,m)   (((i)&(m)) == (m))
+
+static int ssl3_check_cert_and_algorithm(SSL *s)
+        {
+        int i,idx;
+        long algs;
+        EVP_PKEY *pkey=NULL;
+        SESS_CERT *sc;
+#ifndef OPENSSL_NO_RSA
+        RSA *rsa;
+#endif
+#ifndef OPENSSL_NO_DH
+        DH *dh;
+#endif
+
+        sc=s->session->sess_cert;
+
+        if (sc == NULL)
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
+
+        algs=s->s3->tmp.new_cipher->algorithms;
+
+        /* we don't have a certificate */
+        if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
+                return(1);
+
+#ifndef OPENSSL_NO_RSA
+        rsa=s->session->sess_cert->peer_rsa_tmp;
+#endif
+#ifndef OPENSSL_NO_DH
+        dh=s->session->sess_cert->peer_dh_tmp;
+#endif
+
+        /* This is the passed certificate */
+
+        idx=sc->peer_cert_type;
+        pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
+        i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
+        EVP_PKEY_free(pkey);
+
+        
+        /* Check that we have a certificate if we require one */
+        if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
+                goto f_err;
+                }
+#ifndef OPENSSL_NO_DSA
+        else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
+                goto f_err;
+                }
+#endif
+#ifndef OPENSSL_NO_RSA
+        if ((algs & SSL_kRSA) &&
+                !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+                goto f_err;
+                }
+#endif
+#ifndef OPENSSL_NO_DH
+        if ((algs & SSL_kEDH) &&
+                !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
+                goto f_err;
+                }
+        else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
+                goto f_err;
+                }
+#ifndef OPENSSL_NO_DSA
+        else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
+                goto f_err;
+                }
+#endif
+#endif
+
+        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
+                {
+#ifndef OPENSSL_NO_RSA
+                if (algs & SSL_kRSA)
+                        {
+                        if (rsa == NULL
+                            || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+                                {
+                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
+                                goto f_err;
+                                }
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DH
+                        if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                            {
+                            if (dh == NULL
+                                || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+                                {
+                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
+                                goto f_err;
+                                }
+                        }
+                else
+#endif
+                        {
+                        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+                        goto f_err;
+                        }
+                }
+        return(1);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+err:
+        return(0);
+        }
+
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
new file mode 100644
index 0000000000..d04096016c
--- /dev/null
+++ b/src/lib/libssl/s3_lib.c
@@ -0,0 +1,1799 @@
+/* ssl/s3_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/md5.h>
+
+const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
+
+#define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
+
+static long ssl3_default_timeout(void );
+
+OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
+/* The RSA ciphers */
+/* Cipher 01 */
+        {
+        1,
+        SSL3_TXT_RSA_NULL_MD5,
+        SSL3_CK_RSA_NULL_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
+        0,
+        0,
+        0,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 02 */
+        {
+        1,
+        SSL3_TXT_RSA_NULL_SHA,
+        SSL3_CK_RSA_NULL_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
+        0,
+        0,
+        0,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* anon DH */
+/* Cipher 17 */
+        {
+        1,
+        SSL3_TXT_ADH_RC4_40_MD5,
+        SSL3_CK_ADH_RC4_40_MD5,
+        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 18 */
+        {
+        1,
+        SSL3_TXT_ADH_RC4_128_MD5,
+        SSL3_CK_ADH_RC4_128_MD5,
+        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 19 */
+        {
+        1,
+        SSL3_TXT_ADH_DES_40_CBC_SHA,
+        SSL3_CK_ADH_DES_40_CBC_SHA,
+        SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 1A */
+        {
+        1,
+        SSL3_TXT_ADH_DES_64_CBC_SHA,
+        SSL3_CK_ADH_DES_64_CBC_SHA,
+        SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_LOW,
+        0,
+        56,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 1B */
+        {
+        1,
+        SSL3_TXT_ADH_DES_192_CBC_SHA,
+        SSL3_CK_ADH_DES_192_CBC_SHA,
+        SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        168,
+        168,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* RSA again */
+/* Cipher 03 */
+        {
+        1,
+        SSL3_TXT_RSA_RC4_40_MD5,
+        SSL3_CK_RSA_RC4_40_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 04 */
+        {
+        1,
+        SSL3_TXT_RSA_RC4_128_MD5,
+        SSL3_CK_RSA_RC4_128_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 05 */
+        {
+        1,
+        SSL3_TXT_RSA_RC4_128_SHA,
+        SSL3_CK_RSA_RC4_128_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 06 */
+        {
+        1,
+        SSL3_TXT_RSA_RC2_40_MD5,
+        SSL3_CK_RSA_RC2_40_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 07 */
+#ifndef OPENSSL_NO_IDEA
+        {
+        1,
+        SSL3_TXT_RSA_IDEA_128_SHA,
+        SSL3_CK_RSA_IDEA_128_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+#endif
+/* Cipher 08 */
+        {
+        1,
+        SSL3_TXT_RSA_DES_40_CBC_SHA,
+        SSL3_CK_RSA_DES_40_CBC_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 09 */
+        {
+        1,
+        SSL3_TXT_RSA_DES_64_CBC_SHA,
+        SSL3_CK_RSA_DES_64_CBC_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_LOW,
+        0,
+        56,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 0A */
+        {
+        1,
+        SSL3_TXT_RSA_DES_192_CBC3_SHA,
+        SSL3_CK_RSA_DES_192_CBC3_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        168,
+        168,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/*  The DH ciphers */
+/* Cipher 0B */
+        {
+        0,
+        SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
+        SSL3_CK_DH_DSS_DES_40_CBC_SHA,
+        SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 0C */
+        {
+        0,
+        SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
+        SSL3_CK_DH_DSS_DES_64_CBC_SHA,
+        SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_LOW,
+        0,
+        56,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 0D */
+        {
+        0,
+        SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
+        SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
+        SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        168,
+        168,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 0E */
+        {
+        0,
+        SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
+        SSL3_CK_DH_RSA_DES_40_CBC_SHA,
+        SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 0F */
+        {
+        0,
+        SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
+        SSL3_CK_DH_RSA_DES_64_CBC_SHA,
+        SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_LOW,
+        0,
+        56,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 10 */
+        {
+        0,
+        SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
+        SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
+        SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        168,
+        168,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* The Ephemeral DH ciphers */
+/* Cipher 11 */
+        {
+        1,
+        SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
+        SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
+        SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 12 */
+        {
+        1,
+        SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
+        SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
+        SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_LOW,
+        0,
+        56,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 13 */
+        {
+        1,
+        SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
+        SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
+        SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        168,
+        168,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 14 */
+        {
+        1,
+        SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
+        SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
+        SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 15 */
+        {
+        1,
+        SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
+        SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
+        SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_LOW,
+        0,
+        56,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 16 */
+        {
+        1,
+        SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
+        SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
+        SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        168,
+        168,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Fortezza */
+/* Cipher 1C */
+        {
+        0,
+        SSL3_TXT_FZA_DMS_NULL_SHA,
+        SSL3_CK_FZA_DMS_NULL_SHA,
+        SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
+        0,
+        0,
+        0,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 1D */
+        {
+        0,
+        SSL3_TXT_FZA_DMS_FZA_SHA,
+        SSL3_CK_FZA_DMS_FZA_SHA,
+        SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
+        0,
+        0,
+        0,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+#if 0
+/* Cipher 1E */
+        {
+        0,
+        SSL3_TXT_FZA_DMS_RC4_SHA,
+        SSL3_CK_FZA_DMS_RC4_SHA,
+        SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+#endif
+
+#ifndef OPENSSL_NO_KRB5
+/* The Kerberos ciphers
+** 20000107 VRS: And the first shall be last,
+** in hopes of avoiding the lynx ssl renegotiation problem.
+*/
+/* Cipher 1E VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_DES_64_CBC_SHA,
+        SSL3_CK_KRB5_DES_64_CBC_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_LOW,
+        0,
+        56,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 1F VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+        SSL3_CK_KRB5_DES_192_CBC3_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        112,
+        168,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 20 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_128_SHA,
+        SSL3_CK_KRB5_RC4_128_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 21 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
+        SSL3_CK_KRB5_IDEA_128_CBC_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 22 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_DES_64_CBC_MD5,
+        SSL3_CK_KRB5_DES_64_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_LOW,
+        0,
+        56,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 23 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+        SSL3_CK_KRB5_DES_192_CBC3_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        112,
+        168,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 24 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_128_MD5,
+        SSL3_CK_KRB5_RC4_128_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 25 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
+        SSL3_CK_KRB5_IDEA_128_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 26 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_DES_40_CBC_SHA,
+        SSL3_CK_KRB5_DES_40_CBC_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 27 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC2_40_CBC_SHA,
+        SSL3_CK_KRB5_RC2_40_CBC_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_SHA1   |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 28 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_40_SHA,
+        SSL3_CK_KRB5_RC4_40_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 29 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_DES_40_CBC_MD5,
+        SSL3_CK_KRB5_DES_40_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 2A VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC2_40_CBC_MD5,
+        SSL3_CK_KRB5_RC2_40_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 2B VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_40_MD5,
+        SSL3_CK_KRB5_RC4_40_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+#endif  /* OPENSSL_NO_KRB5 */
+
+
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
+        /* New TLS Export CipherSuites */
+        /* Cipher 60 */
+            {
+            1,
+            TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+            TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+            SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP56,
+            0,
+            56,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 61 */
+            {
+            1,
+            TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+            TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+            SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP56,
+            0,
+            56,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 62 */
+            {
+            1,
+            TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+            TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+            SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP56,
+            0,
+            56,
+            56,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 63 */
+            {
+            1,
+            TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+            TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+            SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP56,
+            0,
+            56,
+            56,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 64 */
+            {
+            1,
+            TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+            TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+            SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP56,
+            0,
+            56,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 65 */
+            {
+            1,
+            TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+            TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+            SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP56,
+            0,
+            56,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 66 */
+            {
+            1,
+            TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+            TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+            SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_MEDIUM,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS
+            },
+#endif
+        /* New AES ciphersuites */
+
+        /* Cipher 2F */
+            {
+            1,
+            TLS1_TXT_RSA_WITH_AES_128_SHA,
+            TLS1_CK_RSA_WITH_AES_128_SHA,
+            SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+            SSL_NOT_EXP|SSL_MEDIUM,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 30 */
+            {
+            0,
+            TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
+            TLS1_CK_DH_DSS_WITH_AES_128_SHA,
+            SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_MEDIUM,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 31 */
+            {
+            0,
+            TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
+            TLS1_CK_DH_RSA_WITH_AES_128_SHA,
+            SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_MEDIUM,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 32 */
+            {
+            1,
+            TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+            TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+            SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_MEDIUM,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 33 */
+            {
+            1,
+            TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+            TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+            SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_MEDIUM,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 34 */
+            {
+            1,
+            TLS1_TXT_ADH_WITH_AES_128_SHA,
+            TLS1_CK_ADH_WITH_AES_128_SHA,
+            SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_MEDIUM,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher 35 */
+            {
+            1,
+            TLS1_TXT_RSA_WITH_AES_256_SHA,
+            TLS1_CK_RSA_WITH_AES_256_SHA,
+            SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 36 */
+            {
+            0,
+            TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
+            TLS1_CK_DH_DSS_WITH_AES_256_SHA,
+            SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 37 */
+            {
+            0,
+            TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
+            TLS1_CK_DH_RSA_WITH_AES_256_SHA,
+            SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 38 */
+            {
+            1,
+            TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+            TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+            SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 39 */
+            {
+            1,
+            TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+            TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+            SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+        /* Cipher 3A */
+            {
+            1,
+            TLS1_TXT_ADH_WITH_AES_256_SHA,
+            TLS1_CK_ADH_WITH_AES_256_SHA,
+            SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+/* end of list */
+        };
+
+static SSL3_ENC_METHOD SSLv3_enc_data={
+        ssl3_enc,
+        ssl3_mac,
+        ssl3_setup_key_block,
+        ssl3_generate_master_secret,
+        ssl3_change_cipher_state,
+        ssl3_final_finish_mac,
+        MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
+        ssl3_cert_verify_mac,
+        SSL3_MD_CLIENT_FINISHED_CONST,4,
+        SSL3_MD_SERVER_FINISHED_CONST,4,
+        ssl3_alert_code,
+        };
+
+static SSL_METHOD SSLv3_data= {
+        SSL3_VERSION,
+        ssl3_new,
+        ssl3_clear,
+        ssl3_free,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl3_read,
+        ssl3_peek,
+        ssl3_write,
+        ssl3_shutdown,
+        ssl3_renegotiate,
+        ssl3_renegotiate_check,
+        ssl3_ctrl,
+        ssl3_ctx_ctrl,
+        ssl3_get_cipher_by_char,
+        ssl3_put_cipher_by_char,
+        ssl3_pending,
+        ssl3_num_ciphers,
+        ssl3_get_cipher,
+        ssl_bad_method,
+        ssl3_default_timeout,
+        &SSLv3_enc_data,
+        ssl_undefined_function,
+        ssl3_callback_ctrl,
+        ssl3_ctx_callback_ctrl,
+        };
+
+static long ssl3_default_timeout(void)
+        {
+        /* 2 hours, the 24 hours mentioned in the SSLv3 spec
+         * is way too long for http, the cache would over fill */
+        return(60*60*2);
+        }
+
+SSL_METHOD *sslv3_base_method(void)
+        {
+        return(&SSLv3_data);
+        }
+
+int ssl3_num_ciphers(void)
+        {
+        return(SSL3_NUM_CIPHERS);
+        }
+
+SSL_CIPHER *ssl3_get_cipher(unsigned int u)
+        {
+        if (u < SSL3_NUM_CIPHERS)
+                return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
+        else
+                return(NULL);
+        }
+
+int ssl3_pending(SSL *s)
+        {
+        if (s->rstate == SSL_ST_READ_BODY)
+                return 0;
+        
+        return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
+        }
+
+int ssl3_new(SSL *s)
+        {
+        SSL3_STATE *s3;
+
+        if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
+        memset(s3,0,sizeof *s3);
+        EVP_MD_CTX_init(&s3->finish_dgst1);
+        EVP_MD_CTX_init(&s3->finish_dgst2);
+
+        s->s3=s3;
+
+        s->method->ssl_clear(s);
+        return(1);
+err:
+        return(0);
+        }
+
+void ssl3_free(SSL *s)
+        {
+        if(s == NULL)
+            return;
+
+        ssl3_cleanup_key_block(s);
+        if (s->s3->rbuf.buf != NULL)
+                OPENSSL_free(s->s3->rbuf.buf);
+        if (s->s3->wbuf.buf != NULL)
+                OPENSSL_free(s->s3->wbuf.buf);
+        if (s->s3->rrec.comp != NULL)
+                OPENSSL_free(s->s3->rrec.comp);
+#ifndef OPENSSL_NO_DH
+        if (s->s3->tmp.dh != NULL)
+                DH_free(s->s3->tmp.dh);
+#endif
+        if (s->s3->tmp.ca_names != NULL)
+                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+        EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+        EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+        OPENSSL_cleanse(s->s3,sizeof *s->s3);
+        OPENSSL_free(s->s3);
+        s->s3=NULL;
+        }
+
+void ssl3_clear(SSL *s)
+        {
+        unsigned char *rp,*wp;
+        size_t rlen, wlen;
+
+        ssl3_cleanup_key_block(s);
+        if (s->s3->tmp.ca_names != NULL)
+                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+
+        if (s->s3->rrec.comp != NULL)
+                {
+                OPENSSL_free(s->s3->rrec.comp);
+                s->s3->rrec.comp=NULL;
+                }
+#ifndef OPENSSL_NO_DH
+        if (s->s3->tmp.dh != NULL)
+                DH_free(s->s3->tmp.dh);
+#endif
+
+        rp = s->s3->rbuf.buf;
+        wp = s->s3->wbuf.buf;
+        rlen = s->s3->rbuf.len;
+        wlen = s->s3->wbuf.len;
+
+        EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+        EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+
+        memset(s->s3,0,sizeof *s->s3);
+        s->s3->rbuf.buf = rp;
+        s->s3->wbuf.buf = wp;
+        s->s3->rbuf.len = rlen;
+        s->s3->wbuf.len = wlen;
+
+        ssl_free_wbio_buffer(s);
+
+        s->packet_length=0;
+        s->s3->renegotiate=0;
+        s->s3->total_renegotiations=0;
+        s->s3->num_renegotiations=0;
+        s->s3->in_read_app_data=0;
+        s->version=SSL3_VERSION;
+        }
+
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
+        {
+        int ret=0;
+
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
+        if (
+#ifndef OPENSSL_NO_RSA
+            cmd == SSL_CTRL_SET_TMP_RSA ||
+            cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+#endif
+#ifndef OPENSSL_NO_DSA
+            cmd == SSL_CTRL_SET_TMP_DH ||
+            cmd == SSL_CTRL_SET_TMP_DH_CB ||
+#endif
+                0)
+                {
+                if (!ssl_cert_inst(&s->cert))
+                        {
+                        SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                }
+#endif
+
+        switch (cmd)
+                {
+        case SSL_CTRL_GET_SESSION_REUSED:
+                ret=s->hit;
+                break;
+        case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
+                break;
+        case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
+                ret=s->s3->num_renegotiations;
+                break;
+        case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
+                ret=s->s3->num_renegotiations;
+                s->s3->num_renegotiations=0;
+                break;
+        case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
+                ret=s->s3->total_renegotiations;
+                break;
+        case SSL_CTRL_GET_FLAGS:
+                ret=(int)(s->s3->flags);
+                break;
+#ifndef OPENSSL_NO_RSA
+        case SSL_CTRL_NEED_TMP_RSA:
+                if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
+                    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+                     (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
+                        ret = 1;
+                break;
+        case SSL_CTRL_SET_TMP_RSA:
+                {
+                        RSA *rsa = (RSA *)parg;
+                        if (rsa == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                                return(ret);
+                                }
+                        if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
+                                return(ret);
+                                }
+                        if (s->cert->rsa_tmp != NULL)
+                                RSA_free(s->cert->rsa_tmp);
+                        s->cert->rsa_tmp = rsa;
+                        ret = 1;
+                }
+                break;
+        case SSL_CTRL_SET_TMP_RSA_CB:
+                {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return(ret);
+                }
+                break;
+#endif
+#ifndef OPENSSL_NO_DH
+        case SSL_CTRL_SET_TMP_DH:
+                {
+                        DH *dh = (DH *)parg;
+                        if (dh == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                                return(ret);
+                                }
+                        if ((dh = DHparams_dup(dh)) == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+                                return(ret);
+                                }
+                        if (!(s->options & SSL_OP_SINGLE_DH_USE))
+                                {
+                                if (!DH_generate_key(dh))
+                                        {
+                                        DH_free(dh);
+                                        SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+                                        return(ret);
+                                        }
+                                }
+                        if (s->cert->dh_tmp != NULL)
+                                DH_free(s->cert->dh_tmp);
+                        s->cert->dh_tmp = dh;
+                        ret = 1;
+                }
+                break;
+        case SSL_CTRL_SET_TMP_DH_CB:
+                {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return(ret);
+                }
+                break;
+#endif
+        default:
+                break;
+                }
+        return(ret);
+        }
+
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
+        {
+        int ret=0;
+
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
+        if (
+#ifndef OPENSSL_NO_RSA
+            cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+#endif
+#ifndef OPENSSL_NO_DSA
+            cmd == SSL_CTRL_SET_TMP_DH_CB ||
+#endif
+                0)
+                {
+                if (!ssl_cert_inst(&s->cert))
+                        {
+                        SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                }
+#endif
+
+        switch (cmd)
+                {
+#ifndef OPENSSL_NO_RSA
+        case SSL_CTRL_SET_TMP_RSA_CB:
+                {
+                s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
+                }
+                break;
+#endif
+#ifndef OPENSSL_NO_DH
+        case SSL_CTRL_SET_TMP_DH_CB:
+                {
+                s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+                }
+                break;
+#endif
+        default:
+                break;
+                }
+        return(ret);
+        }
+
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+        {
+        CERT *cert;
+
+        cert=ctx->cert;
+
+        switch (cmd)
+                {
+#ifndef OPENSSL_NO_RSA
+        case SSL_CTRL_NEED_TMP_RSA:
+                if (    (cert->rsa_tmp == NULL) &&
+                        ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+                         (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
+                        )
+                        return(1);
+                else
+                        return(0);
+                /* break; */
+        case SSL_CTRL_SET_TMP_RSA:
+                {
+                RSA *rsa;
+                int i;
+
+                rsa=(RSA *)parg;
+                i=1;
+                if (rsa == NULL)
+                        i=0;
+                else
+                        {
+                        if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
+                                i=0;
+                        }
+                if (!i)
+                        {
+                        SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
+                        return(0);
+                        }
+                else
+                        {
+                        if (cert->rsa_tmp != NULL)
+                                RSA_free(cert->rsa_tmp);
+                        cert->rsa_tmp=rsa;
+                        return(1);
+                        }
+                }
+                /* break; */
+        case SSL_CTRL_SET_TMP_RSA_CB:
+                {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return(0);
+                }
+                break;
+#endif
+#ifndef OPENSSL_NO_DH
+        case SSL_CTRL_SET_TMP_DH:
+                {
+                DH *new=NULL,*dh;
+
+                dh=(DH *)parg;
+                if ((new=DHparams_dup(dh)) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
+                        return 0;
+                        }
+                if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
+                        {
+                        if (!DH_generate_key(new))
+                                {
+                                SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
+                                DH_free(new);
+                                return 0;
+                                }
+                        }
+                if (cert->dh_tmp != NULL)
+                        DH_free(cert->dh_tmp);
+                cert->dh_tmp=new;
+                return 1;
+                }
+                /*break; */
+        case SSL_CTRL_SET_TMP_DH_CB:
+                {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return(0);
+                }
+                break;
+#endif
+        /* A Thawte special :-) */
+        case SSL_CTRL_EXTRA_CHAIN_CERT:
+                if (ctx->extra_certs == NULL)
+                        {
+                        if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
+                                return(0);
+                        }
+                sk_X509_push(ctx->extra_certs,(X509 *)parg);
+                break;
+
+        default:
+                return(0);
+                }
+        return(1);
+        }
+
+long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+        {
+        CERT *cert;
+
+        cert=ctx->cert;
+
+        switch (cmd)
+                {
+#ifndef OPENSSL_NO_RSA
+        case SSL_CTRL_SET_TMP_RSA_CB:
+                {
+                cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
+                }
+                break;
+#endif
+#ifndef OPENSSL_NO_DH
+        case SSL_CTRL_SET_TMP_DH_CB:
+                {
+                cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+                }
+                break;
+#endif
+        default:
+                return(0);
+                }
+        return(1);
+        }
+
+/* This function needs to check if the ciphers required are actually
+ * available */
+SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+        {
+        static int init=1;
+        static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
+        SSL_CIPHER c,*cp= &c,**cpp;
+        unsigned long id;
+        int i;
+
+        if (init)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+
+                if (init)
+                        {
+                        for (i=0; i<SSL3_NUM_CIPHERS; i++)
+                                sorted[i]= &(ssl3_ciphers[i]);
+
+                        qsort(sorted,
+                                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+                                FP_ICC ssl_cipher_ptr_id_cmp);
+
+                        init=0;
+                        }
+                
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+                }
+
+        id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
+        c.id=id;
+        cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
+                (char *)sorted,
+                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+                FP_ICC ssl_cipher_ptr_id_cmp);
+        if ((cpp == NULL) || !(*cpp)->valid)
+                return(NULL);
+        else
+                return(*cpp);
+        }
+
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+        {
+        long l;
+
+        if (p != NULL)
+                {
+                l=c->id;
+                if ((l & 0xff000000) != 0x03000000) return(0);
+                p[0]=((unsigned char)(l>> 8L))&0xFF;
+                p[1]=((unsigned char)(l     ))&0xFF;
+                }
+        return(2);
+        }
+
+SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+             STACK_OF(SSL_CIPHER) *srvr)
+        {
+        SSL_CIPHER *c,*ret=NULL;
+        STACK_OF(SSL_CIPHER) *prio, *allow;
+        int i,j,ok;
+        CERT *cert;
+        unsigned long alg,mask,emask;
+
+        /* Let's see which ciphers we can support */
+        cert=s->cert;
+
+#if 0
+        /* Do not set the compare functions, because this may lead to a
+         * reordering by "id". We want to keep the original ordering.
+         * We may pay a price in performance during sk_SSL_CIPHER_find(),
+         * but would have to pay with the price of sk_SSL_CIPHER_dup().
+         */
+        sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
+        sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
+#endif
+
+#ifdef CIPHER_DEBUG
+        printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
+        for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
+            {
+            c=sk_SSL_CIPHER_value(srvr,i);
+            printf("%p:%s\n",c,c->name);
+            }
+        printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
+        for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
+            {
+            c=sk_SSL_CIPHER_value(clnt,i);
+            printf("%p:%s\n",c,c->name);
+            }
+#endif
+
+        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
+            {
+            prio = srvr;
+            allow = clnt;
+            }
+        else
+            {
+            prio = clnt;
+            allow = srvr;
+            }
+
+        for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
+                {
+                c=sk_SSL_CIPHER_value(prio,i);
+
+                ssl_set_cert_masks(cert,c);
+                mask=cert->mask;
+                emask=cert->export_mask;
+                        
+#ifdef KSSL_DEBUG
+                printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
+#endif    /* KSSL_DEBUG */
+
+                alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+#ifndef OPENSSL_NO_KRB5
+                if (alg & SSL_KRB5) 
+                        {
+                        if ( !kssl_keytab_is_available(s->kssl_ctx) )
+                            continue;
+                        }
+#endif /* OPENSSL_NO_KRB5 */
+                if (SSL_C_IS_EXPORT(c))
+                        {
+                        ok=((alg & emask) == alg)?1:0;
+#ifdef CIPHER_DEBUG
+                        printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
+                               c,c->name);
+#endif
+                        }
+                else
+                        {
+                        ok=((alg & mask) == alg)?1:0;
+#ifdef CIPHER_DEBUG
+                        printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
+                               c->name);
+#endif
+                        }
+
+                if (!ok) continue;
+        
+                j=sk_SSL_CIPHER_find(allow,c);
+                if (j >= 0)
+                        {
+                        ret=sk_SSL_CIPHER_value(allow,j);
+                        break;
+                        }
+                }
+        return(ret);
+        }
+
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
+        {
+        int ret=0;
+        unsigned long alg;
+
+        alg=s->s3->tmp.new_cipher->algorithms;
+
+#ifndef OPENSSL_NO_DH
+        if (alg & (SSL_kDHr|SSL_kEDH))
+                {
+#  ifndef OPENSSL_NO_RSA
+                p[ret++]=SSL3_CT_RSA_FIXED_DH;
+#  endif
+#  ifndef OPENSSL_NO_DSA
+                p[ret++]=SSL3_CT_DSS_FIXED_DH;
+#  endif
+                }
+        if ((s->version == SSL3_VERSION) &&
+                (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
+                {
+#  ifndef OPENSSL_NO_RSA
+                p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
+#  endif
+#  ifndef OPENSSL_NO_DSA
+                p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
+#  endif
+                }
+#endif /* !OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_RSA
+        p[ret++]=SSL3_CT_RSA_SIGN;
+#endif
+#ifndef OPENSSL_NO_DSA
+        p[ret++]=SSL3_CT_DSS_SIGN;
+#endif
+        return(ret);
+        }
+
+int ssl3_shutdown(SSL *s)
+        {
+
+        /* Don't do anything much if we have not done the handshake or
+         * we don't want to send messages :-) */
+        if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
+                {
+                s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+                return(1);
+                }
+
+        if (!(s->shutdown & SSL_SENT_SHUTDOWN))
+                {
+                s->shutdown|=SSL_SENT_SHUTDOWN;
+#if 1
+                ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
+#endif
+                /* our shutdown alert has been sent now, and if it still needs
+                 * to be written, s->s3->alert_dispatch will be true */
+                }
+        else if (s->s3->alert_dispatch)
+                {
+                /* resend it if not sent */
+#if 1
+                ssl3_dispatch_alert(s);
+#endif
+                }
+        else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
+                {
+                /* If we are waiting for a close from our peer, we are closed */
+                ssl3_read_bytes(s,0,NULL,0,0);
+                }
+
+        if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
+                !s->s3->alert_dispatch)
+                return(1);
+        else
+                return(0);
+        }
+
+int ssl3_write(SSL *s, const void *buf, int len)
+        {
+        int ret,n;
+
+#if 0
+        if (s->shutdown & SSL_SEND_SHUTDOWN)
+                {
+                s->rwstate=SSL_NOTHING;
+                return(0);
+                }
+#endif
+        clear_sys_error();
+        if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+
+        /* This is an experimental flag that sends the
+         * last handshake message in the same packet as the first
+         * use data - used to see if it helps the TCP protocol during
+         * session-id reuse */
+        /* The second test is because the buffer may have been removed */
+        if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
+                {
+                /* First time through, we write into the buffer */
+                if (s->s3->delay_buf_pop_ret == 0)
+                        {
+                        ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
+                                             buf,len);
+                        if (ret <= 0) return(ret);
+
+                        s->s3->delay_buf_pop_ret=ret;
+                        }
+
+                s->rwstate=SSL_WRITING;
+                n=BIO_flush(s->wbio);
+                if (n <= 0) return(n);
+                s->rwstate=SSL_NOTHING;
+
+                /* We have flushed the buffer, so remove it */
+                ssl_free_wbio_buffer(s);
+                s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
+
+                ret=s->s3->delay_buf_pop_ret;
+                s->s3->delay_buf_pop_ret=0;
+                }
+        else
+                {
+                ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
+                                     buf,len);
+                if (ret <= 0) return(ret);
+                }
+
+        return(ret);
+        }
+
+static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
+        {
+        int ret;
+        
+        clear_sys_error();
+        if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+        s->s3->in_read_app_data=1;
+        ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+        if ((ret == -1) && (s->s3->in_read_app_data == 2))
+                {
+                /* ssl3_read_bytes decided to call s->handshake_func, which
+                 * called ssl3_read_bytes to read handshake data.
+                 * However, ssl3_read_bytes actually found application data
+                 * and thinks that application data makes sense here; so disable
+                 * handshake processing and try to read application data again. */
+                s->in_handshake++;
+                ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+                s->in_handshake--;
+                }
+        else
+                s->s3->in_read_app_data=0;
+
+        return(ret);
+        }
+
+int ssl3_read(SSL *s, void *buf, int len)
+        {
+        return ssl3_read_internal(s, buf, len, 0);
+        }
+
+int ssl3_peek(SSL *s, void *buf, int len)
+        {
+        return ssl3_read_internal(s, buf, len, 1);
+        }
+
+int ssl3_renegotiate(SSL *s)
+        {
+        if (s->handshake_func == NULL)
+                return(1);
+
+        if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+                return(0);
+
+        s->s3->renegotiate=1;
+        return(1);
+        }
+
+int ssl3_renegotiate_check(SSL *s)
+        {
+        int ret=0;
+
+        if (s->s3->renegotiate)
+                {
+                if (    (s->s3->rbuf.left == 0) &&
+                        (s->s3->wbuf.left == 0) &&
+                        !SSL_in_init(s))
+                        {
+/*
+if we are the server, and we have sent a 'RENEGOTIATE' message, we
+need to go to SSL_ST_ACCEPT.
+*/
+                        /* SSL_ST_ACCEPT */
+                        s->state=SSL_ST_RENEGOTIATE;
+                        s->s3->renegotiate=0;
+                        s->s3->num_renegotiations++;
+                        s->s3->total_renegotiations++;
+                        ret=1;
+                        }
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
new file mode 100644
index 0000000000..3f88429e79
--- /dev/null
+++ b/src/lib/libssl/s3_pkt.c
@@ -0,0 +1,1302 @@
+/* ssl/s3_pkt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+
+static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+                         unsigned int len, int create_empty_fragment);
+static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+                              unsigned int len);
+static int ssl3_get_record(SSL *s);
+static int do_compress(SSL *ssl);
+static int do_uncompress(SSL *ssl);
+static int do_change_cipher_spec(SSL *ssl);
+
+/* used only by ssl3_get_record */
+static int ssl3_read_n(SSL *s, int n, int max, int extend)
+        {
+        /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
+         * packet by another n bytes.
+         * The packet will be in the sub-array of s->s3->rbuf.buf specified
+         * by s->packet and s->packet_length.
+         * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
+         * [plus s->packet_length bytes if extend == 1].)
+         */
+        int i,off,newb;
+
+        if (!extend)
+                {
+                /* start with empty packet ... */
+                if (s->s3->rbuf.left == 0)
+                        s->s3->rbuf.offset = 0;
+                s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
+                s->packet_length = 0;
+                /* ... now we can act as if 'extend' was set */
+                }
+
+        /* if there is enough in the buffer from a previous read, take some */
+        if (s->s3->rbuf.left >= (int)n)
+                {
+                s->packet_length+=n;
+                s->s3->rbuf.left-=n;
+                s->s3->rbuf.offset+=n;
+                return(n);
+                }
+
+        /* else we need to read more data */
+        if (!s->read_ahead)
+                max=n;
+
+        {
+                /* avoid buffer overflow */
+                int max_max = s->s3->rbuf.len - s->packet_length;
+                if (max > max_max)
+                        max = max_max;
+        }
+        if (n > max) /* does not happen */
+                {
+                SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
+                return -1;
+                }
+
+        off = s->packet_length;
+        newb = s->s3->rbuf.left;
+        /* Move any available bytes to front of buffer:
+         * 'off' bytes already pointed to by 'packet',
+         * 'newb' extra ones at the end */
+        if (s->packet != s->s3->rbuf.buf)
+                {
+                /*  off > 0 */
+                memmove(s->s3->rbuf.buf, s->packet, off+newb);
+                s->packet = s->s3->rbuf.buf;
+                }
+
+        while (newb < n)
+                {
+                /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
+                 * to read in more until we have off+n (up to off+max if possible) */
+
+                clear_sys_error();
+                if (s->rbio != NULL)
+                        {
+                        s->rwstate=SSL_READING;
+                        i=BIO_read(s->rbio,     &(s->s3->rbuf.buf[off+newb]), max-newb);
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
+                        i = -1;
+                        }
+
+                if (i <= 0)
+                        {
+                        s->s3->rbuf.left = newb;
+                        return(i);
+                        }
+                newb+=i;
+                }
+
+        /* done reading, now the book-keeping */
+        s->s3->rbuf.offset = off + n;
+        s->s3->rbuf.left = newb - n;
+        s->packet_length += n;
+        s->rwstate=SSL_NOTHING;
+        return(n);
+        }
+
+/* Call this to get a new input record.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, one packet has been decoded and can be found in
+ * ssl->s3->rrec.type    - is the type of record
+ * ssl->s3->rrec.data,   - data
+ * ssl->s3->rrec.length, - number of bytes
+ */
+/* used only by ssl3_read_bytes */
+static int ssl3_get_record(SSL *s)
+        {
+        int ssl_major,ssl_minor,al;
+        int enc_err,n,i,ret= -1;
+        SSL3_RECORD *rr;
+        SSL_SESSION *sess;
+        unsigned char *p;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        short version;
+        unsigned int mac_size;
+        int clear=0;
+        size_t extra;
+        int decryption_failed_or_bad_record_mac = 0;
+        unsigned char *mac = NULL;
+
+        rr= &(s->s3->rrec);
+        sess=s->session;
+
+        if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+                extra=SSL3_RT_MAX_EXTRA;
+        else
+                extra=0;
+        if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)
+                {
+                /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
+                 * set after ssl3_setup_buffers() was done */
+                SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
+                return -1;
+                }
+
+again:
+        /* check if we have the header */
+        if (    (s->rstate != SSL_ST_READ_BODY) ||
+                (s->packet_length < SSL3_RT_HEADER_LENGTH)) 
+                {
+                n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
+                if (n <= 0) return(n); /* error or non-blocking */
+                s->rstate=SSL_ST_READ_BODY;
+
+                p=s->packet;
+
+                /* Pull apart the header into the SSL3_RECORD */
+                rr->type= *(p++);
+                ssl_major= *(p++);
+                ssl_minor= *(p++);
+                version=(ssl_major<<8)|ssl_minor;
+                n2s(p,rr->length);
+
+                /* Lets check version */
+                if (s->first_packet)
+                        {
+                        s->first_packet=0;
+                        }
+                else
+                        {
+                        if (version != s->version)
+                                {
+                                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+                                /* Send back error using their
+                                 * version number :-) */
+                                s->version=version;
+                                al=SSL_AD_PROTOCOL_VERSION;
+                                goto f_err;
+                                }
+                        }
+
+                if ((version>>8) != SSL3_VERSION_MAJOR)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+                        goto err;
+                        }
+
+                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+                        {
+                        al=SSL_AD_RECORD_OVERFLOW;
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
+                        goto f_err;
+                        }
+
+                /* now s->rstate == SSL_ST_READ_BODY */
+                }
+
+        /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
+
+        if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
+                {
+                /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
+                i=rr->length;
+                n=ssl3_read_n(s,i,i,1);
+                if (n <= 0) return(n); /* error or non-blocking io */
+                /* now n == rr->length,
+                 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
+                }
+
+        s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
+
+        /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
+         * and we have that many bytes in s->packet
+         */
+        rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
+
+        /* ok, we can now read from 's->packet' data into 'rr'
+         * rr->input points at rr->length bytes, which
+         * need to be copied into rr->data by either
+         * the decryption or by the decompression
+         * When the data is 'copied' into the rr->data buffer,
+         * rr->input will be pointed at the new buffer */ 
+
+        /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
+         * rr->length bytes of encrypted compressed stuff. */
+
+        /* check is not needed I believe */
+        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+                {
+                al=SSL_AD_RECORD_OVERFLOW;
+                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                goto f_err;
+                }
+
+        /* decrypt in place in 'rr->input' */
+        rr->data=rr->input;
+
+        enc_err = s->method->ssl3_enc->enc(s,0);
+        if (enc_err <= 0)
+                {
+                if (enc_err == 0)
+                        /* SSLerr() and ssl3_send_alert() have been called */
+                        goto err;
+
+                /* Otherwise enc_err == -1, which indicates bad padding
+                 * (rec->length has not been changed in this case).
+                 * To minimize information leaked via timing, we will perform
+                 * the MAC computation anyway. */
+                decryption_failed_or_bad_record_mac = 1;
+                }
+
+#ifdef TLS_DEBUG
+printf("dec %d\n",rr->length);
+{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+printf("\n");
+#endif
+
+        /* r->length is now the compressed data plus mac */
+        if (    (sess == NULL) ||
+                (s->enc_read_ctx == NULL) ||
+                (s->read_hash == NULL))
+                clear=1;
+
+        if (!clear)
+                {
+                mac_size=EVP_MD_size(s->read_hash);
+
+                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
+                        {
+#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+                        al=SSL_AD_RECORD_OVERFLOW;
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+                        goto f_err;
+#else
+                        decryption_failed_or_bad_record_mac = 1;
+#endif                  
+                        }
+                /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+                if (rr->length >= mac_size)
+                        {
+                        rr->length -= mac_size;
+                        mac = &rr->data[rr->length];
+                        }
+                else
+                        {
+                        /* record (minus padding) is too short to contain a MAC */
+#if 0 /* OK only for stream ciphers */
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+                        goto f_err;
+#else
+                        decryption_failed_or_bad_record_mac = 1;
+                        rr->length = 0;
+#endif
+                        }
+                i=s->method->ssl3_enc->mac(s,md,0);
+                if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+                        {
+                        decryption_failed_or_bad_record_mac = 1;
+                        }
+                }
+
+        if (decryption_failed_or_bad_record_mac)
+                {
+                /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
+                 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+                 * failure is directly visible from the ciphertext anyway,
+                 * we should not reveal which kind of error occured -- this
+                 * might become visible to an attacker (e.g. via a logfile) */
+                al=SSL_AD_BAD_RECORD_MAC;
+                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+                goto f_err;
+                }
+
+        /* r->length is now just compressed */
+        if (s->expand != NULL)
+                {
+                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
+                        {
+                        al=SSL_AD_RECORD_OVERFLOW;
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+                        goto f_err;
+                        }
+                if (!do_uncompress(s))
+                        {
+                        al=SSL_AD_DECOMPRESSION_FAILURE;
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
+                        goto f_err;
+                        }
+                }
+
+        if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
+                {
+                al=SSL_AD_RECORD_OVERFLOW;
+                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
+                goto f_err;
+                }
+
+        rr->off=0;
+        /* So at this point the following is true
+         * ssl->s3->rrec.type   is the type of record
+         * ssl->s3->rrec.length == number of bytes in record
+         * ssl->s3->rrec.off    == offset to first valid byte
+         * ssl->s3->rrec.data   == where to take bytes from, increment
+         *                         after use :-).
+         */
+
+        /* we have pulled in a full packet so zero things */
+        s->packet_length=0;
+
+        /* just read a 0 length packet */
+        if (rr->length == 0) goto again;
+
+        return(1);
+
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(ret);
+        }
+
+static int do_uncompress(SSL *ssl)
+        {
+        int i;
+        SSL3_RECORD *rr;
+
+        rr= &(ssl->s3->rrec);
+        i=COMP_expand_block(ssl->expand,rr->comp,
+                SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
+        if (i < 0)
+                return(0);
+        else
+                rr->length=i;
+        rr->data=rr->comp;
+
+        return(1);
+        }
+
+static int do_compress(SSL *ssl)
+        {
+        int i;
+        SSL3_RECORD *wr;
+
+        wr= &(ssl->s3->wrec);
+        i=COMP_compress_block(ssl->compress,wr->data,
+                SSL3_RT_MAX_COMPRESSED_LENGTH,
+                wr->input,(int)wr->length);
+        if (i < 0)
+                return(0);
+        else
+                wr->length=i;
+
+        wr->input=wr->data;
+        return(1);
+        }
+
+/* Call this to write data in records of type 'type'
+ * It will return <= 0 if not all data has been sent or non-blocking IO.
+ */
+int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
+        {
+        const unsigned char *buf=buf_;
+        unsigned int tot,n,nw;
+        int i;
+
+        s->rwstate=SSL_NOTHING;
+        tot=s->s3->wnum;
+        s->s3->wnum=0;
+
+        if (SSL_in_init(s) && !s->in_handshake)
+                {
+                i=s->handshake_func(s);
+                if (i < 0) return(i);
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return -1;
+                        }
+                }
+
+        n=(len-tot);
+        for (;;)
+                {
+                if (n > SSL3_RT_MAX_PLAIN_LENGTH)
+                        nw=SSL3_RT_MAX_PLAIN_LENGTH;
+                else
+                        nw=n;
+
+                i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
+                if (i <= 0)
+                        {
+                        s->s3->wnum=tot;
+                        return i;
+                        }
+
+                if ((i == (int)n) ||
+                        (type == SSL3_RT_APPLICATION_DATA &&
+                         (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
+                        {
+                        /* next chunk of data should get another prepended empty fragment
+                         * in ciphersuites with known-IV weakness: */
+                        s->s3->empty_fragment_done = 0;
+                        
+                        return tot+i;
+                        }
+
+                n-=i;
+                tot+=i;
+                }
+        }
+
+static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+                         unsigned int len, int create_empty_fragment)
+        {
+        unsigned char *p,*plen;
+        int i,mac_size,clear=0;
+        int prefix_len = 0;
+        SSL3_RECORD *wr;
+        SSL3_BUFFER *wb;
+        SSL_SESSION *sess;
+
+        /* first check if there is a SSL3_BUFFER still being written
+         * out.  This will happen with non blocking IO */
+        if (s->s3->wbuf.left != 0)
+                return(ssl3_write_pending(s,type,buf,len));
+
+        /* If we have an alert to send, lets send it */
+        if (s->s3->alert_dispatch)
+                {
+                i=ssl3_dispatch_alert(s);
+                if (i <= 0)
+                        return(i);
+                /* if it went, fall through and send more stuff */
+                }
+
+        if (len == 0 && !create_empty_fragment)
+                return 0;
+
+        wr= &(s->s3->wrec);
+        wb= &(s->s3->wbuf);
+        sess=s->session;
+
+        if (    (sess == NULL) ||
+                (s->enc_write_ctx == NULL) ||
+                (s->write_hash == NULL))
+                clear=1;
+
+        if (clear)
+                mac_size=0;
+        else
+                mac_size=EVP_MD_size(s->write_hash);
+
+        /* 'create_empty_fragment' is true only when this function calls itself */
+        if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
+                {
+                /* countermeasure against known-IV weakness in CBC ciphersuites
+                 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+
+                if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
+                        {
+                        /* recursive function call with 'create_empty_fragment' set;
+                         * this prepares and buffers the data for an empty fragment
+                         * (these 'prefix_len' bytes are sent out later
+                         * together with the actual payload) */
+                        prefix_len = do_ssl3_write(s, type, buf, 0, 1);
+                        if (prefix_len <= 0)
+                                goto err;
+
+                        if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
+                                {
+                                /* insufficient space */
+                                SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+                        }
+                
+                s->s3->empty_fragment_done = 1;
+                }
+
+        p = wb->buf + prefix_len;
+
+        /* write the header */
+
+        *(p++)=type&0xff;
+        wr->type=type;
+
+        *(p++)=(s->version>>8);
+        *(p++)=s->version&0xff;
+
+        /* field where we are to write out packet length */
+        plen=p; 
+        p+=2;
+
+        /* lets setup the record stuff. */
+        wr->data=p;
+        wr->length=(int)len;
+        wr->input=(unsigned char *)buf;
+
+        /* we now 'read' from wr->input, wr->length bytes into
+         * wr->data */
+
+        /* first we compress */
+        if (s->compress != NULL)
+                {
+                if (!do_compress(s))
+                        {
+                        SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                {
+                memcpy(wr->data,wr->input,wr->length);
+                wr->input=wr->data;
+                }
+
+        /* we should still have the output to wr->data and the input
+         * from wr->input.  Length should be wr->length.
+         * wr->data still points in the wb->buf */
+
+        if (mac_size != 0)
+                {
+                s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
+                wr->length+=mac_size;
+                wr->input=p;
+                wr->data=p;
+                }
+
+        /* ssl3_enc can only have an error on read */
+        s->method->ssl3_enc->enc(s,1);
+
+        /* record length after mac and block padding */
+        s2n(wr->length,plen);
+
+        /* we should now have
+         * wr->data pointing to the encrypted data, which is
+         * wr->length long */
+        wr->type=type; /* not needed but helps for debugging */
+        wr->length+=SSL3_RT_HEADER_LENGTH;
+
+        if (create_empty_fragment)
+                {
+                /* we are in a recursive call;
+                 * just return the length, don't write out anything here
+                 */
+                return wr->length;
+                }
+
+        /* now let's set up wb */
+        wb->left = prefix_len + wr->length;
+        wb->offset = 0;
+
+        /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
+        s->s3->wpend_tot=len;
+        s->s3->wpend_buf=buf;
+        s->s3->wpend_type=type;
+        s->s3->wpend_ret=len;
+
+        /* we now just need to write the buffer */
+        return ssl3_write_pending(s,type,buf,len);
+err:
+        return -1;
+        }
+
+/* if s->s3->wbuf.left != 0, we need to call this */
+static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+                              unsigned int len)
+        {
+        int i;
+
+/* XXXX */
+        if ((s->s3->wpend_tot > (int)len)
+                || ((s->s3->wpend_buf != buf) &&
+                        !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
+                || (s->s3->wpend_type != type))
+                {
+                SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
+                return(-1);
+                }
+
+        for (;;)
+                {
+                clear_sys_error();
+                if (s->wbio != NULL)
+                        {
+                        s->rwstate=SSL_WRITING;
+                        i=BIO_write(s->wbio,
+                                (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
+                                (unsigned int)s->s3->wbuf.left);
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
+                        i= -1;
+                        }
+                if (i == s->s3->wbuf.left)
+                        {
+                        s->s3->wbuf.left=0;
+                        s->rwstate=SSL_NOTHING;
+                        return(s->s3->wpend_ret);
+                        }
+                else if (i <= 0)
+                        return(i);
+                s->s3->wbuf.offset+=i;
+                s->s3->wbuf.left-=i;
+                }
+        }
+
+/* Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
+ * a surprise, but handled as if it were), or renegotiation requests.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+        {
+        int al,i,j,ret;
+        unsigned int n;
+        SSL3_RECORD *rr;
+        void (*cb)(const SSL *ssl,int type2,int val)=NULL;
+
+        if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
+                if (!ssl3_setup_buffers(s))
+                        return(-1);
+
+        if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
+            (peek && (type != SSL3_RT_APPLICATION_DATA)))
+                {
+                SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+                return -1;
+                }
+
+        if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
+                /* (partially) satisfy request from storage */
+                {
+                unsigned char *src = s->s3->handshake_fragment;
+                unsigned char *dst = buf;
+                unsigned int k;
+
+                /* peek == 0 */
+                n = 0;
+                while ((len > 0) && (s->s3->handshake_fragment_len > 0))
+                        {
+                        *dst++ = *src++;
+                        len--; s->s3->handshake_fragment_len--;
+                        n++;
+                        }
+                /* move any remaining fragment bytes: */
+                for (k = 0; k < s->s3->handshake_fragment_len; k++)
+                        s->s3->handshake_fragment[k] = *src++;
+                return n;
+        }
+
+        /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
+
+        if (!s->in_handshake && SSL_in_init(s))
+                {
+                /* type == SSL3_RT_APPLICATION_DATA */
+                i=s->handshake_func(s);
+                if (i < 0) return(i);
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+                }
+start:
+        s->rwstate=SSL_NOTHING;
+
+        /* s->s3->rrec.type         - is the type of record
+         * s->s3->rrec.data,    - data
+         * s->s3->rrec.off,     - offset into 'data' for next read
+         * s->s3->rrec.length,  - number of bytes. */
+        rr = &(s->s3->rrec);
+
+        /* get new packet if necessary */
+        if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
+                {
+                ret=ssl3_get_record(s);
+                if (ret <= 0) return(ret);
+                }
+
+        /* we now have a packet which can be read and processed */
+
+        if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+                                       * reset by ssl3_get_finished */
+                && (rr->type != SSL3_RT_HANDSHAKE))
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+                goto err;
+                }
+
+        /* If the other end has shut down, throw anything we read away
+         * (even in 'peek' mode) */
+        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+                {
+                rr->length=0;
+                s->rwstate=SSL_NOTHING;
+                return(0);
+                }
+
+
+        if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
+                {
+                /* make sure that we are not getting application data when we
+                 * are doing a handshake for the first time */
+                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+                        (s->enc_read_ctx == NULL))
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
+                        goto f_err;
+                        }
+
+                if (len <= 0) return(len);
+
+                if ((unsigned int)len > rr->length)
+                        n = rr->length;
+                else
+                        n = (unsigned int)len;
+
+                memcpy(buf,&(rr->data[rr->off]),n);
+                if (!peek)
+                        {
+                        rr->length-=n;
+                        rr->off+=n;
+                        if (rr->length == 0)
+                                {
+                                s->rstate=SSL_ST_READ_HEADER;
+                                rr->off=0;
+                                }
+                        }
+                return(n);
+                }
+
+
+        /* If we get here, then type != rr->type; if we have a handshake
+         * message, then it was unexpected (Hello Request or Client Hello). */
+
+        /* In case of record types for which we have 'fragment' storage,
+         * fill that so that we can process the data at a fixed place.
+         */
+                {
+                unsigned int dest_maxlen = 0;
+                unsigned char *dest = NULL;
+                unsigned int *dest_len = NULL;
+
+                if (rr->type == SSL3_RT_HANDSHAKE)
+                        {
+                        dest_maxlen = sizeof s->s3->handshake_fragment;
+                        dest = s->s3->handshake_fragment;
+                        dest_len = &s->s3->handshake_fragment_len;
+                        }
+                else if (rr->type == SSL3_RT_ALERT)
+                        {
+                        dest_maxlen = sizeof s->s3->alert_fragment;
+                        dest = s->s3->alert_fragment;
+                        dest_len = &s->s3->alert_fragment_len;
+                        }
+
+                if (dest_maxlen > 0)
+                        {
+                        n = dest_maxlen - *dest_len; /* available space in 'dest' */
+                        if (rr->length < n)
+                                n = rr->length; /* available bytes */
+
+                        /* now move 'n' bytes: */
+                        while (n-- > 0)
+                                {
+                                dest[(*dest_len)++] = rr->data[rr->off++];
+                                rr->length--;
+                                }
+
+                        if (*dest_len < dest_maxlen)
+                                goto start; /* fragment was too small */
+                        }
+                }
+
+        /* s->s3->handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
+         * s->s3->alert_fragment_len == 2      iff  rr->type == SSL3_RT_ALERT.
+         * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
+
+        /* If we are a client, check for an incoming 'Hello Request': */
+        if ((!s->server) &&
+                (s->s3->handshake_fragment_len >= 4) &&
+                (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
+                (s->session != NULL) && (s->session->cipher != NULL))
+                {
+                s->s3->handshake_fragment_len = 0;
+
+                if ((s->s3->handshake_fragment[1] != 0) ||
+                        (s->s3->handshake_fragment[2] != 0) ||
+                        (s->s3->handshake_fragment[3] != 0))
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
+                        goto err;
+                        }
+
+                if (s->msg_callback)
+                        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
+
+                if (SSL_is_init_finished(s) &&
+                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+                        !s->s3->renegotiate)
+                        {
+                        ssl3_renegotiate(s);
+                        if (ssl3_renegotiate_check(s))
+                                {
+                                i=s->handshake_func(s);
+                                if (i < 0) return(i);
+                                if (i == 0)
+                                        {
+                                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                                        return(-1);
+                                        }
+
+                                if (!(s->mode & SSL_MODE_AUTO_RETRY))
+                                        {
+                                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                                {
+                                                BIO *bio;
+                                                /* In the case where we try to read application data,
+                                                 * but we trigger an SSL handshake, we return -1 with
+                                                 * the retry option set.  Otherwise renegotiation may
+                                                 * cause nasty problems in the blocking world */
+                                                s->rwstate=SSL_READING;
+                                                bio=SSL_get_rbio(s);
+                                                BIO_clear_retry_flags(bio);
+                                                BIO_set_retry_read(bio);
+                                                return(-1);
+                                                }
+                                        }
+                                }
+                        }
+                /* we either finished a handshake or ignored the request,
+                 * now try again to obtain the (application) data we were asked for */
+                goto start;
+                }
+
+        if (s->s3->alert_fragment_len >= 2)
+                {
+                int alert_level = s->s3->alert_fragment[0];
+                int alert_descr = s->s3->alert_fragment[1];
+
+                s->s3->alert_fragment_len = 0;
+
+                if (s->msg_callback)
+                        s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
+
+                if (s->info_callback != NULL)
+                        cb=s->info_callback;
+                else if (s->ctx->info_callback != NULL)
+                        cb=s->ctx->info_callback;
+
+                if (cb != NULL)
+                        {
+                        j = (alert_level << 8) | alert_descr;
+                        cb(s, SSL_CB_READ_ALERT, j);
+                        }
+
+                if (alert_level == 1) /* warning */
+                        {
+                        s->s3->warn_alert = alert_descr;
+                        if (alert_descr == SSL_AD_CLOSE_NOTIFY)
+                                {
+                                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+                                return(0);
+                                }
+                        }
+                else if (alert_level == 2) /* fatal */
+                        {
+                        char tmp[16];
+
+                        s->rwstate=SSL_NOTHING;
+                        s->s3->fatal_alert = alert_descr;
+                        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
+                        BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
+                        ERR_add_error_data(2,"SSL alert number ",tmp);
+                        s->shutdown|=SSL_RECEIVED_SHUTDOWN;
+                        SSL_CTX_remove_session(s->ctx,s->session);
+                        return(0);
+                        }
+                else
+                        {
+                        al=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
+                        goto f_err;
+                        }
+
+                goto start;
+                }
+
+        if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
+                {
+                s->rwstate=SSL_NOTHING;
+                rr->length=0;
+                return(0);
+                }
+
+        if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
+                {
+                /* 'Change Cipher Spec' is just a single byte, so we know
+                 * exactly what the record payload has to look like */
+                if (    (rr->length != 1) || (rr->off != 0) ||
+                        (rr->data[0] != SSL3_MT_CCS))
+                        {
+                        i=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                        goto err;
+                        }
+
+                rr->length=0;
+
+                if (s->msg_callback)
+                        s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
+
+                s->s3->change_cipher_spec=1;
+                if (!do_change_cipher_spec(s))
+                        goto err;
+                else
+                        goto start;
+                }
+
+        /* Unexpected handshake message (Client Hello, or protocol violation) */
+        if ((s->s3->handshake_fragment_len >= 4) &&     !s->in_handshake)
+                {
+                if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
+                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+                        {
+#if 0 /* worked only because C operator preferences are not as expected (and
+       * because this is not really needed for clients except for detecting
+       * protocol violations): */
+                        s->state=SSL_ST_BEFORE|(s->server)
+                                ?SSL_ST_ACCEPT
+                                :SSL_ST_CONNECT;
+#else
+                        s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+#endif
+                        s->new_session=1;
+                        }
+                i=s->handshake_func(s);
+                if (i < 0) return(i);
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+
+                if (!(s->mode & SSL_MODE_AUTO_RETRY))
+                        {
+                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                {
+                                BIO *bio;
+                                /* In the case where we try to read application data,
+                                 * but we trigger an SSL handshake, we return -1 with
+                                 * the retry option set.  Otherwise renegotiation may
+                                 * cause nasty problems in the blocking world */
+                                s->rwstate=SSL_READING;
+                                bio=SSL_get_rbio(s);
+                                BIO_clear_retry_flags(bio);
+                                BIO_set_retry_read(bio);
+                                return(-1);
+                                }
+                        }
+                goto start;
+                }
+
+        switch (rr->type)
+                {
+        default:
+#ifndef OPENSSL_NO_TLS
+                /* TLS just ignores unknown message types */
+                if (s->version == TLS1_VERSION)
+                        {
+                        rr->length = 0;
+                        goto start;
+                        }
+#endif
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+                goto f_err;
+        case SSL3_RT_CHANGE_CIPHER_SPEC:
+        case SSL3_RT_ALERT:
+        case SSL3_RT_HANDSHAKE:
+                /* we already handled all of these, with the possible exception
+                 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
+                 * should not happen when type != rr->type */
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
+                goto f_err;
+        case SSL3_RT_APPLICATION_DATA:
+                /* At this point, we were expecting handshake data,
+                 * but have application data.  If the library was
+                 * running inside ssl3_read() (i.e. in_read_app_data
+                 * is set) and it makes sense to read application data
+                 * at this point (session renegotiation not yet started),
+                 * we will indulge it.
+                 */
+                if (s->s3->in_read_app_data &&
+                        (s->s3->total_renegotiations != 0) &&
+                        ((
+                                (s->state & SSL_ST_CONNECT) &&
+                                (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+                                (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
+                                ) || (
+                                        (s->state & SSL_ST_ACCEPT) &&
+                                        (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
+                                        (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
+                                        )
+                                ))
+                        {
+                        s->s3->in_read_app_data=2;
+                        return(-1);
+                        }
+                else
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+                        goto f_err;
+                        }
+                }
+        /* not reached */
+
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(-1);
+        }
+
+static int do_change_cipher_spec(SSL *s)
+        {
+        int i;
+        const char *sender;
+        int slen;
+
+        if (s->state & SSL_ST_ACCEPT)
+                i=SSL3_CHANGE_CIPHER_SERVER_READ;
+        else
+                i=SSL3_CHANGE_CIPHER_CLIENT_READ;
+
+        if (s->s3->tmp.key_block == NULL)
+                {
+                s->session->cipher=s->s3->tmp.new_cipher;
+                if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
+                }
+
+        if (!s->method->ssl3_enc->change_cipher_state(s,i))
+                return(0);
+
+        /* we have to record the message digest at
+         * this point so we can get it before we read
+         * the finished message */
+        if (s->state & SSL_ST_CONNECT)
+                {
+                sender=s->method->ssl3_enc->server_finished_label;
+                slen=s->method->ssl3_enc->server_finished_label_len;
+                }
+        else
+                {
+                sender=s->method->ssl3_enc->client_finished_label;
+                slen=s->method->ssl3_enc->client_finished_label_len;
+                }
+
+        s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+                &(s->s3->finish_dgst1),
+                &(s->s3->finish_dgst2),
+                sender,slen,s->s3->tmp.peer_finish_md);
+
+        return(1);
+        }
+
+void ssl3_send_alert(SSL *s, int level, int desc)
+        {
+        /* Map tls/ssl alert value to correct one */
+        desc=s->method->ssl3_enc->alert_value(desc);
+        if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
+                desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
+        if (desc < 0) return;
+        /* If a fatal one, remove from cache */
+        if ((level == 2) && (s->session != NULL))
+                SSL_CTX_remove_session(s->ctx,s->session);
+
+        s->s3->alert_dispatch=1;
+        s->s3->send_alert[0]=level;
+        s->s3->send_alert[1]=desc;
+        if (s->s3->wbuf.left == 0) /* data still being written out? */
+                ssl3_dispatch_alert(s);
+        /* else data is still being written out, we will get written
+         * some time in the future */
+        }
+
+int ssl3_dispatch_alert(SSL *s)
+        {
+        int i,j;
+        void (*cb)(const SSL *ssl,int type,int val)=NULL;
+
+        s->s3->alert_dispatch=0;
+        i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
+        if (i <= 0)
+                {
+                s->s3->alert_dispatch=1;
+                }
+        else
+                {
+                /* Alert sent to BIO.  If it is important, flush it now.
+                 * If the message does not get sent due to non-blocking IO,
+                 * we will not worry too much. */
+                if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+                        (void)BIO_flush(s->wbio);
+
+                if (s->msg_callback)
+                        s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
+
+                if (s->info_callback != NULL)
+                        cb=s->info_callback;
+                else if (s->ctx->info_callback != NULL)
+                        cb=s->ctx->info_callback;
+
+                if (cb != NULL)
+                        {
+                        j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
+                        cb(s,SSL_CB_WRITE_ALERT,j);
+                        }
+                }
+        return(i);
+        }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
new file mode 100644
index 0000000000..57f1d3f52a
--- /dev/null
+++ b/src/lib/libssl/s3_srvr.c
@@ -0,0 +1,2061 @@
+/* ssl/s3_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define REUSE_CIPHER_BUG
+#define NETSCAPE_HANG_BUG
+
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_KRB5
+#include <openssl/krb5_asn.h>
+#endif
+#include <openssl/md5.h>
+
+static SSL_METHOD *ssl3_get_server_method(int ver);
+static int ssl3_get_client_hello(SSL *s);
+static int ssl3_check_client_hello(SSL *s);
+static int ssl3_send_server_hello(SSL *s);
+static int ssl3_send_server_key_exchange(SSL *s);
+static int ssl3_send_certificate_request(SSL *s);
+static int ssl3_send_server_done(SSL *s);
+static int ssl3_get_client_key_exchange(SSL *s);
+static int ssl3_get_client_certificate(SSL *s);
+static int ssl3_get_cert_verify(SSL *s);
+static int ssl3_send_hello_request(SSL *s);
+
+static SSL_METHOD *ssl3_get_server_method(int ver)
+        {
+        if (ver == SSL3_VERSION)
+                return(SSLv3_server_method());
+        else
+                return(NULL);
+        }
+
+SSL_METHOD *SSLv3_server_method(void)
+        {
+        static int init=1;
+        static SSL_METHOD SSLv3_server_data;
+
+        if (init)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+                                sizeof(SSL_METHOD));
+                        SSLv3_server_data.ssl_accept=ssl3_accept;
+                        SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+                        init=0;
+                        }
+                        
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+                }
+        return(&SSLv3_server_data);
+        }
+
+int ssl3_accept(SSL *s)
+        {
+        BUF_MEM *buf;
+        unsigned long l,Time=time(NULL);
+        void (*cb)(const SSL *ssl,int type,int val)=NULL;
+        long num1;
+        int ret= -1;
+        int new_state,state,skip=0;
+
+        RAND_add(&Time,sizeof(Time),0);
+        ERR_clear_error();
+        clear_sys_error();
+
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+
+        /* init things to blank */
+        s->in_handshake++;
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+
+        if (s->cert == NULL)
+                {
+                SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
+                return(-1);
+                }
+
+        for (;;)
+                {
+                state=s->state;
+
+                switch (s->state)
+                        {
+                case SSL_ST_RENEGOTIATE:
+                        s->new_session=1;
+                        /* s->state=SSL_ST_ACCEPT; */
+
+                case SSL_ST_BEFORE:
+                case SSL_ST_ACCEPT:
+                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
+                case SSL_ST_OK|SSL_ST_ACCEPT:
+
+                        s->server=1;
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+                        if ((s->version>>8) != 3)
+                                {
+                                SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
+                                return -1;
+                                }
+                        s->type=SSL_ST_ACCEPT;
+
+                        if (s->init_buf == NULL)
+                                {
+                                if ((buf=BUF_MEM_new()) == NULL)
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                s->init_buf=buf;
+                                }
+
+                        if (!ssl3_setup_buffers(s))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+
+                        s->init_num=0;
+
+                        if (s->state != SSL_ST_RENEGOTIATE)
+                                {
+                                /* Ok, we now need to push on a buffering BIO so that
+                                 * the output is sent in a way that TCP likes :-)
+                                 */
+                                if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+                                
+                                ssl3_init_finished_mac(s);
+                                s->state=SSL3_ST_SR_CLNT_HELLO_A;
+                                s->ctx->stats.sess_accept++;
+                                }
+                        else
+                                {
+                                /* s->state == SSL_ST_RENEGOTIATE,
+                                 * we will just send a HelloRequest */
+                                s->ctx->stats.sess_accept_renegotiate++;
+                                s->state=SSL3_ST_SW_HELLO_REQ_A;
+                                }
+                        break;
+
+                case SSL3_ST_SW_HELLO_REQ_A:
+                case SSL3_ST_SW_HELLO_REQ_B:
+
+                        s->shutdown=0;
+                        ret=ssl3_send_hello_request(s);
+                        if (ret <= 0) goto end;
+                        s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+                        s->state=SSL3_ST_SW_FLUSH;
+                        s->init_num=0;
+
+                        ssl3_init_finished_mac(s);
+                        break;
+
+                case SSL3_ST_SW_HELLO_REQ_C:
+                        s->state=SSL_ST_OK;
+                        break;
+
+                case SSL3_ST_SR_CLNT_HELLO_A:
+                case SSL3_ST_SR_CLNT_HELLO_B:
+                case SSL3_ST_SR_CLNT_HELLO_C:
+
+                        s->shutdown=0;
+                        ret=ssl3_get_client_hello(s);
+                        if (ret <= 0) goto end;
+                        s->new_session = 2;
+                        s->state=SSL3_ST_SW_SRVR_HELLO_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SW_SRVR_HELLO_A:
+                case SSL3_ST_SW_SRVR_HELLO_B:
+                        ret=ssl3_send_server_hello(s);
+                        if (ret <= 0) goto end;
+
+                        if (s->hit)
+                                s->state=SSL3_ST_SW_CHANGE_A;
+                        else
+                                s->state=SSL3_ST_SW_CERT_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SW_CERT_A:
+                case SSL3_ST_SW_CERT_B:
+                        /* Check if it is anon DH */
+                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                                {
+                                ret=ssl3_send_server_certificate(s);
+                                if (ret <= 0) goto end;
+                                }
+                        else
+                                skip=1;
+                        s->state=SSL3_ST_SW_KEY_EXCH_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SW_KEY_EXCH_A:
+                case SSL3_ST_SW_KEY_EXCH_B:
+                        l=s->s3->tmp.new_cipher->algorithms;
+
+                        /* clear this, it may get reset by
+                         * send_server_key_exchange */
+                        if ((s->options & SSL_OP_EPHEMERAL_RSA)
+#ifndef OPENSSL_NO_KRB5
+                                && !(l & SSL_KRB5)
+#endif /* OPENSSL_NO_KRB5 */
+                                )
+                                /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
+                                 * even when forbidden by protocol specs
+                                 * (handshake may fail as clients are not required to
+                                 * be able to handle this) */
+                                s->s3->tmp.use_rsa_tmp=1;
+                        else
+                                s->s3->tmp.use_rsa_tmp=0;
+
+                        /* only send if a DH key exchange, fortezza or
+                         * RSA but we have a sign only certificate */
+                        if (s->s3->tmp.use_rsa_tmp
+                            || (l & (SSL_DH|SSL_kFZA))
+                            || ((l & SSL_kRSA)
+                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+                                    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
+                                        && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
+                                        )
+                                    )
+                                )
+                            )
+                                {
+                                ret=ssl3_send_server_key_exchange(s);
+                                if (ret <= 0) goto end;
+                                }
+                        else
+                                skip=1;
+
+                        s->state=SSL3_ST_SW_CERT_REQ_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SW_CERT_REQ_A:
+                case SSL3_ST_SW_CERT_REQ_B:
+                        if (/* don't request cert unless asked for it: */
+                                !(s->verify_mode & SSL_VERIFY_PEER) ||
+                                /* if SSL_VERIFY_CLIENT_ONCE is set,
+                                 * don't request cert during re-negotiation: */
+                                ((s->session->peer != NULL) &&
+                                 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
+                                /* never request cert in anonymous ciphersuites
+                                 * (see section "Certificate request" in SSL 3 drafts
+                                 * and in RFC 2246): */
+                                ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
+                                 /* ... except when the application insists on verification
+                                  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
+                                 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
+                                 /* never request cert in Kerberos ciphersuites */
+                                (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
+                                {
+                                /* no cert request */
+                                skip=1;
+                                s->s3->tmp.cert_request=0;
+                                s->state=SSL3_ST_SW_SRVR_DONE_A;
+                                }
+                        else
+                                {
+                                s->s3->tmp.cert_request=1;
+                                ret=ssl3_send_certificate_request(s);
+                                if (ret <= 0) goto end;
+#ifndef NETSCAPE_HANG_BUG
+                                s->state=SSL3_ST_SW_SRVR_DONE_A;
+#else
+                                s->state=SSL3_ST_SW_FLUSH;
+                                s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+#endif
+                                s->init_num=0;
+                                }
+                        break;
+
+                case SSL3_ST_SW_SRVR_DONE_A:
+                case SSL3_ST_SW_SRVR_DONE_B:
+                        ret=ssl3_send_server_done(s);
+                        if (ret <= 0) goto end;
+                        s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+                        s->state=SSL3_ST_SW_FLUSH;
+                        s->init_num=0;
+                        break;
+                
+                case SSL3_ST_SW_FLUSH:
+                        /* number of bytes to be flushed */
+                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+                        if (num1 > 0)
+                                {
+                                s->rwstate=SSL_WRITING;
+                                num1=BIO_flush(s->wbio);
+                                if (num1 <= 0) { ret= -1; goto end; }
+                                s->rwstate=SSL_NOTHING;
+                                }
+
+                        s->state=s->s3->tmp.next_state;
+                        break;
+
+                case SSL3_ST_SR_CERT_A:
+                case SSL3_ST_SR_CERT_B:
+                        /* Check for second client hello (MS SGC) */
+                        ret = ssl3_check_client_hello(s);
+                        if (ret <= 0)
+                                goto end;
+                        if (ret == 2)
+                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
+                        else {
+                                if (s->s3->tmp.cert_request)
+                                        {
+                                        ret=ssl3_get_client_certificate(s);
+                                        if (ret <= 0) goto end;
+                                        }
+                                s->init_num=0;
+                                s->state=SSL3_ST_SR_KEY_EXCH_A;
+                        }
+                        break;
+
+                case SSL3_ST_SR_KEY_EXCH_A:
+                case SSL3_ST_SR_KEY_EXCH_B:
+                        ret=ssl3_get_client_key_exchange(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SR_CERT_VRFY_A;
+                        s->init_num=0;
+
+                        /* We need to get hashes here so if there is
+                         * a client cert, it can be verified */ 
+                        s->method->ssl3_enc->cert_verify_mac(s,
+                                &(s->s3->finish_dgst1),
+                                &(s->s3->tmp.cert_verify_md[0]));
+                        s->method->ssl3_enc->cert_verify_mac(s,
+                                &(s->s3->finish_dgst2),
+                                &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+
+                        break;
+
+                case SSL3_ST_SR_CERT_VRFY_A:
+                case SSL3_ST_SR_CERT_VRFY_B:
+
+                        /* we should decide if we expected this one */
+                        ret=ssl3_get_cert_verify(s);
+                        if (ret <= 0) goto end;
+
+                        s->state=SSL3_ST_SR_FINISHED_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SR_FINISHED_A:
+                case SSL3_ST_SR_FINISHED_B:
+                        ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
+                                SSL3_ST_SR_FINISHED_B);
+                        if (ret <= 0) goto end;
+                        if (s->hit)
+                                s->state=SSL_ST_OK;
+                        else
+                                s->state=SSL3_ST_SW_CHANGE_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SW_CHANGE_A:
+                case SSL3_ST_SW_CHANGE_B:
+
+                        s->session->cipher=s->s3->tmp.new_cipher;
+                        if (!s->method->ssl3_enc->setup_key_block(s))
+                                { ret= -1; goto end; }
+
+                        ret=ssl3_send_change_cipher_spec(s,
+                                SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
+
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SW_FINISHED_A;
+                        s->init_num=0;
+
+                        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                SSL3_CHANGE_CIPHER_SERVER_WRITE))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+
+                        break;
+
+                case SSL3_ST_SW_FINISHED_A:
+                case SSL3_ST_SW_FINISHED_B:
+                        ret=ssl3_send_finished(s,
+                                SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
+                                s->method->ssl3_enc->server_finished_label,
+                                s->method->ssl3_enc->server_finished_label_len);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SW_FLUSH;
+                        if (s->hit)
+                                s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+                        else
+                                s->s3->tmp.next_state=SSL_ST_OK;
+                        s->init_num=0;
+                        break;
+
+                case SSL_ST_OK:
+                        /* clean a few things up */
+                        ssl3_cleanup_key_block(s);
+
+                        BUF_MEM_free(s->init_buf);
+                        s->init_buf=NULL;
+
+                        /* remove buffering on output */
+                        ssl_free_wbio_buffer(s);
+
+                        s->init_num=0;
+
+                        if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
+                                {
+                                /* actually not necessarily a 'new' session unless
+                                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+                                
+                                s->new_session=0;
+                                
+                                ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+                                
+                                s->ctx->stats.sess_accept_good++;
+                                /* s->server=1; */
+                                s->handshake_func=ssl3_accept;
+
+                                if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+                                }
+                        
+                        ret = 1;
+                        goto end;
+                        /* break; */
+
+                default:
+                        SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
+                        ret= -1;
+                        goto end;
+                        /* break; */
+                        }
+                
+                if (!s->s3->tmp.reuse_message && !skip)
+                        {
+                        if (s->debug)
+                                {
+                                if ((ret=BIO_flush(s->wbio)) <= 0)
+                                        goto end;
+                                }
+
+
+                        if ((cb != NULL) && (s->state != state))
+                                {
+                                new_state=s->state;
+                                s->state=state;
+                                cb(s,SSL_CB_ACCEPT_LOOP,1);
+                                s->state=new_state;
+                                }
+                        }
+                skip=0;
+                }
+end:
+        /* BIO_flush(s->wbio); */
+
+        s->in_handshake--;
+        if (cb != NULL)
+                cb(s,SSL_CB_ACCEPT_EXIT,ret);
+        return(ret);
+        }
+
+static int ssl3_send_hello_request(SSL *s)
+        {
+        unsigned char *p;
+
+        if (s->state == SSL3_ST_SW_HELLO_REQ_A)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                *(p++)=SSL3_MT_HELLO_REQUEST;
+                *(p++)=0;
+                *(p++)=0;
+                *(p++)=0;
+
+                s->state=SSL3_ST_SW_HELLO_REQ_B;
+                /* number of bytes to write */
+                s->init_num=4;
+                s->init_off=0;
+                }
+
+        /* SSL3_ST_SW_HELLO_REQ_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+static int ssl3_check_client_hello(SSL *s)
+        {
+        int ok;
+        long n;
+
+        /* this function is called when we really expect a Certificate message,
+         * so permit appropriate message length */
+        n=ssl3_get_message(s,
+                SSL3_ST_SR_CERT_A,
+                SSL3_ST_SR_CERT_B,
+                -1,
+                s->max_cert_list,
+                &ok);
+        if (!ok) return((int)n);
+        s->s3->tmp.reuse_message = 1;
+        if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
+                {
+                /* Throw away what we have done so far in the current handshake,
+                 * which will now be aborted. (A full SSL_clear would be too much.)
+                 * I hope that tmp.dh is the only thing that may need to be cleared
+                 * when a handshake is not completed ... */
+#ifndef OPENSSL_NO_DH
+                if (s->s3->tmp.dh != NULL)
+                        {
+                        DH_free(s->s3->tmp.dh);
+                        s->s3->tmp.dh = NULL;
+                        }
+#endif
+                return 2;
+                }
+        return 1;
+}
+
+static int ssl3_get_client_hello(SSL *s)
+        {
+        int i,j,ok,al,ret= -1;
+        long n;
+        unsigned long id;
+        unsigned char *p,*d,*q;
+        SSL_CIPHER *c;
+        SSL_COMP *comp=NULL;
+        STACK_OF(SSL_CIPHER) *ciphers=NULL;
+
+        /* We do this so that we will respond with our native type.
+         * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
+         * This down switching should be handled by a different method.
+         * If we are SSLv3, we will respond with SSLv3, even if prompted with
+         * TLSv1.
+         */
+        if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
+                {
+                s->first_packet=1;
+                s->state=SSL3_ST_SR_CLNT_HELLO_B;
+                }
+        n=ssl3_get_message(s,
+                SSL3_ST_SR_CLNT_HELLO_B,
+                SSL3_ST_SR_CLNT_HELLO_C,
+                SSL3_MT_CLIENT_HELLO,
+                SSL3_RT_MAX_PLAIN_LENGTH,
+                &ok);
+
+        if (!ok) return((int)n);
+        d=p=(unsigned char *)s->init_msg;
+
+        /* use version from inside client hello, not from record header
+         * (may differ: see RFC 2246, Appendix E, second paragraph) */
+        s->client_version=(((int)p[0])<<8)|(int)p[1];
+        p+=2;
+
+        if (s->client_version < s->version)
+                {
+                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+                if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 
+                        {
+                        /* similar to ssl3_get_record, send alert using remote version number */
+                        s->version = s->client_version;
+                        }
+                al = SSL_AD_PROTOCOL_VERSION;
+                goto f_err;
+                }
+
+        /* load the client random */
+        memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+
+        /* get the session-id */
+        j= *(p++);
+
+        s->hit=0;
+        /* Versions before 0.9.7 always allow session reuse during renegotiation
+         * (i.e. when s->new_session is true), option
+         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
+         * Maybe this optional behaviour should always have been the default,
+         * but we cannot safely change the default behaviour (or new applications
+         * might be written that become totally unsecure when compiled with
+         * an earlier library version)
+         */
+        if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
+                {
+                if (!ssl_get_new_session(s,1))
+                        goto err;
+                }
+        else
+                {
+                i=ssl_get_prev_session(s,p,j);
+                if (i == 1)
+                        { /* previous session */
+                        s->hit=1;
+                        }
+                else if (i == -1)
+                        goto err;
+                else /* i == 0 */
+                        {
+                        if (!ssl_get_new_session(s,1))
+                                goto err;
+                        }
+                }
+
+        p+=j;
+        n2s(p,i);
+        if ((i == 0) && (j != 0))
+                {
+                /* we need a cipher if we are not resuming a session */
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
+                goto f_err;
+                }
+        if ((p+i) >= (d+n))
+                {
+                /* not enough data */
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+                }
+        if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
+                == NULL))
+                {
+                goto err;
+                }
+        p+=i;
+
+        /* If it is a hit, check that the cipher is in the list */
+        if ((s->hit) && (i > 0))
+                {
+                j=0;
+                id=s->session->cipher->id;
+
+#ifdef CIPHER_DEBUG
+                printf("client sent %d ciphers\n",sk_num(ciphers));
+#endif
+                for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
+                        {
+                        c=sk_SSL_CIPHER_value(ciphers,i);
+#ifdef CIPHER_DEBUG
+                        printf("client [%2d of %2d]:%s\n",
+                                i,sk_num(ciphers),SSL_CIPHER_get_name(c));
+#endif
+                        if (c->id == id)
+                                {
+                                j=1;
+                                break;
+                                }
+                        }
+                if (j == 0)
+                        {
+                        if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
+                                {
+                                /* Very bad for multi-threading.... */
+                                s->session->cipher=sk_SSL_CIPHER_value(ciphers,
+                                                                       0);
+                                }
+                        else
+                                {
+                                /* we need to have the cipher in the cipher
+                                 * list if we are asked to reuse it */
+                                al=SSL_AD_ILLEGAL_PARAMETER;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
+                                goto f_err;
+                                }
+                        }
+                }
+
+        /* compression */
+        i= *(p++);
+        if ((p+i) > (d+n))
+                {
+                /* not enough data */
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+                }
+        q=p;
+        for (j=0; j<i; j++)
+                {
+                if (p[j] == 0) break;
+                }
+
+        p+=i;
+        if (j >= i)
+                {
+                /* no compress */
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
+                goto f_err;
+                }
+
+        /* Worst case, we will use the NULL compression, but if we have other
+         * options, we will now look for them.  We have i-1 compression
+         * algorithms from the client, starting at q. */
+        s->s3->tmp.new_compression=NULL;
+        if (s->ctx->comp_methods != NULL)
+                { /* See if we have a match */
+                int m,nn,o,v,done=0;
+
+                nn=sk_SSL_COMP_num(s->ctx->comp_methods);
+                for (m=0; m<nn; m++)
+                        {
+                        comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
+                        v=comp->id;
+                        for (o=0; o<i; o++)
+                                {
+                                if (v == q[o])
+                                        {
+                                        done=1;
+                                        break;
+                                        }
+                                }
+                        if (done) break;
+                        }
+                if (done)
+                        s->s3->tmp.new_compression=comp;
+                else
+                        comp=NULL;
+                }
+
+        /* TLS does not mind if there is extra stuff */
+#if 0   /* SSL 3.0 does not mind either, so we should disable this test
+         * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
+         * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
+        if (s->version == SSL3_VERSION)
+                {
+                if (p < (d+n))
+                        {
+                        /* wrong number of bytes,
+                         * there could be more to follow */
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+                        goto f_err;
+                        }
+                }
+#endif
+
+        /* Given s->session->ciphers and SSL_get_ciphers, we must
+         * pick a cipher */
+
+        if (!s->hit)
+                {
+                s->session->compress_meth=(comp == NULL)?0:comp->id;
+                if (s->session->ciphers != NULL)
+                        sk_SSL_CIPHER_free(s->session->ciphers);
+                s->session->ciphers=ciphers;
+                if (ciphers == NULL)
+                        {
+                        al=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
+                        goto f_err;
+                        }
+                ciphers=NULL;
+                c=ssl3_choose_cipher(s,s->session->ciphers,
+                                     SSL_get_ciphers(s));
+
+                if (c == NULL)
+                        {
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
+                        goto f_err;
+                        }
+                s->s3->tmp.new_cipher=c;
+                }
+        else
+                {
+                /* Session-id reuse */
+#ifdef REUSE_CIPHER_BUG
+                STACK_OF(SSL_CIPHER) *sk;
+                SSL_CIPHER *nc=NULL;
+                SSL_CIPHER *ec=NULL;
+
+                if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
+                        {
+                        sk=s->session->ciphers;
+                        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+                                {
+                                c=sk_SSL_CIPHER_value(sk,i);
+                                if (c->algorithms & SSL_eNULL)
+                                        nc=c;
+                                if (SSL_C_IS_EXPORT(c))
+                                        ec=c;
+                                }
+                        if (nc != NULL)
+                                s->s3->tmp.new_cipher=nc;
+                        else if (ec != NULL)
+                                s->s3->tmp.new_cipher=ec;
+                        else
+                                s->s3->tmp.new_cipher=s->session->cipher;
+                        }
+                else
+#endif
+                s->s3->tmp.new_cipher=s->session->cipher;
+                }
+        
+        /* we now have the following setup. 
+         * client_random
+         * cipher_list          - our prefered list of ciphers
+         * ciphers              - the clients prefered list of ciphers
+         * compression          - basically ignored right now
+         * ssl version is set   - sslv3
+         * s->session           - The ssl session has been setup.
+         * s->hit               - session reuse flag
+         * s->tmp.new_cipher    - the new cipher to use.
+         */
+
+        ret=1;
+        if (0)
+                {
+f_err:
+                ssl3_send_alert(s,SSL3_AL_FATAL,al);
+                }
+err:
+        if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
+        return(ret);
+        }
+
+static int ssl3_send_server_hello(SSL *s)
+        {
+        unsigned char *buf;
+        unsigned char *p,*d;
+        int i,sl;
+        unsigned long l,Time;
+
+        if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
+                {
+                buf=(unsigned char *)s->init_buf->data;
+                p=s->s3->server_random;
+                Time=time(NULL);                        /* Time */
+                l2n(Time,p);
+                RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+                /* Do the message type and length last */
+                d=p= &(buf[4]);
+
+                *(p++)=s->version>>8;
+                *(p++)=s->version&0xff;
+
+                /* Random stuff */
+                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+
+                /* now in theory we have 3 options to sending back the
+                 * session id.  If it is a re-use, we send back the
+                 * old session-id, if it is a new session, we send
+                 * back the new session-id or we send back a 0 length
+                 * session-id if we want it to be single use.
+                 * Currently I will not implement the '0' length session-id
+                 * 12-Jan-98 - I'll now support the '0' length stuff.
+                 */
+                if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+                        s->session->session_id_length=0;
+
+                sl=s->session->session_id_length;
+                if (sl > sizeof s->session->session_id)
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                        }
+                *(p++)=sl;
+                memcpy(p,s->session->session_id,sl);
+                p+=sl;
+
+                /* put the cipher */
+                i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
+                p+=i;
+
+                /* put the compression method */
+                if (s->s3->tmp.new_compression == NULL)
+                        *(p++)=0;
+                else
+                        *(p++)=s->s3->tmp.new_compression->id;
+
+                /* do the header */
+                l=(p-d);
+                d=buf;
+                *(d++)=SSL3_MT_SERVER_HELLO;
+                l2n3(l,d);
+
+                s->state=SSL3_ST_CW_CLNT_HELLO_B;
+                /* number of bytes to write */
+                s->init_num=p-buf;
+                s->init_off=0;
+                }
+
+        /* SSL3_ST_CW_CLNT_HELLO_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+static int ssl3_send_server_done(SSL *s)
+        {
+        unsigned char *p;
+
+        if (s->state == SSL3_ST_SW_SRVR_DONE_A)
+                {
+                p=(unsigned char *)s->init_buf->data;
+
+                /* do the header */
+                *(p++)=SSL3_MT_SERVER_DONE;
+                *(p++)=0;
+                *(p++)=0;
+                *(p++)=0;
+
+                s->state=SSL3_ST_SW_SRVR_DONE_B;
+                /* number of bytes to write */
+                s->init_num=4;
+                s->init_off=0;
+                }
+
+        /* SSL3_ST_CW_CLNT_HELLO_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+static int ssl3_send_server_key_exchange(SSL *s)
+        {
+#ifndef OPENSSL_NO_RSA
+        unsigned char *q;
+        int j,num;
+        RSA *rsa;
+        unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+        unsigned int u;
+#endif
+#ifndef OPENSSL_NO_DH
+        DH *dh=NULL,*dhp;
+#endif
+        EVP_PKEY *pkey;
+        unsigned char *p,*d;
+        int al,i;
+        unsigned long type;
+        int n;
+        CERT *cert;
+        BIGNUM *r[4];
+        int nr[4],kn;
+        BUF_MEM *buf;
+        EVP_MD_CTX md_ctx;
+
+        EVP_MD_CTX_init(&md_ctx);
+        if (s->state == SSL3_ST_SW_KEY_EXCH_A)
+                {
+                type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
+                cert=s->cert;
+
+                buf=s->init_buf;
+
+                r[0]=r[1]=r[2]=r[3]=NULL;
+                n=0;
+#ifndef OPENSSL_NO_RSA
+                if (type & SSL_kRSA)
+                        {
+                        rsa=cert->rsa_tmp;
+                        if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
+                                {
+                                rsa=s->cert->rsa_tmp_cb(s,
+                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+                                      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+                                if(rsa == NULL)
+                                {
+                                        al=SSL_AD_HANDSHAKE_FAILURE;
+                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+                                        goto f_err;
+                                }
+                                RSA_up_ref(rsa);
+                                cert->rsa_tmp=rsa;
+                                }
+                        if (rsa == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
+                                goto f_err;
+                                }
+                        r[0]=rsa->n;
+                        r[1]=rsa->e;
+                        s->s3->tmp.use_rsa_tmp=1;
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DH
+                        if (type & SSL_kEDH)
+                        {
+                        dhp=cert->dh_tmp;
+                        if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
+                                dhp=s->cert->dh_tmp_cb(s,
+                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+                                      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+                        if (dhp == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
+                                goto f_err;
+                                }
+
+                        if (s->s3->tmp.dh != NULL)
+                                {
+                                DH_free(dh);
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+
+                        if ((dh=DHparams_dup(dhp)) == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+
+                        s->s3->tmp.dh=dh;
+                        if ((dhp->pub_key == NULL ||
+                             dhp->priv_key == NULL ||
+                             (s->options & SSL_OP_SINGLE_DH_USE)))
+                                {
+                                if(!DH_generate_key(dh))
+                                    {
+                                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                                           ERR_R_DH_LIB);
+                                    goto err;
+                                    }
+                                }
+                        else
+                                {
+                                dh->pub_key=BN_dup(dhp->pub_key);
+                                dh->priv_key=BN_dup(dhp->priv_key);
+                                if ((dh->pub_key == NULL) ||
+                                        (dh->priv_key == NULL))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                        goto err;
+                                        }
+                                }
+                        r[0]=dh->p;
+                        r[1]=dh->g;
+                        r[2]=dh->pub_key;
+                        }
+                else 
+#endif
+                        {
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+                        goto f_err;
+                        }
+                for (i=0; r[i] != NULL; i++)
+                        {
+                        nr[i]=BN_num_bytes(r[i]);
+                        n+=2+nr[i];
+                        }
+
+                if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                        {
+                        if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
+                                == NULL)
+                                {
+                                al=SSL_AD_DECODE_ERROR;
+                                goto f_err;
+                                }
+                        kn=EVP_PKEY_size(pkey);
+                        }
+                else
+                        {
+                        pkey=NULL;
+                        kn=0;
+                        }
+
+                if (!BUF_MEM_grow_clean(buf,n+4+kn))
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
+                        goto err;
+                        }
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[4]);
+
+                for (i=0; r[i] != NULL; i++)
+                        {
+                        s2n(nr[i],p);
+                        BN_bn2bin(r[i],p);
+                        p+=nr[i];
+                        }
+
+                /* not anonymous */
+                if (pkey != NULL)
+                        {
+                        /* n is the length of the params, they start at &(d[4])
+                         * and p points to the space at the end. */
+#ifndef OPENSSL_NO_RSA
+                        if (pkey->type == EVP_PKEY_RSA)
+                                {
+                                q=md_buf;
+                                j=0;
+                                for (num=2; num > 0; num--)
+                                        {
+                                        EVP_DigestInit_ex(&md_ctx,(num == 2)
+                                                ?s->ctx->md5:s->ctx->sha1, NULL);
+                                        EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                                        EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                                        EVP_DigestUpdate(&md_ctx,&(d[4]),n);
+                                        EVP_DigestFinal_ex(&md_ctx,q,
+                                                (unsigned int *)&i);
+                                        q+=i;
+                                        j+=i;
+                                        }
+                                if (RSA_sign(NID_md5_sha1, md_buf, j,
+                                        &(p[2]), &u, pkey->pkey.rsa) <= 0)
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
+                                        goto err;
+                                        }
+                                s2n(u,p);
+                                n+=u+2;
+                                }
+                        else
+#endif
+#if !defined(OPENSSL_NO_DSA)
+                                if (pkey->type == EVP_PKEY_DSA)
+                                {
+                                /* lets do DSS */
+                                EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
+                                EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_SignUpdate(&md_ctx,&(d[4]),n);
+                                if (!EVP_SignFinal(&md_ctx,&(p[2]),
+                                        (unsigned int *)&i,pkey))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
+                                        goto err;
+                                        }
+                                s2n(i,p);
+                                n+=i+2;
+                                }
+                        else
+#endif
+                                {
+                                /* Is this error check actually needed? */
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
+                                goto f_err;
+                                }
+                        }
+
+                *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
+                l2n3(n,d);
+
+                /* we should now have things packed up, so lets send
+                 * it off */
+                s->init_num=n+4;
+                s->init_off=0;
+                }
+
+        s->state = SSL3_ST_SW_KEY_EXCH_B;
+        EVP_MD_CTX_cleanup(&md_ctx);
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        EVP_MD_CTX_cleanup(&md_ctx);
+        return(-1);
+        }
+
+static int ssl3_send_certificate_request(SSL *s)
+        {
+        unsigned char *p,*d;
+        int i,j,nl,off,n;
+        STACK_OF(X509_NAME) *sk=NULL;
+        X509_NAME *name;
+        BUF_MEM *buf;
+
+        if (s->state == SSL3_ST_SW_CERT_REQ_A)
+                {
+                buf=s->init_buf;
+
+                d=p=(unsigned char *)&(buf->data[4]);
+
+                /* get the list of acceptable cert types */
+                p++;
+                n=ssl3_get_req_cert_type(s,p);
+                d[0]=n;
+                p+=n;
+                n++;
+
+                off=n;
+                p+=2;
+                n+=2;
+
+                sk=SSL_get_client_CA_list(s);
+                nl=0;
+                if (sk != NULL)
+                        {
+                        for (i=0; i<sk_X509_NAME_num(sk); i++)
+                                {
+                                name=sk_X509_NAME_value(sk,i);
+                                j=i2d_X509_NAME(name,NULL);
+                                if (!BUF_MEM_grow_clean(buf,4+n+j+2))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+                                        goto err;
+                                        }
+                                p=(unsigned char *)&(buf->data[4+n]);
+                                if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
+                                        {
+                                        s2n(j,p);
+                                        i2d_X509_NAME(name,&p);
+                                        n+=2+j;
+                                        nl+=2+j;
+                                        }
+                                else
+                                        {
+                                        d=p;
+                                        i2d_X509_NAME(name,&p);
+                                        j-=2; s2n(j,d); j+=2;
+                                        n+=j;
+                                        nl+=j;
+                                        }
+                                }
+                        }
+                /* else no CA names */
+                p=(unsigned char *)&(buf->data[4+off]);
+                s2n(nl,p);
+
+                d=(unsigned char *)buf->data;
+                *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
+                l2n3(n,d);
+
+                /* we should now have things packed up, so lets send
+                 * it off */
+
+                s->init_num=n+4;
+                s->init_off=0;
+#ifdef NETSCAPE_HANG_BUG
+                p=(unsigned char *)s->init_buf->data + s->init_num;
+
+                /* do the header */
+                *(p++)=SSL3_MT_SERVER_DONE;
+                *(p++)=0;
+                *(p++)=0;
+                *(p++)=0;
+                s->init_num += 4;
+#endif
+
+                s->state = SSL3_ST_SW_CERT_REQ_B;
+                }
+
+        /* SSL3_ST_SW_CERT_REQ_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+
+static int ssl3_get_client_key_exchange(SSL *s)
+        {
+        int i,al,ok;
+        long n;
+        unsigned long l;
+        unsigned char *p;
+#ifndef OPENSSL_NO_RSA
+        RSA *rsa=NULL;
+        EVP_PKEY *pkey=NULL;
+#endif
+#ifndef OPENSSL_NO_DH
+        BIGNUM *pub=NULL;
+        DH *dh_srvr;
+#endif
+#ifndef OPENSSL_NO_KRB5
+        KSSL_ERR kssl_err;
+#endif /* OPENSSL_NO_KRB5 */
+
+        n=ssl3_get_message(s,
+                SSL3_ST_SR_KEY_EXCH_A,
+                SSL3_ST_SR_KEY_EXCH_B,
+                SSL3_MT_CLIENT_KEY_EXCHANGE,
+                2048, /* ??? */
+                &ok);
+
+        if (!ok) return((int)n);
+        p=(unsigned char *)s->init_msg;
+
+        l=s->s3->tmp.new_cipher->algorithms;
+
+#ifndef OPENSSL_NO_RSA
+        if (l & SSL_kRSA)
+                {
+                /* FIX THIS UP EAY EAY EAY EAY */
+                if (s->s3->tmp.use_rsa_tmp)
+                        {
+                        if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
+                                rsa=s->cert->rsa_tmp;
+                        /* Don't do a callback because rsa_tmp should
+                         * be sent already */
+                        if (rsa == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
+                                goto f_err;
+
+                                }
+                        }
+                else
+                        {
+                        pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
+                        if (    (pkey == NULL) ||
+                                (pkey->type != EVP_PKEY_RSA) ||
+                                (pkey->pkey.rsa == NULL))
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
+                                goto f_err;
+                                }
+                        rsa=pkey->pkey.rsa;
+                        }
+
+                /* TLS */
+                if (s->version > SSL3_VERSION)
+                        {
+                        n2s(p,i);
+                        if (n != i+2)
+                                {
+                                if (!(s->options & SSL_OP_TLS_D5_BUG))
+                                        {
+                                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+                                        goto err;
+                                        }
+                                else
+                                        p-=2;
+                                }
+                        else
+                                n=i;
+                        }
+
+                i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+
+                al = -1;
+                
+                if (i != SSL_MAX_MASTER_KEY_LENGTH)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
+                        }
+
+                if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
+                        {
+                        /* The premaster secret must contain the same version number as the
+                         * ClientHello to detect version rollback attacks (strangely, the
+                         * protocol does not offer such protection for DH ciphersuites).
+                         * However, buggy clients exist that send the negotiated protocol
+                         * version instead if the server does not support the requested
+                         * protocol version.
+                         * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
+                        if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
+                                (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
+                                {
+                                al=SSL_AD_DECODE_ERROR;
+                                /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
+
+                                /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+                                 * (http://eprint.iacr.org/2003/052/) exploits the version
+                                 * number check as a "bad version oracle" -- an alert would
+                                 * reveal that the plaintext corresponding to some ciphertext
+                                 * made up by the adversary is properly formatted except
+                                 * that the version number is wrong.  To avoid such attacks,
+                                 * we should treat this just like any other decryption error. */
+                                }
+                        }
+
+                if (al != -1)
+                        {
+                        /* Some decryption failure -- use random value instead as countermeasure
+                         * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
+                         * (see RFC 2246, section 7.4.7.1). */
+                        ERR_clear_error();
+                        i = SSL_MAX_MASTER_KEY_LENGTH;
+                        p[0] = s->client_version >> 8;
+                        p[1] = s->client_version & 0xff;
+                        RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
+                        }
+        
+                s->session->master_key_length=
+                        s->method->ssl3_enc->generate_master_secret(s,
+                                s->session->master_key,
+                                p,i);
+                OPENSSL_cleanse(p,i);
+                }
+        else
+#endif
+#ifndef OPENSSL_NO_DH
+                if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                {
+                n2s(p,i);
+                if (n != i+2)
+                        {
+                        if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+                                goto err;
+                                }
+                        else
+                                {
+                                p-=2;
+                                i=(int)n;
+                                }
+                        }
+
+                if (n == 0L) /* the parameters are in the cert */
+                        {
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
+                        goto f_err;
+                        }
+                else
+                        {
+                        if (s->s3->tmp.dh == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
+                                goto f_err;
+                                }
+                        else
+                                dh_srvr=s->s3->tmp.dh;
+                        }
+
+                pub=BN_bin2bn(p,i,NULL);
+                if (pub == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
+                        goto err;
+                        }
+
+                i=DH_compute_key(p,pub,dh_srvr);
+
+                if (i <= 0)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                        goto err;
+                        }
+
+                DH_free(s->s3->tmp.dh);
+                s->s3->tmp.dh=NULL;
+
+                BN_clear_free(pub);
+                pub=NULL;
+                s->session->master_key_length=
+                        s->method->ssl3_enc->generate_master_secret(s,
+                                s->session->master_key,p,i);
+                OPENSSL_cleanse(p,i);
+                }
+        else
+#endif
+#ifndef OPENSSL_NO_KRB5
+        if (l & SSL_kKRB5)
+                {
+                krb5_error_code         krb5rc;
+                krb5_data               enc_ticket;
+                krb5_data               authenticator;
+                krb5_data               enc_pms;
+                KSSL_CTX                *kssl_ctx = s->kssl_ctx;
+                EVP_CIPHER_CTX          ciph_ctx;
+                EVP_CIPHER              *enc = NULL;
+                unsigned char           iv[EVP_MAX_IV_LENGTH];
+                unsigned char           pms[SSL_MAX_MASTER_KEY_LENGTH
+                                               + EVP_MAX_BLOCK_LENGTH];
+                int                     padl, outl;
+                krb5_timestamp          authtime = 0;
+                krb5_ticket_times       ttimes;
+
+                EVP_CIPHER_CTX_init(&ciph_ctx);
+
+                if (!kssl_ctx)  kssl_ctx = kssl_ctx_new();
+
+                n2s(p,i);
+                enc_ticket.length = i;
+                enc_ticket.data = (char *)p;
+                p+=enc_ticket.length;
+
+                n2s(p,i);
+                authenticator.length = i;
+                authenticator.data = (char *)p;
+                p+=authenticator.length;
+
+                n2s(p,i);
+                enc_pms.length = i;
+                enc_pms.data = (char *)p;
+                p+=enc_pms.length;
+
+                /* Note that the length is checked again below,
+                ** after decryption
+                */
+                if(enc_pms.length > sizeof pms)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                               SSL_R_DATA_LENGTH_TOO_LONG);
+                        goto err;
+                        }
+
+                if (n != enc_ticket.length + authenticator.length +
+                                                enc_pms.length + 6)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                SSL_R_DATA_LENGTH_TOO_LONG);
+                        goto err;
+                        }
+
+                if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
+                                        &kssl_err)) != 0)
+                        {
+#ifdef KSSL_DEBUG
+                        printf("kssl_sget_tkt rtn %d [%d]\n",
+                                krb5rc, kssl_err.reason);
+                        if (kssl_err.text)
+                                printf("kssl_err text= %s\n", kssl_err.text);
+#endif  /* KSSL_DEBUG */
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                kssl_err.reason);
+                        goto err;
+                        }
+
+                /*  Note: no authenticator is not considered an error,
+                **  but will return authtime == 0.
+                */
+                if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
+                                        &authtime, &kssl_err)) != 0)
+                        {
+#ifdef KSSL_DEBUG
+                        printf("kssl_check_authent rtn %d [%d]\n",
+                                krb5rc, kssl_err.reason);
+                        if (kssl_err.text)
+                                printf("kssl_err text= %s\n", kssl_err.text);
+#endif  /* KSSL_DEBUG */
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                kssl_err.reason);
+                        goto err;
+                        }
+
+                if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc);
+                        goto err;
+                        }
+
+#ifdef KSSL_DEBUG
+                kssl_ctx_show(kssl_ctx);
+#endif  /* KSSL_DEBUG */
+
+                enc = kssl_map_enc(kssl_ctx->enctype);
+                if (enc == NULL)
+                    goto err;
+
+                memset(iv, 0, sizeof iv);       /* per RFC 1510 */
+
+                if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                SSL_R_DECRYPTION_FAILED);
+                        goto err;
+                        }
+                if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
+                                        (unsigned char *)enc_pms.data, enc_pms.length))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                SSL_R_DECRYPTION_FAILED);
+                        goto err;
+                        }
+                if (outl > SSL_MAX_MASTER_KEY_LENGTH)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                SSL_R_DATA_LENGTH_TOO_LONG);
+                        goto err;
+                        }
+                if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                SSL_R_DECRYPTION_FAILED);
+                        goto err;
+                        }
+                outl += padl;
+                if (outl > SSL_MAX_MASTER_KEY_LENGTH)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                SSL_R_DATA_LENGTH_TOO_LONG);
+                        goto err;
+                        }
+                EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+                s->session->master_key_length=
+                        s->method->ssl3_enc->generate_master_secret(s,
+                                s->session->master_key, pms, outl);
+
+                if (kssl_ctx->client_princ)
+                        {
+                        int len = strlen(kssl_ctx->client_princ);
+                        if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 
+                                {
+                                s->session->krb5_client_princ_len = len;
+                                memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
+                                }
+                        }
+
+
+                /*  Was doing kssl_ctx_free() here,
+                **  but it caused problems for apache.
+                **  kssl_ctx = kssl_ctx_free(kssl_ctx);
+                **  if (s->kssl_ctx)  s->kssl_ctx = NULL;
+                */
+                }
+        else
+#endif  /* OPENSSL_NO_KRB5 */
+                {
+                al=SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                SSL_R_UNKNOWN_CIPHER_TYPE);
+                goto f_err;
+                }
+
+        return(1);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
+err:
+#endif
+        return(-1);
+        }
+
+static int ssl3_get_cert_verify(SSL *s)
+        {
+        EVP_PKEY *pkey=NULL;
+        unsigned char *p;
+        int al,ok,ret=0;
+        long n;
+        int type=0,i,j;
+        X509 *peer;
+
+        n=ssl3_get_message(s,
+                SSL3_ST_SR_CERT_VRFY_A,
+                SSL3_ST_SR_CERT_VRFY_B,
+                -1,
+                514, /* 514? */
+                &ok);
+
+        if (!ok) return((int)n);
+
+        if (s->session->peer != NULL)
+                {
+                peer=s->session->peer;
+                pkey=X509_get_pubkey(peer);
+                type=X509_certificate_type(peer,pkey);
+                }
+        else
+                {
+                peer=NULL;
+                pkey=NULL;
+                }
+
+        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
+                {
+                s->s3->tmp.reuse_message=1;
+                if ((peer != NULL) && (type | EVP_PKT_SIGN))
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
+                        goto f_err;
+                        }
+                ret=1;
+                goto end;
+                }
+
+        if (peer == NULL)
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                goto f_err;
+                }
+
+        if (!(type & EVP_PKT_SIGN))
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                goto f_err;
+                }
+
+        if (s->s3->change_cipher_spec)
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                goto f_err;
+                }
+
+        /* we now have a signature that we need to verify */
+        p=(unsigned char *)s->init_msg;
+        n2s(p,i);
+        n-=2;
+        if (i > n)
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
+                al=SSL_AD_DECODE_ERROR;
+                goto f_err;
+                }
+
+        j=EVP_PKEY_size(pkey);
+        if ((i > j) || (n > j) || (n <= 0))
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
+                al=SSL_AD_DECODE_ERROR;
+                goto f_err;
+                }
+
+#ifndef OPENSSL_NO_RSA 
+        if (pkey->type == EVP_PKEY_RSA)
+                {
+                i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
+                        MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, 
+                                                        pkey->pkey.rsa);
+                if (i < 0)
+                        {
+                        al=SSL_AD_DECRYPT_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
+                        goto f_err;
+                        }
+                if (i == 0)
+                        {
+                        al=SSL_AD_DECRYPT_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
+                        goto f_err;
+                        }
+                }
+        else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                {
+                j=DSA_verify(pkey->save_type,
+                        &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+                        SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
+                if (j <= 0)
+                        {
+                        /* bad signature */
+                        al=SSL_AD_DECRYPT_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
+                        goto f_err;
+                        }
+                }
+        else
+#endif
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
+                al=SSL_AD_UNSUPPORTED_CERTIFICATE;
+                goto f_err;
+                }
+
+
+        ret=1;
+        if (0)
+                {
+f_err:
+                ssl3_send_alert(s,SSL3_AL_FATAL,al);
+                }
+end:
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
+
+static int ssl3_get_client_certificate(SSL *s)
+        {
+        int i,ok,al,ret= -1;
+        X509 *x=NULL;
+        unsigned long l,nc,llen,n;
+        unsigned char *p,*d,*q;
+        STACK_OF(X509) *sk=NULL;
+
+        n=ssl3_get_message(s,
+                SSL3_ST_SR_CERT_A,
+                SSL3_ST_SR_CERT_B,
+                -1,
+                s->max_cert_list,
+                &ok);
+
+        if (!ok) return((int)n);
+
+        if      (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
+                {
+                if (    (s->verify_mode & SSL_VERIFY_PEER) &&
+                        (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        goto f_err;
+                        }
+                /* If tls asked for a client cert, the client must return a 0 list */
+                if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        goto f_err;
+                        }
+                s->s3->tmp.reuse_message=1;
+                return(1);
+                }
+
+        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
+                goto f_err;
+                }
+        d=p=(unsigned char *)s->init_msg;
+
+        if ((sk=sk_X509_new_null()) == NULL)
+                {
+                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        n2l3(p,llen);
+        if (llen+3 != n)
+                {
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+                }
+        for (nc=0; nc<llen; )
+                {
+                n2l3(p,l);
+                if ((l+nc+3) > llen)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+                        goto f_err;
+                        }
+
+                q=p;
+                x=d2i_X509(NULL,&p,l);
+                if (x == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                if (p != (q+l))
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+                        goto f_err;
+                        }
+                if (!sk_X509_push(sk,x))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                x=NULL;
+                nc+=l+3;
+                }
+
+        if (sk_X509_num(sk) <= 0)
+                {
+                /* TLS does not mind 0 certs returned */
+                if (s->version == SSL3_VERSION)
+                        {
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
+                        goto f_err;
+                        }
+                /* Fail for TLS only if we required a certificate */
+                else if ((s->verify_mode & SSL_VERIFY_PEER) &&
+                         (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        goto f_err;
+                        }
+                }
+        else
+                {
+                i=ssl_verify_cert_chain(s,sk);
+                if (!i)
+                        {
+                        al=ssl_verify_alarm_type(s->verify_result);
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
+                        goto f_err;
+                        }
+                }
+
+        if (s->session->peer != NULL) /* This should not be needed */
+                X509_free(s->session->peer);
+        s->session->peer=sk_X509_shift(sk);
+        s->session->verify_result = s->verify_result;
+
+        /* With the current implementation, sess_cert will always be NULL
+         * when we arrive here. */
+        if (s->session->sess_cert == NULL)
+                {
+                s->session->sess_cert = ssl_sess_cert_new();
+                if (s->session->sess_cert == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        if (s->session->sess_cert->cert_chain != NULL)
+                sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
+        s->session->sess_cert->cert_chain=sk;
+        /* Inconsistency alert: cert_chain does *not* include the
+         * peer's own certificate, while we do include it in s3_clnt.c */
+
+        sk=NULL;
+
+        ret=1;
+        if (0)
+                {
+f_err:
+                ssl3_send_alert(s,SSL3_AL_FATAL,al);
+                }
+err:
+        if (x != NULL) X509_free(x);
+        if (sk != NULL) sk_X509_pop_free(sk,X509_free);
+        return(ret);
+        }
+
+int ssl3_send_server_certificate(SSL *s)
+        {
+        unsigned long l;
+        X509 *x;
+
+        if (s->state == SSL3_ST_SW_CERT_A)
+                {
+                x=ssl_get_server_send_cert(s);
+                if (x == NULL &&
+                        /* VRS: allow null cert if auth == KRB5 */
+                        (s->s3->tmp.new_cipher->algorithms
+                                & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                        != (SSL_aKRB5|SSL_kKRB5))
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+                        return(0);
+                        }
+
+                l=ssl3_output_cert_chain(s,x);
+                s->state=SSL3_ST_SW_CERT_B;
+                s->init_num=(int)l;
+                s->init_off=0;
+                }
+
+        /* SSL3_ST_SW_CERT_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
new file mode 100644
index 0000000000..d0f0988b41
--- /dev/null
+++ b/src/lib/libssl/shlib_version
@@ -0,0 +1,2 @@
+major=8
+minor=0
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index b8630792ad..1e85275800 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,57 +2,6 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]
-
-  *) Fix various bugs revealed by running the NISCC test suite:
-
-     Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CAN-2003-0543 and CAN-2003-0544).
-     
-     Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
-
-     If verify callback ignores invalid public key errors don't try to check
-     certificate signature with the NULL public key.
-
-     [Steve Henson]
-
-  *) New -ignore_err option in ocsp application to stop the server
-     exiting on the first error in a request.
-     [Steve Henson]
-
-  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
-     if the server requested one: as stated in TLS 1.0 and SSL 3.0
-     specifications.
-     [Steve Henson]
-
-  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
-     extra data after the compression methods not only for TLS 1.0
-     but also for SSL 3.0 (as required by the specification).
-     [Bodo Moeller; problem pointed out by Matthias Loepfe]
-
-  *) Change X509_certificate_type() to mark the key as exported/exportable
-     when it's 512 *bits* long, not 512 bytes.
-     [Richard Levitte]
-
-  *) Change AES_cbc_encrypt() so it outputs exact multiple of
-     blocks during encryption.
-     [Richard Levitte]
-
-  *) Various fixes to base64 BIO and non blocking I/O. On write 
-     flushes were not handled properly if the BIO retried. On read
-     data was not being buffered properly and had various logic bugs.
-     This also affects blocking I/O when the data being decoded is a
-     certain size.
-     [Steve Henson]
-
-  *) Various S/MIME bugfixes and compatibility changes:
-     output correct application/pkcs7 MIME type if
-     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
-     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
-     of files as .eml work). Correctly handle very long lines in MIME
-     parser.
-     [Steve Henson]
-
  Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]
 
   *) Countermeasure against the Klima-Pokorny-Rosa extension of
@@ -171,9 +120,6 @@
 
  Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
 
-  [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
-  OpenSSL 0.9.7.]
-
   *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
      code (06) was taken as the first octet of the session ID and the last
      octet was ignored consequently. As a result SSLv2 client side session
@@ -1992,57 +1938,6 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
- Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
-
-  *) Fix various bugs revealed by running the NISCC test suite:
-
-     Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CAN-2003-0543 and CAN-2003-0544).
-     
-     If verify callback ignores invalid public key errors don't try to check
-     certificate signature with the NULL public key.
-
-     [Steve Henson]
-
-  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
-     if the server requested one: as stated in TLS 1.0 and SSL 3.0
-     specifications.
-     [Steve Henson]
-
-  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
-     extra data after the compression methods not only for TLS 1.0
-     but also for SSL 3.0 (as required by the specification).
-     [Bodo Moeller; problem pointed out by Matthias Loepfe]
-
-  *) Change X509_certificate_type() to mark the key as exported/exportable
-     when it's 512 *bits* long, not 512 bytes.
-     [Richard Levitte]
-
- Changes between 0.9.6i and 0.9.6j  [10 Apr 2003]
-
-  *) Countermeasure against the Klima-Pokorny-Rosa extension of
-     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
-     a protocol version number mismatch like a decryption error
-     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
-     [Bodo Moeller]
-
-  *) Turn on RSA blinding by default in the default implementation
-     to avoid a timing attack. Applications that don't want it can call
-     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
-     They would be ill-advised to do so in most cases.
-     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
-
-  *) Change RSA blinding code so that it works when the PRNG is not
-     seeded (in this case, the secret RSA exponent is abused as
-     an unpredictable seed -- if it is not unpredictable, there
-     is no point in blinding anyway).  Make RSA blinding thread-safe
-     by remembering the creator's thread ID in rsa->blinding and
-     having all other threads use local one-time blinding factors
-     (this requires more computation than sharing rsa->blinding, but
-     avoids excessive locking; and if an RSA object is not shared
-     between threads, blinding will still be very fast).
-     [Bodo Moeller]
-
  Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
 
   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index 61331dbb51..7763dc4138 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -560,8 +560,6 @@ my %table=(
 "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
 "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
 "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
-"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:",
 
 ##### Compaq Non-Stop Kernel (Tandem)
 "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index ca5683def7..7812ae88cb 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -68,7 +68,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7c was released on September 30, 2003.
+OpenSSL 0.9.7b was released on April 10, 2003.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
diff --git a/src/lib/libssl/src/INSTALL.W32 b/src/lib/libssl/src/INSTALL.W32
index 0f6c302f0d..78d289e16a 100644
--- a/src/lib/libssl/src/INSTALL.W32
+++ b/src/lib/libssl/src/INSTALL.W32
@@ -225,7 +225,7 @@
         $ md c:\openssl\lib
         $ md c:\openssl\include
         $ md c:\openssl\include\openssl
-        $ copy /b inc32\openssl\*       c:\openssl\include\openssl
+        $ copy /b inc32\*               c:\openssl\include\openssl
         $ copy /b out32dll\ssleay32.lib c:\openssl\lib
         $ copy /b out32dll\libeay32.lib c:\openssl\lib
         $ copy /b out32dll\ssleay32.dll c:\openssl\bin
diff --git a/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp b/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp
index 5f64afe967..617aae2c70 100644
--- a/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp
+++ b/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp
@@ -2750,4 +2750,4 @@ void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL)
                         }
                 }
         }
-}
\ No newline at end of file
+}
diff --git a/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp b/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp
index 07a32de59e..80b6a675f4 100644
--- a/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp
+++ b/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp
@@ -167,4 +167,4 @@ void ThrowErrorMessageException(void)
         ThrowDescriptiveException(gErrorMessage);
 }
 
-#endif
\ No newline at end of file
+#endif
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org
index e80b22a32a..4d0627bfdd 100644
--- a/src/lib/libssl/src/Makefile.org
+++ b/src/lib/libssl/src/Makefile.org
@@ -78,7 +78,7 @@ MAKEDEPPROG=makedepend
 # gcc, then the driver will automatically translate it to -xarch=v8plus
 # and pass it down to assembler.
 AS=$(CC) -c
-ASFLAG=$(CFLAG)
+ASFLAGS=$(CFLAG)
 
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -194,7 +194,6 @@ MAKE=     make -f Makefile.ssl
 MANDIR=$(OPENSSLDIR)/man
 MAN1=1
 MAN3=3
-MANSUFFIX=
 SHELL=/bin/sh
 
 TOP=    .
@@ -226,7 +225,7 @@ sub_all:
         do \
         if [ -d "$$i" ]; then \
                 (cd $$i && echo "making all in $$i..." && \
-                $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+                $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
         else \
                 $(MAKE) $$i; \
         fi; \
@@ -411,7 +410,7 @@ do_svr3-shared:
                   find . -name "*.o" -print > allobjs ; \
                   OBJS= ; export OBJS ; \
                   for obj in `ar t lib$$i.a` ; do \
-                    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
+                    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
                   done ; \
                   set -x; ${CC} ${SHARED_LDFLAGS} \
                         -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@@ -436,7 +435,7 @@ do_svr5-shared:
                   find . -name "*.o" -print > allobjs ; \
                   OBJS= ; export OBJS ; \
                   for obj in `ar t lib$$i.a` ; do \
-                    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
+                    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
                   done ; \
                   set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
                         ${CC} ${SHARED_LDFLAGS} \
@@ -832,7 +831,6 @@ install: all install_docs
                 fi; \
         fi
         cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
-        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 
 install_docs:
         @$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -849,33 +847,33 @@ install_docs:
         for i in doc/apps/*.pod; do \
                 fn=`basename $$i .pod`; \
                 if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
-                echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+                echo "installing man$$sec/$$fn.$$sec"; \
                 (cd `$(PERL) util/dirname.pl $$i`; \
                 sh -c "$$pod2man \
                         --section=$$sec --center=OpenSSL \
                         --release=$(VERSION) `basename $$i`") \
-                        >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+                        >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
                 $(PERL) util/extract-names.pl < $$i | \
                         grep -v $$filecase "^$$fn\$$" | \
                         (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
                          while read n; do \
-                                $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+                                $$here/util/point.sh $$fn.$$sec $$n.$$sec; \
                          done); \
         done; \
         for i in doc/crypto/*.pod doc/ssl/*.pod; do \
                 fn=`basename $$i .pod`; \
                 if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
-                echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+                echo "installing man$$sec/$$fn.$$sec"; \
                 (cd `$(PERL) util/dirname.pl $$i`; \
                 sh -c "$$pod2man \
                         --section=$$sec --center=OpenSSL \
                         --release=$(VERSION) `basename $$i`") \
-                        >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+                        >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
                 $(PERL) util/extract-names.pl < $$i | \
                         grep -v $$filecase "^$$fn\$$" | \
                         (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
                          while read n; do \
-                                $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+                                $$here/util/point.sh $$fn.$$sec $$n.$$sec; \
                          done); \
         done
 
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index f0282ebb87..dce63f0549 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -5,13 +5,6 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
-
-      o Security: fix various ASN1 parsing bugs.
-      o New -ignore_err option to OCSP utility.
-      o Various interop and bug fixes in S/MIME code.
-      o SSL/TLS protocol fix for unrequested client certificates.
-
   Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
 
       o Security: counter the Klima-Pokorny-Rosa extension of
@@ -80,11 +73,6 @@
       o SSL/TLS: add callback to retrieve SSL/TLS messages.
       o SSL/TLS: support AES cipher suites (RFC3268).
 
-  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
-
-      o Security: fix various ASN1 parsing bugs.
-      o SSL/TLS protocol fix for unrequested client certificates.
-
   Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
 
       o Security: counter the Klima-Pokorny-Rosa extension of
diff --git a/src/lib/libssl/src/PROBLEMS b/src/lib/libssl/src/PROBLEMS
deleted file mode 100644
index 85e96a5ebe..0000000000
--- a/src/lib/libssl/src/PROBLEMS
+++ /dev/null
@@ -1,131 +0,0 @@
-* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
-
-
-    NOTE: The problem described here only applies when OpenSSL isn't built
-    with shared library support (i.e. without the "shared" configuration
-    option).  If you build with shared library support, you will have no
-    problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
-
-
-This is really a misfeature in ld, which seems to look for .dylib libraries
-along the whole library path before it bothers looking for .a libraries.  This
-means that -L switches won't matter unless OpenSSL is built with shared
-library support.
-
-The workaround may be to change the following lines in apps/Makefile.ssl and
-test/Makefile.ssl:
-
-  LIBCRYPTO=-L.. -lcrypto
-  LIBSSL=-L.. -lssl
-
-to:
-
-  LIBCRYPTO=../libcrypto.a
-  LIBSSL=../libssl.a
-
-It's possible that something similar is needed for shared library support
-as well.  That hasn't been well tested yet.
-
-
-Another solution that many seem to recommend is to move the libraries
-/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
-directory, build and install OpenSSL and anything that depends on your
-build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
-original places.  Note that the version numbers on those two libraries
-may differ on your machine.
-
-
-As long as Apple doesn't fix the problem with ld, this problem building
-OpenSSL will remain as is.
-
-
-* Parallell make leads to errors
-
-While running tests, running a parallell make is a bad idea.  Many test
-scripts use the same name for output and input files, which means different
-will interfere with each other and lead to test failure.
-
-The solution is simple for now: don't run parallell make when testing.
-
-
-* Bugs in gcc 3.0 triggered
-
-According to a problem report, there are bugs in gcc 3.0 that are
-triggered by some of the code in OpenSSL, more specifically in
-PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
-
-        header+=11;
-        if (*header != '4') return(0); header++;
-        if (*header != ',') return(0); header++;
-
-What happens is that gcc might optimize a little too agressively, and
-you end up with an extra incrementation when *header != '4'.
-
-We recommend that you upgrade gcc to as high a 3.x version as you can.
-
-* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
-
-As subject suggests SHA-1 might perform poorly (4 times slower)
-if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
-this seems to be the fact that compiler emits multiplication to
-perform shift operations:-( To work the problem around configure
-with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
-
-* Problems with hp-parisc2-cc target when used with "no-asm" flag
-
-When using the hp-parisc2-cc target, wrong bignum code is generated.
-This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
-aggressive optimization.
-The problem manifests itself by the BN_kronecker test hanging in an
-endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
-which itself hangs. The reason could be tracked down to the bn_mul_comba8()
-function in bn_asm.c. At some occasions the higher 32bit value of r[7]
-is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
-as no debugger support possible at +O3 and additional fprintf()'s
-introduced fixed the bug, therefore it is most likely a bug in the
-optimizer.
-The bug was found in the BN_kronecker test but may also lead to
-failures in other parts of the code.
-(See Ticket #426.)
-
-Workaround: modify the target to +O2 when building with no-asm.
-
-* Poor support for AIX shared builds.
-
-do_aix-shared rule is not flexible enough to parameterize through a
-config-line. './Configure aix43-cc shared' is working, but not
-'./Configure aix64-gcc shared'. In latter case make fails to create shared
-libraries. It's possible to build 64-bit shared libraries by running
-'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
-supporting even gcc shared builds. See RT#463 for background information.
-
-* Problems building shared libraries on SCO OpenServer Release 5.0.6
-  with gcc 2.95.3
-
-The symptoms appear when running the test suite, more specifically
-test/ectest, with the following result:
-
-OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
-ectest.c:186: ABORT
-
-The cause of the problem seems to be that isxdigit(), called from
-BN_hex2bn(), returns 0 on a perfectly legitimate hex digit.  Further
-investigation shows that any of the isxxx() macros return 0 on any
-input.  A direct look in the information array that the isxxx() use,
-called __ctype, shows that it contains all zeroes...
-
-Taking a look at the newly created libcrypto.so with nm, one can see
-that the variable __ctype is defined in libcrypto's .bss (which
-explains why it is filled with zeroes):
-
-$ nm -Pg libcrypto.so | grep __ctype
-__ctype B 0011659c
-__ctype2 U         
-
-Curiously, __ctype2 is undefined, in spite of being declared in
-/usr/include/ctype.h in exactly the same way as __ctype.
-
-Any information helping to solve this issue would be deeply
-appreciated.
-
-NOTE: building non-shared doesn't come with this problem.
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index 65e3a12426..3af69bfdb5 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.7c 30 Sep 2003
+ OpenSSL 0.9.7b 10 Apr 2003
 
  Copyright (c) 1998-2003 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/src/lib/libssl/src/STATUS b/src/lib/libssl/src/STATUS
new file mode 100644
index 0000000000..fb61c932ee
--- /dev/null
+++ b/src/lib/libssl/src/STATUS
@@ -0,0 +1,107 @@
+
+  OpenSSL STATUS                           Last modified at
+  ______________                           $Date: 2002/09/14 11:18:02 $
+
+  DEVELOPMENT STATE
+
+    o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7-beta3: Released on July 30th, 2002
+    o  OpenSSL 0.9.7-beta2: Released on June 16th, 2002
+    o  OpenSSL 0.9.7-beta1: Released on June  1st, 2002
+    o  OpenSSL 0.9.6g: Released on August     9th, 2002
+    o  OpenSSL 0.9.6f: Released on August     8th, 2002
+    o  OpenSSL 0.9.6e: Released on July      30th, 2002
+    o  OpenSSL 0.9.6d: Released on May        9th, 2002
+    o  OpenSSL 0.9.6c: Released on December  21st, 2001
+    o  OpenSSL 0.9.6b: Released on July       9th, 2001
+    o  OpenSSL 0.9.6a: Released on April      5th, 2001
+    o  OpenSSL 0.9.6:  Released on September 24th, 2000
+    o  OpenSSL 0.9.5a: Released on April      1st, 2000
+    o  OpenSSL 0.9.5:  Released on February  28th, 2000
+    o  OpenSSL 0.9.4:  Released on August    09th, 1999
+    o  OpenSSL 0.9.3a: Released on May       29th, 1999
+    o  OpenSSL 0.9.3:  Released on May       25th, 1999
+    o  OpenSSL 0.9.2b: Released on March     22th, 1999
+    o  OpenSSL 0.9.1c: Released on December  23th, 1998
+
+  [See also http://www.openssl.org/support/rt2.html]
+
+  RELEASE SHOWSTOPPERS
+
+    o BN_mod_mul verification fails for mips3-sgi-irix
+      unless configured with no-asm
+
+  AVAILABLE PATCHES
+
+    o 
+
+  IN PROGRESS
+
+    o Steve is currently working on (in no particular order):
+        ASN1 code redesign, butchery, replacement.
+        OCSP
+        EVP cipher enhancement.
+        Enhanced certificate chain verification.
+        Private key, certificate and CRL API and implementation.
+        Developing and bugfixing PKCS#7 (S/MIME code).
+        Various X509 issues: character sets, certificate request extensions.
+    o Geoff and Richard are currently working on:
+        ENGINE (the new code that gives hardware support among others).
+    o Richard is currently working on:
+        UI (User Interface)
+        UTIL (a new set of library functions to support some higher level
+              functionality that is currently missing).
+        Shared library support for VMS.
+        Kerberos 5 authentication
+        Constification
+        OCSP
+
+  NEEDS PATCH
+
+    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
+
+    o  "OpenSSL STATUS" is never up-to-date.
+
+  OPEN ISSUES
+
+    o  The Makefile hierarchy and build mechanism is still not a round thing:
+
+       1. The config vs. Configure scripts
+          It's the same nasty situation as for Apache with APACI vs.
+          src/Configure. It confuses.
+          Suggestion: Merge Configure and config into a single configure
+                      script with a Autoconf style interface ;-) and remove
+                      Configure and config. Or even let us use GNU Autoconf
+                      itself. Then we can avoid a lot of those platform checks
+                      which are currently in Configure.
+
+    o  Support for Shared Libraries has to be added at least
+       for the major Unix platforms. The details we can rip from the stuff
+       Ralf has done for the Apache src/Configure script. Ben wants the
+       solution to be really simple.
+
+       Status: Ralf will look how we can easily incorporate the
+               compiler PIC and linker DSO flags from Apache
+               into the OpenSSL Configure script.
+
+               Ulf: +1 for using GNU autoconf and libtool (but not automake,
+                    which apparently is not flexible enough to generate
+                    libcrypto)
+
+  WISHES
+
+    o  Add variants of DH_generate_parameters() and BN_generate_prime() [etc?]
+       where the callback function can request that the function be aborted.
+       [Gregory Stark <ghstark@pobox.com>, <rayyang2000@yahoo.com>]
+
+    o  SRP in TLS.
+       [wished by:
+        Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
+        Tom Holroyd <tomh@po.crl.go.jp>]
+
+       See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
+       as well as http://www-cs-students.stanford.edu/~tjw/srp/.
+
+       Tom Holroyd tells us there is a SRP patch for OpenSSH at
+       http://members.tripod.com/professor_tom/archives/, that could
+       be useful.
diff --git a/src/lib/libssl/src/TABLE b/src/lib/libssl/src/TABLE
new file mode 100644
index 0000000000..3989ac7ebf
--- /dev/null
+++ b/src/lib/libssl/src/TABLE
@@ -0,0 +1,4226 @@
+Output of `Configure TABLE':
+
+*** BC-16
+$cc           = bcc
+$cflags       = 
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = WIN16
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** BC-32
+$cc           = bcc32
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WIN32
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR RC4_INDEX
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** BS2000-OSD
+$cc           = c89
+$cflags       = -O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** Cygwin
+$cc           = gcc
+$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = CYGWIN32
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-out.o asm/co86-out.o
+$des_obj      = asm/dx86-out.o asm/yx86-out.o
+$bf_obj       = asm/bx86-out.o
+$md5_obj      = asm/mx86-out.o
+$sha1_obj     = asm/sx86-out.o
+$cast_obj     = asm/cx86-out.o
+$rc4_obj      = asm/rx86-out.o
+$rmd160_obj   = asm/rm86-out.o
+$rc5_obj      = asm/r586-out.o
+$dso_scheme   = win32
+$shared_target= cygwin-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .dll
+$ranlib       = 
+$arflags      = 
+
+*** Cygwin-pre1.3
+$cc           = gcc
+$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = CYGWIN32
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** DJGPP
+$cc           = gcc
+$cflags       = -I/dev/env/DJDIR/watt32/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = MSDOS
+$lflags       = -L/dev/env/DJDIR/watt32/lib -lwatt
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** FreeBSD
+$cc           = gcc
+$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-out.o asm/co86-out.o
+$des_obj      = asm/dx86-out.o asm/yx86-out.o
+$bf_obj       = asm/bx86-out.o
+$md5_obj      = asm/mx86-out.o
+$sha1_obj     = asm/sx86-out.o
+$cast_obj     = asm/cx86-out.o
+$rc4_obj      = asm/rx86-out.o
+$rmd160_obj   = asm/rm86-out.o
+$rc5_obj      = asm/r586-out.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** FreeBSD-alpha
+$cc           = gcc
+$cflags       = -DTERMIOS -O -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** FreeBSD-elf
+$cc           = gcc
+$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** MPE/iX-gcc
+$cc           = gcc
+$cflags       = -D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = MPE
+$lflags       = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** Mingw32
+$cc           = gcc
+$cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** NetBSD-m68
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** NetBSD-sparc
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** NetBSD-x86
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OS2-EMX
+$cc           = gcc
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** OS390-Unix
+$cc           = c89.sh
+$cflags       = -O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-alpha
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-hppa
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-i386
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-out.o asm/co86-out.o
+$des_obj      = asm/dx86-out.o asm/yx86-out.o
+$bf_obj       = asm/bx86-out.o
+$md5_obj      = asm/mx86-out.o
+$sha1_obj     = asm/sx86-out.o
+$cast_obj     = asm/cx86-out.o
+$rc4_obj      = asm/rx86-out.o
+$rmd160_obj   = asm/rm86-out.o
+$rc5_obj      = asm/r586-out.o
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-m68k
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-m88k
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-mips
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-powerpc
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-sparc
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-sparc64
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-vax
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenUNIX-8
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenUNIX-8-gcc
+$cc           = gcc
+$cflags       = -O -DFILIO_H -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = -pthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenUNIX-8-pentium
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenUNIX-8-pentium_pro
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium_pro
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** ReliantUNIX
+$cc           = cc
+$cflags       = -KPIC -g -DTERMIOS -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = SNI
+$lflags       = -lsocket -lnsl -lc -L/usr/ucblib -lucb
+$bn_ops       = BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= reliantunix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** SINIX
+$cc           = cc
+$cflags       = -O
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = SNI
+$lflags       = -lsocket -lnsl -lc -L/usr/ucblib -lucb
+$bn_ops       = RC4_INDEX RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** SINIX-N
+$cc           = /usr/ucb/cc
+$cflags       = -O2 -misaligned
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lucb
+$bn_ops       = RC4_INDEX RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** UWIN
+$cc           = cc
+$cflags       = -DTERMIOS -DL_ENDIAN -O -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = UWIN
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-MSDOS
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = MSDOS
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-NT
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WINNT
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-W31-16
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = WIN16
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-W31-32
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WIN16
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-WIN16
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = WIN16
+$lflags       = 
+$bn_ops       = MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-WIN32
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WIN32
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix-cc
+$cc           = cc
+$cflags       = -O -DB_ENDIAN -qmaxmem=16384
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = AIX
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix-gcc
+$cc           = gcc
+$cflags       = -O3 -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = AIX
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix43-cc
+$cc           = cc
+$cflags       = -O -DAIX -DB_ENDIAN -qmaxmem=16384
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix43-gcc
+$cc           = gcc
+$cflags       = -O3 -DAIX -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix64-cc
+$cc           = cc
+$cflags       = -O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = -X 64
+
+*** alpha-cc
+$cc           = cc
+$cflags       = -std1 -tune host -fast -readonly_strings
+$unistd       = 
+$thread_cflag = -pthread
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= tru64-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so
+$ranlib       = 
+$arflags      = 
+
+*** alpha-cc-rpath
+$cc           = cc
+$cflags       = -std1 -tune host -fast -readonly_strings
+$unistd       = 
+$thread_cflag = -pthread
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= tru64-shared-rpath
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so
+$ranlib       = 
+$arflags      = 
+
+*** alpha-gcc
+$cc           = gcc
+$cflags       = -O3
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= alpha-osf1-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so
+$ranlib       = 
+$arflags      = 
+
+*** alpha164-cc
+$cc           = cc
+$cflags       = -std1 -tune host -fast -readonly_strings
+$unistd       = 
+$thread_cflag = -pthread
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= tru64-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so
+$ranlib       = 
+$arflags      = 
+
+*** alphaold-cc
+$cc           = cc
+$cflags       = -std1 -tune host -O4 -readonly_strings
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= alpha-osf1-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so
+$ranlib       = 
+$arflags      = 
+
+*** bsdi-elf-gcc
+$cc           = gcc
+$cflags       = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** bsdi-gcc
+$cc           = gcc
+$cflags       = -O3 -ffast-math -DL_ENDIAN -DPERL5 -m486
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = RSA_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86bsdi.o asm/co86bsdi.o
+$des_obj      = asm/dx86bsdi.o asm/yx86bsdi.o
+$bf_obj       = asm/bx86bsdi.o
+$md5_obj      = asm/mx86bsdi.o
+$sha1_obj     = asm/sx86bsdi.o
+$cast_obj     = asm/cx86bsdi.o
+$rc4_obj      = asm/rx86bsdi.o
+$rmd160_obj   = asm/rm86bsdi.o
+$rc5_obj      = asm/r586bsdi.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** cc
+$cc           = cc
+$cflags       = -O
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** cray-j90
+$cc           = cc
+$cflags       = -DBIT_FIELD_LIMITS -DTERMIOS
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = CRAY
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** cray-t3e
+$cc           = cc
+$cflags       = -DBIT_FIELD_LIMITS -DTERMIOS
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = CRAY
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** darwin-i386-cc
+$cc           = cc
+$cflags       = -O3 -fomit-frame-pointer -fno-common -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = MACOSX
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= darwin-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
+$ranlib       = 
+$arflags      = 
+
+*** darwin-ppc-cc
+$cc           = cc
+$cflags       = -O3 -fomit-frame-pointer -fno-common -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = MACOSX
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= darwin-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
+$ranlib       = 
+$arflags      = 
+
+*** debug
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lefence
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ben
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ben-debug
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ben-openbsd
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ben-openbsd-debug
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ben-strict
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-bodo
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-levitte-linux-elf
+$cc           = gcc
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-levitte-linux-noasm
+$cc           = gcc
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-linux-elf
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lefence -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-linux-elf-noefence
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-linux-pentium
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-linux-ppro
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-rse
+$cc           = cc
+$cflags       = -DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-solaris-sparcv8-cc
+$cc           = cc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-solaris-sparcv8-gcc
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-solaris-sparcv9-cc
+$cc           = cc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv8plus.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-solaris-sparcv9-gcc
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-steve
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -rdynamic -ldl
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-steve-linux-pseudo64
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -rdynamic -ldl
+$bn_ops       = SIXTY_FOUR_BIT
+$bn_obj       = 
+$des_obj      = dlfcn
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ulf
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** dgux-R3-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = RC4_INDEX DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** dgux-R4-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lnsl -lsocket
+$bn_ops       = RC4_INDEX DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** dgux-R4-x86-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer -DL_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lnsl -lsocket
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** dist
+$cc           = cc
+$cflags       = -O
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** gcc
+$cc           = gcc
+$cflags       = -O3
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** hpux-brokencc
+$cc           = cc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-brokengcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-cc
+$cc           = cc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-gcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-ia64-cc
+$cc           = cc
+$cflags       = -Ae +DD32 +O3 +ESlit -z -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = asm/ia64-cpp.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-m68k-gcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** hpux-parisc-cc
+$cc           = cc
+$cflags       = +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-parisc-cc-o4
+$cc           = cc
+$cflags       = -Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = 
+$sys_id       = 
+$lflags       = -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-parisc-gcc
+$cc           = gcc
+$cflags       = -O3 -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = 
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-parisc1_1-cc
+$cc           = cc
+$cflags       = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-parisc2-cc
+$cc           = cc
+$cflags       = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = asm/pa-risc2.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux10-brokencc
+$cc           = cc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux10-brokengcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux10-cc
+$cc           = cc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux10-gcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux64-ia64-cc
+$cc           = cc
+$cflags       = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = asm/ia64-cpp.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux64-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux64-parisc-cc
+$cc           = cc
+$cflags       = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux64-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux64-parisc-gcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux64-shared
+$shared_cflag = -fpic
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux64-parisc2-cc
+$cc           = cc
+$cflags       = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = asm/pa-risc2W.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux64-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hurd-x86
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** irix-cc
+$cc           = cc
+$cflags       = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** irix-gcc
+$cc           = gcc
+$cflags       = -O3 -DTERMIOS -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** irix-mips3-cc
+$cc           = cc
+$cflags       = -n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$unistd       = 
+$thread_cflag = -D_SGI_MP_SOURCE
+$sys_id       = 
+$lflags       = 
+$bn_ops       = DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT
+$bn_obj       = asm/mips3.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** irix-mips3-gcc
+$cc           = gcc
+$cflags       = -mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$unistd       = 
+$thread_cflag = -D_SGI_MP_SOURCE
+$sys_id       = 
+$lflags       = 
+$bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT
+$bn_obj       = asm/mips3.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** irix64-mips4-cc
+$cc           = cc
+$cflags       = -64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$unistd       = 
+$thread_cflag = -D_SGI_MP_SOURCE
+$sys_id       = 
+$lflags       = 
+$bn_ops       = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
+$bn_obj       = asm/mips3.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** irix64-mips4-gcc
+$cc           = gcc
+$cflags       = -mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$unistd       = 
+$thread_cflag = -D_SGI_MP_SOURCE
+$sys_id       = 
+$lflags       = 
+$bn_ops       = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
+$bn_obj       = asm/mips3.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-alpha+bwx-ccc
+$cc           = ccc
+$cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-alpha+bwx-gcc
+$cc           = gcc
+$cflags       = -O3 -DL_ENDIAN -DTERMIO
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-alpha-ccc
+$cc           = ccc
+$cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-alpha-gcc
+$cc           = gcc
+$cflags       = -O3 -DL_ENDIAN -DTERMIO
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-aout
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-out.o asm/co86-out.o
+$des_obj      = asm/dx86-out.o asm/yx86-out.o
+$bf_obj       = asm/bx86-out.o
+$md5_obj      = asm/mx86-out.o
+$sha1_obj     = asm/sx86-out.o
+$cast_obj     = asm/cx86-out.o
+$rc4_obj      = asm/rx86-out.o
+$rmd160_obj   = asm/rm86-out.o
+$rc5_obj      = asm/r586-out.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-elf
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-elf-arm
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-ia64
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
+$bn_obj       = asm/ia64.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-k6
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-m68k
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-mips
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-mipsel
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-parisc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-pentium
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-ppc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-ppro
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-s390
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-s390x
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-sparcv7
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-sparcv8
+$cc           = gcc
+$cflags       = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-sparcv9
+$cc           = gcc
+$cflags       = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv8plus.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** ncr-scde
+$cc           = cc
+$cflags       = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** newsos4-gcc
+$cc           = gcc
+$cflags       = -O -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = NEWS4
+$lflags       = -lmld -liberty
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** nextstep
+$cc           = cc
+$cflags       = -O -Wall
+$unistd       = <libc.h>
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** nextstep3.3
+$cc           = cc
+$cflags       = -O3 -Wall
+$unistd       = <libc.h>
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** purify
+$cc           = purify gcc
+$cflags       = -g -DPURIFY -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** qnx4
+$cc           = cc
+$cflags       = -DL_ENDIAN -DTERMIO
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** qnx6
+$cc           = cc
+$cflags       = -DL_ENDIAN -DTERMIOS
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** rhapsody-ppc-cc
+$cc           = cc
+$cflags       = -O3 -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = MACOSX
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** sco3-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** sco5-cc
+$cc           = cc
+$cflags       = -belf
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket -lresolv -lnsl
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr3-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** sco5-cc-pentium
+$cc           = cc
+$cflags       = -Kpentium
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** sco5-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket -lresolv -lnsl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= svr3-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparc-sc3
+$cc           = cc
+$cflags       = -fast -O -Xa -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv7-cc
+$cc           = cc
+$cflags       = -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv7-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv8-cc
+$cc           = cc
+$cflags       = -xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv8-gcc
+$cc           = gcc
+$cflags       = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv9-cc
+$cc           = cc
+$cflags       = -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv8plus.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv9-gcc
+$cc           = gcc
+$cflags       = -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv8plus.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv9-gcc27
+$cc           = gcc
+$cflags       = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus-gcc27.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv8plus-gcc27.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-x86-cc
+$cc           = cc
+$cflags       = -fast -O -Xa
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-x86-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-sol.o asm/co86-sol.o
+$des_obj      = asm/dx86-sol.o asm/yx86-sol.o
+$bf_obj       = asm/bx86-sol.o
+$md5_obj      = asm/mx86-sol.o
+$sha1_obj     = asm/sx86-sol.o
+$cast_obj     = asm/cx86-sol.o
+$rc4_obj      = asm/rx86-sol.o
+$rmd160_obj   = asm/rm86-sol.o
+$rc5_obj      = asm/r586-sol.o
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris64-sparcv9-cc
+$cc           = cc
+$cflags       = -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv9.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = -xarch=v9
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = /usr/ccs/bin/ar rs
+$arflags      = 
+
+*** solaris64-sparcv9-gcc
+$cc           = gcc
+$cflags       = -m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv9.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = -m64
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris64-sparcv9-gcc31
+$cc           = gcc
+$cflags       = -mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv9.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = -m64
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** sunos-gcc
+$cc           = gcc
+$cflags       = -O3 -mv8 -Dssize_t=int
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** ultrix-cc
+$cc           = cc
+$cflags       = -std1 -O -Olimit 1000 -DL_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** ultrix-gcc
+$cc           = gcc
+$cflags       = -O3 -DL_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-2.0
+$cc           = cc
+$cflags       = -DFILIO_H -DNO_STRINGS_H
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-2.0-pentium
+$cc           = cc
+$cflags       = -DFILIO_H -DNO_STRINGS_H -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-2.1
+$cc           = cc
+$cflags       = -O -DFILIO_H
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-2.1-p6
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kp6
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-2.1-pentium
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-7
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** unixware-7-gcc
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= gnu-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** unixware-7-pentium
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** unixware-7-pentium_pro
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium_pro
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** vxworks-ppc405
+$cc           = ccppc
+$cflags       = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h
+$unistd       = 
+$thread_cflag = 
+$sys_id       = VXWORKS
+$lflags       = -r
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
diff --git a/src/lib/libssl/src/apps/CA.pl b/src/lib/libssl/src/apps/CA.pl
deleted file mode 100644
index 669a016b84..0000000000
--- a/src/lib/libssl/src/apps/CA.pl
+++ /dev/null
@@ -1,173 +0,0 @@
-#!/usr/bin/perl
-#
-# CA - wrapper around ca to make it easier to use ... basically ca requires
-#      some setup stuff to be done before you can use it and this makes
-#      things easier between now and when Eric is convinced to fix it :-)
-#
-# CA -newca ... will setup the right stuff
-# CA -newreq[-nodes] ... will generate a certificate request 
-# CA -sign ... will sign the generated request and output 
-#
-# At the end of that grab newreq.pem and newcert.pem (one has the key 
-# and the other the certificate) and cat them together and that is what
-# you want/need ... I'll make even this a little cleaner later.
-#
-#
-# 12-Jan-96 tjh    Added more things ... including CA -signcert which
-#                  converts a certificate to a request and then signs it.
-# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
-#                  environment variable so this can be driven from
-#                  a script.
-# 25-Jul-96 eay    Cleaned up filenames some more.
-# 11-Jun-96 eay    Fixed a few filename missmatches.
-# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
-# 18-Apr-96 tjh    Original hacking
-#
-# Tim Hudson
-# tjh@cryptsoft.com
-#
-
-# 27-Apr-98 snh    Translation into perl, fix existing CA bug.
-#
-#
-# Steve Henson
-# shenson@bigfoot.com
-
-# default openssl.cnf file has setup as per the following
-# demoCA ... where everything is stored
-
-$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
-$DAYS="-days 365";
-$REQ="openssl req $SSLEAY_CONFIG";
-$CA="openssl ca $SSLEAY_CONFIG";
-$VERIFY="openssl verify";
-$X509="openssl x509";
-$PKCS12="openssl pkcs12";
-
-$CATOP="./demoCA";
-$CAKEY="cakey.pem";
-$CACERT="cacert.pem";
-
-$DIRMODE = 0777;
-
-$RET = 0;
-
-foreach (@ARGV) {
-        if ( /^(-\?|-h|-help)$/ ) {
-            print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-            exit 0;
-        } elsif (/^-newcert$/) {
-            # create a certificate
-            system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
-            $RET=$?;
-            print "Certificate (and private key) is in newreq.pem\n"
-        } elsif (/^-newreq$/) {
-            # create a certificate request
-            system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
-            $RET=$?;
-            print "Request (and private key) is in newreq.pem\n";
-        } elsif (/^-newreq-nodes$/) {
-            # create a certificate request
-            system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
-            $RET=$?;
-            print "Request (and private key) is in newreq.pem\n";
-        } elsif (/^-newca$/) {
-                # if explicitly asked for or it doesn't exist then setup the
-                # directory structure that Eric likes to manage things 
-            $NEW="1";
-            if ( "$NEW" || ! -f "${CATOP}/serial" ) {
-                # create the directory hierarchy
-                mkdir $CATOP, $DIRMODE;
-                mkdir "${CATOP}/certs", $DIRMODE;
-                mkdir "${CATOP}/crl", $DIRMODE ;
-                mkdir "${CATOP}/newcerts", $DIRMODE;
-                mkdir "${CATOP}/private", $DIRMODE;
-                open OUT, ">${CATOP}/serial";
-                print OUT "01\n";
-                close OUT;
-                open OUT, ">${CATOP}/index.txt";
-                close OUT;
-            }
-            if ( ! -f "${CATOP}/private/$CAKEY" ) {
-                print "CA certificate filename (or enter to create)\n";
-                $FILE = <STDIN>;
-
-                chop $FILE;
-
-                # ask user for existing CA certificate
-                if ($FILE) {
-                    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
-                    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
-                    $RET=$?;
-                } else {
-                    print "Making CA certificate ...\n";
-                    system ("$REQ -new -x509 -keyout " .
-                        "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
-                    $RET=$?;
-                }
-            }
-        } elsif (/^-pkcs12$/) {
-            my $cname = $ARGV[1];
-            $cname = "My Certificate" unless defined $cname;
-            system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
-                        "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
-                        "-export -name \"$cname\"");
-            $RET=$?;
-            exit $RET;
-        } elsif (/^-xsign$/) {
-            system ("$CA -policy policy_anything -infiles newreq.pem");
-            $RET=$?;
-        } elsif (/^(-sign|-signreq)$/) {
-            system ("$CA -policy policy_anything -out newcert.pem " .
-                                                        "-infiles newreq.pem");
-            $RET=$?;
-            print "Signed certificate is in newcert.pem\n";
-        } elsif (/^(-signCA)$/) {
-            system ("$CA -policy policy_anything -out newcert.pem " .
-                                        "-extensions v3_ca -infiles newreq.pem");
-            $RET=$?;
-            print "Signed CA certificate is in newcert.pem\n";
-        } elsif (/^-signcert$/) {
-            system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
-                                                                "-out tmp.pem");
-            system ("$CA -policy policy_anything -out newcert.pem " .
-                                                        "-infiles tmp.pem");
-            $RET = $?;
-            print "Signed certificate is in newcert.pem\n";
-        } elsif (/^-verify$/) {
-            if (shift) {
-                foreach $j (@ARGV) {
-                    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
-                    $RET=$? if ($? != 0);
-                }
-                exit $RET;
-            } else {
-                    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
-                    $RET=$?;
-                    exit 0;
-            }
-        } else {
-            print STDERR "Unknown arg $_\n";
-            print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-            exit 1;
-        }
-}
-
-exit $RET;
-
-sub cp_pem {
-my ($infile, $outfile, $bound) = @_;
-open IN, $infile;
-open OUT, ">$outfile";
-my $flag = 0;
-while (<IN>) {
-        $flag = 1 if (/^-----BEGIN.*$bound/) ;
-        print OUT $_ if ($flag);
-        if (/^-----END.*$bound/) {
-                close IN;
-                close OUT;
-                return;
-        }
-}
-}
-
diff --git a/src/lib/libssl/src/apps/Makefile.ssl b/src/lib/libssl/src/apps/Makefile.ssl
new file mode 100644
index 0000000000..7068286204
--- /dev/null
+++ b/src/lib/libssl/src/apps/Makefile.ssl
@@ -0,0 +1,1146 @@
+#
+#  apps/Makefile.ssl
+#
+
+DIR=            apps
+TOP=            ..
+CC=             cc
+INCLUDES=       -I$(TOP) -I../include $(KRB5_INCLUDES)
+CFLAG=          -g -static
+INSTALL_PREFIX=
+INSTALLTOP=     /usr/local/ssl
+OPENSSLDIR=     /usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+PERL=           perl
+RM=             rm -f
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+PEX_LIBS=
+EX_LIBS= 
+EXE_EXT= 
+
+SHLIB_TARGET=
+
+CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile makeapps.com install.com
+
+DLIBCRYPTO=../libcrypto.a
+DLIBSSL=../libssl.a
+LIBCRYPTO=-L.. -lcrypto
+LIBSSL=-L.. -lssl
+
+PROGRAM= openssl
+
+SCRIPTS=CA.sh CA.pl der_chop
+
+EXE= $(PROGRAM)$(EXE_EXT)
+
+E_EXE=  verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
+        ca crl rsa rsautl dsa dsaparam \
+        x509 genrsa gendsa s_server s_client speed \
+        s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+        pkcs8 spkac smime rand engine ocsp
+
+PROGS= $(PROGRAM).c
+
+A_OBJ=apps.o
+A_SRC=apps.c
+S_OBJ=  s_cb.o s_socket.o
+S_SRC=  s_cb.c s_socket.c
+RAND_OBJ=app_rand.o
+RAND_SRC=app_rand.c
+
+E_OBJ=  verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
+        ca.o pkcs7.o crl2p7.o crl.o \
+        rsa.o rsautl.o dsa.o dsaparam.o \
+        x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
+        s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
+        ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o
+
+E_SRC=  verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
+        pkcs7.c crl2p7.c crl.c \
+        rsa.c rsautl.c dsa.c dsaparam.c \
+        x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
+        s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
+        ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c
+
+SRC=$(E_SRC)
+
+EXHEADER=
+HEADER= apps.h progs.h s_apps.h \
+        testdsa.h testrsa.h \
+        $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:    exe
+
+exe:    $(PROGRAM)
+
+req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
+        LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+        $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+sreq.o: req.c 
+        $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+install:
+        @for i in $(EXE); \
+        do  \
+        (echo installing $$i; \
+         cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+         chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+         done;
+        @for i in $(SCRIPTS); \
+        do  \
+        (echo installing $$i; \
+         cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+         chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+         mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+         done
+        @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+        chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+        mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+        rm -f req
+
+$(DLIBSSL):
+        (cd ..; $(MAKE) DIRS=ssl all)
+
+$(DLIBCRYPTO):
+        (cd ..; $(MAKE) DIRS=crypto all)
+
+$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+        $(RM) $(PROGRAM)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+        -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
+                LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
+                DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
+                SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
+                LIBPATH="`pwd`:$$LIBPATH"; \
+                if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+                export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+                $(PERL) tools/c_rehash certs)
+
+progs.h: progs.pl
+        $(PERL) progs.pl $(E_EXE) >progs.h
+        $(RM) $(PROGRAM).o
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+app_rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+app_rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+app_rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+app_rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+app_rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c
+app_rand.o: apps.h
+apps.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+apps.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+apps.o: ../include/openssl/cast.h ../include/openssl/conf.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
+apps.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+apps.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+apps.o: ../include/openssl/engine.h ../include/openssl/err.h
+apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
+apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+apps.o: ../include/openssl/md4.h ../include/openssl/md5.h
+apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+apps.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+apps.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
+asn1pars.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+asn1pars.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+asn1pars.o: ../include/openssl/cast.h ../include/openssl/conf.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+asn1pars.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
+asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h
+asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h
+asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+asn1pars.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: asn1pars.c
+ca.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ca.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ca.o: ../include/openssl/cast.h ../include/openssl/conf.h
+ca.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ca.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/engine.h ../include/openssl/err.h
+ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ca.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ca.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
+ciphers.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ciphers.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ciphers.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ciphers.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+ciphers.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ciphers.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c
+crl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+crl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/engine.h ../include/openssl/err.h
+crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+crl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h crl.c
+crl2p7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl2p7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+crl2p7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl2p7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
+crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl2p7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: crl2p7.c
+dgst.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dgst.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dgst.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dgst.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
+dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dgst.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c
+dh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/engine.h ../include/openssl/err.h
+dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c
+dsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c
+dsaparam.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsaparam.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsaparam.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsaparam.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsaparam.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+dsaparam.o: dsaparam.c
+enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+enc.o: ../include/openssl/cast.h ../include/openssl/conf.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
+enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c
+engine.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+engine.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+engine.o: ../include/openssl/cast.h ../include/openssl/comp.h
+engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+engine.o: ../include/openssl/des.h ../include/openssl/des_old.h
+engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+engine.o: ../include/openssl/err.h ../include/openssl/evp.h
+engine.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+engine.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+engine.o: ../include/openssl/md4.h ../include/openssl/md5.h
+engine.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+engine.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+engine.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+engine.o: ../include/openssl/x509_vfy.h apps.h engine.c
+errstr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+errstr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+errstr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+errstr.o: ../include/openssl/des.h ../include/openssl/des_old.h
+errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+errstr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+errstr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c
+gendh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c
+gendsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendsa.o: gendsa.c
+genrsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+genrsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+genrsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+genrsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+genrsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+genrsa.o: genrsa.c
+nseq.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+nseq.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+nseq.o: ../include/openssl/cast.h ../include/openssl/conf.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
+nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h
+nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h
+nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+nseq.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c
+ocsp.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ocsp.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ocsp.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ocsp.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ocsp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
+ocsp.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ocsp.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ocsp.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ocsp.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ocsp.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ocsp.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ocsp.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ocsp.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
+openssl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+openssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+openssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/des.h ../include/openssl/des_old.h
+openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
+openssl.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+openssl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h
+passwd.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+passwd.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+passwd.o: ../include/openssl/cast.h ../include/openssl/conf.h
+passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
+passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h
+passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h
+passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+passwd.o: passwd.c
+pkcs12.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs12.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs12.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs12.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs12.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+pkcs12.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c
+pkcs7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c
+pkcs8.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs8.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs8.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs8.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs8.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+pkcs8.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c
+rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c
+req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+req.o: ../include/openssl/des.h ../include/openssl/des_old.h
+req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+req.o: ../include/openssl/err.h ../include/openssl/evp.h
+req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+req.o: ../include/openssl/md2.h ../include/openssl/md4.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
+rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c
+rsautl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsautl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rsautl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsautl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsautl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsautl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rsautl.o: rsautl.c
+s_cb.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_cb.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_cb.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_cb.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_cb.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_cb.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c
+s_client.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_client.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_client.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_client.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_client.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c
+s_server.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_server.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_server.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_server.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_server.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_server.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c
+s_socket.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_socket.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_socket.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_socket.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_socket.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c
+s_time.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_time.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_time.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_time.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_time.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_time.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c
+sess_id.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+sess_id.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+sess_id.o: ../include/openssl/cast.h ../include/openssl/comp.h
+sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+sess_id.o: ../include/openssl/des.h ../include/openssl/des_old.h
+sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+sess_id.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+sess_id.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c
+smime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+smime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+smime.o: ../include/openssl/cast.h ../include/openssl/conf.h
+smime.o: ../include/openssl/crypto.h ../include/openssl/des.h
+smime.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+smime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+smime.o: ../include/openssl/engine.h ../include/openssl/err.h
+smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
+smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
+smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+smime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+smime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c
+speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
+speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+speed.o: ../include/openssl/engine.h ../include/openssl/err.h
+speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
+speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h
+spkac.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+spkac.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+spkac.o: ../include/openssl/cast.h ../include/openssl/conf.h
+spkac.o: ../include/openssl/crypto.h ../include/openssl/des.h
+spkac.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
+spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
+spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
+spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+spkac.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c
+verify.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+verify.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+verify.o: ../include/openssl/cast.h ../include/openssl/conf.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
+verify.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+verify.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/engine.h ../include/openssl/err.h
+verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
+verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+verify.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+verify.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509v3.h apps.h verify.c
+version.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+version.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+version.o: ../include/openssl/cast.h ../include/openssl/conf.h
+version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+version.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/engine.h ../include/openssl/err.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+version.o: ../include/openssl/md4.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+version.o: ../include/openssl/sha.h ../include/openssl/stack.h
+version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+version.o: version.c
+x509.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+x509.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+x509.o: ../include/openssl/cast.h ../include/openssl/conf.h
+x509.o: ../include/openssl/crypto.h ../include/openssl/des.h
+x509.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+x509.o: ../include/openssl/engine.h ../include/openssl/err.h
+x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
+x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+x509.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+x509.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h x509.c
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index 007e3e06c3..c4dfafd778 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -1411,14 +1411,16 @@ int load_config(BIO *err, CONF *cnf)
 char *make_config_name()
         {
         const char *t=X509_get_default_cert_area();
+        size_t len;
         char *p;
 
-        p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2);
-        strcpy(p,t);
+        len=strlen(t)+strlen(OPENSSL_CONF)+2;
+        p=OPENSSL_malloc(len);
+        strlcpy(p,t,len);
 #ifndef OPENSSL_SYS_VMS
-        strcat(p,"/");
+        strlcat(p,"/",len);
 #endif
-        strcat(p,OPENSSL_CONF);
+        strlcat(p,OPENSSL_CONF,len);
 
         return p;
         }
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 7ed60c7a9a..f979dfe85f 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -579,16 +579,19 @@ bad:
         if (configfile == NULL)
                 {
                 const char *s=X509_get_default_cert_area();
+                size_t len;
 
 #ifdef OPENSSL_SYS_VMS
-                tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
+                len = strlen(s)+sizeof(CONFIG_FILE);
+                tofree=OPENSSL_malloc(len);
                 strcpy(tofree,s);
 #else
-                tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
-                strcpy(tofree,s);
-                strcat(tofree,"/");
+                len = strlen(s)+sizeof(CONFIG_FILE)+1;
+                tofree=OPENSSL_malloc(len);
+                strlcpy(tofree,s,len);
+                strlcat(tofree,"/",len);
 #endif
-                strcat(tofree,CONFIG_FILE);
+                strlcat(tofree,CONFIG_FILE,len);
                 configfile=tofree;
                 }
 
@@ -1312,7 +1315,7 @@ bad:
 #ifdef OPENSSL_SYS_VMS
                         strcat(buf[0],"-new");
 #else
-                        strcat(buf[0],".new");
+                        strlcat(buf[0],".new",sizeof(buf[0]));
 #endif
 
                         if (!save_serial(buf[0],serial)) goto err;
@@ -1322,7 +1325,7 @@ bad:
 #ifdef OPENSSL_SYS_VMS
                         strcat(buf[1],"-new");
 #else
-                        strcat(buf[1],".new");
+                        strlcat(buf[1],".new",sizeof(buf[1]));
 #endif
 
                         if (BIO_write_filename(out,buf[1]) <= 0)
@@ -1340,7 +1343,7 @@ bad:
                 for (i=0; i<sk_X509_num(cert_sk); i++)
                         {
                         int k;
-                        unsigned char *n;
+                        char *n;
 
                         x=sk_X509_value(cert_sk,i);
 
@@ -1356,15 +1359,19 @@ bad:
                         strcpy(buf[2],outdir);
 
 #ifndef OPENSSL_SYS_VMS
-                        strcat(buf[2],"/");
+                        strlcat(buf[2],"/",sizeof(buf[2]));
 #endif
 
-                        n=(unsigned char *)&(buf[2][strlen(buf[2])]);
+                        n=(char *)&(buf[2][strlen(buf[2])]);
                         if (j > 0)
                                 {
                                 for (k=0; k<j; k++)
                                         {
-                                        sprintf((char *)n,"%02X",(unsigned char)*(p++));
+                                        if (n >= &(buf[2][sizeof(buf[2])]))
+                                                break;
+                                        snprintf(n,
+                                                &buf[2][0] + sizeof(buf[2]) - n,
+                                                "%02X",(unsigned char)*(p++));
                                         n+=2;
                                         }
                                 }
@@ -1396,7 +1403,7 @@ bad:
 #ifdef OPENSSL_SYS_VMS
                         strcat(buf[2],"-old");
 #else
-                        strcat(buf[2],".old");
+                        strlcat(buf[2],".old",sizeof(buf[2]));
 #endif
 
                         BIO_free(in);
@@ -1425,7 +1432,7 @@ bad:
 #ifdef OPENSSL_SYS_VMS
                         strcat(buf[2],"-old");
 #else
-                        strcat(buf[2],".old");
+                        strlcat(buf[2],".old",sizeof(buf[2]));
 #endif
 
                         if (rename(dbfile,buf[2]) < 0)
@@ -1595,7 +1602,7 @@ bad:
 
                         strcpy(buf[0],dbfile);
 #ifndef OPENSSL_SYS_VMS
-                        strcat(buf[0],".new");
+                        strlcat(buf[0],".new",sizeof(buf[0]));
 #else
                         strcat(buf[0],"-new");
 #endif
@@ -1614,7 +1621,7 @@ bad:
                         strncpy(buf[1],dbfile,BSIZE-4);
                         buf[1][BSIZE-4]='\0';
 #ifndef OPENSSL_SYS_VMS
-                        strcat(buf[1],".old");
+                        strlcat(buf[1],".old",sizeof(buf[1]));
 #else
                         strcat(buf[1],"-old");
 #endif
@@ -2166,7 +2173,7 @@ again2:
                         p="Valid";
                 else
                         p="\ninvalid type, Data base error\n";
-                BIO_printf(bio_err,"Type          :%s\n",p);;
+                BIO_printf(bio_err,"Type          :%s\n",p);
                 if (rrow[DB_type][0] == 'R')
                         {
                         p=rrow[DB_exp_date]; if (p == NULL) p="undef";
@@ -2352,7 +2359,7 @@ again2:
                 BIO_printf(bio_err,"Memory allocation failure\n");
                 goto err;
                 }
-        strcpy(row[DB_file],"unknown");
+        strlcpy(row[DB_file],"unknown",8);
         row[DB_type][0]='V';
         row[DB_type][1]='\0';
 
@@ -2653,7 +2660,7 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
                         BIO_printf(bio_err,"Memory allocation failure\n");
                         goto err;
                         }
-                strcpy(row[DB_file],"unknown");
+                strlcpy(row[DB_file],"unknown",8);
                 row[DB_type][0]='V';
                 row[DB_type][1]='\0';
 
@@ -2977,16 +2984,16 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 
         if (!str) return NULL;
 
-        strcpy(str, (char *)revtm->data);
+        strlcpy(str, (char *)revtm->data, i);
         if (reason)
                 {
-                strcat(str, ",");
-                strcat(str, reason);
+                strlcat(str, ",", i);
+                strlcat(str, reason, i);
                 }
         if (other)
                 {
-                strcat(str, ",");
-                strcat(str, other);
+                strlcat(str, ",", i);
+                strlcat(str, other, i);
                 }
         ASN1_UTCTIME_free(revtm);
         return str;
diff --git a/src/lib/libssl/src/apps/der_chop.in b/src/lib/libssl/src/apps/der_chop.in
new file mode 100644
index 0000000000..9070b032fc
--- /dev/null
+++ b/src/lib/libssl/src/apps/der_chop.in
@@ -0,0 +1,305 @@
+#!/usr/local/bin/perl
+#
+# der_chop ... this is one total hack that Eric is really not proud of
+#              so don't look at it and don't ask for support
+#
+# The "documentation" for this (i.e. all the comments) are my fault --tjh
+#
+# This program takes the "raw" output of derparse/asn1parse and 
+# converts it into tokens and then runs regular expression matches
+# to try to figure out what to grab to get the things that are needed
+# and it is possible that this will do the wrong thing as it is a *hack*
+#
+# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
+# [I know ... promises promises :-)]
+#
+# To convert a Netscape Certificate:
+#    der_chop < ServerCert.der > cert.pem
+# To convert a Netscape Key (and encrypt it again to protect it)
+#    rsa -inform NET -in ServerKey.der -des > key.pem
+#
+# 23-Apr-96 eay    Added the extra ASN.1 string types, I still think this
+#                  is an evil hack.  If nothing else the parsing should
+#                  be relative, not absolute.
+# 19-Apr-96 tjh    hacked (with eay) into 0.5.x format
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+
+require 'getopts.pl';
+
+$debug=0;
+
+# this was the 0.4.x way of doing things ...
+$cmd="derparse";
+$x509_cmd="x509";
+$crl_cmd="crl";
+$rc4_cmd="rc4";
+$md2_cmd="md2";
+$md4_cmd="md4";
+$rsa_cmd="rsa -des -inform der ";
+
+# this was the 0.5.x way of doing things ...
+$cmd="openssl asn1parse";
+$x509_cmd="openssl x509";
+$crl_cmd="openssl crl";
+$rc4_cmd="openssl rc4";
+$md2_cmd="openssl md2";
+$md4_cmd="openssl md4";
+$rsa_cmd="openssl rsa -des -inform der ";
+
+&Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
+$depth=($opt_d =~ /^\d+$/)?$opt_d:0;
+
+&init_der();
+
+if ($#ARGV != -1)
+        {
+        foreach $file (@ARGV)
+                {
+                print STDERR "doing $file\n";
+                &dofile($file);
+                }
+        }
+else
+        {
+        $file="/tmp/a$$.DER";
+        open(OUT,">$file") || die "unable to open $file:$!\n";
+        for (;;)
+                {
+                $i=sysread(STDIN,$b,1024*10);
+                last if ($i <= 0);
+                $i=syswrite(OUT,$b,$i);
+                }
+        &dofile($file);
+        unlink($file);
+        }
+        
+sub dofile
+        {
+        local($file)=@_;
+        local(@p);
+
+        $b=&load_file($file);
+        @p=&load_file_parse($file);
+
+        foreach $_ (@p)
+                {
+                ($off,$d,$hl,$len)=&parse_line($_);
+                $d-=$depth;
+                next if ($d != 0);
+                next if ($len == 0);
+
+                $o=substr($b,$off,$len+$hl);
+                ($str,@data)=&der_str($o);
+                print "$str\n" if ($opt_v);
+                if ($str =~ /^$crl/)
+                        {
+                        open(OUT,"|$crl_cmd -inform d -hash -issuer") ||
+                                die "unable to run $crl_cmd:$!\n";
+                        print OUT $o;
+                        close(OUT);
+                        }
+                elsif ($str =~ /^$x509/)
+                        {
+                        open(OUT,"|$x509_cmd -inform d -hash -subject -issuer")
+                                || die "unable to run $x509_cmd:$!\n";
+                        print OUT $o;
+                        close(OUT);
+                        }
+                elsif ($str =~ /^$rsa/)
+                        {
+                        ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
+                        next unless ($type eq "rsaEncryption");
+                        ($off,$d,$hl,$len)=&parse_line($data[5]);
+                        $os=substr($o,$off+$hl,$len);
+                        open(OUT,"|$rsa_cmd")
+                                || die "unable to run $rsa_cmd:$!\n";
+                        print OUT $os;
+                        close(OUT);
+                        }
+                elsif ($str =~ /^0G-1D-1G/)
+                        {
+                        ($off,$d,$hl,$len)=&parse_line($data[1]);
+                        $os=substr($o,$off+$hl,$len);
+                        print STDERR "<$os>\n" if $opt_v;
+                        &do_certificate($o,@data)
+                                if (($os eq "certificate") &&
+                                    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
+                        &do_private_key($o,@data)
+                                if (($os eq "private-key") &&
+                                    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
+                        }
+                }
+        }
+
+sub der_str
+        {
+        local($str)=@_;
+        local(*OUT,*IN,@a,$t,$d,$ret);
+        local($file)="/tmp/b$$.DER";
+        local(@ret);
+
+        open(OUT,">$file");
+        print OUT $str;
+        close(OUT);
+        open(IN,"$cmd -inform 'd' -in $file |") ||
+                die "unable to run $cmd:$!\n";
+        $ret="";
+        while (<IN>)
+                {
+                chop;
+                push(@ret,$_);
+
+                print STDERR "$_\n" if ($debug);
+
+                @a=split(/\s*:\s*/);
+                ($d)=($a[1] =~ /d=\s*(\d+)/);
+                $a[2] =~ s/\s+$//;
+                $t=$DER_s2i{$a[2]};
+                $ret.="$d$t-";
+                }
+        close(IN);
+        unlink($file);
+        chop $ret;
+        $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
+        $ret =~ s/(-3G-4B-4L)+/-RCERT/g;
+        return($ret,@ret);
+        }
+
+sub init_der
+        {
+        $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
+        $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
+        $rsa= "0G-1B-1G-2F-2E-1D";
+
+        %DER_i2s=(
+                # SSLeay 0.4.x has this list
+                "A","EOC",
+                "B","INTEGER",
+                "C","BIT STRING",
+                "D","OCTET STRING",
+                "E","NULL",
+                "F","OBJECT",
+                "G","SEQUENCE",
+                "H","SET",
+                "I","PRINTABLESTRING",
+                "J","T61STRING",
+                "K","IA5STRING",
+                "L","UTCTIME",
+                "M","NUMERICSTRING",
+                "N","VIDEOTEXSTRING",
+                "O","GENERALIZEDTIME",
+                "P","GRAPHICSTRING",
+                "Q","ISO64STRING",
+                "R","GENERALSTRING",
+                "S","UNIVERSALSTRING",
+
+                # SSLeay 0.5.x changed some things ... and I'm
+                # leaving in the old stuff but adding in these
+                # to handle the new as well --tjh
+                # - Well I've just taken them out and added the extra new
+                # ones :-) - eay
+                );
+
+        foreach (keys %DER_i2s)
+                { $DER_s2i{$DER_i2s{$_}}=$_; }
+        }
+
+sub parse_line
+        {
+        local($_)=@_;
+
+        return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/);
+        }
+
+#  0:d=0 hl=4 l=377 cons: univ: SEQUENCE          
+#  4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING      
+# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE          
+# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE          
+# 23:d=3 hl=2 l=  8 prim: univ: OBJECT_IDENTIFIER :rc4
+# 33:d=3 hl=2 l=  0 prim: univ: NULL              
+# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
+sub do_private_key
+        {
+        local($data,@struct)=@_;
+        local($file)="/tmp/b$$.DER";
+        local($off,$d,$hl,$len,$_,$b,@p,$s);
+
+        ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
+        if ($type eq "rc4")
+                {
+                ($off,$d,$hl,$len)=&parse_line($struct[6]);
+                open(OUT,"|$rc4_cmd >$file") ||
+                        die "unable to run $rc4_cmd:$!\n";
+                print OUT substr($data,$off+$hl,$len);
+                close(OUT);
+
+                $b=&load_file($file);
+                unlink($file);
+
+                ($s,@p)=&der_str($b);
+                die "unknown rsa key type\n$s\n"
+                        if ($s ne '0G-1B-1G-2F-2E-1D');
+                local($off,$d,$hl,$len)=&parse_line($p[5]);
+                $b=substr($b,$off+$hl,$len);
+                ($s,@p)=&der_str($b);
+                open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n";
+                print OUT $b;
+                close(OUT);
+                }
+        else
+                {
+                print "'$type' is unknown\n";
+                exit(1);
+                }
+        }
+
+sub do_certificate
+        {
+        local($data,@struct)=@_;
+        local($file)="/tmp/b$$.DER";
+        local($off,$d,$hl,$len,$_,$b,@p,$s);
+
+        ($off,$d,$hl,$len)=&parse_line($struct[2]);
+        $b=substr($data,$off,$len+$hl);
+
+        open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n";
+        print OUT $b;
+        close(OUT);
+        }
+
+sub load_file
+        {
+        local($file)=@_;
+        local(*IN,$r,$b,$i);
+
+        $r="";
+        open(IN,"<$file") || die "unable to open $file:$!\n";
+        for (;;)
+                {
+                $i=sysread(IN,$b,10240);
+                last if ($i <= 0);
+                $r.=$b;
+                }
+        close(IN);
+        return($r);
+        }
+
+sub load_file_parse
+        {
+        local($file)=@_;
+        local(*IN,$r,@ret,$_,$i,$n,$b);
+
+        open(IN,"$cmd -inform d -in $file|")
+                || die "unable to run der_parse\n";
+        while (<IN>)
+                {
+                chop;
+                push(@ret,$_);
+                }
+        return($r,@ret);
+        }
+
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index 47d1309b14..71298b7524 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -347,8 +347,9 @@ int MAIN(int argc, char **argv)
                                 }
                         if(!out_bin)
                                 {
-                                tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
-                                sprintf(tmp,"%s(%s)= ",name,argv[i]);
+                                size_t len = strlen(name)+strlen(argv[i])+5;
+                                tmp=tofree=OPENSSL_malloc(len);
+                                snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
                                 }
                         else
                                 tmp="";
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c
index 0a9f7310bf..9299ab3e13 100644
--- a/src/lib/libssl/src/apps/enc.c
+++ b/src/lib/libssl/src/apps/enc.c
@@ -373,7 +373,7 @@ bad:
                         {
                         char buf[200];
 
-                        sprintf(buf,"enter %s %s password:",
+                        snprintf(buf,sizeof buf,"enter %s %s password:",
                                 OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
                                 (enc)?"encryption":"decryption");
                         strbuf[0]='\0';
diff --git a/src/lib/libssl/src/apps/engine.c b/src/lib/libssl/src/apps/engine.c
index c3e1e8de1c..0e7082abb9 100644
--- a/src/lib/libssl/src/apps/engine.c
+++ b/src/lib/libssl/src/apps/engine.c
@@ -122,8 +122,8 @@ static int append_buf(char **buf, const char *s, int *size, int step)
                 return 0;
 
         if (**buf != '\0')
-                strcat(*buf, ", ");
-        strcat(*buf, s);
+                strlcat(*buf, ", ", *size);
+        strlcat(*buf, s, *size);
 
         return 1;
         }
diff --git a/src/lib/libssl/src/apps/md4.c b/src/lib/libssl/src/apps/md4.c
new file mode 100644
index 0000000000..e4b0aac011
--- /dev/null
+++ b/src/lib/libssl/src/apps/md4.c
@@ -0,0 +1,127 @@
+/* crypto/md4/md4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#ifndef _OSD_POSIX
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD4(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+
+void do_fp(FILE *f)
+        {
+        MD4_CTX c;
+        unsigned char md[MD4_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+
+        fd=fileno(f);
+        MD4_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                MD4_Update(&c,buf,(unsigned long)i);
+                }
+        MD4_Final(&(md[0]),&c);
+        pt(md);
+        }
+
+void pt(unsigned char *md)
+        {
+        int i;
+
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
+
diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c
index e5f186fd5e..17e84366d9 100644
--- a/src/lib/libssl/src/apps/ocsp.c
+++ b/src/lib/libssl/src/apps/ocsp.c
@@ -136,7 +136,6 @@ int MAIN(int argc, char **argv)
         int accept_count = -1;
         int badarg = 0;
         int i;
-        int ignore_err = 0;
         STACK *reqnames = NULL;
         STACK_OF(OCSP_CERTID) *ids = NULL;
 
@@ -196,8 +195,6 @@ int MAIN(int argc, char **argv)
                                 }
                         else badarg = 1;
                         }
-                else if (!strcmp(*args, "-ignore_err"))
-                        ignore_err = 1;
                 else if (!strcmp(*args, "-noverify"))
                         noverify = 1;
                 else if (!strcmp(*args, "-nonce"))
@@ -812,8 +809,6 @@ int MAIN(int argc, char **argv)
                 {
                 BIO_printf(out, "Responder Error: %s (%ld)\n",
                                 OCSP_response_status_str(i), i);
-                if (ignore_err)
-                        goto redo_accept;
                 ret = 0;
                 goto end;
                 }
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c
index 5136acdc57..bb446d6b65 100644
--- a/src/lib/libssl/src/apps/pkcs12.c
+++ b/src/lib/libssl/src/apps/pkcs12.c
@@ -557,7 +557,7 @@ int MAIN(int argc, char **argv)
             BIO_printf (bio_err, "Can't read Password\n");
             goto export_end;
         }
-        if (!twopass) strcpy(macpass, pass);
+        if (!twopass) strlcpy(macpass, pass, sizeof macpass);
         /* Turn certbags into encrypted authsafe */
         authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
                                                                  iter, bags);
@@ -658,7 +658,7 @@ int MAIN(int argc, char **argv)
     CRYPTO_pop_info();
 #endif
 
-    if (!twopass) strcpy(macpass, pass);
+    if (!twopass) strlcpy(macpass, pass, sizeof macpass);
 
     if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
     if(macver) {
diff --git a/src/lib/libssl/src/apps/pkcs8.c b/src/lib/libssl/src/apps/pkcs8.c
index ee8cf02813..6be27e7f44 100644
--- a/src/lib/libssl/src/apps/pkcs8.c
+++ b/src/lib/libssl/src/apps/pkcs8.c
@@ -235,7 +235,7 @@ int MAIN(int argc, char **argv)
                         return (1);
                 }
                 if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
-                        BIO_printf(bio_err, "Error converting key\n");
+                        BIO_printf(bio_err, "Error converting key\n", outfile);
                         ERR_print_errors(bio_err);
                         return (1);
                 }
@@ -259,7 +259,8 @@ int MAIN(int argc, char **argv)
                         if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
                                         p8pass, strlen(p8pass),
                                         NULL, 0, iter, p8inf))) {
-                                BIO_printf(bio_err, "Error encrypting key\n");
+                                BIO_printf(bio_err, "Error encrypting key\n",
+                                                                 outfile);
                                 ERR_print_errors(bio_err);
                                 return (1);
                         }
@@ -302,7 +303,7 @@ int MAIN(int argc, char **argv)
                 }
 
                 if (!p8) {
-                        BIO_printf (bio_err, "Error reading key\n");
+                        BIO_printf (bio_err, "Error reading key\n", outfile);
                         ERR_print_errors(bio_err);
                         return (1);
                 }
@@ -316,13 +317,13 @@ int MAIN(int argc, char **argv)
         }
 
         if (!p8inf) {
-                BIO_printf(bio_err, "Error decrypting key\n");
+                BIO_printf(bio_err, "Error decrypting key\n", outfile);
                 ERR_print_errors(bio_err);
                 return (1);
         }
 
         if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
-                BIO_printf(bio_err, "Error converting key\n");
+                BIO_printf(bio_err, "Error converting key\n", outfile);
                 ERR_print_errors(bio_err);
                 return (1);
         }
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index 5f6ec3d339..c6464e9401 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -1223,34 +1223,34 @@ start:		for (;;)
                                 }
                         /* If OBJ not recognised ignore it */
                         if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
-
-                        if(strlen(v->name) > sizeof buf-9)
+                        if (snprintf(buf,sizeof buf,"%s_default",v->name)
+                                >= sizeof buf)
                            {
                            BIO_printf(bio_err,"Name '%s' too long\n",v->name);
                            return 0;
                            }
 
-                        sprintf(buf,"%s_default",v->name);
                         if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
                                 {
                                 ERR_clear_error();
                                 def="";
                                 }
-                        sprintf(buf,"%s_value",v->name);
+                                
+                        snprintf(buf,sizeof buf,"%s_value",v->name);
                         if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
                                 {
                                 ERR_clear_error();
                                 value=NULL;
                                 }
 
-                        sprintf(buf,"%s_min",v->name);
+                        snprintf(buf,sizeof buf,"%s_min",v->name);
                         if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
                                 {
                                 ERR_clear_error();
                                 n_min = -1;
                                 }
 
-                        sprintf(buf,"%s_max",v->name);
+                        snprintf(buf,sizeof buf,"%s_max",v->name);
                         if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
                                 {
                                 ERR_clear_error();
@@ -1288,13 +1288,13 @@ start2:			for (;;)
                                 if ((nid=OBJ_txt2nid(type)) == NID_undef)
                                         goto start2;
 
-                                if(strlen(v->name) > sizeof buf-9)
+                                if (snprintf(buf,sizeof buf,"%s_default",type)
+                                        >= sizeof buf)
                                    {
                                    BIO_printf(bio_err,"Name '%s' too long\n",v->name);
                                    return 0;
                                    }
 
-                                sprintf(buf,"%s_default",type);
                                 if ((def=NCONF_get_string(req_conf,attr_sect,buf))
                                         == NULL)
                                         {
@@ -1303,7 +1303,7 @@ start2:			for (;;)
                                         }
                                 
                                 
-                                sprintf(buf,"%s_value",type);
+                                snprintf(buf,sizeof buf,"%s_value",type);
                                 if ((value=NCONF_get_string(req_conf,attr_sect,buf))
                                         == NULL)
                                         {
@@ -1311,11 +1311,11 @@ start2:			for (;;)
                                         value=NULL;
                                         }
 
-                                sprintf(buf,"%s_min",type);
+                                snprintf(buf,sizeof buf,"%s_min",type);
                                 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
                                         n_min = -1;
 
-                                sprintf(buf,"%s_max",type);
+                                snprintf(buf,sizeof buf,"%s_max",type);
                                 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
                                         n_max = -1;
 
@@ -1397,9 +1397,8 @@ start:
         (void)BIO_flush(bio_err);
         if(value != NULL)
                 {
-                OPENSSL_assert(strlen(value) < sizeof buf-2);
-                strcpy(buf,value);
-                strcat(buf,"\n");
+                strlcpy(buf,value,sizeof buf);
+                strlcat(buf,"\n",sizeof buf);
                 BIO_printf(bio_err,"%s\n",value);
                 }
         else
@@ -1421,8 +1420,8 @@ start:
                 {
                 if ((def == NULL) || (def[0] == '\0'))
                         return(1);
-                strcpy(buf,def);
-                strcat(buf,"\n");
+                strlcpy(buf,def,sizeof buf);
+                strlcat(buf,"\n",sizeof buf);
                 }
         else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
 
@@ -1456,9 +1455,8 @@ start:
         (void)BIO_flush(bio_err);
         if (value != NULL)
                 {
-                OPENSSL_assert(strlen(value) < sizeof buf-2);
-                strcpy(buf,value);
-                strcat(buf,"\n");
+                strlcpy(buf,value,sizeof buf);
+                strlcat(buf,"\n",sizeof buf);
                 BIO_printf(bio_err,"%s\n",value);
                 }
         else
@@ -1480,8 +1478,8 @@ start:
                 {
                 if ((def == NULL) || (def[0] == '\0'))
                         return(1);
-                strcpy(buf,def);
-                strcat(buf,"\n");
+                strlcpy(buf,def,sizeof buf);
+                strlcat(buf,"\n",sizeof buf);
                 }
         else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
 
diff --git a/src/lib/libssl/src/apps/s_apps.h b/src/lib/libssl/src/apps/s_apps.h
index 66b6edd442..ff18a72fe0 100644
--- a/src/lib/libssl/src/apps/s_apps.h
+++ b/src/lib/libssl/src/apps/s_apps.h
@@ -112,14 +112,6 @@
 #include <sys/types.h>
 #include <openssl/opensslconf.h>
 
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#include <conio.h>
-#endif
-
-#ifdef OPENSSL_SYS_MSDOS
-#define _kbhit kbhit
-#endif
-
 #if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
 /* VAX C does not defined fd_set and friends, but it's actually quite simple */
 /* These definitions are borrowed from SOCKETSHR.       /Richard Levitte */
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index eb6fd7c1c3..efa4902abd 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -136,6 +136,10 @@ typedef unsigned int u_int;
 #include <openssl/rand.h>
 #include "s_apps.h"
 
+#ifdef OPENSSL_SYS_WINDOWS
+#include <conio.h>
+#endif
+
 #ifdef OPENSSL_SYS_WINCE
 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
 #ifdef fileno
@@ -217,7 +221,7 @@ static void sc_usage(void)
         BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
         BIO_printf(bio_err,"                 for those protocols that support it, where\n");
         BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
-        BIO_printf(bio_err,"                 only \"smtp\" and \"pop3\" are supported.\n");
+        BIO_printf(bio_err,"                 only \"smtp\" is supported.\n");
 #ifndef OPENSSL_NO_ENGINE
         BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 #endif
@@ -247,7 +251,7 @@ int MAIN(int argc, char **argv)
         int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
         SSL_CTX *ctx=NULL;
         int ret=1,in_init=1,i,nbio_test=0;
-        int starttls_proto = 0;
+        int smtp_starttls = 0;
         int prexit = 0, vflags = 0;
         SSL_METHOD *meth=NULL;
         BIO *sbio;
@@ -256,7 +260,7 @@ int MAIN(int argc, char **argv)
         char *engine_id=NULL;
         ENGINE *e=NULL;
 #endif
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#ifdef OPENSSL_SYS_WINDOWS
         struct timeval tv;
 #endif
 
@@ -411,9 +415,7 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         ++argv;
                         if (strcmp(*argv,"smtp") == 0)
-                                starttls_proto = 1;
-                        else if (strcmp(*argv,"pop3") == 0)
-                                starttls_proto = 2;
+                                smtp_starttls = 1;
                         else
                                 goto bad;
                         }
@@ -585,18 +587,12 @@ re_start:
         sbuf_off=0;
 
         /* This is an ugly hack that does a lot of assumptions */
-        if (starttls_proto == 1)
+        if (smtp_starttls)
                 {
                 BIO_read(sbio,mbuf,BUFSIZZ);
                 BIO_printf(sbio,"STARTTLS\r\n");
                 BIO_read(sbio,sbuf,BUFSIZZ);
                 }
-        if (starttls_proto == 2)
-                {
-                BIO_read(sbio,mbuf,BUFSIZZ);
-                BIO_printf(sbio,"STLS\r\n");
-                BIO_read(sbio,sbuf,BUFSIZZ);
-                }
 
         for (;;)
                 {
@@ -617,11 +613,11 @@ re_start:
                                 print_stuff(bio_c_out,con,full_log);
                                 if (full_log > 0) full_log--;
 
-                                if (starttls_proto)
+                                if (smtp_starttls)
                                         {
                                         BIO_printf(bio_err,"%s",mbuf);
                                         /* We don't need to know any more */
-                                        starttls_proto = 0;
+                                        smtp_starttls = 0;
                                         }
 
                                 if (reconnect)
@@ -640,7 +636,7 @@ re_start:
 
                 if (!ssl_pending)
                         {
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+#ifndef OPENSSL_SYS_WINDOWS
                         if (tty_on)
                                 {
                                 if (read_tty)  FD_SET(fileno(stdin),&readfds);
@@ -667,8 +663,8 @@ re_start:
                          * will choke the compiler: if you do have a cast then
                          * you can either go for (int *) or (void *).
                          */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-                        /* Under Windows/DOS we make the assumption that we can
+#ifdef OPENSSL_SYS_WINDOWS
+                        /* Under Windows we make the assumption that we can
                          * always write to the tty: therefore if we need to
                          * write to the tty we just fall through. Otherwise
                          * we timeout the select every second and see if there
@@ -682,7 +678,7 @@ re_start:
                                         tv.tv_usec = 0;
                                         i=select(width,(void *)&readfds,(void *)&writefds,
                                                  NULL,&tv);
-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+#ifdef OPENSSL_SYS_WINCE
                                         if(!i && (!_kbhit() || !read_tty) ) continue;
 #else
                                         if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
@@ -789,7 +785,7 @@ re_start:
                                 /* goto end; */
                                 }
 
-                        sbuf_len-=i;;
+                        sbuf_len-=i;
                         sbuf_off+=i;
                         if (sbuf_len <= 0)
                                 {
@@ -851,8 +847,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
                                 }
                         }
 
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+#ifdef OPENSSL_SYS_WINDOWS
+#ifdef OPENSSL_SYS_WINCE
                 else if (_kbhit())
 #else
                 else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index ff4ab6ef28..5157aae4d1 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -140,6 +140,10 @@ typedef unsigned int u_int;
 #include <openssl/rand.h>
 #include "s_apps.h"
 
+#ifdef OPENSSL_SYS_WINDOWS
+#include <conio.h>
+#endif
+
 #ifdef OPENSSL_SYS_WINCE
 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
 #ifdef fileno
@@ -913,7 +917,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
         unsigned long l;
         SSL *con=NULL;
         BIO *sbio;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#ifdef OPENSSL_SYS_WINDOWS
         struct timeval tv;
 #endif
 
@@ -987,7 +991,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                 if (!read_from_sslcon)
                         {
                         FD_ZERO(&readfds);
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+#ifndef OPENSSL_SYS_WINDOWS
                         FD_SET(fileno(stdin),&readfds);
 #endif
                         FD_SET(s,&readfds);
@@ -997,8 +1001,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                          * the compiler: if you do have a cast then you can either
                          * go for (int *) or (void *).
                          */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-                        /* Under DOS (non-djgpp) and Windows we can't select on stdin: only
+#ifdef OPENSSL_SYS_WINDOWS
+                        /* Under Windows we can't select on stdin: only
                          * on sockets. As a workaround we timeout the select every
                          * second and check for any keypress. In a proper Windows
                          * application we wouldn't do this because it is inefficient.
@@ -1259,13 +1263,7 @@ static int init_ssl_connection(SSL *con)
         if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
                 TLS1_FLAGS_TLS_PADDING_BUG)
                 BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
-#ifndef OPENSSL_NO_KRB5
-        if (con->kssl_ctx->client_princ != NULL)
-                {
-                BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
-                        con->kssl_ctx->client_princ);
-                }
-#endif /* OPENSSL_NO_KRB5 */
+
         return(1);
         }
 
diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c
index a88de6c8c8..02c3f640cf 100644
--- a/src/lib/libssl/src/apps/s_socket.c
+++ b/src/lib/libssl/src/apps/s_socket.c
@@ -389,7 +389,7 @@ redoit:
                         perror("OPENSSL_malloc");
                         return(0);
                         }
-                strcpy(*host,h1->h_name);
+                strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
 
                 h2=GetHostByName(*host);
                 if (h2 == NULL)
diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c
index 1ad16cd607..8a699de0ea 100644
--- a/src/lib/libssl/src/apps/s_time.c
+++ b/src/lib/libssl/src/apps/s_time.c
@@ -502,7 +502,7 @@ int MAIN(int argc, char **argv)
 
                 if (s_www_path != NULL)
                         {
-                        sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+                        snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
                         SSL_write(scon,buf,strlen(buf));
                         while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
                                 bytes_read+=i;
@@ -557,7 +557,7 @@ next:
 
         if (s_www_path != NULL)
                 {
-                sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+                snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
                 SSL_write(scon,buf,strlen(buf));
                 while (SSL_read(scon,buf,sizeof(buf)) > 0)
                         ;
@@ -595,7 +595,7 @@ next:
 
                 if (s_www_path)
                         {
-                        sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+                        snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
                         SSL_write(scon,buf,strlen(buf));
                         while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
                                 bytes_read+=i;
diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c
index 51bc893ffa..cc248d377b 100644
--- a/src/lib/libssl/src/apps/smime.c
+++ b/src/lib/libssl/src/apps/smime.c
@@ -168,10 +168,6 @@ int MAIN(int argc, char **argv)
                                 flags |= PKCS7_BINARY;
                 else if (!strcmp (*args, "-nosigs"))
                                 flags |= PKCS7_NOSIGS;
-                else if (!strcmp (*args, "-nooldmime"))
-                                flags |= PKCS7_NOOLDMIMETYPE;
-                else if (!strcmp (*args, "-crlfeol"))
-                                flags |= PKCS7_CRLFEOL;
                 else if (!strcmp (*args, "-crl_check"))
                                 store_flags |= X509_V_FLAG_CRL_CHECK;
                 else if (!strcmp (*args, "-crl_check_all"))
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index 2020b51de0..e300bb82cf 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -1029,24 +1029,26 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
         ASN1_INTEGER *bs = NULL, *bs2 = NULL;
         BIO *io = NULL;
         BIGNUM *serial = NULL;
+        size_t len;
 
-        buf=OPENSSL_malloc( ((serialfile == NULL)
-                        ?(strlen(CAfile)+strlen(POSTFIX)+1)
-                        :(strlen(serialfile)))+1);
+        len = ((serialfile == NULL)
+                ?(strlen(CAfile)+strlen(POSTFIX)+1)
+                :(strlen(serialfile)))+1;
+        buf=OPENSSL_malloc(len);
         if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
         if (serialfile == NULL)
                 {
-                strcpy(buf,CAfile);
+                strlcpy(buf,CAfile,len);
                 for (p=buf; *p; p++)
                         if (*p == '.')
                                 {
                                 *p='\0';
                                 break;
                                 }
-                strcat(buf,POSTFIX);
+                strlcat(buf,POSTFIX,len);
                 }
         else
-                strcpy(buf,serialfile);
+                strlcpy(buf,serialfile,len);
         serial=BN_new();
         bs=ASN1_INTEGER_new();
         if ((serial == NULL) || (bs == NULL))
@@ -1145,7 +1147,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
         else if (!(bs = load_serial(CAfile, serialfile, create)))
                 goto end;
 
-/*      if (!X509_STORE_add_cert(ctx,x)) goto end;*/
+        if (!X509_STORE_add_cert(ctx,x)) goto end;
 
         /* NOTE: this certificate can/should be self signed, unless it was
          * a certificate request in which case it is not. */
diff --git a/src/lib/libssl/src/bugs/SSLv3 b/src/lib/libssl/src/bugs/SSLv3
index a75a1652d9..db53e1343a 100644
--- a/src/lib/libssl/src/bugs/SSLv3
+++ b/src/lib/libssl/src/bugs/SSLv3
@@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA.  So netscape, when
 doing a re-connect, always takes the first cipher in the cipher list.
 
 If we accept a netscape connection, demand a client cert, have a
-non-self-signed CA which does not have it's CA in netscape, and the
+non-self-sighed CA which does not have it's CA in netscape, and the
 browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta
 
 Netscape browsers do not really notice the server sending a
diff --git a/src/lib/libssl/src/certs/ICE-CA.pem b/src/lib/libssl/src/certs/ICE-CA.pem
new file mode 100644
index 0000000000..75652366c2
--- /dev/null
+++ b/src/lib/libssl/src/certs/ICE-CA.pem
@@ -0,0 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:35:53 1997 GMT
+            Not After : Apr  2 17:35:53 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
+                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
+                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
+                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
+                    49:11:a5:c9:45
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0.........z.."p......e..
+            X509v3 Subject Key Identifier: 
+                ..~r..:..B.44fu......3
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...
+            X509v3 Subject Alternative Name: 
+                0!..secude-support@darmstadt.gmd.de
+            X509v3 Issuer Alternative Name: 
+                0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
+            X509v3 Basic Constraints: critical
+                0....
+            X509v3 CRL Distribution Points: 
+                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
+    Signature Algorithm: md5WithRSAEncryption
+        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
+        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
+        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
+        88:73:cd:60:28:79:a3:fc:48:7a
+-----BEGIN CERTIFICATE-----
+MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
+AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
+BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
+IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
+NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
+MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
+VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
+LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
+/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
+aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
+7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/ICE-root.pem b/src/lib/libssl/src/certs/ICE-root.pem
new file mode 100644
index 0000000000..fa991599c9
--- /dev/null
+++ b/src/lib/libssl/src/certs/ICE-root.pem
@@ -0,0 +1,48 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:33:36 1997 GMT
+            Not After : Apr  2 17:33:36 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
+                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
+                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
+                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
+                    e7:c7:9f:41:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                ........z.."p......e..
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Subject Alternative Name: 
+                0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
+            X509v3 Basic Constraints: critical
+                0....
+    Signature Algorithm: md5WithRSAEncryption
+        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
+        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
+        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
+        7e:22:9f:25:06:60:bd:79:30:3d
+-----BEGIN CERTIFICATE-----
+MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
+EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
+0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
+ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
+dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
+LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
+iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
+fiKfJQZgvXkwPQ==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/ICE-user.pem b/src/lib/libssl/src/certs/ICE-user.pem
new file mode 100644
index 0000000000..28065fd37d
--- /dev/null
+++ b/src/lib/libssl/src/certs/ICE-user.pem
@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Validity
+            Not Before: Apr  2 17:35:59 1997 GMT
+            Not After : Apr  2 17:35:59 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
+                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
+                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
+                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
+                    be:3e:a4:61:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0...~r..:..B.44fu......3
+            X509v3 Subject Key Identifier: 
+                ...... .*...1.*.......
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...0.......
+            X509v3 Subject Alternative Name: 
+                0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
+            X509v3 Issuer Alternative Name: 
+                0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
+..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
+            X509v3 Basic Constraints: critical
+                0.
+            X509v3 CRL Distribution Points: 
+                0.0.......gmdca@gmd.de
+    Signature Algorithm: md5WithRSAEncryption
+        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
+        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
+        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
+        9a:f7:6f:63:9b:94:99:83:d6:a4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
+OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
+Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
+EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
+qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
+BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
+nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
+A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
+HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
+YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
+dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
+VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
+Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
+ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
+DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/ICE.crl b/src/lib/libssl/src/certs/ICE.crl
new file mode 100644
index 0000000000..21939e8cc4
--- /dev/null
+++ b/src/lib/libssl/src/certs/ICE.crl
@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
+VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
+NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
+WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
+i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
+KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
+mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
+-----END X509 CRL-----
diff --git a/src/lib/libssl/src/certs/RegTP-4R.pem b/src/lib/libssl/src/certs/RegTP-4R.pem
new file mode 100644
index 0000000000..6f2c6abccd
--- /dev/null
+++ b/src/lib/libssl/src/certs/RegTP-4R.pem
@@ -0,0 +1,19 @@
+issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+notBefore=Jan 21 16:04:53 1999 GMT
+notAfter=Jan 21 16:04:53 2004 GMT
+subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+-----BEGIN CERTIFICATE-----
+MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
+MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
+dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
+MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
+AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
+dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
+IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
+aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
+jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
+5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
+JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
+Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
+JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/ca-cert.pem b/src/lib/libssl/src/certs/ca-cert.pem
new file mode 100644
index 0000000000..bcba68aefa
--- /dev/null
+++ b/src/lib/libssl/src/certs/ca-cert.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
+HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzODUxWhcN
+MDUwNzEwMjEzODUxWjBbMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
+ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxGzAZBgNVBAMTElRlc3QgQ0Eg
+KDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7ujy3XXpU/p
+yDJtOxkMJmGv3mdiVm7JrdoKLUgqjO2rBaeNuYMUiuI6oYU+tlD6agwRML0Pn2JF
+b90VdK/UXrmRr9djaEuH17EIKjte5RwOzndCndsjcCYyoeODMTyg7dqPIkDMmRNM
+5R5xBTabD+Aji0wzQupYxBLuW5PLj7ECAwEAAaOBtzCBtDAdBgNVHQ4EFgQU1WWA
+U42mkhi3ecgey1dsJjU61+UwgYQGA1UdIwR9MHuAFE0RaEcrj18q1dw+G6nJbsTW
+R213oWCkXjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0
+IGJpdCmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBb39BRphHL
+6aRAQyymsvBvPSCiG9+kR0R1L23aTpNbhXp2BebyFjbEQYZc2kWGiKKcHkNECA35
+3d4LoqUlVey8DFyafOIJd9hxdZfg+rxlHMxnL7uCJRmx9+xB411Jtsol9/wg1uCK
+sleGpgB4j8cG2SVCz7V2MNZNK+d5QCnR7A==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/certs/dsa-ca.pem b/src/lib/libssl/src/certs/dsa-ca.pem
new file mode 100644
index 0000000000..9eb08f3ddd
--- /dev/null
+++ b/src/lib/libssl/src/certs/dsa-ca.pem
@@ -0,0 +1,43 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+
+svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+MVqOsYxGCb+kez0FoDSTgw==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+C1Q=
+-----END CERTIFICATE-----
+
diff --git a/src/lib/libssl/src/certs/dsa-pca.pem b/src/lib/libssl/src/certs/dsa-pca.pem
new file mode 100644
index 0000000000..e3641ad47e
--- /dev/null
+++ b/src/lib/libssl/src/certs/dsa-pca.pem
@@ -0,0 +1,49 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+
+GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+5rKUjNBhSg==
+-----END CERTIFICATE-----
+
diff --git a/src/lib/libssl/src/certs/factory.pem b/src/lib/libssl/src/certs/factory.pem
new file mode 100644
index 0000000000..8e28b391b2
--- /dev/null
+++ b/src/lib/libssl/src/certs/factory.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/nortelCA.pem b/src/lib/libssl/src/certs/nortelCA.pem
new file mode 100644
index 0000000000..207f34ab3a
--- /dev/null
+++ b/src/lib/libssl/src/certs/nortelCA.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
diff --git a/src/lib/libssl/src/certs/pca-cert.pem b/src/lib/libssl/src/certs/pca-cert.pem
new file mode 100644
index 0000000000..9d754d460d
--- /dev/null
+++ b/src/lib/libssl/src/certs/pca-cert.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
+HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN
+MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
+ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB
+ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy
+V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6
+JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S
+S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R
+aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E
+1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho
++Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ
+JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0
+Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/certs/rsa-cca.pem b/src/lib/libssl/src/certs/rsa-cca.pem
new file mode 100644
index 0000000000..69f5c1c84c
--- /dev/null
+++ b/src/lib/libssl/src/certs/rsa-cca.pem
@@ -0,0 +1,19 @@
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/timCA.pem b/src/lib/libssl/src/certs/timCA.pem
new file mode 100644
index 0000000000..9c8d5bf9c6
--- /dev/null
+++ b/src/lib/libssl/src/certs/timCA.pem
@@ -0,0 +1,16 @@
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+-----END CERTIFICATE-----
+
diff --git a/src/lib/libssl/src/certs/tjhCA.pem b/src/lib/libssl/src/certs/tjhCA.pem
new file mode 100644
index 0000000000..67bee1b200
--- /dev/null
+++ b/src/lib/libssl/src/certs/tjhCA.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/vsign2.pem b/src/lib/libssl/src/certs/vsign2.pem
new file mode 100644
index 0000000000..d8bdd8c812
--- /dev/null
+++ b/src/lib/libssl/src/certs/vsign2.pem
@@ -0,0 +1,18 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQC6WslMBTuS1qe2307QU5INMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAtlqLow1qI4OAa885h/QhEzMGTCWi7VUSl8WngLn6g8EgoPovFQ18
+oWBrfnks+gYPOq72G2+x0v8vKFJfg31LxHq3+GYfgFT8t8KOWUoUV0bRmpO+QZED
+uxWAk1zr58wIbD8+s0r8/0tsI9VQgiZEGY4jw3HqGSRHBJ51v8imAB8CAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQC2AB+TV6QHp0DOZUA/VV7t7/pUSaUw1iF8YYfug5ML
+v7Qz8pisnwa/TqjOFIFMywROWMPPX+5815pvy0GKt3+BuP+EYcYnQ2UdDOyxAArd
+G6S7x3ggKLKi3TaVLuFUT79guXdoEZkj6OpS6KoATmdOu5C1RZtG644W78QzWzM9
+1Q==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/vsigntca.pem b/src/lib/libssl/src/certs/vsigntca.pem
new file mode 100644
index 0000000000..05acf76e66
--- /dev/null
+++ b/src/lib/libssl/src/certs/vsigntca.pem
@@ -0,0 +1,18 @@
+subject=/O=VeriSign, Inc/OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD./OU=For VeriSign authorized testing only. No assurances (C)VS1997
+notBefore=Mar  4 00:00:00 1997 GMT
+notAfter=Mar  4 23:59:59 2025 GMT
+-----BEGIN CERTIFICATE-----
+MIICTTCCAfcCEEdoCqpuXxnoK27q7d58Qc4wDQYJKoZIhvcNAQEEBQAwgakxFjAU
+BgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52ZXJpc2lnbi5jb20v
+cmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBMaWFiLiBMVEQuMUYw
+RAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0aW5nIG9ubHkuIE5v
+IGFzc3VyYW5jZXMgKEMpVlMxOTk3MB4XDTk3MDMwNDAwMDAwMFoXDTI1MDMwNDIz
+NTk1OVowgakxFjAUBgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52
+ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBM
+aWFiLiBMVEQuMUYwRAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0
+aW5nIG9ubHkuIE5vIGFzc3VyYW5jZXMgKEMpVlMxOTk3MFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAMak6xImJx44jMKcbkACy5/CyMA2fqXK4PlzTtCxRq5tFkDzne7s
+cI8oFK/J+gFZNE3bjidDxf07O3JOYG9RGx8CAwEAATANBgkqhkiG9w0BAQQFAANB
+ADT523tENOKrEheZFpsJx1UUjPrG7TwYc/C4NBHrZI4gZJcKVFIfNulftVS6UMYW
+ToLEMaUojc3DuNXHG21PDG8=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/crypto/Makefile b/src/lib/libssl/src/crypto/Makefile
deleted file mode 100644
index eb49323ad5..0000000000
--- a/src/lib/libssl/src/crypto/Makefile
+++ /dev/null
@@ -1,133 +0,0 @@
-LIB=    crypto
-CFLAGS+= -DNO_IDEA -DTERMIOS -DL_ENDIAN -DANSI_SOURCE 
-CFLAGS+= -I${.CURDIR}/../include
-SRCS+=  cryptlib.c mem.c cversion.c ex_data.c cpt_err.c                 
-CFLAGS+= -I${.CURDIR}/md2
-SRCS+=  md2_dgst.c md2_one.c                                    
-CFLAGS+= -I${.CURDIR}/md5
-SRCS+=  md5_dgst.c md5_one.c                                    
-CFLAGS+= -I${.CURDIR}/sha
-SRCS+=  sha_dgst.c sha1dgst.c sha_one.c sha1_one.c      
-CFLAGS+= -I${.CURDIR}/mdc2
-SRCS+=  mdc2dgst.c mdc2_one.c                                   
-CFLAGS+= -I${.CURDIR}/hmac
-SRCS+=  hmac.c                                                  
-CFLAGS+= -I${.CURDIR}/ripemd
-SRCS+=  rmd_dgst.c rmd_one.c                            
-CFLAGS+= -I${.CURDIR}/des
-SRCS+=  set_key.c ecb_enc.c cbc_enc.c ecb3_enc.c        
-SRCS+=  cfb64enc.c cfb64ede.c cfb_enc.c ofb64ede.c      
-SRCS+=  enc_read.c enc_writ.c ofb64enc.c ofb_enc.c      
-SRCS+=  str2key.c pcbc_enc.c qud_cksm.c rand_key.c      
-SRCS+=  read2pwd.c fcrypt.c xcbc_enc.c read_pwd.c       
-SRCS+=  rpc_enc.c cbc_cksm.c supp.c                             
-CFLAGS+= -I${.CURDIR}/rc2
-SRCS+=  rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c       
-SRCS+=  rc2ofb64.c                                                      
-CFLAGS+= -I${.CURDIR}/rc4
-SRCS+=  rc4_skey.c                                                      
-CFLAGS+= -I${.CURDIR}/rc5
-SRCS+=  rc5_skey.c rc5_ecb.c rc5cfb64.c rc5cfb64.c      
-SRCS+=  rc5ofb64.c                                                      
-CFLAGS+= -I${.CURDIR}/idea
-SRCS+=  i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c             
-SRCS+=  i_skey.c                                                        
-CFLAGS+= -I${.CURDIR}/bf
-SRCS+=  bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c                
-CFLAGS+= -I${.CURDIR}/cast
-SRCS+=  c_skey.c c_ecb.c c_cfb64.c c_ofb64.c    
-CFLAGS+= -I${.CURDIR}/bn
-SRCS+=  bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c    
-SRCS+=  bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c
-SRCS+=  bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c
-SRCS+=  bn_sqr.c bn_recp.c bn_mont.c bn_mpi.c           
-CFLAGS+= -I${.CURDIR}/rsa
-SRCS+=  rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c        
-SRCS+=  rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c        
-SRCS+=  rsa_none.c                                                      
-CFLAGS+= -I${.CURDIR}/dsa
-SRCS+=  dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c         
-SRCS+=  dsa_sign.c dsa_err.c                                    
-CFLAGS+= -I${.CURDIR}/dh
-SRCS+=  dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c  
-CFLAGS+= -I${.CURDIR}/buffer
-SRCS+=  buffer.c buf_err.c                              
-CFLAGS+= -I${.CURDIR}/bio
-SRCS+=  bio_lib.c bio_cb.c bio_err.c bss_mem.c          
-SRCS+=  bss_null.c bss_fd.c bss_file.c bss_sock.c       
-SRCS+=  bss_conn.c bf_null.c bf_buff.c 
-SRCS+=  b_print.c b_dump.c b_sock.c bss_acpt.c          
-SRCS+=  bf_nbio.c                                                       
-CFLAGS+= -I${.CURDIR}/stack
-SRCS+=  stack.c                                                 
-CFLAGS+= -I${.CURDIR}/lhash
-SRCS+=  lhash.c lh_stats.c                                      
-CFLAGS+= -I${.CURDIR}/rand
-SRCS+=  md_rand.c randfile.c                                    
-CFLAGS+= -I${.CURDIR}/err
-SRCS+=  err.c err_all.c err_prn.c                               
-CFLAGS+= -I${.CURDIR}/objects
-SRCS+=  obj_dat.c obj_lib.c obj_err.c
-CFLAGS+= -I${.CURDIR}/evp
-SRCS+=  encode.c digest.c evp_enc.c evp_key.c           
-SRCS+=  e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c         
-SRCS+=  e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c         
-SRCS+=  e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c           
-SRCS+=  e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c     
-SRCS+=  e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c     
-SRCS+=  e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c      
-SRCS+=  e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c        
-SRCS+=  e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c       
-SRCS+=  m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c        
-SRCS+=  m_dss1.c m_mdc2.c m_ripemd.c p_open.c           
-SRCS+=  p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c
-SRCS+=  p_dec.c bio_md.c bio_b64.c bio_enc.c            
-SRCS+=  evp_err.c e_null.c c_all.c evp_lib.c
-CFLAGS+= -I${.CURDIR}/pem
-SRCS+=  pem_sign.c pem_seal.c pem_info.c pem_lib.c      
-SRCS+=  pem_all.c pem_err.c                                     
-CFLAGS+= -I${.CURDIR}/asn1
-SRCS+=  a_object.c a_bitstr.c a_utctm.c a_int.c 
-SRCS+=  a_octet.c a_print.c a_type.c a_set.c    
-SRCS+=  a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c  
-SRCS+=  a_digest.c a_verify.c x_algor.c x_val.c 
-SRCS+=  x_pubkey.c x_sig.c x_req.c x_attrib.c   
-SRCS+=  x_name.c x_cinf.c x_x509.c x_crl.c              
-SRCS+=  x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c 
-SRCS+=  d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c     
-SRCS+=  d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c         
-SRCS+=  i2d_pu.c i2d_pr.c t_req.c t_x509.c              
-SRCS+=  t_pkey.c p7_i_s.c p7_signi.c p7_signd.c 
-SRCS+=  p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c        
-SRCS+=  p7_s_e.c p7_enc.c p7_lib.c f_int.c              
-SRCS+=  f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c       
-SRCS+=  d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c    
-SRCS+=  a_bool.c x_exten.c asn1_par.c asn1_lib.c        
-SRCS+=  asn1_err.c a_meth.c a_bytes.c evp_asn1.c        
-CFLAGS+= -I${.CURDIR}/x509
-SRCS+=  x509_def.c x509_d2.c x509_r2x.c x509_cmp.c      
-SRCS+=  x509_obj.c x509_req.c x509_vfy.c x509_set.c     
-SRCS+=  x509rset.c x509_err.c x509name.c x509_v3.c      
-SRCS+=  x509_ext.c x509pack.c x509type.c x509_lu.c      
-SRCS+=  x_all.c x509_txt.c by_file.c by_dir.c   
-SRCS+=  v3_net.c v3_x509.c                                      
-CFLAGS+= -I${.CURDIR}/conf
-SRCS+=  conf.c conf_err.c                                       
-CFLAGS+= -I${.CURDIR}/txt_db
-SRCS+=  txt_db.c                                                        
-CFLAGS+= -I${.CURDIR}/pkcs7
-SRCS+=  pk7_lib.c pkcs7err.c pk7_doit.c
-
-.PATH:  ${.CURDIR}/md2 ${.CURDIR}/md5 ${.CURDIR}/sha ${.CURDIR}/mdc2    \
-        ${.CURDIR}/hmac ${.CURDIR}/ripemd ${.CURDIR}/des  ${.CURDIR}/rc2 \
-        ${.CURDIR}/rc4 ${.CURDIR}/rc5 ${.CURDIR}/idea ${.CURDIR}/bf    \
-        ${.CURDIR}/cast ${.CURDIR}/bn  ${.CURDIR}/rsa ${.CURDIR}/dsa   \
-        ${.CURDIR}/dh ${.CURDIR}/buffer ${.CURDIR}/bio ${.CURDIR}/stack \
-        ${.CURDIR}/lhash ${.CURDIR}/rand ${.CURDIR}/err ${.CURDIR}/objects \
-        ${.CURDIR}/evp ${.CURDIR}/pem ${.CURDIR}/asn1  ${.CURDIR}/asn1 \
-        ${.CURDIR}/x509 ${.CURDIR}/conf txt_db/txt_db.c ${.CURDIR}/pkcs7 \
-        ${.CURDIR}/txt_db
-
-.include <bsd.lib.mk>
-
-
diff --git a/src/lib/libssl/src/crypto/Makefile.ssl b/src/lib/libssl/src/crypto/Makefile.ssl
new file mode 100644
index 0000000000..3071e3cb86
--- /dev/null
+++ b/src/lib/libssl/src/crypto/Makefile.ssl
@@ -0,0 +1,218 @@
+#
+# SSLeay/crypto/Makefile
+#
+
+DIR=            crypto
+TOP=            ..
+CC=             cc
+INCLUDE=        -I. -I$(TOP) -I../include
+INCLUDES=       -I.. -I../.. -I../../include
+CFLAG=          -g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=     /usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+RM=             rm -f
+AR=             ar r
+
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDE) $(CFLAG)
+
+
+LIBS=
+
+SDIRS=  md2 md5 sha mdc2 hmac ripemd \
+        des rc2 rc4 rc5 idea bf cast \
+        bn ec rsa dsa dh dso engine aes \
+        buffer bio stack lhash rand err objects \
+        evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
+
+GENERAL=Makefile README crypto-lib.com install.com
+
+LIB= $(TOP)/libcrypto.a
+SHARED_LIB= libcrypto$(SHLIB_EXT)
+LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
+        ossl_typ.h
+HEADER= cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: buildinf.h lib subdirs shared
+
+buildinf.h: ../Makefile.ssl
+        ( echo "#ifndef MK1MF_BUILD"; \
+        echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
+        echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
+        echo '  #define PLATFORM "$(PLATFORM)"'; \
+        echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
+        echo '#endif' ) >buildinf.h
+
+testapps:
+        if echo ${SDIRS} | fgrep ' des '; \
+        then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi
+        cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
+
+subdirs:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making all in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+        done;
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making 'files' in crypto/$$i..." && \
+        $(MAKE) PERL='${PERL}' files ); \
+        done;
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @for i in $(SDIRS); do \
+        (cd $$i && echo "making links in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
+        done;
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+shared:
+        if [ -n "$(SHARED_LIBS)" ]; then \
+                (cd ..; $(MAKE) $(SHARED_LIB)); \
+        fi
+
+libs:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making libs in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+        done;
+
+tests:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making tests in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
+        done;
+
+install:
+        @for i in $(EXHEADER) ;\
+        do \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making install in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+        done;
+
+lint:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making lint in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
+        done;
+
+depend:
+        if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+        if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making depend in crypto/$$i..." && \
+        $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
+        done;
+
+clean:
+        rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making clean in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
+        done;
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making dclean in crypto/$$i..." && \
+        $(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
+        done;
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cpt_err.c
+cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cryptlib.o: ../include/openssl/symhacks.h cryptlib.c cryptlib.h
+cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c
+ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
+ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
+ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ex_data.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+ex_data.o: ../include/openssl/symhacks.h cryptlib.h ex_data.c
+mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
+mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_clr.o: ../include/openssl/symhacks.h mem_clr.c
+mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
+o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
+o_time.o: o_time.h
+tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
+tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+tmdiff.o: ../include/openssl/symhacks.h ../include/openssl/tmdiff.h cryptlib.h
+tmdiff.o: tmdiff.c
+uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+uid.o: ../include/openssl/symhacks.h uid.c
diff --git a/src/lib/libssl/src/crypto/aes/Makefile.ssl b/src/lib/libssl/src/crypto/aes/Makefile.ssl
new file mode 100644
index 0000000000..f353aeb697
--- /dev/null
+++ b/src/lib/libssl/src/crypto/aes/Makefile.ssl
@@ -0,0 +1,103 @@
+#
+# crypto/aes/Makefile
+#
+
+DIR=    aes
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=     /usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST=aestest.c
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c
+LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= aes.h
+HEADER= aes_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+$(LIBOBJ): $(LIBSRC)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install: installs
+
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
+aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
+aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
+aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_misc.o: ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
diff --git a/src/lib/libssl/src/crypto/aes/aes.h b/src/lib/libssl/src/crypto/aes/aes.h
index da067f4a8f..8294a41a3a 100644
--- a/src/lib/libssl/src/crypto/aes/aes.h
+++ b/src/lib/libssl/src/crypto/aes/aes.h
@@ -100,7 +100,7 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
         unsigned char *ivec, int *num);
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
         const unsigned long length, const AES_KEY *key,
-        unsigned char ivec[AES_BLOCK_SIZE],
+        unsigned char counter[AES_BLOCK_SIZE],
         unsigned char ecount_buf[AES_BLOCK_SIZE],
         unsigned int *num);
 
diff --git a/src/lib/libssl/src/crypto/aes/aes_cbc.c b/src/lib/libssl/src/crypto/aes/aes_cbc.c
index 86b27b10d6..de438306b1 100644
--- a/src/lib/libssl/src/crypto/aes/aes_cbc.c
+++ b/src/lib/libssl/src/crypto/aes/aes_cbc.c
@@ -72,7 +72,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 
         if (AES_ENCRYPT == enc) {
                 while (len >= AES_BLOCK_SIZE) {
-                        for(n=0; n < AES_BLOCK_SIZE; ++n)
+                        for(n=0; n < sizeof tmp; ++n)
                                 tmp[n] = in[n] ^ ivec[n];
                         AES_encrypt(tmp, out, key);
                         memcpy(ivec, out, AES_BLOCK_SIZE);
@@ -86,12 +86,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
                         for(n=len; n < AES_BLOCK_SIZE; ++n)
                                 tmp[n] = ivec[n];
                         AES_encrypt(tmp, tmp, key);
-                        memcpy(out, tmp, AES_BLOCK_SIZE);
-                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
+                        memcpy(out, tmp, len);
+                        memcpy(ivec, tmp, sizeof tmp);
                 }                       
         } else {
                 while (len >= AES_BLOCK_SIZE) {
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
+                        memcpy(tmp, in, sizeof tmp);
                         AES_decrypt(in, out, key);
                         for(n=0; n < AES_BLOCK_SIZE; ++n)
                                 out[n] ^= ivec[n];
@@ -101,11 +101,11 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
                         out += AES_BLOCK_SIZE;
                 }
                 if (len) {
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
+                        memcpy(tmp, in, sizeof tmp);
                         AES_decrypt(tmp, tmp, key);
                         for(n=0; n < len; ++n)
                                 out[n] ^= ivec[n];
-                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
+                        memcpy(ivec, tmp, sizeof tmp);
                 }                       
         }
 }
diff --git a/src/lib/libssl/src/crypto/aes/aes_ctr.c b/src/lib/libssl/src/crypto/aes/aes_ctr.c
index 79e1c18f19..59088499a0 100644
--- a/src/lib/libssl/src/crypto/aes/aes_ctr.c
+++ b/src/lib/libssl/src/crypto/aes/aes_ctr.c
@@ -62,49 +62,19 @@
 /* NOTE: CTR mode is big-endian.  The rest of the AES code
  * is endian-neutral. */
 
-/* increment counter (128-bit int) by 1 */
+/* increment counter (128-bit int) by 2^64 */
 static void AES_ctr128_inc(unsigned char *counter) {
         unsigned long c;
 
-        /* Grab bottom dword of counter and increment */
+        /* Grab 3rd dword of counter and increment */
 #ifdef L_ENDIAN
-        c = GETU32(counter +  0);
+        c = GETU32(counter + 8);
         c++;
-        PUTU32(counter +  0, c);
+        PUTU32(counter + 8, c);
 #else
-        c = GETU32(counter + 12);
+        c = GETU32(counter + 4);
         c++;
-        PUTU32(counter + 12, c);
-#endif
-
-        /* if no overflow, we're done */
-        if (c)
-                return;
-
-        /* Grab 1st dword of counter and increment */
-#ifdef L_ENDIAN
-        c = GETU32(counter +  4);
-        c++;
-        PUTU32(counter +  4, c);
-#else
-        c = GETU32(counter +  8);
-        c++;
-        PUTU32(counter +  8, c);
-#endif
-
-        /* if no overflow, we're done */
-        if (c)
-                return;
-
-        /* Grab 2nd dword of counter and increment */
-#ifdef L_ENDIAN
-        c = GETU32(counter +  8);
-        c++;
-        PUTU32(counter +  8, c);
-#else
-        c = GETU32(counter +  4);
-        c++;
-        PUTU32(counter +  4, c);
+        PUTU32(counter + 4, c);
 #endif
 
         /* if no overflow, we're done */
@@ -130,16 +100,10 @@ static void AES_ctr128_inc(unsigned char *counter) {
  * encrypted counter is kept in ecount_buf.  Both *num and
  * ecount_buf must be initialised with zeros before the first
  * call to AES_ctr128_encrypt().
- *
- * This algorithm assumes that the counter is in the x lower bits
- * of the IV (ivec), and that the application has full control over
- * overflow and the rest of the IV.  This implementation takes NO
- * responsability for checking that the counter doesn't overflow
- * into the rest of the IV when incremented.
  */
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
         const unsigned long length, const AES_KEY *key,
-        unsigned char ivec[AES_BLOCK_SIZE],
+        unsigned char counter[AES_BLOCK_SIZE],
         unsigned char ecount_buf[AES_BLOCK_SIZE],
         unsigned int *num) {
 
@@ -153,8 +117,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 
         while (l--) {
                 if (n == 0) {
-                        AES_encrypt(ivec, ecount_buf, key);
-                        AES_ctr128_inc(ivec);
+                        AES_encrypt(counter, ecount_buf, key);
+                        AES_ctr128_inc(counter);
                 }
                 *(out++) = *(in++) ^ ecount_buf[n];
                 n = (n+1) % AES_BLOCK_SIZE;
diff --git a/src/lib/libssl/src/crypto/asn1/Makefile.ssl b/src/lib/libssl/src/crypto/asn1/Makefile.ssl
new file mode 100644
index 0000000000..cb45194d48
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/Makefile.ssl
@@ -0,0 +1,1152 @@
+#
+# SSLeay/crypto/asn1/Makefile
+#
+
+DIR=    asn1
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+        a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+        a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+        x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
+        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
+        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+        f_int.c f_string.c n_pkey.c \
+        f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+        asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
+        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+        a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+        x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
+        d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+        t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
+        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+        f_int.o f_string.o n_pkey.o \
+        f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+        asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
+        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  asn1.h asn1_mac.h asn1t.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:   test.c
+        cc -g -I../../include -c test.c
+        cc -g -I../../include -o test test.o -L../.. -lcrypto
+
+pk:     pk.c
+        cc -g -I../../include -c pk.c
+        cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bitstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
+a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bool.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bool.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_bool.o: ../cryptlib.h a_bool.c
+a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bytes.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bytes.c
+a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_d2i_fp.o: ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
+a_digest.o: ../../e_os.h ../../include/openssl/aes.h
+a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_digest.o: ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_digest.o: ../cryptlib.h a_digest.c
+a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_dup.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_dup.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_dup.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_dup.o: ../cryptlib.h a_dup.c
+a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_enum.o: ../cryptlib.h a_enum.c
+a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_gentm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_gentm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_gentm.c
+a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_hdr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_hdr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_hdr.o: ../cryptlib.h a_hdr.c
+a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_i2d_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
+a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_int.o: ../cryptlib.h a_int.c
+a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_mbstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_mbstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_mbstr.c
+a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_meth.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_meth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_meth.o: ../cryptlib.h a_meth.c
+a_object.o: ../../e_os.h ../../include/openssl/asn1.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
+a_octet.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_octet.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_octet.o: ../../include/openssl/symhacks.h ../cryptlib.h a_octet.c
+a_print.o: ../../e_os.h ../../include/openssl/asn1.h
+a_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_print.o: ../../include/openssl/symhacks.h ../cryptlib.h a_print.c
+a_set.o: ../../e_os.h ../../include/openssl/asn1.h
+a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_set.o: ../cryptlib.h a_set.c
+a_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+a_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+a_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+a_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+a_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_sign.o: ../cryptlib.h a_sign.c
+a_strex.o: ../../e_os.h ../../include/openssl/aes.h
+a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_strex.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+a_strex.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
+a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
+a_time.o: ../../e_os.h ../../include/openssl/asn1.h
+a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_time.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_time.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_time.o: ../cryptlib.h ../o_time.h a_time.c
+a_type.o: ../../e_os.h ../../include/openssl/asn1.h
+a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_type.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_type.o: ../cryptlib.h a_type.c
+a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_utctm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utctm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_utctm.c
+a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_utf8.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_utf8.o: ../cryptlib.h a_utf8.c
+a_verify.o: ../../e_os.h ../../include/openssl/aes.h
+a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_verify.o: ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_verify.o: ../cryptlib.h a_verify.c
+asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+asn1_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
+asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn1_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_lib.o: ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
+asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_moid.o: ../../e_os.h ../../include/openssl/aes.h
+asn_moid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn_moid.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn_moid.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+asn_moid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+asn_moid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn_moid.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+asn_moid.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+asn_moid.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_moid.o: ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+asn_moid.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+asn_moid.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_moid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_moid.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+asn_moid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_moid.o: ../cryptlib.h asn_moid.c
+asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn_pack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+d2i_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+d2i_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+d2i_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+d2i_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pr.c
+d2i_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+d2i_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+d2i_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+d2i_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+d2i_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pu.c
+evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+evp_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+evp_asn1.o: ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
+f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+f_enum.o: ../cryptlib.h f_enum.c
+f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+f_int.o: ../cryptlib.h f_int.c
+f_string.o: ../../e_os.h ../../include/openssl/asn1.h
+f_string.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+f_string.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
+i2d_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+i2d_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+i2d_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+i2d_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pr.c
+i2d_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+i2d_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+i2d_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+i2d_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+i2d_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pu.c
+n_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
+n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+n_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+n_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+n_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+n_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+n_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+n_pkey.o: ../cryptlib.h n_pkey.c
+nsseq.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+nsseq.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+nsseq.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+nsseq.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+nsseq.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+nsseq.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+nsseq.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+nsseq.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
+p5_pbe.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p5_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p5_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbe.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../cryptlib.h p5_pbe.c
+p5_pbev2.o: ../../e_os.h ../../include/openssl/aes.h
+p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p5_pbev2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p5_pbev2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbev2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_pbev2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p5_pbev2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbev2.c
+p8_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p8_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p8_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p8_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p8_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p8_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p8_pkey.o: ../cryptlib.h p8_pkey.c
+t_bitst.o: ../../e_os.h ../../include/openssl/aes.h
+t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_crl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_crl.o: ../cryptlib.h t_crl.c
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+t_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+t_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h t_pkey.c
+t_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_req.o: ../cryptlib.h t_req.c
+t_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+t_spki.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_spki.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_spki.o: ../cryptlib.h t_spki.c
+t_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_x509.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_x509.o: ../cryptlib.h t_x509.c
+t_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509a.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509a.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509a.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509a.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_x509a.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
+tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_enc.o: ../../include/openssl/opensslconf.h
+tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c
+tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_fre.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_fre.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_fre.o: ../../include/openssl/opensslconf.h
+tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_new.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_new.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_new.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_new.o: ../../include/openssl/opensslconf.h
+tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_typ.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_typ.o: ../../include/openssl/opensslconf.h
+tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
+tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_utl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_utl.o: ../../include/openssl/opensslconf.h
+tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+x_algor.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_algor.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_algor.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_algor.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_algor.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_algor.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_algor.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_algor.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_algor.o: x_algor.c
+x_attrib.o: ../../e_os.h ../../include/openssl/aes.h
+x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_attrib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_attrib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_attrib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_attrib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_attrib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_attrib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_attrib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_attrib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_attrib.o: ../cryptlib.h x_attrib.c
+x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
+x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_bignum.o: ../../include/openssl/opensslconf.h
+x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
+x_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
+x_exten.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_exten.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_exten.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_exten.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_exten.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_exten.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_exten.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_exten.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_exten.o: x_exten.c
+x_info.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_info.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_info.o: ../cryptlib.h x_info.c
+x_long.o: ../../e_os.h ../../include/openssl/asn1.h
+x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_long.o: ../cryptlib.h x_long.c
+x_name.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_name.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
+x_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+x_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
+x_pubkey.o: ../../e_os.h ../../include/openssl/aes.h
+x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_pubkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_pubkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_pubkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_pubkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pubkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
+x_sig.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_sig.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_sig.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_sig.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_sig.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_sig.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_sig.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
+x_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_spki.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
+x_val.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_val.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_val.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_val.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_val.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_val.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_val.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_val.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_val.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
+x_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x_x509.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
+x_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_x509a.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509a.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509a.o: ../cryptlib.h x_x509a.c
diff --git a/src/lib/libssl/src/crypto/asn1/a_bytes.c b/src/lib/libssl/src/crypto/asn1/a_bytes.c
index afd27b80e1..2407f7c87a 100644
--- a/src/lib/libssl/src/crypto/asn1/a_bytes.c
+++ b/src/lib/libssl/src/crypto/asn1/a_bytes.c
@@ -78,7 +78,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
 
         if (tag >= 32)
                 {
-                i=ASN1_R_TAG_VALUE_TOO_HIGH;;
+                i=ASN1_R_TAG_VALUE_TOO_HIGH;
                 goto err;
                 }
         if (!(ASN1_tag2bit(tag) & type))
diff --git a/src/lib/libssl/src/crypto/asn1/a_gentm.c b/src/lib/libssl/src/crypto/asn1/a_gentm.c
index cd09f68b38..48b923de1f 100644
--- a/src/lib/libssl/src/crypto/asn1/a_gentm.c
+++ b/src/lib/libssl/src/crypto/asn1/a_gentm.c
@@ -208,6 +208,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
         char *p;
         struct tm *ts;
         struct tm data;
+        size_t len = 20; 
 
         if (s == NULL)
                 s=M_ASN1_GENERALIZEDTIME_new();
@@ -219,17 +220,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
                 return(NULL);
 
         p=(char *)s->data;
-        if ((p == NULL) || (s->length < 16))
+        if ((p == NULL) || (s->length < len))
                 {
-                p=OPENSSL_malloc(20);
+                p=OPENSSL_malloc(len);
                 if (p == NULL) return(NULL);
                 if (s->data != NULL)
                         OPENSSL_free(s->data);
                 s->data=(unsigned char *)p;
                 }
 
-        sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
-                ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+        snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+                 ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
         s->length=strlen(p);
         s->type=V_ASN1_GENERALIZEDTIME;
 #ifdef CHARSET_EBCDIC_not
diff --git a/src/lib/libssl/src/crypto/asn1/a_mbstr.c b/src/lib/libssl/src/crypto/asn1/a_mbstr.c
index e8a26af521..58b437bc84 100644
--- a/src/lib/libssl/src/crypto/asn1/a_mbstr.c
+++ b/src/lib/libssl/src/crypto/asn1/a_mbstr.c
@@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
 
         if((minsize > 0) && (nchar < minsize)) {
                 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
-                sprintf(strbuf, "%ld", minsize);
+                snprintf(strbuf, sizeof strbuf, "%ld", minsize);
                 ERR_add_error_data(2, "minsize=", strbuf);
                 return -1;
         }
 
         if((maxsize > 0) && (nchar > maxsize)) {
                 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
-                sprintf(strbuf, "%ld", maxsize);
+                snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
                 ERR_add_error_data(2, "maxsize=", strbuf);
                 return -1;
         }
@@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg)
 
 static int out_utf8(unsigned long value, void *arg)
 {
-        int *outlen;
+        long *outlen;
         outlen = arg;
         *outlen += UTF8_putc(NULL, -1, value);
         return 1;
diff --git a/src/lib/libssl/src/crypto/asn1/a_strex.c b/src/lib/libssl/src/crypto/asn1/a_strex.c
index 8abfdfe598..1def6c6549 100644
--- a/src/lib/libssl/src/crypto/asn1/a_strex.c
+++ b/src/lib/libssl/src/crypto/asn1/a_strex.c
@@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING
  * otherwise it is the number of bytes per character
  */
 
-const static signed char tag2nbyte[] = {
+const static char tag2nbyte[] = {
         -1, -1, -1, -1, -1,     /* 0-4 */
         -1, -1, -1, -1, -1,     /* 5-9 */
         -1, -1, 0, -1,          /* 10-13 */
diff --git a/src/lib/libssl/src/crypto/asn1/a_strnid.c b/src/lib/libssl/src/crypto/asn1/a_strnid.c
index 613bbc4a7d..aa49e9d7d0 100644
--- a/src/lib/libssl/src/crypto/asn1/a_strnid.c
+++ b/src/lib/libssl/src/crypto/asn1/a_strnid.c
@@ -143,7 +143,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 /* Now the tables and helper functions for the string table:
  */
 
-/* size limits: this stuff is taken straight from RFC3280 */
+/* size limits: this stuff is taken straight from RFC2459 */
 
 #define ub_name                         32768
 #define ub_common_name                  64
@@ -153,8 +153,6 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 #define ub_organization_unit_name       64
 #define ub_title                        64
 #define ub_email_address                128
-#define ub_serial_number                64
-
 
 /* This table must be kept in NID order */
 
@@ -172,7 +170,6 @@ static ASN1_STRING_TABLE tbl_standard[] = {
 {NID_givenName,                 1, ub_name, DIRSTRING_TYPE, 0},
 {NID_surname,                   1, ub_name, DIRSTRING_TYPE, 0},
 {NID_initials,                  1, ub_name, DIRSTRING_TYPE, 0},
-{NID_serialNumber,              1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
 {NID_friendlyName,              -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
 {NID_name,                      1, ub_name, DIRSTRING_TYPE, 0},
 {NID_dnQualifier,               -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
diff --git a/src/lib/libssl/src/crypto/asn1/a_time.c b/src/lib/libssl/src/crypto/asn1/a_time.c
index 7348da9457..b8c031fc8f 100644
--- a/src/lib/libssl/src/crypto/asn1/a_time.c
+++ b/src/lib/libssl/src/crypto/asn1/a_time.c
@@ -128,6 +128,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
         {
         ASN1_GENERALIZEDTIME *ret;
         char *str;
+        int newlen;
 
         if (!ASN1_TIME_check(t)) return NULL;
 
@@ -150,12 +151,14 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
         /* grow the string */
         if (!ASN1_STRING_set(ret, NULL, t->length + 2))
                 return NULL;
+        /* ASN1_STRING_set() allocated 'len + 1' bytes. */
+        newlen = t->length + 2 + 1;
         str = (char *)ret->data;
         /* Work out the century and prepend */
-        if (t->data[0] >= '5') strcpy(str, "19");
-        else strcpy(str, "20");
+        if (t->data[0] >= '5') strlcpy(str, "19", newlen);
+        else strlcpy(str, "20", newlen);
 
-        BUF_strlcat(str, (char *)t->data, t->length+3); /* Include space for a '\0' */
+        strlcat(str, (char *)t->data, newlen);
 
         return ret;
         }
diff --git a/src/lib/libssl/src/crypto/asn1/a_utctm.c b/src/lib/libssl/src/crypto/asn1/a_utctm.c
index dbb4a42c9d..41f6d421bb 100644
--- a/src/lib/libssl/src/crypto/asn1/a_utctm.c
+++ b/src/lib/libssl/src/crypto/asn1/a_utctm.c
@@ -188,6 +188,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
         char *p;
         struct tm *ts;
         struct tm data;
+        size_t len = 20;
 
         if (s == NULL)
                 s=M_ASN1_UTCTIME_new();
@@ -199,17 +200,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
                 return(NULL);
 
         p=(char *)s->data;
-        if ((p == NULL) || (s->length < 14))
+        if ((p == NULL) || (s->length < len))
                 {
-                p=OPENSSL_malloc(20);
+                p=OPENSSL_malloc(len);
                 if (p == NULL) return(NULL);
                 if (s->data != NULL)
                         OPENSSL_free(s->data);
                 s->data=(unsigned char *)p;
                 }
 
-        sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
-                ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+        snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+                 ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
         s->length=strlen(p);
         s->type=V_ASN1_UTCTIME;
 #ifdef CHARSET_EBCDIC_not
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
index e30d5dd303..aed2895400 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -414,8 +414,8 @@ void asn1_add_error(unsigned char *address, int offset)
         {
         char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 
-        sprintf(buf1,"%lu",(unsigned long)address);
-        sprintf(buf2,"%d",offset);
+        snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
+        snprintf(buf2,sizeof buf2,"%d",offset);
         ERR_add_error_data(4,"address=",buf1," offset=",buf2);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_par.c b/src/lib/libssl/src/crypto/asn1/asn1_par.c
index e48532a24d..1799657141 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_par.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_par.c
@@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
 
         p=str;
         if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
-                sprintf(str,"priv [ %d ] ",tag);
+                snprintf(str,sizeof str,"priv [ %d ] ",tag);
         else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
-                sprintf(str,"cont [ %d ]",tag);
+                snprintf(str,sizeof str,"cont [ %d ]",tag);
         else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
-                sprintf(str,"appl [ %d ]",tag);
+                snprintf(str,sizeof str,"appl [ %d ]",tag);
         else p = ASN1_tag2str(tag);
 
         if (p2 != NULL)
diff --git a/src/lib/libssl/src/crypto/asn1/f.c b/src/lib/libssl/src/crypto/asn1/f.c
new file mode 100644
index 0000000000..82bccdfd51
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/f.c
@@ -0,0 +1,80 @@
+/* crypto/asn1/f.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+
+main()
+        {
+        ASN1_TYPE *at;
+        char buf[512];
+        int n;
+        long l;
+
+        at=ASN1_TYPE_new();
+
+        n=ASN1_TYPE_set_int_octetstring(at,98736,"01234567",8);
+        printf("%d\n",n);
+        n=ASN1_TYPE_get_int_octetstring(at,&l,buf,8);
+        buf[8]='\0';
+        printf("%ld %d %d\n",l,n,buf[8]);
+        buf[8]='\0';
+        printf("%s\n",buf);
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/t_pkey.c b/src/lib/libssl/src/crypto/asn1/t_pkey.c
index 4e09c9e44e..e1c5e5ae13 100644
--- a/src/lib/libssl/src/crypto/asn1/t_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/t_pkey.c
@@ -139,9 +139,9 @@ int RSA_print(BIO *bp, const RSA *x, int off)
                 }
 
         if (x->d == NULL)
-                sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n));
+                snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
         else
-                strcpy(str,"modulus:");
+                strlcpy(str,"modulus:",sizeof str);
         if (!print(bp,str,x->n,m,off)) goto err;
         s=(x->d == NULL)?"Exponent:":"publicExponent:";
         if (!print(bp,s,x->e,m,off)) goto err;
diff --git a/src/lib/libssl/src/crypto/asn1/t_x509.c b/src/lib/libssl/src/crypto/asn1/t_x509.c
index d1034c47f8..30f68561b7 100644
--- a/src/lib/libssl/src/crypto/asn1/t_x509.c
+++ b/src/lib/libssl/src/crypto/asn1/t_x509.c
@@ -321,7 +321,7 @@ int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
 int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
         {
         int i,n;
-        char buf[80],*p;;
+        char buf[80],*p;
 
         if (v == NULL) return(0);
         n=0;
diff --git a/src/lib/libssl/src/crypto/asn1/x_cinf.c b/src/lib/libssl/src/crypto/asn1/x_cinf.c
new file mode 100644
index 0000000000..339a110eef
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_cinf.c
@@ -0,0 +1,201 @@
+/* crypto/asn1/x_cinf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+
+int i2d_X509_CINF(X509_CINF *a, unsigned char **pp)
+        {
+        int v1=0,v2=0;
+        M_ASN1_I2D_vars(a);
+
+        M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+        M_ASN1_I2D_len(a->serialNumber,         i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(a->signature,            i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->issuer,               i2d_X509_NAME);
+        M_ASN1_I2D_len(a->validity,             i2d_X509_VAL);
+        M_ASN1_I2D_len(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_len(a->key,                  i2d_X509_PUBKEY);
+        M_ASN1_I2D_len_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_len_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+                                             i2d_X509_EXTENSION,3,
+                                             V_ASN1_SEQUENCE,v2);
+
+        M_ASN1_I2D_seq_total();
+
+        M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+        M_ASN1_I2D_put(a->serialNumber,         i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(a->signature,            i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->issuer,               i2d_X509_NAME);
+        M_ASN1_I2D_put(a->validity,             i2d_X509_VAL);
+        M_ASN1_I2D_put(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_put(a->key,                  i2d_X509_PUBKEY);
+        M_ASN1_I2D_put_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING,1);
+        M_ASN1_I2D_put_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING,2);
+        M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+                                             i2d_X509_EXTENSION,3,
+                                             V_ASN1_SEQUENCE,v2);
+
+        M_ASN1_I2D_finish();
+        }
+
+X509_CINF *d2i_X509_CINF(X509_CINF **a, unsigned char **pp, long length)
+        {
+        int ver=0;
+        M_ASN1_D2I_vars(a,X509_CINF *,X509_CINF_new);
+
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        /* we have the optional version field */
+        if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+                {
+                M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);
+                if (ret->version->data != NULL)
+                        ver=ret->version->data[0];
+                }
+        else
+                {
+                if (ret->version != NULL)
+                        {
+                        M_ASN1_INTEGER_free(ret->version);
+                        ret->version=NULL;
+                        }
+                }
+        M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
+        M_ASN1_D2I_get(ret->signature,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->validity,d2i_X509_VAL);
+        M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->key,d2i_X509_PUBKEY);
+        if (ver >= 1) /* version 2 extensions */
+                {
+                if (ret->issuerUID != NULL)
+                        {
+                        M_ASN1_BIT_STRING_free(ret->issuerUID);
+                        ret->issuerUID=NULL;
+                        }
+                if (ret->subjectUID != NULL)
+                        {
+                        M_ASN1_BIT_STRING_free(ret->subjectUID);
+                        ret->subjectUID=NULL;
+                        }
+                M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING,  1,
+                        V_ASN1_BIT_STRING);
+                M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
+                        V_ASN1_BIT_STRING);
+                }
+/* Note: some broken certificates include extensions but don't set
+ * the version number properly. By bypassing this check they can
+ * be parsed.
+ */
+
+#ifdef VERSION_EXT_CHECK
+        if (ver >= 2) /* version 3 extensions */
+#endif
+                {
+                if (ret->extensions != NULL)
+                        while (sk_X509_EXTENSION_num(ret->extensions))
+                                X509_EXTENSION_free(
+                                      sk_X509_EXTENSION_pop(ret->extensions));
+                M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
+                                                d2i_X509_EXTENSION,
+                                                X509_EXTENSION_free,3,
+                                                V_ASN1_SEQUENCE);
+                }
+        M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF);
+        }
+
+X509_CINF *X509_CINF_new(void)
+        {
+        X509_CINF *ret=NULL;
+        ASN1_CTX c;
+
+        M_ASN1_New_Malloc(ret,X509_CINF);
+        ret->version=NULL;
+        M_ASN1_New(ret->serialNumber,M_ASN1_INTEGER_new);
+        M_ASN1_New(ret->signature,X509_ALGOR_new);
+        M_ASN1_New(ret->issuer,X509_NAME_new);
+        M_ASN1_New(ret->validity,X509_VAL_new);
+        M_ASN1_New(ret->subject,X509_NAME_new);
+        M_ASN1_New(ret->key,X509_PUBKEY_new);
+        ret->issuerUID=NULL;
+        ret->subjectUID=NULL;
+        ret->extensions=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_CINF_NEW);
+        }
+
+void X509_CINF_free(X509_CINF *a)
+        {
+        if (a == NULL) return;
+        M_ASN1_INTEGER_free(a->version);
+        M_ASN1_INTEGER_free(a->serialNumber);
+        X509_ALGOR_free(a->signature);
+        X509_NAME_free(a->issuer);
+        X509_VAL_free(a->validity);
+        X509_NAME_free(a->subject);
+        X509_PUBKEY_free(a->key);
+        M_ASN1_BIT_STRING_free(a->issuerUID);
+        M_ASN1_BIT_STRING_free(a->subjectUID);
+        sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
+        OPENSSL_free(a);
+        }
+
diff --git a/src/lib/libssl/src/crypto/asn1/x_long.c b/src/lib/libssl/src/crypto/asn1/x_long.c
index c04b192794..c5f25956cb 100644
--- a/src/lib/libssl/src/crypto/asn1/x_long.c
+++ b/src/lib/libssl/src/crypto/asn1/x_long.c
@@ -104,7 +104,12 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A
         long ltmp;
         unsigned long utmp;
         int clen, pad, i;
-        ltmp = *(long *)pval;
+        /* this exists to bypass broken gcc optimization */
+        char *cp = (char *)pval;
+
+        /* use memcpy, because we may not be long aligned */
+        memcpy(&ltmp, cp, sizeof(long));
+
         if(ltmp == it->size) return -1;
         /* Convert the long to positive: we subtract one if negative so
          * we can cleanly handle the padding if only the MSB of the leading
@@ -136,6 +141,7 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype,
         int neg, i;
         long ltmp;
         unsigned long utmp = 0;
+        char *cp = (char *)pval;
         if(len > sizeof(long)) {
                 ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                 return 0;
@@ -158,6 +164,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype,
                 ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                 return 0;
         }
-        *(long *)pval = ltmp;
+        memcpy(cp, &ltmp, sizeof(long));
         return 1;
 }
diff --git a/src/lib/libssl/src/crypto/bf/Makefile.ssl b/src/lib/libssl/src/crypto/bf/Makefile.ssl
new file mode 100644
index 0000000000..7dfdf9d871
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/Makefile.ssl
@@ -0,0 +1,114 @@
+#
+# SSLeay/crypto/blowfish/Makefile
+#
+
+DIR=    bf
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+BF_ENC=         bf_enc.o
+# or use
+#DES_ENC=       bx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=bftest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c 
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= blowfish.h
+HEADER= bf_pi.h bf_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > bx86-elf.s)
+
+# a.out
+asm/bx86-out.o: asm/bx86unix.cpp
+        $(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o
+
+# bsdi
+asm/bx86bsdi.o: asm/bx86unix.cpp
+        $(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o
+
+asm/bx86unix.cpp: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install: installs
+
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/bx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bf_cfb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_cfb64.o: ../../include/openssl/opensslconf.h bf_cfb64.c bf_locl.h
+bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_ecb.o: bf_ecb.c bf_locl.h
+bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
+bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
diff --git a/src/lib/libssl/src/crypto/bio/Makefile.ssl b/src/lib/libssl/src/crypto/bio/Makefile.ssl
new file mode 100644
index 0000000000..d0b9e297b0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/Makefile.ssl
@@ -0,0 +1,216 @@
+#
+# SSLeay/crypto/bio/Makefile
+#
+
+DIR=    bio
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bio_lib.c bio_cb.c bio_err.c \
+        bss_mem.c bss_null.c bss_fd.c \
+        bss_file.c bss_sock.c bss_conn.c \
+        bf_null.c bf_buff.c b_print.c b_dump.c \
+        b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
+#       bf_lbuf.c
+LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
+        bss_mem.o bss_null.o bss_fd.o \
+        bss_file.o bss_sock.o bss_conn.o \
+        bf_null.o bf_buff.o b_print.o b_dump.o \
+        b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o
+#       bf_lbuf.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bio.h
+HEADER= bss_file.c $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER); \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+b_dump.o: ../../e_os.h ../../include/openssl/bio.h
+b_dump.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_dump.o: ../cryptlib.h b_dump.c
+b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_print.o: ../cryptlib.h b_print.c
+b_sock.o: ../../e_os.h ../../include/openssl/bio.h
+b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_sock.o: ../cryptlib.h b_sock.c
+bf_buff.o: ../../e_os.h ../../include/openssl/bio.h
+bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bf_buff.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_buff.o: ../cryptlib.h bf_buff.c
+bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h
+bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_nbio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_nbio.o: ../cryptlib.h bf_nbio.c
+bf_null.o: ../../e_os.h ../../include/openssl/bio.h
+bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bf_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_null.o: ../cryptlib.h bf_null.c
+bio_cb.o: ../../e_os.h ../../include/openssl/bio.h
+bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_cb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_cb.o: ../cryptlib.h bio_cb.c
+bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_err.o: bio_err.c
+bio_lib.o: ../../e_os.h ../../include/openssl/bio.h
+bio_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_lib.o: ../cryptlib.h bio_lib.c
+bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h
+bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_acpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_acpt.o: ../cryptlib.h bss_acpt.c
+bss_bio.o: ../../e_os.h ../../include/openssl/bio.h
+bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_bio.o: ../../include/openssl/symhacks.h bss_bio.c
+bss_conn.o: ../../e_os.h ../../include/openssl/bio.h
+bss_conn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_conn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_conn.o: ../cryptlib.h bss_conn.c
+bss_fd.o: ../../e_os.h ../../include/openssl/bio.h
+bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_fd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_fd.o: ../cryptlib.h bss_fd.c
+bss_file.o: ../../e_os.h ../../include/openssl/bio.h
+bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_file.o: ../cryptlib.h bss_file.c
+bss_log.o: ../../e_os.h ../../include/openssl/bio.h
+bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_log.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_log.o: ../cryptlib.h bss_log.c
+bss_mem.o: ../../e_os.h ../../include/openssl/bio.h
+bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_mem.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_mem.o: ../cryptlib.h bss_mem.c
+bss_null.o: ../../e_os.h ../../include/openssl/bio.h
+bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_null.o: ../cryptlib.h bss_null.c
+bss_sock.o: ../../e_os.h ../../include/openssl/bio.h
+bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_sock.o: ../cryptlib.h bss_sock.c
diff --git a/src/lib/libssl/src/crypto/bio/b_dump.c b/src/lib/libssl/src/crypto/bio/b_dump.c
index 8397cfab6a..983604fb49 100644
--- a/src/lib/libssl/src/crypto/bio/b_dump.c
+++ b/src/lib/libssl/src/crypto/bio/b_dump.c
@@ -104,38 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
         for(i=0;i<rows;i++)
                 {
                 buf[0]='\0';    /* start with empty string */
-                strcpy(buf,str);
-                sprintf(tmp,"%04x - ",i*dump_width);
-                strcat(buf,tmp);
+                strlcpy(buf,str,sizeof buf);
+                snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
+                strlcat(buf,tmp,sizeof buf);
                 for(j=0;j<dump_width;j++)
                         {
                         if (((i*dump_width)+j)>=len)
                                 {
-                                strcat(buf,"   ");
+                                strlcat(buf,"   ",sizeof buf);
                                 }
                         else
                                 {
                                 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
-                                sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
-                                strcat(buf,tmp);
+                                snprintf(tmp,sizeof tmp,"%02x%c",ch,
+                                         j==7?'-':' ');
+                                strlcat(buf,tmp,sizeof buf);
                                 }
                         }
-                strcat(buf,"  ");
+                strlcat(buf,"  ",sizeof buf);
                 for(j=0;j<dump_width;j++)
                         {
                         if (((i*dump_width)+j)>=len)
                                 break;
                         ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
 #ifndef CHARSET_EBCDIC
-                        sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
+                        snprintf(tmp,sizeof tmp,"%c",
+                                 ((ch>=' ')&&(ch<='~'))?ch:'.');
 #else
-                        sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
-                                ? os_toebcdic[ch]
-                                : '.');
+                        snprintf(tmp,sizeof tmp,"%c",
+                                 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+                                 ? os_toebcdic[ch]
+                                 : '.');
 #endif
-                        strcat(buf,tmp);
+                        strlcat(buf,tmp,sizeof buf);
                         }
-                strcat(buf,"\n");
+                strlcat(buf,"\n",sizeof buf);
                 /* if this is the last call then update the ddt_dump thing so that
                  * we will move the selection point in the debug window 
                  */
@@ -144,7 +147,8 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
 #ifdef TRUNCATE
         if (trunc > 0)
                 {
-                sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc);
+                snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
+                         len+trunc);
                 ret+=BIO_write(bio,(char *)buf,strlen(buf));
                 }
 #endif
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c
index 2cfc689dd6..a9e552f245 100644
--- a/src/lib/libssl/src/crypto/bio/b_print.c
+++ b/src/lib/libssl/src/crypto/bio/b_print.c
@@ -836,5 +836,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
                  * had the buffer been large enough.) */
                 return -1;
         else
-                return (retlen <= INT_MAX) ? (int)retlen : -1;
+                return (retlen <= INT_MAX) ? retlen : -1;
         }
diff --git a/src/lib/libssl/src/crypto/bio/b_sock.c b/src/lib/libssl/src/crypto/bio/b_sock.c
index 601a14f37c..5282f8a8f7 100644
--- a/src/lib/libssl/src/crypto/bio/b_sock.c
+++ b/src/lib/libssl/src/crypto/bio/b_sock.c
@@ -709,12 +709,12 @@ int BIO_accept(int sock, char **addr)
                         }
                 *addr=p;
                 }
-        sprintf(*addr,"%d.%d.%d.%d:%d",
-                (unsigned char)(l>>24L)&0xff,
-                (unsigned char)(l>>16L)&0xff,
-                (unsigned char)(l>> 8L)&0xff,
-                (unsigned char)(l     )&0xff,
-                port);
+        snprintf(*addr,24,"%d.%d.%d.%d:%d",
+                 (unsigned char)(l>>24L)&0xff,
+                 (unsigned char)(l>>16L)&0xff,
+                 (unsigned char)(l>> 8L)&0xff,
+                 (unsigned char)(l     )&0xff,
+                 port);
 end:
         return(ret);
         }
diff --git a/src/lib/libssl/src/crypto/bio/bf_buff.c b/src/lib/libssl/src/crypto/bio/bf_buff.c
index c1fd75aaad..1cecd70579 100644
--- a/src/lib/libssl/src/crypto/bio/bf_buff.c
+++ b/src/lib/libssl/src/crypto/bio/bf_buff.c
@@ -494,7 +494,6 @@ static int buffer_gets(BIO *b, char *buf, int size)
                         if (i <= 0)
                                 {
                                 BIO_copy_next_retry(b);
-                                *buf='\0';
                                 if (i < 0) return((num > 0)?num:i);
                                 if (i == 0) return(num);
                                 }
diff --git a/src/lib/libssl/src/crypto/bio/bio_cb.c b/src/lib/libssl/src/crypto/bio/bio_cb.c
index 0ffa4d2136..ee9159ebd8 100644
--- a/src/lib/libssl/src/crypto/bio/bio_cb.c
+++ b/src/lib/libssl/src/crypto/bio/bio_cb.c
@@ -70,55 +70,61 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
         MS_STATIC char buf[256];
         char *p;
         long r=1;
+        size_t p_maxlen;
 
         if (BIO_CB_RETURN & cmd)
                 r=ret;
 
-        sprintf(buf,"BIO[%08lX]:",(unsigned long)bio);
+        snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
         p= &(buf[14]);
+        p_maxlen = sizeof buf - 14;
         switch (cmd)
                 {
         case BIO_CB_FREE:
-                sprintf(p,"Free - %s\n",bio->method->name);
+                snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
                 break;
         case BIO_CB_READ:
                 if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-                        sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
+                        snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
+                                 bio->num,argi,bio->method->name,bio->num);
                 else
-                        sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+                        snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
+                                 bio->num,argi,bio->method->name);
                 break;
         case BIO_CB_WRITE:
                 if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-                        sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
+                        snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
+                                 bio->num,argi,bio->method->name,bio->num);
                 else
-                        sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+                        snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
+                                 bio->num,argi,bio->method->name);
                 break;
         case BIO_CB_PUTS:
-                sprintf(p,"puts() - %s\n",bio->method->name);
+                snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
                 break;
         case BIO_CB_GETS:
-                sprintf(p,"gets(%d) - %s\n",argi,bio->method->name);
+                snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
                 break;
         case BIO_CB_CTRL:
-                sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name);
+                snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
                 break;
         case BIO_CB_RETURN|BIO_CB_READ:
-                sprintf(p,"read return %ld\n",ret);
+                snprintf(p,p_maxlen,"read return %ld\n",ret);
                 break;
         case BIO_CB_RETURN|BIO_CB_WRITE:
-                sprintf(p,"write return %ld\n",ret);
+                snprintf(p,p_maxlen,"write return %ld\n",ret);
                 break;
         case BIO_CB_RETURN|BIO_CB_GETS:
-                sprintf(p,"gets return %ld\n",ret);
+                snprintf(p,p_maxlen,"gets return %ld\n",ret);
                 break;
         case BIO_CB_RETURN|BIO_CB_PUTS:
-                sprintf(p,"puts return %ld\n",ret);
+                snprintf(p,p_maxlen,"puts return %ld\n",ret);
                 break;
         case BIO_CB_RETURN|BIO_CB_CTRL:
-                sprintf(p,"ctrl return %ld\n",ret);
+                snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
                 break;
         default:
-                sprintf(p,"bio callback - unknown type (%d)\n",cmd);
+                snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
                 break;
                 }
 
diff --git a/src/lib/libssl/src/crypto/bio/bss_bio.c b/src/lib/libssl/src/crypto/bio/bss_bio.c
index 0f9f0955b4..aa58dab046 100644
--- a/src/lib/libssl/src/crypto/bio/bss_bio.c
+++ b/src/lib/libssl/src/crypto/bio/bss_bio.c
@@ -1,57 +1,4 @@
 /* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
 
 /* Special method for a BIO where the other endpoint is also a BIO
  * of this kind, handled by the same thread (i.e. the "peer" is actually
@@ -555,7 +502,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
                 break;
                 
         case BIO_C_DESTROY_BIO_PAIR:
-                /* Affects both BIOs in the pair -- call just once!
+                /* Effects both BIOs in the pair -- call just once!
                  * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
                 bio_destroy_pair(bio);
                 ret = 1;
diff --git a/src/lib/libssl/src/crypto/bio/bss_conn.c b/src/lib/libssl/src/crypto/bio/bss_conn.c
index 743db6ff94..8c694140ed 100644
--- a/src/lib/libssl/src/crypto/bio/bss_conn.c
+++ b/src/lib/libssl/src/crypto/bio/bss_conn.c
@@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
                                 char buf[16];
                                 unsigned char *p = ptr;
 
-                                sprintf(buf,"%d.%d.%d.%d",
-                                        p[0],p[1],p[2],p[3]);
+                                snprintf(buf,sizeof buf,"%d.%d.%d.%d",
+                                         p[0],p[1],p[2],p[3]);
                                 if (data->param_hostname != NULL)
                                         OPENSSL_free(data->param_hostname);
                                 data->param_hostname=BUF_strdup(buf);
@@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
                                 {
                                 char buf[DECIMAL_SIZE(int)+1];
 
-                                sprintf(buf,"%d",*(int *)ptr);
+                                snprintf(buf,sizeof buf,"%d",*(int *)ptr);
                                 if (data->param_port != NULL)
                                         OPENSSL_free(data->param_port);
                                 data->param_port=BUF_strdup(buf);
diff --git a/src/lib/libssl/src/crypto/bio/bss_file.c b/src/lib/libssl/src/crypto/bio/bss_file.c
index 6904b5c081..e4e9df144c 100644
--- a/src/lib/libssl/src/crypto/bio/bss_file.c
+++ b/src/lib/libssl/src/crypto/bio/bss_file.c
@@ -213,29 +213,12 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                 b->shutdown=(int)num&BIO_CLOSE;
                 b->ptr=(char *)ptr;
                 b->init=1;
-#if defined(OPENSSL_SYS_WINDOWS)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
+                /* Set correct text/binary mode */
                 if (num & BIO_FP_TEXT)
                         _setmode(fileno((FILE *)ptr),_O_TEXT);
                 else
                         _setmode(fileno((FILE *)ptr),_O_BINARY);
-#elif defined(OPENSSL_SYS_MSDOS)
-                {
-                int fd = fileno((FILE*)ptr);
-                /* Set correct text/binary mode */
-                if (num & BIO_FP_TEXT)
-                        _setmode(fd,_O_TEXT);
-                /* Dangerous to set stdin/stdout to raw (unless redirected) */
-                else
-                        {
-                        if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
-                                {
-                                if (isatty(fd) <= 0)
-                                        _setmode(fd,_O_BINARY);
-                                }
-                        else
-                                _setmode(fd,_O_BINARY);
-                        }
-                }
 #elif defined(OPENSSL_SYS_OS2)
                 if (num & BIO_FP_TEXT)
                         setmode(fileno((FILE *)ptr), O_TEXT);
@@ -249,15 +232,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                 if (num & BIO_FP_APPEND)
                         {
                         if (num & BIO_FP_READ)
-                                strcpy(p,"a+");
-                        else    strcpy(p,"a");
+                                strlcpy(p,"a+",sizeof p);
+                        else    strlcpy(p,"a",sizeof p);
                         }
                 else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
-                        strcpy(p,"r+");
+                        strlcpy(p,"r+",sizeof p);
                 else if (num & BIO_FP_WRITE)
-                        strcpy(p,"w");
+                        strlcpy(p,"w",sizeof p);
                 else if (num & BIO_FP_READ)
-                        strcpy(p,"r");
+                        strlcpy(p,"r",sizeof p);
                 else
                         {
                         BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
diff --git a/src/lib/libssl/src/crypto/bn/Makefile.ssl b/src/lib/libssl/src/crypto/bn/Makefile.ssl
new file mode 100644
index 0000000000..fa17d3c7d8
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/Makefile.ssl
@@ -0,0 +1,322 @@
+#
+# SSLeay/crypto/bn/Makefile
+#
+
+DIR=    bn
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+BN_ASM=         bn_asm.o
+# or use
+#BN_ASM=        bn86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=bntest.c exptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
+        bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+        bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
+        bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
+
+LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
+        bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
+        bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
+        bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bn.h
+HEADER= bn_lcl.h bn_prime.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+bn_prime.h: bn_prime.pl
+        $(PERL) bn_prime.pl >bn_prime.h
+
+divtest: divtest.c ../../libcrypto.a
+        cc -I../../include divtest.c -o divtest ../../libcrypto.a
+
+bnbug: bnbug.c ../../libcrypto.a top
+        cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > bn86-elf.s)
+
+asm/co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > co86-elf.s)
+
+# a.out
+asm/bn86-out.o: asm/bn86unix.cpp
+        $(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o
+
+asm/co86-out.o: asm/co86unix.cpp
+        $(CPP) -DOUT asm/co86unix.cpp | as -o asm/co86-out.o
+
+# bsdi
+asm/bn86bsdi.o: asm/bn86unix.cpp
+        $(CPP) -DBSDI asm/bn86unix.cpp | sed 's/ :/:/' | as -o asm/bn86bsdi.o
+
+asm/co86bsdi.o: asm/co86unix.cpp
+        $(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o
+
+asm/bn86unix.cpp: asm/bn-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp )
+
+asm/co86unix.cpp: asm/co-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) co-586.pl cpp >co86unix.cpp )
+
+asm/sparcv8.o: asm/sparcv8.S
+
+asm/sparcv8plus.o: asm/sparcv8plus.S
+
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
+        $(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
+                /usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
+
+
+asm/ia64.o:     asm/ia64.S
+
+# Some compiler drivers (most notably HP-UX and Intel C++) don't
+# understand .S extension:-( I wish I could pipe output from cc -E,
+# but it's too compiler driver/ABI dependent to cover with a single
+# rule...       <appro@fy.chalmers.se>
+asm/ia64-cpp.o: asm/ia64.S
+        $(CC) $(ASFLAGS) -E asm/ia64.S > /tmp/ia64.$$$$.s &&    \
+        $(CC) $(ASFLAGS) -c -o asm/ia64-cpp.o /tmp/ia64.$$$$.s; \
+        rm -f /tmp/ia64.$$$$.s
+
+asm/x86_64-gcc.o: asm/x86_64-gcc.c
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+exptest:
+        rm -f exptest
+        gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+
+div:
+        rm -f a.out
+        gcc -I.. -g div.c ../../libcrypto.a
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/co86unix.cpp asm/bn86unix.cpp asm/*-elf.* *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_add.o: ../cryptlib.h bn_add.c bn_lcl.h
+bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_asm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_asm.o: ../cryptlib.h bn_asm.c bn_lcl.h
+bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_blind.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_blind.o: ../cryptlib.h bn_blind.c bn_lcl.h
+bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_ctx.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_ctx.o: ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_div.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_div.o: ../cryptlib.h bn_div.c bn_lcl.h
+bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_err.o: ../../include/openssl/symhacks.h bn_err.c
+bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_exp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h
+bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_exp2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_exp2.o: ../cryptlib.h bn_exp2.c bn_lcl.h
+bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_gcd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_gcd.o: ../cryptlib.h bn_gcd.c bn_lcl.h
+bn_kron.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+bn_kron.o: ../../include/openssl/opensslconf.h bn_kron.c bn_lcl.h
+bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_lib.o: ../cryptlib.h bn_lcl.h bn_lib.c
+bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mod.o: ../cryptlib.h bn_lcl.h bn_mod.c
+bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mont.o: ../cryptlib.h bn_lcl.h bn_mont.c
+bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mpi.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mpi.o: ../cryptlib.h bn_lcl.h bn_mpi.c
+bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mul.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mul.o: ../cryptlib.h bn_lcl.h bn_mul.c
+bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
+bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_print.o: ../cryptlib.h bn_lcl.h bn_print.c
+bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
+bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_recp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_recp.o: ../cryptlib.h bn_lcl.h bn_recp.c
+bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_shift.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_shift.o: ../cryptlib.h bn_lcl.h bn_shift.c
+bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_sqr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_sqr.o: ../cryptlib.h bn_lcl.h bn_sqr.c
+bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_sqrt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_sqrt.o: ../cryptlib.h bn_lcl.h bn_sqrt.c
+bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_word.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_word.o: ../cryptlib.h bn_lcl.h bn_word.c
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c
index fa0ff485ad..463463cfcb 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/src/lib/libssl/src/crypto/bn/bn_lib.c
@@ -145,10 +145,10 @@ char *BN_options(void)
                 {
                 init++;
 #ifdef BN_LLONG
-                sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8,
+                snprintf(data,sizeof data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8,
                         (int)sizeof(BN_ULONG)*8);
 #else
-                sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8,
+                snprintf(data,sizeof data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8,
                         (int)sizeof(BN_ULONG)*8);
 #endif
                 }
diff --git a/src/lib/libssl/src/crypto/bn/bn_mul.c b/src/lib/libssl/src/crypto/bn/bn_mul.c
index 3ae3822bc2..cb93ac3356 100644
--- a/src/lib/libssl/src/crypto/bn/bn_mul.c
+++ b/src/lib/libssl/src/crypto/bn/bn_mul.c
@@ -224,7 +224,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
              int n, BN_ULONG *t)
         {
         int i,j,n2=n*2;
-        int c1,c2,neg,zero;
+        unsigned int c1,c2,neg,zero;
         BN_ULONG ln,lo,*p;
 
 # ifdef BN_COUNT
@@ -376,7 +376,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
 
                 /* The overflow will stop before we over write
                  * words we should not overwrite */
-                if (ln < (BN_ULONG)c1)
+                if (ln < c1)
                         {
                         do      {
                                 p++;
diff --git a/src/lib/libssl/src/crypto/bn/bn_print.c b/src/lib/libssl/src/crypto/bn/bn_print.c
index 5f46b1826c..ad80dab325 100644
--- a/src/lib/libssl/src/crypto/bn/bn_print.c
+++ b/src/lib/libssl/src/crypto/bn/bn_print.c
@@ -79,7 +79,7 @@ char *BN_bn2hex(const BIGNUM *a)
                 }
         p=buf;
         if (a->neg) *(p++)='-';
-        if (a->top == 0) *(p++)='0';
+        if (BN_is_zero(a)) *(p++)='0';
         for (i=a->top-1; i >=0; i--)
                 {
                 for (j=BN_BITS2-8; j >= 0; j-=8)
@@ -119,10 +119,11 @@ char *BN_bn2dec(const BIGNUM *a)
                 }
         if ((t=BN_dup(a)) == NULL) goto err;
 
+#define BUF_REMAIN (num+3 - (size_t)(p - buf))
         p=buf;
         lp=bn_data;
         if (t->neg) *(p++)='-';
-        if (t->top == 0)
+        if (BN_is_zero(t))
                 {
                 *(p++)='0';
                 *(p++)='\0';
@@ -139,12 +140,12 @@ char *BN_bn2dec(const BIGNUM *a)
                 /* We now have a series of blocks, BN_DEC_NUM chars
                  * in length, where the last one needs truncation.
                  * The blocks need to be reversed in order. */
-                sprintf(p,BN_DEC_FMT1,*lp);
+                snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
                 while (*p) p++;
                 while (lp != bn_data)
                         {
                         lp--;
-                        sprintf(p,BN_DEC_FMT2,*lp);
+                        snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
                         while (*p) p++;
                         }
                 }
@@ -299,7 +300,7 @@ int BN_print(BIO *bp, const BIGNUM *a)
         int ret=0;
 
         if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
-        if ((a->top == 0) && (BIO_write(bp,"0",1) != 1)) goto end;
+        if ((BN_is_zero(a)) && (BIO_write(bp,"0",1) != 1)) goto end;
         for (i=a->top-1; i >=0; i--)
                 {
                 for (j=BN_BITS2-4; j >= 0; j-=4)
diff --git a/src/lib/libssl/src/crypto/bn/bn_word.c b/src/lib/libssl/src/crypto/bn/bn_word.c
index 988e0ca7b3..de610ce54c 100644
--- a/src/lib/libssl/src/crypto/bn/bn_word.c
+++ b/src/lib/libssl/src/crypto/bn/bn_word.c
@@ -110,6 +110,9 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
         BN_ULONG l;
         int i;
 
+        if ((w & BN_MASK2) == 0)
+                return(1);
+
         if (a->neg)
                 {
                 a->neg=0;
@@ -143,6 +146,9 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
         {
         int i;
 
+        if ((w & BN_MASK2) == 0)
+                return(1);
+
         if (BN_is_zero(a) || a->neg)
                 {
                 a->neg=0;
diff --git a/src/lib/libssl/src/crypto/buffer/Makefile.ssl b/src/lib/libssl/src/crypto/buffer/Makefile.ssl
new file mode 100644
index 0000000000..b131ca3078
--- /dev/null
+++ b/src/lib/libssl/src/crypto/buffer/Makefile.ssl
@@ -0,0 +1,94 @@
+#
+# SSLeay/crypto/buffer/Makefile
+#
+
+DIR=    buffer
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= buffer.c buf_err.c
+LIBOBJ= buffer.o buf_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= buffer.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+buf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+buf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buf_err.o: ../../include/openssl/symhacks.h buf_err.c
+buffer.o: ../../e_os.h ../../include/openssl/bio.h
+buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+buffer.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+buffer.o: ../cryptlib.h buffer.c
diff --git a/src/lib/libssl/src/crypto/cast/Makefile.ssl b/src/lib/libssl/src/crypto/cast/Makefile.ssl
new file mode 100644
index 0000000000..2dc1c855ad
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/Makefile.ssl
@@ -0,0 +1,119 @@
+#
+# SSLeay/crypto/cast/Makefile
+#
+
+DIR=    cast
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CAST_ENC=c_enc.o
+# or use
+#CAST_ENC=asm/cx86-elf.o
+#CAST_ENC=asm/cx86-out.o
+#CAST_ENC=asm/cx86-sol.o
+#CAST_ENC=asm/cx86bdsi.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=casttest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c 
+LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= cast.h
+HEADER= cast_s.h cast_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > cx86-elf.s)
+
+# a.out
+asm/cx86-out.o: asm/cx86unix.cpp
+        $(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+
+# bsdi
+asm/cx86bsdi.o: asm/cx86unix.cpp
+        $(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o
+
+asm/cx86unix.cpp: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) cast-586.pl cpp $(PROCESSOR) >cx86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/cx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_cfb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_cfb64.o: c_cfb64.c cast_lcl.h
+c_ecb.o: ../../e_os.h ../../include/openssl/cast.h
+c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ecb.o: ../../include/openssl/opensslv.h c_ecb.c cast_lcl.h
+c_enc.o: ../../e_os.h ../../include/openssl/cast.h
+c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_enc.o: c_enc.c cast_lcl.h
+c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ofb64.o: c_ofb64.c cast_lcl.h
+c_skey.o: ../../e_os.h ../../include/openssl/cast.h
+c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h
diff --git a/src/lib/libssl/src/crypto/comp/Makefile.ssl b/src/lib/libssl/src/crypto/comp/Makefile.ssl
new file mode 100644
index 0000000000..f70ba1b285
--- /dev/null
+++ b/src/lib/libssl/src/crypto/comp/Makefile.ssl
@@ -0,0 +1,114 @@
+#
+# SSLeay/crypto/comp/Makefile
+#
+
+DIR=    comp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= comp_lib.c comp_err.c \
+        c_rle.c c_zlib.c
+
+LIBOBJ= comp_lib.o comp_err.o \
+        c_rle.o c_zlib.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= comp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_rle.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_rle.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_rle.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c
+c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_zlib.o: c_zlib.c
+comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
+comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+comp_err.o: ../../include/openssl/opensslconf.h
+comp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+comp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+comp_err.o: comp_err.c
+comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+comp_lib.o: ../../include/openssl/opensslconf.h
+comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c
diff --git a/src/lib/libssl/src/crypto/conf/Makefile.ssl b/src/lib/libssl/src/crypto/conf/Makefile.ssl
new file mode 100644
index 0000000000..c5873bc6e7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/Makefile.ssl
@@ -0,0 +1,183 @@
+#
+# SSLeay/crypto/conf/Makefile
+#
+
+DIR=    conf
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \
+         conf_mall.c conf_sap.c
+
+LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \
+        conf_mall.o conf_sap.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= conf.h conf_api.h
+HEADER= conf_def.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+conf_api.o: ../../e_os.h ../../include/openssl/bio.h
+conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
+conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_api.o: conf_api.c
+conf_def.o: ../../e_os.h ../../include/openssl/bio.h
+conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_def.o: ../cryptlib.h conf_def.c conf_def.h
+conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf_err.o: ../../include/openssl/opensslconf.h
+conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_err.o: conf_err.c
+conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_lib.o: conf_lib.c
+conf_mall.o: ../../e_os.h ../../include/openssl/aes.h
+conf_mall.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_mall.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_mall.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_mall.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mall.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_mall.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mall.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+conf_mall.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+conf_mall.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+conf_mall.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+conf_mall.o: ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/opensslconf.h
+conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+conf_mall.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+conf_mall.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+conf_mall.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+conf_mall.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c
+conf_mod.o: ../../e_os.h ../../include/openssl/aes.h
+conf_mod.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_mod.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_mod.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mod.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_mod.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mod.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_mod.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+conf_mod.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+conf_mod.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_mod.o: ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+conf_mod.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+conf_mod.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+conf_mod.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+conf_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_mod.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+conf_mod.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+conf_mod.o: ../cryptlib.h conf_mod.c
+conf_sap.o: ../../e_os.h ../../include/openssl/aes.h
+conf_sap.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_sap.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_sap.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_sap.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_sap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_sap.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+conf_sap.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+conf_sap.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+conf_sap.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+conf_sap.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+conf_sap.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+conf_sap.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c
index 57d2739ae0..b52ee01a3c 100644
--- a/src/lib/libssl/src/crypto/conf/conf_def.c
+++ b/src/lib/libssl/src/crypto/conf/conf_def.c
@@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
                 goto err;
                 }
-        strcpy(section,"default");
+        strlcpy(section,"default",10);
 
         if (_CONF_new_data(conf) == 0)
                 {
@@ -392,7 +392,7 @@ again:
                                                         ERR_R_MALLOC_FAILURE);
                                 goto err;
                                 }
-                        strcpy(v->name,pname);
+                        strlcpy(v->name,pname,strlen(pname)+1);
                         if (!str_copy(conf,psection,&(v->value),start)) goto err;
 
                         if (strcmp(psection,section) != 0)
@@ -447,7 +447,7 @@ err:
         if (buff != NULL) BUF_MEM_free(buff);
         if (section != NULL) OPENSSL_free(section);
         if (line != NULL) *line=eline;
-        sprintf(btmp,"%ld",eline);
+        snprintf(btmp,sizeof btmp,"%ld",eline);
         ERR_add_error_data(2,"line ",btmp);
         if ((h != conf->data) && (conf->data != NULL))
                 {
diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c
index edcc08921c..5a747e8c84 100644
--- a/src/lib/libssl/src/crypto/conf/conf_mod.c
+++ b/src/lib/libssl/src/crypto/conf/conf_mod.c
@@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
                         {
                         char rcode[DECIMAL_SIZE(ret)+1];
                         CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
-                        sprintf(rcode, "%-8d", ret);
+                        snprintf(rcode, sizeof rcode, "%-8d", ret);
                         ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
                         }
                 }
@@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)
 
         if (!file)
                 return NULL;
-        strcpy(file,X509_get_default_cert_area());
+        strlcpy(file,X509_get_default_cert_area(),len + 1);
 #ifndef OPENSSL_SYS_VMS
-        strcat(file,"/");
+        strlcat(file,"/",len + 1);
 #endif
-        strcat(file,OPENSSL_CONF);
+        strlcat(file,OPENSSL_CONF,len + 1);
 
         return file;
         }
diff --git a/src/lib/libssl/src/crypto/cversion.c b/src/lib/libssl/src/crypto/cversion.c
index 8ecfba7b16..56471fa74c 100644
--- a/src/lib/libssl/src/crypto/cversion.c
+++ b/src/lib/libssl/src/crypto/cversion.c
@@ -61,7 +61,9 @@
 #include "cryptlib.h"
 #include <openssl/crypto.h>
 
+#ifndef NO_WINDOWS_BRAINDEATH
 #include "buildinf.h"
+#endif
 
 const char *SSLeay_version(int t)
         {
@@ -72,7 +74,7 @@ const char *SSLeay_version(int t)
 #ifdef DATE
                 static char buf[sizeof(DATE)+11];
 
-                sprintf(buf,"built on: %s",DATE);
+                snprintf(buf,sizeof buf,"built on: %s",DATE);
                 return(buf);
 #else
                 return("built on: date not available");
@@ -83,7 +85,7 @@ const char *SSLeay_version(int t)
 #ifdef CFLAGS
                 static char buf[sizeof(CFLAGS)+11];
 
-                sprintf(buf,"compiler: %s",CFLAGS);
+                snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
                 return(buf);
 #else
                 return("compiler: information not available");
@@ -94,7 +96,7 @@ const char *SSLeay_version(int t)
 #ifdef PLATFORM
                 static char buf[sizeof(PLATFORM)+11];
 
-                sprintf(buf,"platform: %s", PLATFORM);
+                snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
                 return(buf);
 #else
                 return("platform: information not available");
diff --git a/src/lib/libssl/src/crypto/des/FILES b/src/lib/libssl/src/crypto/des/FILES
new file mode 100644
index 0000000000..4c7ea2de7a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/FILES
@@ -0,0 +1,96 @@
+/* General stuff */
+COPYRIGHT       - Copyright info.
+MODES.DES       - A description of the features of the different modes of DES.
+FILES           - This file.
+INSTALL         - How to make things compile.
+Imakefile       - For use with kerberos.
+README          - What this package is.
+VERSION         - Which version this is and what was changed.
+KERBEROS        - Kerberos version 4 notes.
+Makefile.PL     - An old makefile to build with perl5, not current.
+Makefile.ssl    - The SSLeay makefile
+Makefile.uni    - The normal unix makefile.
+GNUmakefile     - The makefile for use with glibc.
+makefile.bc     - A Borland C makefile
+times           - Some outputs from 'speed' on some machines.
+vms.com         - For use when compiling under VMS
+
+/* My SunOS des(1) replacement */
+des.c           - des(1) source code.
+des.man         - des(1) manual.
+
+/* Testing and timing programs. */
+destest.c       - Source for libdes.a test program.
+speed.c         - Source for libdes.a timing program.
+rpw.c           - Source for libdes.a testing password reading routines.
+
+/* libdes.a source code */
+des_crypt.man   - libdes.a manual page.
+des.h           - Public libdes.a header file.
+ecb_enc.c       - des_ecb_encrypt() source, this contains the basic DES code.
+ecb3_enc.c      - des_ecb3_encrypt() source.
+cbc_ckm.c       - des_cbc_cksum() source.
+cbc_enc.c       - des_cbc_encrypt() source.
+ncbc_enc.c      - des_cbc_encrypt() that is 'normal' in that it copies
+                  the new iv values back in the passed iv vector.
+ede_enc.c       - des_ede3_cbc_encrypt() cbc mode des using triple DES.
+cbc3_enc.c      - des_3cbc_encrypt() source, don't use this function.
+cfb_enc.c       - des_cfb_encrypt() source.
+cfb64enc.c      - des_cfb64_encrypt() cfb in 64 bit mode but setup to be
+                  used as a stream cipher.
+cfb64ede.c      - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
+                  used as a stream cipher and using triple DES.
+ofb_enc.c       - des_cfb_encrypt() source.
+ofb64_enc.c     - des_ofb_encrypt() ofb in 64 bit mode but setup to be
+                  used as a stream cipher.
+ofb64ede.c      - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
+                  used as a stream cipher and using triple DES.
+enc_read.c      - des_enc_read() source.
+enc_writ.c      - des_enc_write() source.
+pcbc_enc.c      - des_pcbc_encrypt() source.
+qud_cksm.c      - quad_cksum() source.
+rand_key.c      - des_random_key() source.
+read_pwd.c      - Source for des_read_password() plus related functions.
+set_key.c       - Source for des_set_key().
+str2key.c       - Covert a string of any length into a key.
+fcrypt.c        - A small, fast version of crypt(3).
+des_locl.h      - Internal libdes.a header file.
+podd.h          - Odd parity tables - used in des_set_key().
+sk.h            - Lookup tables used in des_set_key().
+spr.h           - What is left of the S tables - used in ecb_encrypt().
+des_ver.h       - header file for the external definition of the
+                  version string.
+des.doc         - SSLeay documentation for the library.
+
+/* The perl scripts - you can ignore these files they are only
+ * included for the curious */
+des.pl          - des in perl anyone? des_set_key and des_ecb_encrypt
+                  both done in a perl library.
+testdes.pl      - Testing program for des.pl
+doIP            - Perl script used to develop IP xor/shift code.
+doPC1           - Perl script used to develop PC1 xor/shift code.
+doPC2           - Generates sk.h.
+PC1             - Output of doPC1 should be the same as output from PC1.
+PC2             - used in development of doPC2.
+shifts.pl       - Perl library used by my perl scripts.
+
+/* I started making a perl5 dynamic library for libdes
+ * but did not fully finish, these files are part of that effort. */
+DES.pm
+DES.pod
+DES.xs
+t
+typemap
+
+/* The following are for use with sun RPC implementaions. */
+rpc_des.h
+rpc_enc.c
+
+/* The following are contibuted by Mark Murray <mark@grondar.za>.  They
+ * are not normally built into libdes due to machine specific routines
+ * contained in them.  They are for use in the most recent incarnation of
+ * export kerberos v 4 (eBones). */
+supp.c
+new_rkey.c
+
+
diff --git a/src/lib/libssl/src/crypto/des/Makefile.ssl b/src/lib/libssl/src/crypto/des/Makefile.ssl
new file mode 100644
index 0000000000..45eba0b3c9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/Makefile.ssl
@@ -0,0 +1,314 @@
+#
+# SSLeay/crypto/des/Makefile
+#
+
+DIR=    des
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=-I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+RANLIB=         ranlib
+DES_ENC=        des_enc.o fcrypt_b.o
+# or use
+#DES_ENC=       dx86-elf.o yx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=destest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+        ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+        fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+        qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
+        des_enc.c fcrypt_b.c \
+        xcbc_enc.c \
+        str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
+        read2pwd.c
+
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+        ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+        enc_read.o enc_writ.o ofb64enc.o \
+        ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+        ${DES_ENC} \
+        fcrypt.o xcbc_enc.o rpc_enc.o  cbc_cksm.o \
+        ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= des.h des_old.h
+HEADER= des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+des: des.o cbc3_enc.o lib
+        $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+
+# elf
+asm/dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > dx86-elf.s)
+
+asm/yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > yx86-elf.s)
+
+# a.out
+asm/dx86-out.o: asm/dx86unix.cpp
+        $(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+
+asm/yx86-out.o: asm/yx86unix.cpp
+        $(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86unix.cpp
+        $(CPP) -DBSDI asm/dx86unix.cpp | sed 's/ :/:/' | as -o asm/dx86bsdi.o
+
+asm/yx86bsdi.o: asm/yx86unix.cpp
+        $(CPP) -DBSDI asm/yx86unix.cpp | sed 's/ :/:/' | as -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp: asm/crypt586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) crypt586.pl cpp >yx86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install: installs
+
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/dx86unix.cpp asm/yx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cbc_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cbc_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cbc_cksm.o: ../../include/openssl/opensslconf.h
+cbc_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cbc_cksm.o: cbc_cksm.c des_locl.h
+cbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cbc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cbc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cbc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cbc_enc.o: ../../include/openssl/ui_compat.h cbc_enc.c des_locl.h ncbc_enc.c
+cfb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64ede.o: ../../include/openssl/opensslconf.h
+cfb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64ede.o: cfb64ede.c des_locl.h
+cfb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64enc.o: ../../include/openssl/opensslconf.h
+cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64enc.o: cfb64enc.c des_locl.h
+cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
+des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_enc.o: ../../include/openssl/ui_compat.h des_enc.c des_locl.h ncbc_enc.c
+des_old.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_old.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_old.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_old.o: ../../include/openssl/ui_compat.h des_old.c
+des_old2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_old2.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_old2.o: ../../include/openssl/opensslconf.h
+des_old2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+des_old2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+des_old2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+des_old2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+des_old2.o: des_old2.c
+ecb3_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ecb3_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ecb3_enc.o: ../../include/openssl/opensslconf.h
+ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb3_enc.o: des_locl.h ecb3_enc.c
+ecb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
+ecb_enc.o: spr.h
+ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
+ede_cbcm_enc.o: ../../include/openssl/opensslv.h
+ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c
+enc_read.o: ../../e_os.h ../../include/openssl/bio.h
+enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+enc_read.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_read.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_read.o: ../cryptlib.h des_locl.h enc_read.c
+enc_writ.o: ../../e_os.h ../../include/openssl/bio.h
+enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c
+fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fcrypt.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fcrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+fcrypt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fcrypt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fcrypt.o: ../../include/openssl/ui_compat.h des_locl.h fcrypt.c
+fcrypt_b.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fcrypt_b.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fcrypt_b.o: ../../include/openssl/opensslconf.h
+fcrypt_b.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fcrypt_b.o: des_locl.h fcrypt_b.c
+ofb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb64ede.o: ../../include/openssl/opensslconf.h
+ofb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64ede.o: des_locl.h ofb64ede.c
+ofb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb64enc.o: ../../include/openssl/opensslconf.h
+ofb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64enc.o: des_locl.h ofb64enc.c
+ofb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ofb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ofb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ofb_enc.o: ../../include/openssl/ui_compat.h des_locl.h ofb_enc.c
+pcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+pcbc_enc.o: ../../include/openssl/opensslconf.h
+pcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pcbc_enc.o: des_locl.h pcbc_enc.c
+qud_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+qud_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+qud_cksm.o: ../../include/openssl/opensslconf.h
+qud_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+qud_cksm.o: des_locl.h qud_cksm.c
+rand_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rand_key.o: ../../include/openssl/opensslconf.h
+rand_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_key.o: rand_key.c
+read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+read2pwd.o: ../../include/openssl/opensslconf.h
+read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+read2pwd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+read2pwd.o: read2pwd.c
+rpc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rpc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rpc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rpc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rpc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rpc_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h rpc_des.h
+rpc_enc.o: rpc_enc.c
+set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c
+str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+str2key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str2key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+str2key.o: ../../include/openssl/ui_compat.h des_locl.h str2key.c
+xcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+xcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+xcbc_enc.o: ../../include/openssl/opensslconf.h
+xcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+xcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+xcbc_enc.o: des_locl.h xcbc_enc.c
diff --git a/src/lib/libssl/src/crypto/des/cfb_enc.c b/src/lib/libssl/src/crypto/des/cfb_enc.c
index 2600bdfc93..17bf77ca9e 100644
--- a/src/lib/libssl/src/crypto/des/cfb_enc.c
+++ b/src/lib/libssl/src/crypto/des/cfb_enc.c
@@ -64,22 +64,32 @@
  * the second.  The second 12 bits will come from the 3rd and half the 4th
  * byte.
  */
-/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
- * length */
-/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
- * will not be compatible with any encryption prior to that date. Ben. */
 void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-                     long length, DES_key_schedule *schedule, DES_cblock *ivec,
-                     int enc)
+                     long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc)
         {
         register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
+        register DES_LONG mask0,mask1;
         register unsigned long l=length;
         register int num=numbits;
         DES_LONG ti[2];
         unsigned char *iv;
-        unsigned char ovec[16];
 
         if (num > 64) return;
+        if (num > 32)
+                {
+                mask0=0xffffffffL;
+                if (num == 64)
+                        mask1=mask0;
+                else    mask1=(1L<<(num-32))-1;
+                }
+        else
+                {
+                if (num == 32)
+                        mask0=0xffffffffL;
+                else    mask0=(1L<<num)-1;
+                mask1=0x00000000L;
+                }
+
         iv = &(*ivec)[0];
         c2l(iv,v0);
         c2l(iv,v1);
@@ -93,8 +103,8 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                         DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
                         c2ln(in,d0,d1,n);
                         in+=n;
-                        d0^=ti[0];
-                        d1^=ti[1];
+                        d0=(d0^ti[0])&mask0;
+                        d1=(d1^ti[1])&mask1;
                         l2cn(d0,d1,out,n);
                         out+=n;
                         /* 30-08-94 - eay - changed because l>>32 and
@@ -103,25 +113,15 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                                 { v0=v1; v1=d0; }
                         else if (num == 64)
                                 { v0=d0; v1=d1; }
-                        else
+                        else if (num > 32) /* && num != 64 */
+                                {
+                                v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
+                                v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
+                                }
+                        else /* num < 32 */
                                 {
-                                iv=&ovec[0];
-                                l2c(v0,iv);
-                                l2c(v1,iv);
-                                l2c(d0,iv);
-                                l2c(d1,iv);
-                                /* shift ovec left most of the bits... */
-                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-                                /* now the remaining bits */
-                                if(num%8 != 0)
-                                        for(n=0 ; n < 8 ; ++n)
-                                                {
-                                                ovec[n]<<=num%8;
-                                                ovec[n]|=ovec[n+1]>>(8-num%8);
-                                                }
-                                iv=&ovec[0];
-                                c2l(iv,v0);
-                                c2l(iv,v1);
+                                v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+                                v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
                                 }
                         }
                 }
@@ -141,28 +141,18 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                                 { v0=v1; v1=d0; }
                         else if (num == 64)
                                 { v0=d0; v1=d1; }
-                        else
+                        else if (num > 32) /* && num != 64 */
+                                {
+                                v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
+                                v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
+                                }
+                        else /* num < 32 */
                                 {
-                                iv=&ovec[0];
-                                l2c(v0,iv);
-                                l2c(v1,iv);
-                                l2c(d0,iv);
-                                l2c(d1,iv);
-                                /* shift ovec left most of the bits... */
-                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-                                /* now the remaining bits */
-                                if(num%8 != 0)
-                                        for(n=0 ; n < 8 ; ++n)
-                                                {
-                                                ovec[n]<<=num%8;
-                                                ovec[n]|=ovec[n+1]>>(8-num%8);
-                                                }
-                                iv=&ovec[0];
-                                c2l(iv,v0);
-                                c2l(iv,v1);
+                                v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+                                v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
                                 }
-                        d0^=ti[0];
-                        d1^=ti[1];
+                        d0=(d0^ti[0])&mask0;
+                        d1=(d1^ti[1])&mask1;
                         l2cn(d0,d1,out,n);
                         out+=n;
                         }
diff --git a/src/lib/libssl/src/crypto/des/des.h b/src/lib/libssl/src/crypto/des/des.h
index daaf239dbe..dfe5ff64e4 100644
--- a/src/lib/libssl/src/crypto/des/des.h
+++ b/src/lib/libssl/src/crypto/des/des.h
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef HEADER_NEW_DES_H
-#define HEADER_NEW_DES_H
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
 
 #ifdef OPENSSL_NO_DES
 #error DES is disabled.
@@ -71,6 +71,8 @@
 # define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
 
+#define des_SPtrans DES_SPtrans
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
diff --git a/src/lib/libssl/src/crypto/des/des_old.h b/src/lib/libssl/src/crypto/des/des_old.h
index 1d840b474a..1d8bf65101 100644
--- a/src/lib/libssl/src/crypto/des/des_old.h
+++ b/src/lib/libssl/src/crypto/des/des_old.h
@@ -88,14 +88,14 @@
  *
  */
 
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
+#ifndef HEADER_DES_OLD_H
+#define HEADER_DES_OLD_H
 
 #ifdef OPENSSL_NO_DES
 #error DES is disabled.
 #endif
 
-#ifndef HEADER_NEW_DES_H
+#ifndef HEADER_DES_H
 #error You must include des.h, not des_old.h directly.
 #endif
 
diff --git a/src/lib/libssl/src/crypto/des/destest.c b/src/lib/libssl/src/crypto/des/destest.c
index 3983ac8e5f..687c00c792 100644
--- a/src/lib/libssl/src/crypto/des/destest.c
+++ b/src/lib/libssl/src/crypto/des/destest.c
@@ -431,7 +431,7 @@ int main(int argc, char *argv[])
 
 #ifndef LIBDES_LIT
         printf("Doing ede ecb\n");
-        for (i=0; i<(NUM_TESTS-2); i++)
+        for (i=0; i<(NUM_TESTS-1); i++)
                 {
                 DES_set_key_unchecked(&key_data[i],&ks);
                 DES_set_key_unchecked(&key_data[i+1],&ks2);
diff --git a/src/lib/libssl/src/crypto/des/ecb_enc.c b/src/lib/libssl/src/crypto/des/ecb_enc.c
index 1b70f68806..c828bdd45d 100644
--- a/src/lib/libssl/src/crypto/des/ecb_enc.c
+++ b/src/lib/libssl/src/crypto/des/ecb_enc.c
@@ -97,7 +97,8 @@ const char *DES_options(void)
                         size="int";
                 else
                         size="long";
-                sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size);
+                snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
+                         size);
                 init=0;
                 }
         return(buf);
diff --git a/src/lib/libssl/src/crypto/dh/Makefile.ssl b/src/lib/libssl/src/crypto/dh/Makefile.ssl
new file mode 100644
index 0000000000..e05fc01a12
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/Makefile.ssl
@@ -0,0 +1,133 @@
+#
+# SSLeay/crypto/dh/Makefile
+#
+
+DIR=    dh
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= dhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dh.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c
+dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c
+dh_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_err.o: ../../include/openssl/symhacks.h dh_err.c
+dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_gen.o: ../cryptlib.h dh_gen.c
+dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c
+dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dh_lib.o: ../cryptlib.h dh_lib.c
diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h
index 05851f8429..d51dc130f4 100644
--- a/src/lib/libssl/src/crypto/dh/dh.h
+++ b/src/lib/libssl/src/crypto/dh/dh.h
@@ -101,7 +101,7 @@ struct dh_st
         int version;
         BIGNUM *p;
         BIGNUM *g;
-        long length; /* optional */
+        int length; /* optional */
         BIGNUM *pub_key;        /* g^x */
         BIGNUM *priv_key;       /* x */
 
diff --git a/src/lib/libssl/src/crypto/dsa/Makefile.ssl b/src/lib/libssl/src/crypto/dsa/Makefile.ssl
new file mode 100644
index 0000000000..e5f8a8cf51
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/Makefile.ssl
@@ -0,0 +1,171 @@
+#
+# SSLeay/crypto/dsa/Makefile
+#
+
+DIR=    dsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+        dsa_err.c dsa_ossl.c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
+        dsa_err.o dsa_ossl.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dsa.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
+dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_err.o: dsa_err.c
+dsa_gen.o: ../../e_os.h ../../include/openssl/aes.h
+dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_gen.o: ../../include/openssl/ui_compat.h ../cryptlib.h dsa_gen.c
+dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_key.o: ../cryptlib.h dsa_key.c
+dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h dsa_lib.c
+dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_sign.o: ../cryptlib.h dsa_sign.c
+dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libssl/src/crypto/dso/Makefile.ssl b/src/lib/libssl/src/crypto/dso/Makefile.ssl
new file mode 100644
index 0000000000..c0449d184e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/Makefile.ssl
@@ -0,0 +1,142 @@
+#
+# SSLeay/crypto/dso/Makefile
+#
+
+DIR=    dso
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \
+        dso_openssl.c dso_win32.c dso_vms.c
+LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \
+        dso_openssl.o dso_win32.o dso_vms.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dso.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dso_dl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_dl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_dl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dl.c
+dso_dlfcn.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dlfcn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dlfcn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dlfcn.o: ../../include/openssl/opensslconf.h
+dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_dlfcn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_dlfcn.o: ../cryptlib.h dso_dlfcn.c
+dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dso_err.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_err.o: ../../include/openssl/symhacks.h dso_err.c
+dso_lib.o: ../../e_os.h ../../include/openssl/bio.h
+dso_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_lib.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_lib.c
+dso_null.o: ../../e_os.h ../../include/openssl/bio.h
+dso_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_null.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_null.o: ../../include/openssl/opensslconf.h
+dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_null.o: ../cryptlib.h dso_null.c
+dso_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_openssl.o: ../../include/openssl/opensslconf.h
+dso_openssl.o: ../../include/openssl/opensslv.h
+dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_openssl.c
+dso_vms.o: ../../e_os.h ../../include/openssl/bio.h
+dso_vms.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_vms.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_vms.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_vms.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_vms.c
+dso_win32.o: ../../e_os.h ../../include/openssl/bio.h
+dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_win32.o: ../../include/openssl/opensslconf.h
+dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_win32.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_win32.o: ../cryptlib.h dso_win32.c
diff --git a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
index 9d49ebc253..906b4703de 100644
--- a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
+++ b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
@@ -125,11 +125,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 #               endif
 #       endif
 #else
-#       ifdef OPENSSL_SYS_SUNOS
-#               define DLOPEN_FLAG 1
-#       else
-#               define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
-#       endif
+#       define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
 #endif
 
 /* For this DSO_METHOD, our meth_data STACK will contain;
diff --git a/src/lib/libssl/src/crypto/dso/dso_lib.c b/src/lib/libssl/src/crypto/dso/dso_lib.c
index 556069b9b8..85ac5103cd 100644
--- a/src/lib/libssl/src/crypto/dso/dso_lib.c
+++ b/src/lib/libssl/src/crypto/dso/dso_lib.c
@@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename)
                 DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
                 return(0);
                 }
-        strcpy(copied, filename);
+        strlcpy(copied, filename, strlen(filename) + 1);
         if(dso->filename)
                 OPENSSL_free(dso->filename);
         dso->filename = copied;
@@ -422,7 +422,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
                                         ERR_R_MALLOC_FAILURE);
                         return(NULL);
                         }
-                strcpy(result, filename);
+                strlcpy(result, filename, strlen(filename) + 1);
                 }
         return(result);
         }
diff --git a/src/lib/libssl/src/crypto/ec/Makefile.ssl b/src/lib/libssl/src/crypto/ec/Makefile.ssl
new file mode 100644
index 0000000000..a2805c47a2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ec/Makefile.ssl
@@ -0,0 +1,128 @@
+#
+# crypto/ec/Makefile
+#
+
+DIR=    ec
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ectest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_recp.c ecp_nist.c ec_cvt.c ec_mult.c \
+        ec_err.c
+
+LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_recp.o ecp_nist.o ec_cvt.o ec_mult.o \
+        ec_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ec.h
+HEADER= ec_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ec_cvt.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h
+ec_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_err.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_err.o: ec_err.c
+ec_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_lib.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_lib.o: ec_lcl.h ec_lib.c
+ec_mult.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_mult.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_mult.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_mult.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_mult.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_mult.o: ec_lcl.h ec_mult.c
+ecp_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ecp_mont.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecp_mont.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ecp_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecp_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecp_mont.o: ec_lcl.h ecp_mont.c
+ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ecp_nist.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c
+ecp_recp.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ecp_recp.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ecp_recp.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_recp.c
+ecp_smpl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ecp_smpl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecp_smpl.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ecp_smpl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecp_smpl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecp_smpl.o: ec_lcl.h ecp_smpl.c
diff --git a/src/lib/libssl/src/crypto/ec/ec_mult.c b/src/lib/libssl/src/crypto/ec/ec_mult.c
index 16822a73cf..4dbc931120 100644
--- a/src/lib/libssl/src/crypto/ec/ec_mult.c
+++ b/src/lib/libssl/src/crypto/ec/ec_mult.c
@@ -175,13 +175,12 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B
  *       (thus the boundaries should be increased)
  */
 #define EC_window_bits_for_scalar_size(b) \
-                ((size_t) \
-                 ((b) >= 2000 ? 6 : \
-                  (b) >=  800 ? 5 : \
-                  (b) >=  300 ? 4 : \
-                  (b) >=   70 ? 3 : \
-                  (b) >=   20 ? 2 : \
-                   1))
+                ((b) >= 2000 ? 6 : \
+                 (b) >=  800 ? 5 : \
+                 (b) >=  300 ? 4 : \
+                 (b) >=   70 ? 3 : \
+                 (b) >=   20 ? 2 : \
+                  1)
 
 /* Compute
  *      \sum scalars[i]*points[i],
diff --git a/src/lib/libssl/src/crypto/engine/Makefile.ssl b/src/lib/libssl/src/crypto/engine/Makefile.ssl
new file mode 100644
index 0000000000..30a4446ff9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/Makefile.ssl
@@ -0,0 +1,538 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+
+DIR=    engine
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+        tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \
+        eng_openssl.c eng_dyn.c eng_cnf.c \
+        hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
+        hw_cryptodev.c hw_aep.c hw_sureware.c hw_4758_cca.c
+LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+        tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \
+        eng_openssl.o eng_dyn.o eng_cnf.o \
+        hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
+        hw_cryptodev.o hw_aep.o hw_sureware.o hw_4758_cca.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= engine.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+errors:
+        $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
+                -nostatic -staticloader -write hw_*.c
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h
+eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_cnf.o: ../cryptlib.h eng_cnf.c
+eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h
+eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
+eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_err.o: ../../include/openssl/ui.h eng_err.c
+eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
+eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_init.o: ../cryptlib.h eng_init.c eng_int.h
+eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c
+eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_list.o: ../../include/openssl/opensslconf.h
+eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_list.o: ../cryptlib.h eng_int.h eng_list.c
+eng_openssl.o: ../../e_os.h ../../include/openssl/aes.h
+eng_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_openssl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+eng_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+eng_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_openssl.o: ../../include/openssl/opensslconf.h
+eng_openssl.o: ../../include/openssl/opensslv.h
+eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_openssl.o: ../cryptlib.h eng_openssl.c
+eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c
+eng_table.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+eng_table.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+eng_table.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_table.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_table.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+eng_table.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+eng_table.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+eng_table.o: ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/opensslconf.h
+eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_table.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_table.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_table.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_table.o: eng_int.h eng_table.c
+hw_4758_cca.o: ../../e_os.h ../../include/openssl/aes.h
+hw_4758_cca.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_4758_cca.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_4758_cca.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_4758_cca.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_4758_cca.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_4758_cca.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_4758_cca.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_4758_cca.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_4758_cca.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_4758_cca.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_4758_cca.o: ../../include/openssl/opensslconf.h
+hw_4758_cca.o: ../../include/openssl/opensslv.h
+hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_4758_cca.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_4758_cca.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_4758_cca.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_4758_cca.o: ../cryptlib.h hw_4758_cca.c hw_4758_cca_err.c hw_4758_cca_err.h
+hw_4758_cca.o: vendor_defns/hw_4758_cca.h
+hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+hw_aep.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_aep.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_aep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+hw_aep.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hw_aep.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_aep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_aep.o: ../../include/openssl/ui.h hw_aep.c hw_aep_err.c hw_aep_err.h
+hw_aep.o: vendor_defns/aep.h
+hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h
+hw_atalla.o: vendor_defns/atalla.h
+hw_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hw_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+hw_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+hw_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+hw_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+hw_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+hw_cryptodev.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+hw_cryptodev.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+hw_cryptodev.o: ../../include/openssl/objects.h
+hw_cryptodev.o: ../../include/openssl/opensslconf.h
+hw_cryptodev.o: ../../include/openssl/opensslv.h
+hw_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cryptodev.o: ../../include/openssl/ui_compat.h hw_cryptodev.c
+hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h
+hw_cswift.o: vendor_defns/cswift.h
+hw_ncipher.o: ../../e_os.h ../../include/openssl/aes.h
+hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_ncipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_ncipher.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_ncipher.o: ../../include/openssl/opensslconf.h
+hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+hw_ncipher.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_ncipher.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ncipher.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_ncipher.c
+hw_ncipher.o: hw_ncipher_err.c hw_ncipher_err.h vendor_defns/hwcryptohook.h
+hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h
+hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h
+hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_sureware.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_sureware.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_sureware.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_sureware.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_sureware.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_sureware.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_sureware.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_sureware.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_sureware.o: ../../include/openssl/opensslconf.h
+hw_sureware.o: ../../include/openssl/opensslv.h
+hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_sureware.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_sureware.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_sureware.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_sureware.o: ../cryptlib.h eng_int.h engine.h hw_sureware.c hw_sureware_err.c
+hw_sureware.o: hw_sureware_err.h vendor_defns/sureware.h
+hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h
+hw_ubsec.o: vendor_defns/hw_ubsec.h
+tb_cipher.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_cipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_cipher.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_cipher.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_cipher.o: ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/opensslconf.h
+tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_cipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_cipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_cipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_cipher.o: eng_int.h tb_cipher.c
+tb_dh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dh.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dh.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h eng_int.h
+tb_dh.o: tb_dh.c
+tb_digest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_digest.o: ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/opensslconf.h
+tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_digest.o: eng_int.h tb_digest.c
+tb_dsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_dsa.o: eng_int.h tb_dsa.c
+tb_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rand.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rand.o: eng_int.h tb_rand.c
+tb_rsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rsa.o: eng_int.h tb_rsa.c
diff --git a/src/lib/libssl/src/crypto/engine/eng_ctrl.c b/src/lib/libssl/src/crypto/engine/eng_ctrl.c
index ad3858395b..0d56e69d27 100644
--- a/src/lib/libssl/src/crypto/engine/eng_ctrl.c
+++ b/src/lib/libssl/src/crypto/engine/eng_ctrl.c
@@ -160,15 +160,19 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
         case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
                 return strlen(e->cmd_defns[idx].cmd_name);
         case ENGINE_CTRL_GET_NAME_FROM_CMD:
-                return sprintf(s, "%s", e->cmd_defns[idx].cmd_name);
+                return snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
+                                "%s", e->cmd_defns[idx].cmd_name);
         case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
                 if(e->cmd_defns[idx].cmd_desc)
                         return strlen(e->cmd_defns[idx].cmd_desc);
                 return strlen(int_no_description);
         case ENGINE_CTRL_GET_DESC_FROM_CMD:
                 if(e->cmd_defns[idx].cmd_desc)
-                        return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc);
-                return sprintf(s, "%s", int_no_description);
+                        return snprintf(s,
+                                        strlen(e->cmd_defns[idx].cmd_desc) + 1,
+                                        "%s", e->cmd_defns[idx].cmd_desc);
+                return snprintf(s, strlen(int_no_description) + 1,"%s",
+                                int_no_description);
         case ENGINE_CTRL_GET_CMD_FLAGS:
                 return e->cmd_defns[idx].cmd_flags;
                 }
diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h
index 9c3ab182d3..8686879e1a 100644
--- a/src/lib/libssl/src/crypto/engine/engine.h
+++ b/src/lib/libssl/src/crypto/engine/engine.h
@@ -538,10 +538,10 @@ void ENGINE_add_conf_module(void);
 /**************************/
 
 /* Binary/behaviour compatibility levels */
-#define OSSL_DYNAMIC_VERSION            (unsigned long)0x00010200
+#define OSSL_DYNAMIC_VERSION            (unsigned long)0x00010100
 /* Binary versions older than this are too old for us (whether we're a loader or
  * a loadee) */
-#define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00010200
+#define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00010100
 
 /* When compiling an ENGINE entirely as an external shared library, loadable by
  * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
@@ -630,10 +630,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
                 if(!fn(e,id)) return 0; \
                 return 1; }
 
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
-void ENGINE_setup_bsd_cryptodev(void);
-#endif
-
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c
index 40af97ac24..b502d12b6d 100644
--- a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c
+++ b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c
@@ -12,9 +12,6 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the author nor the names of contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
@@ -71,14 +68,19 @@ struct dev_crypto_state {
         int d_fd;
 };
 
+struct dev_crypto_cipher {
+        int     c_id;
+        int     c_nid;
+        int     c_ivmax;
+        int     c_keylen;
+};
+
 static u_int32_t cryptodev_asymfeat = 0;
 
 static int get_asym_dev_crypto(void);
 static int open_dev_crypto(void);
 static int get_dev_crypto(void);
-static int cryptodev_max_iv(int cipher);
-static int cryptodev_key_length_valid(int cipher, int len);
-static int cipher_nid_to_cryptodev(int nid);
+static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid);
 static int get_cryptodev_ciphers(const int **cnids);
 static int get_cryptodev_digests(const int **cnids);
 static int cryptodev_usable_ciphers(const int **nids);
@@ -125,15 +127,12 @@ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
         { 0, NULL, NULL, 0 }
 };
 
-static struct {
-        int     id;
-        int     nid;
-        int     ivmax;
-        int     keylen;
-} ciphers[] = {
+static struct dev_crypto_cipher ciphers[] = {
         { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
         { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
         { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+        { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+        { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
         { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
         { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
         { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
@@ -203,48 +202,16 @@ get_asym_dev_crypto(void)
         return fd;
 }
 
-/*
- * XXXX this needs to be set for each alg - and determined from
- * a running card.
- */
-static int
-cryptodev_max_iv(int cipher)
-{
-        int i;
-
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].id == cipher)
-                        return (ciphers[i].ivmax);
-        return (0);
-}
-
-/*
- * XXXX this needs to be set for each alg - and determined from
- * a running card. For now, fake it out - but most of these
- * for real devices should return 1 for the supported key
- * sizes the device can handle.
- */
-static int
-cryptodev_key_length_valid(int cipher, int len)
-{
-        int i;
-
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].id == cipher)
-                        return (ciphers[i].keylen == len);
-        return (0);
-}
-
 /* convert libcrypto nids to cryptodev */
-static int
+static struct dev_crypto_cipher *
 cipher_nid_to_cryptodev(int nid)
 {
         int i;
 
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].nid == nid)
-                        return (ciphers[i].id);
-        return (0);
+        for (i = 0; ciphers[i].c_id; i++)
+                if (ciphers[i].c_nid == nid)
+                        return (&ciphers[i]);
+        return (NULL);
 }
 
 /*
@@ -267,15 +234,15 @@ get_cryptodev_ciphers(const int **cnids)
         memset(&sess, 0, sizeof(sess));
         sess.key = (caddr_t)"123456781234567812345678";
 
-        for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-                if (ciphers[i].nid == NID_undef)
+        for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (ciphers[i].c_nid == NID_undef)
                         continue;
-                sess.cipher = ciphers[i].id;
-                sess.keylen = ciphers[i].keylen;
+                sess.cipher = ciphers[i].c_id;
+                sess.keylen = ciphers[i].c_keylen;
                 sess.mac = 0;
                 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
                     ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-                        nids[count++] = ciphers[i].nid;
+                        nids[count++] = ciphers[i].c_nid;
         }
         close(fd);
 
@@ -428,15 +395,15 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 {
         struct dev_crypto_state *state = ctx->cipher_data;
         struct session_op *sess = &state->d_sess;
-        int cipher;
+        struct dev_crypto_cipher *cipher;
 
-        if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
+        if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL)
                 return (0);
 
-        if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
+        if (ctx->cipher->iv_len > cipher->c_ivmax)
                 return (0);
 
-        if (!cryptodev_key_length_valid(cipher, ctx->key_len))
+        if (ctx->key_len != cipher->c_keylen)
                 return (0);
 
         memset(sess, 0, sizeof(struct session_op));
@@ -446,7 +413,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
         sess->key = (unsigned char *)key;
         sess->keylen = ctx->key_len;
-        sess->cipher = cipher;
+        sess->cipher = cipher->c_id;
 
         if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
                 close(state->d_fd);
@@ -551,7 +518,7 @@ const EVP_CIPHER cryptodev_cast_cbc = {
         NULL
 };
 
-const EVP_CIPHER cryptodev_aes_cbc = {
+const EVP_CIPHER cryptodev_aes_128_cbc = {
         NID_aes_128_cbc,
         16, 16, 16,
         EVP_CIPH_CBC_MODE,
@@ -564,6 +531,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
         NULL
 };
 
+const EVP_CIPHER cryptodev_aes_192_cbc = {
+        NID_aes_192_cbc,
+        16, 24, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_aes_256_cbc = {
+        NID_aes_256_cbc,
+        16, 32, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
 /*
  * Registered by the ENGINE when used to find out how to deal with
  * a particular NID in the ENGINE. this says what we'll do at the
@@ -590,7 +583,13 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
                 *cipher = &cryptodev_cast_cbc;
                 break;
         case NID_aes_128_cbc:
-                *cipher = &cryptodev_aes_cbc;
+                *cipher = &cryptodev_aes_128_cbc;
+                break;
+        case NID_aes_192_cbc:
+                *cipher = &cryptodev_aes_192_cbc;
+                break;
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
                 break;
         default:
                 *cipher = NULL;
@@ -874,7 +873,6 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                 goto err;
         }
 
-        printf("bar\n");
         memset(&kop, 0, sizeof kop);
         kop.crk_op = CRK_DSA_SIGN;
 
diff --git a/src/lib/libssl/src/crypto/engine/hw_openbsd_dev_crypto.c b/src/lib/libssl/src/crypto/engine/hw_openbsd_dev_crypto.c
new file mode 100644
index 0000000000..b8aab545db
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/hw_openbsd_dev_crypto.c
@@ -0,0 +1,594 @@
+/* Written by Ben Laurie <ben@algroup.co.uk> August 2001 */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include "eng_int.h"
+/* Maybe this is needed? ... */
+#ifdef FLAT_INC
+#include "evp_locl.h"
+#else
+#include "../evp/evp_locl.h"
+#endif
+#include <openssl/conf.h>
+
+#ifndef OPENSSL_OPENBSD_DEV_CRYPTO
+
+void ENGINE_load_openbsd_dev_crypto(void)
+        {
+        /* This is a NOP unless OPENSSL_OPENBSD_DEV_CRYPTO is defined */
+        return;
+        }
+
+#else /* OPENSSL_OPENBSD_DEV_CRYPTO */
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/ioctl.h>
+
+#include <crypto/cryptodev.h>
+
+/****************************************************/
+/* Declare the normal generic ENGINE stuff here ... */
+
+static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                const int **nids, int nid);
+static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest,
+                                const int **nids, int nid);
+
+static const char dev_crypto_id[] = "openbsd_dev_crypto";
+static const char dev_crypto_name[] = "OpenBSD /dev/crypto";
+
+static long allow_misaligned;
+
+#define DEV_CRYPTO_CMD_ALLOW_MISALIGNED         ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN dev_crypto_cmd_defns[]=
+        {
+        { DEV_CRYPTO_CMD_ALLOW_MISALIGNED,
+          "allow_misaligned",
+          "Permit misaligned data to be used",
+          ENGINE_CMD_FLAG_NUMERIC },
+        { 0, NULL, NULL, 0 }
+        };
+
+static int dev_crypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        switch(cmd)
+                {
+        case DEV_CRYPTO_CMD_ALLOW_MISALIGNED:
+                allow_misaligned=i;
+                printf("allow misaligned=%ld\n",allow_misaligned);
+                break;
+                }
+
+        return 1;
+        }
+
+static ENGINE *engine_openbsd_dev_crypto(void)
+        {
+        ENGINE *engine=ENGINE_new();
+
+        if(!ENGINE_set_id(engine, dev_crypto_id) ||
+           !ENGINE_set_name(engine, dev_crypto_name) ||
+           !ENGINE_set_ciphers(engine, dev_crypto_ciphers) ||
+           !ENGINE_set_digests(engine, dev_crypto_digests) ||
+           !ENGINE_set_ctrl_function(engine, dev_crypto_ctrl) ||
+           !ENGINE_set_cmd_defns(engine, dev_crypto_cmd_defns))
+                {
+                ENGINE_free(engine);
+                return NULL;
+                }
+
+        return engine;
+        }
+
+void ENGINE_load_openbsd_dev_crypto(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_openbsd_dev_crypto();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+
+/******************************************************************************/
+/* Clip in the stuff from crypto/evp/openbsd_hw.c here. NB: What has changed? */
+/* I've removed the exposed EVP_*** functions, they're accessed through the   */
+/* "dev_crypto_[ciphers|digests]" handlers. I've also moved the EVP_CIPHER    */
+/* and EVP_MD structures to the bottom where they are close to the handlers   */
+/* that expose them. What should be done? The global data (file-descriptors,  */
+/* etc) should be put into ENGINE's ex_data support, and per-context data     */
+/* (also file-descriptors perhaps) should be put into the contexts. Also code */
+/* formatting, fprintf statements, and OpenSSL-style error handling should be */
+/* added (dynamically, like the other ENGINEs). Also, "dynamic" support       */
+/* be added to this ENGINE once it's up and running so that it could be built */
+/* as a shared-library. What else? device initialisation should take place    */
+/* inside an ENGINE 'init()' handler (and likewise 'finish()'). ciphers and   */
+/* digests won't be used by the framework unless the ENGINE has been          */
+/* successfully initialised (that's one of the things you get for free) so    */
+/* initialisation, including returning failure if device setup fails, can be  */
+/* handled quite cleanly. This could presumably handle the opening (and then  */
+/* closing inside 'finish()') of the 'cryptodev_fd' file-descriptor).         */
+
+/* longest key supported in hardware */
+#define MAX_HW_KEY      24
+#define MAX_HW_IV       8
+
+#define MD5_DIGEST_LENGTH       16
+#define MD5_CBLOCK              64
+
+static int fd;
+static int dev_failed;
+
+typedef struct session_op session_op;
+
+#define CDATA(ctx) EVP_C_DATA(session_op,ctx)
+
+static void err(const char *str)
+    {
+    fprintf(stderr,"%s: errno %d\n",str,errno);
+    }
+
+static int dev_crypto_init(session_op *ses)
+    {
+    if(dev_failed)
+        return 0;
+    if(!fd)
+        {
+        int cryptodev_fd;
+
+        if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
+            {
+            err("/dev/crypto");
+            dev_failed=1;
+            return 0;
+            }
+        if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
+            {
+            err("CRIOGET failed");
+            close(cryptodev_fd);
+            dev_failed=1;
+            return 0;
+            }
+        close(cryptodev_fd);
+        }
+    assert(ses);
+    memset(ses,'\0',sizeof *ses);
+
+    return 1;
+    }
+
+static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
+    {
+    fprintf(stderr,"cleanup %d\n",CDATA(ctx)->ses);
+    if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)
+        err("CIOCFSESSION failed");
+
+    OPENSSL_free(CDATA(ctx)->key);
+
+    return 1;
+    }
+
+static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
+                               const unsigned char *key,int klen)
+    {
+    if(!dev_crypto_init(CDATA(ctx)))
+        return 0;
+
+    CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);
+
+    assert(ctx->cipher->iv_len <= MAX_HW_IV);
+
+    memcpy(CDATA(ctx)->key,key,klen);
+    
+    CDATA(ctx)->cipher=cipher;
+    CDATA(ctx)->keylen=klen;
+
+    if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)
+        {
+        err("CIOCGSESSION failed");
+        return 0;
+        }
+    return 1;
+    }
+
+static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+                             const unsigned char *in,unsigned int inl)
+    {
+    struct crypt_op cryp;
+    unsigned char lb[MAX_HW_IV];
+
+    if(!inl)
+        return 1;
+
+    assert(CDATA(ctx));
+    assert(!dev_failed);
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=CDATA(ctx)->ses;
+    cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+    cryp.flags=0;
+    cryp.len=inl;
+    assert((inl&(ctx->cipher->block_size-1)) == 0);
+    cryp.src=(caddr_t)in;
+    cryp.dst=(caddr_t)out;
+    cryp.mac=0;
+    if(ctx->cipher->iv_len)
+        cryp.iv=(caddr_t)ctx->iv;
+
+    if(!ctx->encrypt)
+        memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+        {
+        if(errno == EINVAL) /* buffers are misaligned */
+            {
+            unsigned int cinl=0;
+            char *cin=NULL;
+            char *cout=NULL;
+
+            /* NB: this can only make cinl != inl with stream ciphers */
+            cinl=(inl+3)/4*4;
+
+            if(((unsigned long)in&3) || cinl != inl)
+                {
+                cin=OPENSSL_malloc(cinl);
+                memcpy(cin,in,inl);
+                cryp.src=cin;
+                }
+
+            if(((unsigned long)out&3) || cinl != inl)
+                {
+                cout=OPENSSL_malloc(cinl);
+                cryp.dst=cout;
+                }
+
+            cryp.len=cinl;
+
+            if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+                {
+                err("CIOCCRYPT(2) failed");
+                printf("src=%p dst=%p\n",cryp.src,cryp.dst);
+                abort();
+                return 0;
+                }
+                
+            if(cout)
+                {
+                memcpy(out,cout,inl);
+                OPENSSL_free(cout);
+                }
+            if(cin)
+                OPENSSL_free(cin);
+            }
+        else 
+            {       
+            err("CIOCCRYPT failed");
+            abort();
+            return 0;
+            }
+        }
+
+    if(ctx->encrypt)
+        memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+    else
+        memcpy(ctx->iv,lb,ctx->cipher->iv_len);
+
+    return 1;
+    }
+
+static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *key,
+                                        const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
+
+static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *key,
+                                        const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
+
+typedef struct
+    {
+    session_op sess;
+    char *data;
+    int len;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    } MD_DATA;
+
+static int dev_crypto_init_digest(MD_DATA *md_data,int mac)
+    {
+    if(!dev_crypto_init(&md_data->sess))
+        return 0;
+
+    md_data->len=0;
+    md_data->data=NULL;
+
+    md_data->sess.mac=mac;
+
+    if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)
+        {
+        err("CIOCGSESSION failed");
+        return 0;
+        }
+    fprintf(stderr,"opened %d\n",md_data->sess.ses);
+    return 1;
+    }
+
+static int dev_crypto_cleanup_digest(MD_DATA *md_data)
+    {
+    fprintf(stderr,"cleanup %d\n",md_data->sess.ses);
+    if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)
+        {
+        err("CIOCFSESSION failed");
+        return 0;
+        }
+
+    return 1;
+    }
+
+/* FIXME: if device can do chained MACs, then don't accumulate */
+/* FIXME: move accumulation to the framework */
+static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
+    { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }
+
+static int do_digest(int ses,unsigned char *md,const void *data,int len)
+    {
+    struct crypt_op cryp;
+    static unsigned char md5zero[16]=
+        {
+        0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
+        0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e
+        };
+
+    /* some cards can't do zero length */
+    if(!len)
+        {
+        memcpy(md,md5zero,16);
+        return 1;
+        }
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=ses;
+    cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
+    cryp.len=len;
+    cryp.src=(caddr_t)data;
+    cryp.dst=(caddr_t)data; /* FIXME!!! */
+    cryp.mac=(caddr_t)md;
+
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+        {
+        if(errno == EINVAL && allow_misaligned) /* buffer is misaligned */
+            {
+            char *dcopy;
+
+            dcopy=OPENSSL_malloc(len);
+            memcpy(dcopy,data,len);
+            cryp.src=dcopy;
+            cryp.dst=cryp.src; /* FIXME!!! */
+
+            if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+                {
+                err("CIOCCRYPT(MAC2) failed");
+                abort();
+                return 0;
+                }
+            OPENSSL_free(dcopy);
+            }
+        else
+            {
+            err("CIOCCRYPT(MAC) failed");
+            abort();
+            return 0;
+            }
+        }
+    /*    printf("done\n"); */
+
+    return 1;
+    }
+
+static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,
+                                 unsigned long len)
+    {
+    MD_DATA *md_data=ctx->md_data;
+
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+        return do_digest(md_data->sess.ses,md_data->md,data,len);
+
+    md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);
+    memcpy(md_data->data+md_data->len,data,len);
+    md_data->len+=len;
+
+    return 1;
+    }   
+
+static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
+    {
+    int ret;
+    MD_DATA *md_data=ctx->md_data;
+
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+        {
+        memcpy(md,md_data->md,MD5_DIGEST_LENGTH);
+        ret=1;
+        }
+    else
+        {
+        ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);
+        OPENSSL_free(md_data->data);
+        md_data->data=NULL;
+        md_data->len=0;
+        }
+
+    return ret;
+    }
+
+static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+    {
+    const MD_DATA *from_md=from->md_data;
+    MD_DATA *to_md=to->md_data;
+
+    /* How do we copy sessions? */
+    assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
+
+    to_md->data=OPENSSL_malloc(from_md->len);
+    memcpy(to_md->data,from_md->data,from_md->len);
+
+    return 1;
+    }
+
+static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
+    {
+    return dev_crypto_cleanup_digest(ctx->md_data);
+    }
+
+/**************************************************************************/
+/* Here are the moved declarations of the EVP_CIPHER and EVP_MD           */
+/* implementations. They're down here to be within easy editor-distance   */
+/* of the digests and ciphers handler functions.                          */
+
+#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
+
+BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
+                     0, dev_crypto_des_ede3_init_key,
+                     dev_crypto_cleanup, 
+                     EVP_CIPHER_set_asn1_iv,
+                     EVP_CIPHER_get_asn1_iv,
+                     NULL)
+
+static const EVP_CIPHER r4_cipher=
+    {
+    NID_rc4,
+    1,16,0,     /* FIXME: key should be up to 256 bytes */
+    EVP_CIPH_VARIABLE_LENGTH,
+    dev_crypto_rc4_init_key,
+    dev_crypto_cipher,
+    dev_crypto_cleanup,
+    sizeof(session_op),
+    NULL,
+    NULL,
+    NULL
+    };
+
+static const EVP_MD md5_md=
+    {
+    NID_md5,
+    NID_md5WithRSAEncryption,
+    MD5_DIGEST_LENGTH,
+    EVP_MD_FLAG_ONESHOT,        /* XXX: set according to device info... */
+    dev_crypto_md5_init,
+    dev_crypto_md5_update,
+    dev_crypto_md5_final,
+    dev_crypto_md5_copy,
+    dev_crypto_md5_cleanup,
+    EVP_PKEY_RSA_method,
+    MD5_CBLOCK,
+    sizeof(MD_DATA),
+    };
+
+/****************************************************************/
+/* Implement the dev_crypto_[ciphers|digests] handlers here ... */
+
+static int cipher_nids[] = {NID_des_ede3_cbc, NID_rc4};
+static int cipher_nids_num = 2;
+static int digest_nids[] = {NID_md5};
+static int digest_nids_num = 1;
+
+static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                const int **nids, int nid)
+        {
+        if(!cipher)
+                {
+                /* We are returning a list of supported nids */
+                *nids = cipher_nids;
+                return cipher_nids_num;
+                }
+        /* We are being asked for a specific cipher */
+        if(nid == NID_rc4)
+                *cipher = &r4_cipher;
+        else if(nid == NID_des_ede3_cbc)
+                *cipher = &dev_crypto_des_ede3_cbc;
+        else
+                {
+                *cipher = NULL;
+                return 0;
+                }
+        return 1;
+        }
+
+static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest,
+                                const int **nids, int nid)
+        {
+        if(!digest)
+                {
+                /* We are returning a list of supported nids */
+                *nids = digest_nids;
+                return digest_nids_num;
+                }
+        /* We are being asked for a specific digest */
+        if(nid == NID_md5)
+                *digest = &md5_md;
+        else
+                {
+                *digest = NULL;
+                return 0;
+                }
+        return 1;
+        }
+
+#endif /* OPENSSL_OPENBSD_DEV_CRYPTO */
diff --git a/src/lib/libssl/src/crypto/engine/hw_ubsec.c b/src/lib/libssl/src/crypto/engine/hw_ubsec.c
index 5234a08a07..6286dd851c 100644
--- a/src/lib/libssl/src/crypto/engine/hw_ubsec.c
+++ b/src/lib/libssl/src/crypto/engine/hw_ubsec.c
@@ -561,6 +561,7 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
                 return 0;
         }
+        memset(r->d, 0, BN_num_bytes(m));
 
         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
                 fd = 0;
diff --git a/src/lib/libssl/src/crypto/err/Makefile.ssl b/src/lib/libssl/src/crypto/err/Makefile.ssl
new file mode 100644
index 0000000000..b253061d07
--- /dev/null
+++ b/src/lib/libssl/src/crypto/err/Makefile.ssl
@@ -0,0 +1,119 @@
+#
+# SSLeay/crypto/err/Makefile
+#
+
+DIR=    err
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=err.c err_all.c err_prn.c
+LIBOBJ=err.o err_all.o err_prn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= err.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+err.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/buffer.h
+err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err.o: ../../include/openssl/symhacks.h ../cryptlib.h err.c
+err_all.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+err_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+err_all.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+err_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+err_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+err_all.o: ../../include/openssl/x509v3.h err_all.c
+err_prn.o: ../../e_os.h ../../include/openssl/bio.h
+err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+err_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_prn.o: ../cryptlib.h err_prn.c
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c
index 633a1addfe..a4f4a260af 100644
--- a/src/lib/libssl/src/crypto/err/err.c
+++ b/src/lib/libssl/src/crypto/err/err.c
@@ -225,7 +225,6 @@ struct st_ERR_FNS
         ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
         /* Works on the "thread_hash" error-state table */
         LHASH *(*cb_thread_get)(int create);
-        void (*cb_thread_release)(LHASH **hash);
         ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
         ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
         void (*cb_thread_del_item)(const ERR_STATE *);
@@ -240,7 +239,6 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
 static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
 static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
 static LHASH *int_thread_get(int create);
-static void int_thread_release(LHASH **hash);
 static ERR_STATE *int_thread_get_item(const ERR_STATE *);
 static ERR_STATE *int_thread_set_item(ERR_STATE *);
 static void int_thread_del_item(const ERR_STATE *);
@@ -254,7 +252,6 @@ static const ERR_FNS err_defaults =
         int_err_set_item,
         int_err_del_item,
         int_thread_get,
-        int_thread_release,
         int_thread_get_item,
         int_thread_set_item,
         int_thread_del_item,
@@ -274,7 +271,6 @@ static const ERR_FNS *err_fns = NULL;
  * and state in the loading application. */
 static LHASH *int_error_hash = NULL;
 static LHASH *int_thread_hash = NULL;
-static int int_thread_hash_references = 0;
 static int int_err_library_number= ERR_LIB_USER;
 
 /* Internal function that checks whether "err_fns" is set and if not, sets it to
@@ -421,37 +417,11 @@ static LHASH *int_thread_get(int create)
                 CRYPTO_pop_info();
                 }
         if (int_thread_hash)
-                {
-                int_thread_hash_references++;
                 ret = int_thread_hash;
-                }
         CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
         return ret;
         }
 
-static void int_thread_release(LHASH **hash)
-        {
-        int i;
-
-        if (hash == NULL || *hash == NULL)
-                return;
-
-        i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
-
-#ifdef REF_PRINT
-        fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"int_thread_release, bad reference count\n");
-                abort(); /* ok */
-                }
-#endif
-        *hash = NULL;
-        }
-
 static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
         {
         ERR_STATE *p;
@@ -466,7 +436,6 @@ static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
         p = (ERR_STATE *)lh_retrieve(hash, d);
         CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
 
-        ERRFN(thread_release)(&hash);
         return p;
         }
 
@@ -484,7 +453,6 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *d)
         p = (ERR_STATE *)lh_insert(hash, d);
         CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 
-        ERRFN(thread_release)(&hash);
         return p;
         }
 
@@ -501,15 +469,13 @@ static void int_thread_del_item(const ERR_STATE *d)
         CRYPTO_w_lock(CRYPTO_LOCK_ERR);
         p = (ERR_STATE *)lh_delete(hash, d);
         /* make sure we don't leak memory */
-        if (int_thread_hash_references == 1
-                && int_thread_hash && (lh_num_items(int_thread_hash) == 0))
+        if (int_thread_hash && (lh_num_items(int_thread_hash) == 0))
                 {
                 lh_free(int_thread_hash);
                 int_thread_hash = NULL;
                 }
         CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 
-        ERRFN(thread_release)(&hash);
         if (p)
                 ERR_STATE_free(p);
         }
@@ -879,12 +845,6 @@ LHASH *ERR_get_err_state_table(void)
         return ERRFN(thread_get)(0);
         }
 
-void ERR_release_err_state_table(LHASH **hash)
-        {
-        err_fns_check();
-        ERRFN(thread_release)(hash);
-        }
-
 const char *ERR_lib_error_string(unsigned long e)
         {
         ERR_STRING_DATA d,*p;
@@ -1065,7 +1025,7 @@ void ERR_add_error_data(int num, ...)
                                 else
                                         str=p;
                                 }
-                        strcat(str,a);
+                        strlcat(str,a,s+1);
                         }
                 }
         ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
diff --git a/src/lib/libssl/src/crypto/err/err.h b/src/lib/libssl/src/crypto/err/err.h
index 8faa3a7b4f..988ef81aa0 100644
--- a/src/lib/libssl/src/crypto/err/err.h
+++ b/src/lib/libssl/src/crypto/err/err.h
@@ -278,7 +278,6 @@ ERR_STATE *ERR_get_state(void);
 #ifndef OPENSSL_NO_LHASH
 LHASH *ERR_get_string_table(void);
 LHASH *ERR_get_err_state_table(void);
-void ERR_release_err_state_table(LHASH **hash);
 #endif
 
 int ERR_get_next_error_library(void);
diff --git a/src/lib/libssl/src/crypto/evp/Makefile.ssl b/src/lib/libssl/src/crypto/evp/Makefile.ssl
new file mode 100644
index 0000000000..b4172406ae
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/Makefile.ssl
@@ -0,0 +1,1058 @@
+#
+# SSLeay/crypto/evp/Makefile
+#
+
+DIR=    evp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=evp_test.c
+TESTDATA=evptests.txt
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
+        e_des.c e_bf.c e_idea.c e_des3.c \
+        e_rc4.c e_aes.c names.c \
+        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+        m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
+        m_dss.c m_dss1.c m_mdc2.c m_ripemd.c \
+        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
+        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
+
+LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
+        e_des.o e_bf.o e_idea.o e_des3.o \
+        e_rc4.o e_aes.o names.o \
+        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
+        m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
+        m_dss.o m_dss1.o m_mdc2.o m_ripemd.o \
+        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
+        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= evp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        cp $(TESTDATA) ../../test
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_b64.o: ../../e_os.h ../../include/openssl/aes.h
+bio_b64.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_b64.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_b64.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_b64.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+bio_b64.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_b64.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+bio_b64.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_b64.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_b64.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_b64.o: ../cryptlib.h bio_b64.c
+bio_enc.o: ../../e_os.h ../../include/openssl/aes.h
+bio_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+bio_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+bio_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_enc.o: ../cryptlib.h bio_enc.c
+bio_md.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+bio_md.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+bio_md.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+bio_md.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+bio_md.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+bio_md.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+bio_md.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+bio_md.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_md.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bio_md.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bio_md.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bio_md.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bio_md.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+bio_md.o: ../../include/openssl/ui_compat.h ../cryptlib.h bio_md.c
+bio_ok.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+bio_ok.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+bio_ok.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+bio_ok.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+bio_ok.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+bio_ok.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+bio_ok.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+bio_ok.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+bio_ok.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_ok.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_ok.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_ok.o: ../cryptlib.h bio_ok.c
+c_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+c_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+c_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+c_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_all.o: ../../include/openssl/ui_compat.h ../cryptlib.h c_all.c
+c_allc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_allc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_allc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_allc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_allc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_allc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+c_allc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+c_allc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_allc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_allc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_allc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_allc.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c
+c_alld.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_alld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_alld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_alld.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_alld.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_alld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_alld.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+c_alld.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+c_alld.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_alld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_alld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_alld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_alld.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c
+digest.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+digest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+digest.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+digest.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+digest.o: ../../include/openssl/ui_compat.h ../cryptlib.h digest.c
+e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_aes.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_aes.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+e_aes.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_aes.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+e_aes.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+e_aes.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_aes.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_aes.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_aes.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+e_aes.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_aes.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_aes.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h e_aes.c
+e_aes.o: evp_locl.h
+e_bf.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_bf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_bf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_bf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_bf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_bf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_bf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_bf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_bf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_bf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_bf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_bf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_bf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_bf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_bf.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_bf.c evp_locl.h
+e_cast.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_cast.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_cast.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_cast.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_cast.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_cast.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cast.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_cast.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_cast.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_cast.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_cast.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_cast.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_cast.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_cast.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_cast.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_cast.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_cast.c evp_locl.h
+e_des.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_des.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_des.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_des.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_des.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_des.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_des.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_des.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_des.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_des.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
+e_des3.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_des3.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_des3.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_des3.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_des3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_des3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_des3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_des3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
+e_idea.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_idea.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_idea.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_idea.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_idea.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_idea.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_idea.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_idea.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_idea.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_idea.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_idea.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_idea.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_idea.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_idea.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_idea.c evp_locl.h
+e_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_null.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_null.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_null.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_null.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_null.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_null.c
+e_rc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc2.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc2.c evp_locl.h
+e_rc4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc4.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc4.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc4.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc4.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c
+e_rc5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc5.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc5.c evp_locl.h
+e_xcbc_d.o: ../../e_os.h ../../include/openssl/aes.h
+e_xcbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_xcbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+e_xcbc_d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_xcbc_d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_xcbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_xcbc_d.o: ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_xcbc_d.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_xcbc_d.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_xcbc_d.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_xcbc_d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
+encode.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+encode.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+encode.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+encode.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+encode.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+encode.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+encode.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+encode.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+encode.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+encode.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+encode.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+encode.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+encode.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+encode.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+encode.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+encode.o: ../../include/openssl/ui_compat.h ../cryptlib.h encode.c
+evp_acnf.o: ../../e_os.h ../../include/openssl/aes.h
+evp_acnf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_acnf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_acnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_acnf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_acnf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_acnf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_acnf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_acnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_acnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_acnf.o: ../../include/openssl/ui_compat.h ../cryptlib.h evp_acnf.c
+evp_enc.o: ../../e_os.h ../../include/openssl/aes.h
+evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+evp_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
+evp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+evp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+evp_err.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+evp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_err.o: evp_err.c
+evp_key.o: ../../e_os.h ../../include/openssl/aes.h
+evp_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_key.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
+evp_lib.o: ../../e_os.h ../../include/openssl/aes.h
+evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+evp_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_lib.o: ../cryptlib.h evp_lib.c
+evp_pbe.o: ../../e_os.h ../../include/openssl/aes.h
+evp_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_pbe.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c
+evp_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pkey.o: ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+evp_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c
+m_dss.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_dss.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_dss.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_dss.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_dss.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_dss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_dss.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_dss.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_dss.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_dss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_dss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss.o: ../cryptlib.h m_dss.c
+m_dss1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_dss1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_dss1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_dss1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_dss1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_dss1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_dss1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_dss1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_dss1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_dss1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss1.o: ../cryptlib.h m_dss1.c
+m_md2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md2.o: ../cryptlib.h m_md2.c
+m_md4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md4.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md4.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md4.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md4.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md4.o: ../cryptlib.h m_md4.c
+m_md5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md5.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md5.o: ../cryptlib.h m_md5.c
+m_mdc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_mdc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_mdc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_mdc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_mdc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_mdc2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_mdc2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_mdc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_mdc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_mdc2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_mdc2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_mdc2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_mdc2.o: ../cryptlib.h m_mdc2.c
+m_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_null.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_null.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_null.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_null.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_null.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_null.o: ../cryptlib.h m_null.c
+m_ripemd.o: ../../e_os.h ../../include/openssl/aes.h
+m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_ripemd.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_ripemd.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+m_ripemd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_ripemd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_ripemd.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_ripemd.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_ripemd.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_ripemd.o: ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_ripemd.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_ripemd.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_ripemd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_ripemd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_ripemd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_ripemd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_ripemd.o: ../cryptlib.h m_ripemd.c
+m_sha.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_sha.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_sha.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_sha.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_sha.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_sha.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_sha.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_sha.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_sha.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_sha.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha.o: ../cryptlib.h m_sha.c
+m_sha1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_sha1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_sha1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_sha1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_sha1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_sha1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_sha1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_sha1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_sha1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha1.o: ../cryptlib.h m_sha1.c
+names.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+names.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+names.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+names.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+names.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+names.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+names.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+names.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+names.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+names.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+names.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+names.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+names.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+names.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+names.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+names.o: ../cryptlib.h names.c
+p5_crpt.o: ../../e_os.h ../../include/openssl/aes.h
+p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p5_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p5_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p5_crpt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c
+p5_crpt2.o: ../../e_os.h ../../include/openssl/aes.h
+p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_crpt2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_crpt2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p5_crpt2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p5_crpt2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_crpt2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_crpt2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_crpt2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_crpt2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p5_crpt2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt2.o: ../cryptlib.h p5_crpt2.c
+p_dec.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_dec.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_dec.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_dec.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_dec.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_dec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_dec.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_dec.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_dec.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_dec.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_dec.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_dec.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
+p_enc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_enc.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
+p_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+p_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_lib.c
+p_open.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_open.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_open.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_open.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_open.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_open.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_open.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_open.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_open.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_open.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_open.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_open.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_open.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_open.o: ../cryptlib.h p_open.c
+p_seal.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_seal.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_seal.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_seal.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_seal.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_seal.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_seal.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_seal.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_seal.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
+p_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_sign.o: ../cryptlib.h p_sign.c
+p_verify.o: ../../e_os.h ../../include/openssl/aes.h
+p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_verify.o: ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_verify.o: ../cryptlib.h p_verify.c
diff --git a/src/lib/libssl/src/crypto/evp/bio_b64.c b/src/lib/libssl/src/crypto/evp/bio_b64.c
index 33349c2f98..6e550f6a43 100644
--- a/src/lib/libssl/src/crypto/evp/bio_b64.c
+++ b/src/lib/libssl/src/crypto/evp/bio_b64.c
@@ -184,9 +184,7 @@ static int b64_read(BIO *b, char *out, int outl)
         ret_code=0;
         while (outl > 0)
                 {
-
-                if (ctx->cont <= 0)
-                        break;
+                if (ctx->cont <= 0) break;
 
                 i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
                         B64_BLOCK_SIZE-ctx->tmp_len);
@@ -197,21 +195,11 @@ static int b64_read(BIO *b, char *out, int outl)
 
                         /* Should be continue next time we are called? */
                         if (!BIO_should_retry(b->next_bio))
-                                {
                                 ctx->cont=i;
-                                /* If buffer empty break */
-                                if(ctx->tmp_len == 0)
-                                        break;
-                                /* Fall through and process what we have */
-                                else
-                                        i = 0;
-                                }
-                        /* else we retry and add more data to buffer */
-                        else
-                                break;
+                        /* else we should continue when called again */
+                        break;
                         }
                 i+=ctx->tmp_len;
-                ctx->tmp_len = i;
 
                 /* We need to scan, a line at a time until we
                  * have a valid line if we are starting. */
@@ -267,12 +255,8 @@ static int b64_read(BIO *b, char *out, int outl)
                                  * reading until a new line. */
                                 if (p == (unsigned char *)&(ctx->tmp[0]))
                                         {
-                                        /* Check buffer full */
-                                        if (i == B64_BLOCK_SIZE)
-                                                {
-                                                ctx->tmp_nl=1;
-                                                ctx->tmp_len=0;
-                                                }
+                                        ctx->tmp_nl=1;
+                                        ctx->tmp_len=0;
                                         }
                                 else if (p != q) /* finished on a '\n' */
                                         {
@@ -287,11 +271,6 @@ static int b64_read(BIO *b, char *out, int outl)
                         else
                                 ctx->tmp_len=0;
                         }
-                /* If buffer isn't full and we can retry then
-                 * restart to read in more data.
-                 */
-                else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
-                        continue;
 
                 if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
                         {
@@ -331,8 +310,8 @@ static int b64_read(BIO *b, char *out, int outl)
                         i=EVP_DecodeUpdate(&(ctx->base64),
                                 (unsigned char *)ctx->buf,&ctx->buf_len,
                                 (unsigned char *)ctx->tmp,i);
-                        ctx->tmp_len = 0;
                         }
+                ctx->cont=i;
                 ctx->buf_off=0;
                 if (i < 0)
                         {
@@ -505,7 +484,10 @@ again:
                         {
                         i=b64_write(b,NULL,0);
                         if (i < 0)
-                                return i;
+                                {
+                                ret=i;
+                                break;
+                                }
                         }
                 if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
                         {
diff --git a/src/lib/libssl/src/crypto/evp/bio_ok.c b/src/lib/libssl/src/crypto/evp/bio_ok.c
index 530ab937ce..4e3f10141b 100644
--- a/src/lib/libssl/src/crypto/evp/bio_ok.c
+++ b/src/lib/libssl/src/crypto/evp/bio_ok.c
@@ -102,7 +102,7 @@
 
                 *) digest is initialized with random seed instead of 
                 standardized one.
-                *) same seed is written to ouput
+                *) same seed is written to output
                 *) well-known text is then hashed and the output 
                 of the digest is also written to output.
 
diff --git a/src/lib/libssl/src/crypto/evp/c_all.c b/src/lib/libssl/src/crypto/evp/c_all.c
index fa60a73ead..1b31a14e37 100644
--- a/src/lib/libssl/src/crypto/evp/c_all.c
+++ b/src/lib/libssl/src/crypto/evp/c_all.c
@@ -59,9 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 
 #if 0
 #undef OpenSSL_add_all_algorithms
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 45a25f968d..7b234d0ad6 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -74,48 +74,6 @@
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#ifndef OPENSSL_NO_MD2
-#include <openssl/md2.h>
-#endif
-#ifndef OPENSSL_NO_MD4
-#include <openssl/md4.h>
-#endif
-#ifndef OPENSSL_NO_MD5
-#include <openssl/md5.h>
-#endif
-#ifndef OPENSSL_NO_SHA
-#include <openssl/sha.h>
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-#include <openssl/ripemd.h>
-#endif
-#ifndef OPENSSL_NO_DES
-#include <openssl/des.h>
-#endif
-#ifndef OPENSSL_NO_RC4
-#include <openssl/rc4.h>
-#endif
-#ifndef OPENSSL_NO_RC2
-#include <openssl/rc2.h>
-#endif
-#ifndef OPENSSL_NO_RC5
-#include <openssl/rc5.h>
-#endif
-#ifndef OPENSSL_NO_BF
-#include <openssl/blowfish.h>
-#endif
-#ifndef OPENSSL_NO_CAST
-#include <openssl/cast.h>
-#endif
-#ifndef OPENSSL_NO_IDEA
-#include <openssl/idea.h>
-#endif
-#ifndef OPENSSL_NO_MDC2
-#include <openssl/mdc2.h>
-#endif
-#ifndef OPENSSL_NO_AES
-#include <openssl/aes.h>
-#endif
 
 /*
 #define EVP_RC2_KEY_SIZE                16
@@ -133,18 +91,6 @@
 /* Default PKCS#5 iteration count */
 #define PKCS5_DEFAULT_ITER              2048
 
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
 #include <openssl/objects.h>
 
 #define EVP_PK_RSA      0x0001
diff --git a/src/lib/libssl/src/crypto/evp/evp_pbe.c b/src/lib/libssl/src/crypto/evp/evp_pbe.c
index 0da88fdcff..bc98e63363 100644
--- a/src/lib/libssl/src/crypto/evp/evp_pbe.c
+++ b/src/lib/libssl/src/crypto/evp/evp_pbe.c
@@ -87,7 +87,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         if (i == -1) {
                 char obj_tmp[80];
                 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
-                if (!pbe_obj) strcpy (obj_tmp, "NULL");
+                if (!pbe_obj) strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
                 else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
                 ERR_add_error_data(2, "TYPE=", obj_tmp);
                 return 0;
diff --git a/src/lib/libssl/src/crypto/evp/evp_pkey.c b/src/lib/libssl/src/crypto/evp/evp_pkey.c
index 34b5b1d21c..30b6fbb03d 100644
--- a/src/lib/libssl/src/crypto/evp/evp_pkey.c
+++ b/src/lib/libssl/src/crypto/evp/evp_pkey.c
@@ -210,7 +210,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 #endif
                 default:
                 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                if (!a->algorithm) strcpy (obj_tmp, "NULL");
+                if (!a->algorithm) strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
                 else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
                 ERR_add_error_data(2, "TYPE=", obj_tmp);
                 EVP_PKEY_free (pkey);
diff --git a/src/lib/libssl/src/crypto/hmac/Makefile.ssl b/src/lib/libssl/src/crypto/hmac/Makefile.ssl
new file mode 100644
index 0000000000..f1c07322c4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/hmac/Makefile.ssl
@@ -0,0 +1,101 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+
+DIR=    hmac
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=hmactest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=hmac.c
+LIBOBJ=hmac.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= hmac.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+hmac.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+hmac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+hmac.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+hmac.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+hmac.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hmac.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hmac.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hmac.o: ../cryptlib.h hmac.c
diff --git a/src/lib/libssl/src/crypto/idea/Makefile.ssl b/src/lib/libssl/src/crypto/idea/Makefile.ssl
new file mode 100644
index 0000000000..fa016ea399
--- /dev/null
+++ b/src/lib/libssl/src/crypto/idea/Makefile.ssl
@@ -0,0 +1,91 @@
+#
+# SSLeay/crypto/idea/Makefile
+#
+
+DIR=    idea
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ideatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= idea.h
+HEADER= idea_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cbc.o: i_cbc.c idea_lcl.h
+i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cfb64.o: i_cfb64.c idea_lcl.h
+i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
+i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ofb64.o: i_ofb64.c idea_lcl.h
+i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_skey.o: i_skey.c idea_lcl.h
diff --git a/src/lib/libssl/src/crypto/krb5/Makefile.ssl b/src/lib/libssl/src/crypto/krb5/Makefile.ssl
new file mode 100644
index 0000000000..d9224c0f09
--- /dev/null
+++ b/src/lib/libssl/src/crypto/krb5/Makefile.ssl
@@ -0,0 +1,90 @@
+#
+# OpenSSL/krb5/Makefile.ssl
+#
+
+DIR=    krb5
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= krb5_asn.c
+
+LIBOBJ= krb5_asn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= krb5_asn.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+krb5_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+krb5_asn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+krb5_asn.o: ../../include/openssl/krb5_asn.h
+krb5_asn.o: ../../include/openssl/opensslconf.h
+krb5_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+krb5_asn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+krb5_asn.o: ../../include/openssl/symhacks.h krb5_asn.c
diff --git a/src/lib/libssl/src/crypto/lhash/Makefile.ssl b/src/lib/libssl/src/crypto/lhash/Makefile.ssl
new file mode 100644
index 0000000000..60e7ee3393
--- /dev/null
+++ b/src/lib/libssl/src/crypto/lhash/Makefile.ssl
@@ -0,0 +1,93 @@
+#
+# SSLeay/crypto/lhash/Makefile
+#
+
+DIR=    lhash
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=lhash.c lh_stats.c
+LIBOBJ=lhash.o lh_stats.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= lhash.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+lh_stats.o: ../../e_os.h ../../include/openssl/bio.h
+lh_stats.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+lh_stats.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+lh_stats.o: ../cryptlib.h lh_stats.c
+lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+lhash.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+lhash.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+lhash.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+lhash.o: ../../include/openssl/symhacks.h lhash.c
diff --git a/src/lib/libssl/src/crypto/md2/Makefile.ssl b/src/lib/libssl/src/crypto/md2/Makefile.ssl
new file mode 100644
index 0000000000..3206924c90
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md2/Makefile.ssl
@@ -0,0 +1,93 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+
+DIR=    md2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md2_dgst.c md2_one.c
+LIBOBJ=md2_dgst.o md2_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= md2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md2_dgst.o: md2_dgst.c
+md2_one.o: ../../e_os.h ../../include/openssl/bio.h
+md2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+md2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h md2_one.c
diff --git a/src/lib/libssl/src/crypto/md2/md2test.c b/src/lib/libssl/src/crypto/md2/md2test.c
index 9c1e28b6ce..901d0a7d8e 100644
--- a/src/lib/libssl/src/crypto/md2/md2test.c
+++ b/src/lib/libssl/src/crypto/md2/md2test.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/md2.h>
 
 #include "../e_os.h"
 
@@ -70,7 +71,6 @@ int main(int argc, char *argv[])
 }
 #else
 #include <openssl/evp.h>
-#include <openssl/md2.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
diff --git a/src/lib/libssl/src/crypto/md4/Makefile.ssl b/src/lib/libssl/src/crypto/md4/Makefile.ssl
new file mode 100644
index 0000000000..7d2e8d8d3b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md4/Makefile.ssl
@@ -0,0 +1,91 @@
+#
+# SSLeay/crypto/md4/Makefile
+#
+
+DIR=    md4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md4test.c
+APPS=md4.c
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md4_dgst.c md4_one.c
+LIBOBJ=md4_dgst.o md4_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= md4.h
+HEADER= md4_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
+md4_dgst.o: ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
+md4_dgst.o: md4_locl.h
+md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md4_one.o: md4_one.c
diff --git a/src/lib/libssl/src/crypto/md5/Makefile.ssl b/src/lib/libssl/src/crypto/md5/Makefile.ssl
new file mode 100644
index 0000000000..b11ab476d6
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md5/Makefile.ssl
@@ -0,0 +1,126 @@
+#
+# SSLeay/crypto/md5/Makefile
+#
+
+DIR=    md5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+MD5_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md5test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md5_dgst.c md5_one.c
+LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= md5.h
+HEADER= md5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > mx86-elf.s)
+
+# a.out
+asm/mx86-out.o: asm/mx86unix.cpp
+        $(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+
+# bsdi
+asm/mx86bsdi.o: asm/mx86unix.cpp
+        $(CPP) -DBSDI asm/mx86unix.cpp | sed 's/ :/:/' | as -o asm/mx86bsdi.o
+
+asm/mx86unix.cpp: asm/md5-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) md5-586.pl cpp >mx86unix.cpp)
+
+asm/md5-sparcv8plus.o: asm/md5-sparcv9.S
+        $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+                -o asm/md5-sparcv8plus.o asm/md5-sparcv9.S
+
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+asm/md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S
+        $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \
+                /usr/ccs/bin/as -xarch=v8plus - -o asm/md5-sparcv8plus-gcc27.o
+
+asm/md5-sparcv9.o: asm/md5-sparcv9.S
+        $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+                -o asm/md5-sparcv9.o asm/md5-sparcv9.S
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/mx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
+md5_dgst.o: ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
+md5_dgst.o: md5_locl.h
+md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md5_one.o: md5_one.c
diff --git a/src/lib/libssl/src/crypto/md5/asm/md5-586.pl b/src/lib/libssl/src/crypto/md5/asm/md5-586.pl
index fa3fa3bed5..5fc6a205ce 100644
--- a/src/lib/libssl/src/crypto/md5/asm/md5-586.pl
+++ b/src/lib/libssl/src/crypto/md5/asm/md5-586.pl
@@ -293,7 +293,7 @@ sub md5_block
          &mov(&DWP(12,$tmp2,"",0),$D);
 
         &cmp($tmp1,$X) unless $normal;                  # check count
-         &jae(&label("start")) unless $normal;
+         &jge(&label("start")) unless $normal;
 
         &pop("eax"); # pop the temp variable off the stack
          &pop("ebx");
diff --git a/src/lib/libssl/src/crypto/md5/asm/md5-sparcv9.S b/src/lib/libssl/src/crypto/md5/asm/md5-sparcv9.S
index db45aa4c97..a599ed5660 100644
--- a/src/lib/libssl/src/crypto/md5/asm/md5-sparcv9.S
+++ b/src/lib/libssl/src/crypto/md5/asm/md5-sparcv9.S
@@ -34,12 +34,10 @@
  *
  * or if above fails (it does if you have gas):
  *
- *      gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
+ *      gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
  *              as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o
  */
 
-#include <openssl/e_os2.h>
-
 #define A       %o0
 #define B       %o1
 #define C       %o2
diff --git a/src/lib/libssl/src/crypto/mdc2/Makefile.ssl b/src/lib/libssl/src/crypto/mdc2/Makefile.ssl
new file mode 100644
index 0000000000..33f366fb08
--- /dev/null
+++ b/src/lib/libssl/src/crypto/mdc2/Makefile.ssl
@@ -0,0 +1,98 @@
+#
+# SSLeay/crypto/mdc2/Makefile
+#
+
+DIR=    mdc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= mdc2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=mdc2dgst.c mdc2_one.c
+LIBOBJ=mdc2dgst.o mdc2_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= mdc2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h
+mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
+mdc2_one.o: ../../include/openssl/opensslconf.h
+mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2_one.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2_one.o: ../cryptlib.h mdc2_one.c
+mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2dgst.o: mdc2dgst.c
diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c
index 29df7d35b2..bb862db499 100644
--- a/src/lib/libssl/src/crypto/mem.c
+++ b/src/lib/libssl/src/crypto/mem.c
@@ -352,11 +352,15 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
                 realloc_debug_func(str, NULL, num, file, line, 0);
         ret=malloc_ex_func(num,file,line);
         if(ret)
+                {
                 memcpy(ret,str,old_len);
-        OPENSSL_cleanse(str,old_len);
-        free_func(str);
+                OPENSSL_cleanse(str,old_len);
+                free_func(str);
+                }
 #ifdef LEVITTE_DEBUG_MEM
-        fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str, ret, num);
+        fprintf(stderr,
+                "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n",
+                str, ret, num);
 #endif
         if (realloc_debug_func != NULL)
                 realloc_debug_func(str, ret, num, file, line, 1);
diff --git a/src/lib/libssl/src/crypto/mem_dbg.c b/src/lib/libssl/src/crypto/mem_dbg.c
index 57bd08f65d..9221df00bd 100644
--- a/src/lib/libssl/src/crypto/mem_dbg.c
+++ b/src/lib/libssl/src/crypto/mem_dbg.c
@@ -597,6 +597,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
         struct tm *lcl = NULL;
         unsigned long ti;
 
+#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
+
         if(m->addr == (char *)l->bio)
             return;
 
@@ -604,22 +606,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
                 {
                 lcl = localtime(&m->time);
         
-                sprintf(bufp, "[%02d:%02d:%02d] ",
+                snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
                         lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
                 bufp += strlen(bufp);
                 }
 
-        sprintf(bufp, "%5lu file=%s, line=%d, ",
+        snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
                 m->order,m->file,m->line);
         bufp += strlen(bufp);
 
         if (options & V_CRYPTO_MDEBUG_THREAD)
                 {
-                sprintf(bufp, "thread=%lu, ", m->thread);
+                snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
                 bufp += strlen(bufp);
                 }
 
-        sprintf(bufp, "number=%d, address=%08lX\n",
+        snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
                 m->num,(unsigned long)m->addr);
         bufp += strlen(bufp);
 
@@ -641,7 +643,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
 
                 ami_cnt++;
                 memset(buf,'>',ami_cnt);
-                sprintf(buf + ami_cnt,
+                snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
                         " thread=%lu, file=%s, line=%d, info=\"",
                         amip->thread, amip->file, amip->line);
                 buf_len=strlen(buf);
@@ -653,10 +655,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
                         }
                 else
                         {
-                        strcpy(buf + buf_len, amip->info);
+                        strlcpy(buf + buf_len, amip->info,
+                                sizeof buf - buf_len);
                         buf_len = strlen(buf);
                         }
-                sprintf(buf + buf_len, "\"\n");
+                snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
                 
                 BIO_puts(l->bio,buf);
 
diff --git a/src/lib/libssl/src/crypto/o_time.c b/src/lib/libssl/src/crypto/o_time.c
index 785468131e..723eb1b5af 100644
--- a/src/lib/libssl/src/crypto/o_time.c
+++ b/src/lib/libssl/src/crypto/o_time.c
@@ -73,7 +73,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
         {
         struct tm *ts = NULL;
 
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX)
         /* should return &data, but doesn't on some systems,
            so we don't even look at the return value */
         gmtime_r(timer,result);
diff --git a/src/lib/libssl/src/crypto/objects/Makefile.ssl b/src/lib/libssl/src/crypto/objects/Makefile.ssl
new file mode 100644
index 0000000000..3e7a194cf9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/Makefile.ssl
@@ -0,0 +1,123 @@
+#
+# SSLeay/crypto/objects/Makefile
+#
+
+DIR=    objects
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+PERL=           perl
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c
+LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= objects.h obj_mac.h
+HEADER= $(EXHEADER) obj_dat.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    obj_dat.h lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+obj_dat.h: obj_dat.pl obj_mac.h
+        $(PERL) obj_dat.pl obj_mac.h obj_dat.h
+
+# objects.pl both reads and writes obj_mac.num
+obj_mac.h: objects.pl objects.txt obj_mac.num
+        $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+o_names.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+o_names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+o_names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+o_names.o: o_names.c
+obj_dat.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_dat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_dat.c obj_dat.h
+obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+obj_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_err.o: ../../include/openssl/symhacks.h obj_err.c
+obj_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_lib.c
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c
index 5d983e3ed4..ae97108e93 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.c
@@ -462,7 +462,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
                 if (i > 2) i=2;
                 l-=(long)(i*40);
 
-                sprintf(tbuf,"%d.%lu",i,l);
+                snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
                 i=strlen(tbuf);
                 BUF_strlcpy(buf,tbuf,buf_len);
                 buf_len-=i;
@@ -473,7 +473,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
                 for (; idx<len; idx++) {
                         l|=p[idx]&0x7f;
                         if (!(p[idx] & 0x80)) {
-                                sprintf(tbuf,".%lu",l);
+                                snprintf(tbuf,sizeof tbuf,".%lu",l);
                                 i=strlen(tbuf);
                                 if (buf_len > 0)
                                         BUF_strlcpy(buf,tbuf,buf_len);
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.h b/src/lib/libssl/src/crypto/objects/obj_dat.h
deleted file mode 100644
index 969b18a341..0000000000
--- a/src/lib/libssl/src/crypto/objects/obj_dat.h
+++ /dev/null
@@ -1,3644 +0,0 @@
-/* crypto/objects/obj_dat.h */
-
-/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
- * following command:
- * perl obj_dat.pl obj_mac.h obj_dat.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define NUM_NID 650
-#define NUM_SN 643
-#define NUM_LN 643
-#define NUM_OBJ 617
-
-static unsigned char lvalues[4455]={
-0x00,                                        /* [  0] OBJ_undef */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 14] OBJ_md2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 22] OBJ_md5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 30] OBJ_rc4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 38] OBJ_rsaEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 47] OBJ_md2WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 56] OBJ_md5WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 65] OBJ_pbeWithMD2AndDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 74] OBJ_pbeWithMD5AndDES_CBC */
-0x55,                                        /* [ 83] OBJ_X500 */
-0x55,0x04,                                   /* [ 84] OBJ_X509 */
-0x55,0x04,0x03,                              /* [ 86] OBJ_commonName */
-0x55,0x04,0x06,                              /* [ 89] OBJ_countryName */
-0x55,0x04,0x07,                              /* [ 92] OBJ_localityName */
-0x55,0x04,0x08,                              /* [ 95] OBJ_stateOrProvinceName */
-0x55,0x04,0x0A,                              /* [ 98] OBJ_organizationName */
-0x55,0x04,0x0B,                              /* [101] OBJ_organizationalUnitName */
-0x55,0x08,0x01,0x01,                         /* [104] OBJ_rsa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,     /* [108] OBJ_pkcs7 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [116] OBJ_pkcs7_data */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [125] OBJ_pkcs7_signed */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [134] OBJ_pkcs7_enveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [143] OBJ_pkcs7_signedAndEnveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [152] OBJ_pkcs7_digest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [161] OBJ_pkcs7_encrypted */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,     /* [170] OBJ_pkcs3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [178] OBJ_dhKeyAgreement */
-0x2B,0x0E,0x03,0x02,0x06,                    /* [187] OBJ_des_ecb */
-0x2B,0x0E,0x03,0x02,0x09,                    /* [192] OBJ_des_cfb64 */
-0x2B,0x0E,0x03,0x02,0x07,                    /* [197] OBJ_des_cbc */
-0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede_ecb */
-0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [207] OBJ_idea_cbc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [218] OBJ_rc2_cbc */
-0x2B,0x0E,0x03,0x02,0x12,                    /* [226] OBJ_sha */
-0x2B,0x0E,0x03,0x02,0x0F,                    /* [231] OBJ_shaWithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [236] OBJ_des_ede3_cbc */
-0x2B,0x0E,0x03,0x02,0x08,                    /* [244] OBJ_des_ofb64 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [249] OBJ_pkcs9 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [257] OBJ_pkcs9_emailAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [266] OBJ_pkcs9_unstructuredName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [275] OBJ_pkcs9_contentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [284] OBJ_pkcs9_messageDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [293] OBJ_pkcs9_signingTime */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [302] OBJ_pkcs9_countersignature */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [311] OBJ_pkcs9_challengePassword */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [320] OBJ_pkcs9_unstructuredAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [329] OBJ_pkcs9_extCertAttributes */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [338] OBJ_netscape */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [345] OBJ_netscape_cert_extension */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [353] OBJ_netscape_data_type */
-0x2B,0x0E,0x03,0x02,0x1A,                    /* [361] OBJ_sha1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [366] OBJ_sha1WithRSAEncryption */
-0x2B,0x0E,0x03,0x02,0x0D,                    /* [375] OBJ_dsaWithSHA */
-0x2B,0x0E,0x03,0x02,0x0C,                    /* [380] OBJ_dsa_2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [385] OBJ_pbeWithSHA1AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [394] OBJ_id_pbkdf2 */
-0x2B,0x0E,0x03,0x02,0x1B,                    /* [403] OBJ_dsaWithSHA1_2 */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [408] OBJ_netscape_cert_type */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [417] OBJ_netscape_base_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [426] OBJ_netscape_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [435] OBJ_netscape_ca_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [444] OBJ_netscape_renewal_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [453] OBJ_netscape_ca_policy_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [462] OBJ_netscape_ssl_server_name */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [471] OBJ_netscape_comment */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [480] OBJ_netscape_cert_sequence */
-0x55,0x1D,                                   /* [489] OBJ_id_ce */
-0x55,0x1D,0x0E,                              /* [491] OBJ_subject_key_identifier */
-0x55,0x1D,0x0F,                              /* [494] OBJ_key_usage */
-0x55,0x1D,0x10,                              /* [497] OBJ_private_key_usage_period */
-0x55,0x1D,0x11,                              /* [500] OBJ_subject_alt_name */
-0x55,0x1D,0x12,                              /* [503] OBJ_issuer_alt_name */
-0x55,0x1D,0x13,                              /* [506] OBJ_basic_constraints */
-0x55,0x1D,0x14,                              /* [509] OBJ_crl_number */
-0x55,0x1D,0x20,                              /* [512] OBJ_certificate_policies */
-0x55,0x1D,0x23,                              /* [515] OBJ_authority_key_identifier */
-0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [518] OBJ_bf_cbc */
-0x55,0x08,0x03,0x65,                         /* [527] OBJ_mdc2 */
-0x55,0x08,0x03,0x64,                         /* [531] OBJ_mdc2WithRSA */
-0x55,0x04,0x2A,                              /* [535] OBJ_givenName */
-0x55,0x04,0x04,                              /* [538] OBJ_surname */
-0x55,0x04,0x2B,                              /* [541] OBJ_initials */
-0x55,0x1D,0x1F,                              /* [544] OBJ_crl_distribution_points */
-0x2B,0x0E,0x03,0x02,0x03,                    /* [547] OBJ_md5WithRSA */
-0x55,0x04,0x05,                              /* [552] OBJ_serialNumber */
-0x55,0x04,0x0C,                              /* [555] OBJ_title */
-0x55,0x04,0x0D,                              /* [558] OBJ_description */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [561] OBJ_cast5_cbc */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [570] OBJ_pbeWithMD5AndCast5_CBC */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [579] OBJ_dsaWithSHA1 */
-0x2B,0x0E,0x03,0x02,0x1D,                    /* [586] OBJ_sha1WithRSA */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [591] OBJ_dsa */
-0x2B,0x24,0x03,0x02,0x01,                    /* [598] OBJ_ripemd160 */
-0x2B,0x24,0x03,0x03,0x01,0x02,               /* [603] OBJ_ripemd160WithRSA */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [609] OBJ_rc5_cbc */
-0x29,0x01,0x01,0x85,0x1A,0x01,               /* [617] OBJ_rle_compression */
-0x29,0x01,0x01,0x85,0x1A,0x02,               /* [623] OBJ_zlib_compression */
-0x55,0x1D,0x25,                              /* [629] OBJ_ext_key_usage */
-0x2B,0x06,0x01,0x05,0x05,0x07,               /* [632] OBJ_id_pkix */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [638] OBJ_id_kp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [645] OBJ_server_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [653] OBJ_client_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [661] OBJ_code_sign */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [669] OBJ_email_protect */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [677] OBJ_time_stamp */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [685] OBJ_ms_code_ind */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [695] OBJ_ms_code_com */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [705] OBJ_ms_ctl_sign */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [715] OBJ_ms_sgc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [725] OBJ_ms_efs */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [735] OBJ_ns_sgc */
-0x55,0x1D,0x1B,                              /* [744] OBJ_delta_crl */
-0x55,0x1D,0x15,                              /* [747] OBJ_crl_reason */
-0x55,0x1D,0x18,                              /* [750] OBJ_invalidity_date */
-0x2B,0x65,0x01,0x04,0x01,                    /* [753] OBJ_sxnet */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [758] OBJ_pbe_WithSHA1And128BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [768] OBJ_pbe_WithSHA1And40BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [778] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [788] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [798] OBJ_pbe_WithSHA1And128BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [808] OBJ_pbe_WithSHA1And40BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [818] OBJ_keyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [829] OBJ_pkcs8ShroudedKeyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [840] OBJ_certBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [851] OBJ_crlBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [862] OBJ_secretBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [873] OBJ_safeContentsBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [884] OBJ_friendlyName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [893] OBJ_localKeyID */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [902] OBJ_x509Certificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [912] OBJ_sdsiCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [922] OBJ_x509Crl */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [932] OBJ_pbes2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [941] OBJ_pbmac1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [950] OBJ_hmacWithSHA1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [958] OBJ_id_qt_cps */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [966] OBJ_id_qt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [974] OBJ_SMIMECapabilities */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [983] OBJ_pbeWithMD2AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [992] OBJ_pbeWithMD5AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1001] OBJ_pbeWithSHA1AndDES_CBC */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1010] OBJ_ms_ext_req */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1020] OBJ_ext_req */
-0x55,0x04,0x29,                              /* [1029] OBJ_name */
-0x55,0x04,0x2E,                              /* [1032] OBJ_dnQualifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1035] OBJ_id_pe */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1042] OBJ_id_ad */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1049] OBJ_info_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1057] OBJ_ad_OCSP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1065] OBJ_ad_ca_issuers */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1073] OBJ_OCSP_sign */
-0x28,                                        /* [1081] OBJ_iso */
-0x2A,                                        /* [1082] OBJ_member_body */
-0x2A,0x86,0x48,                              /* [1083] OBJ_ISO_US */
-0x2A,0x86,0x48,0xCE,0x38,                    /* [1086] OBJ_X9_57 */
-0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1091] OBJ_X9cm */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1097] OBJ_pkcs1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1105] OBJ_pkcs5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1113] OBJ_SMIME */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1122] OBJ_id_smime_mod */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1132] OBJ_id_smime_ct */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1142] OBJ_id_smime_aa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1152] OBJ_id_smime_alg */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1162] OBJ_id_smime_cd */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1172] OBJ_id_smime_spq */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1182] OBJ_id_smime_cti */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1192] OBJ_id_smime_mod_cms */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1203] OBJ_id_smime_mod_ess */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1214] OBJ_id_smime_mod_oid */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1225] OBJ_id_smime_mod_msg_v3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1236] OBJ_id_smime_mod_ets_eSignature_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1247] OBJ_id_smime_mod_ets_eSignature_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1258] OBJ_id_smime_mod_ets_eSigPolicy_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1269] OBJ_id_smime_mod_ets_eSigPolicy_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1280] OBJ_id_smime_ct_receipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1291] OBJ_id_smime_ct_authData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1302] OBJ_id_smime_ct_publishCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1313] OBJ_id_smime_ct_TSTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1324] OBJ_id_smime_ct_TDTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1335] OBJ_id_smime_ct_contentInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1346] OBJ_id_smime_ct_DVCSRequestData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1357] OBJ_id_smime_ct_DVCSResponseData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1368] OBJ_id_smime_aa_receiptRequest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1379] OBJ_id_smime_aa_securityLabel */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1390] OBJ_id_smime_aa_mlExpandHistory */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1401] OBJ_id_smime_aa_contentHint */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1412] OBJ_id_smime_aa_msgSigDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1423] OBJ_id_smime_aa_encapContentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1434] OBJ_id_smime_aa_contentIdentifier */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1445] OBJ_id_smime_aa_macValue */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1456] OBJ_id_smime_aa_equivalentLabels */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1467] OBJ_id_smime_aa_contentReference */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1478] OBJ_id_smime_aa_encrypKeyPref */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1489] OBJ_id_smime_aa_signingCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1500] OBJ_id_smime_aa_smimeEncryptCerts */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1511] OBJ_id_smime_aa_timeStampToken */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1522] OBJ_id_smime_aa_ets_sigPolicyId */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1533] OBJ_id_smime_aa_ets_commitmentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1544] OBJ_id_smime_aa_ets_signerLocation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1555] OBJ_id_smime_aa_ets_signerAttr */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1566] OBJ_id_smime_aa_ets_otherSigCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1577] OBJ_id_smime_aa_ets_contentTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1588] OBJ_id_smime_aa_ets_CertificateRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1599] OBJ_id_smime_aa_ets_RevocationRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1610] OBJ_id_smime_aa_ets_certValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1621] OBJ_id_smime_aa_ets_revocationValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1632] OBJ_id_smime_aa_ets_escTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1643] OBJ_id_smime_aa_ets_certCRLTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1654] OBJ_id_smime_aa_ets_archiveTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1665] OBJ_id_smime_aa_signatureType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1676] OBJ_id_smime_aa_dvcs_dvc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1687] OBJ_id_smime_alg_ESDHwith3DES */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1698] OBJ_id_smime_alg_ESDHwithRC2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1709] OBJ_id_smime_alg_3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1720] OBJ_id_smime_alg_RC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1731] OBJ_id_smime_alg_ESDH */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1742] OBJ_id_smime_alg_CMS3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1753] OBJ_id_smime_alg_CMSRC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1764] OBJ_id_smime_cd_ldap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1775] OBJ_id_smime_spq_ets_sqt_uri */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1786] OBJ_id_smime_spq_ets_sqt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1797] OBJ_id_smime_cti_ets_proofOfOrigin */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1808] OBJ_id_smime_cti_ets_proofOfReceipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1819] OBJ_id_smime_cti_ets_proofOfDelivery */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1830] OBJ_id_smime_cti_ets_proofOfSender */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1841] OBJ_id_smime_cti_ets_proofOfApproval */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1852] OBJ_id_smime_cti_ets_proofOfCreation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1863] OBJ_md4 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1871] OBJ_id_pkix_mod */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1878] OBJ_id_qt */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1885] OBJ_id_it */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1892] OBJ_id_pkip */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1899] OBJ_id_alg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1906] OBJ_id_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1913] OBJ_id_on */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1920] OBJ_id_pda */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1927] OBJ_id_aca */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1934] OBJ_id_qcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1941] OBJ_id_cct */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1948] OBJ_id_pkix1_explicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1956] OBJ_id_pkix1_implicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1964] OBJ_id_pkix1_explicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1972] OBJ_id_pkix1_implicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1980] OBJ_id_mod_crmf */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1988] OBJ_id_mod_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [1996] OBJ_id_mod_kea_profile_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2004] OBJ_id_mod_kea_profile_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2012] OBJ_id_mod_cmp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2020] OBJ_id_mod_qualified_cert_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2028] OBJ_id_mod_qualified_cert_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2036] OBJ_id_mod_attribute_cert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2044] OBJ_id_mod_timestamp_protocol */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2052] OBJ_id_mod_ocsp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2060] OBJ_id_mod_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2068] OBJ_id_mod_cmp2000 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2076] OBJ_biometricInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2084] OBJ_qcStatements */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2092] OBJ_ac_auditEntity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2100] OBJ_ac_targeting */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2108] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2116] OBJ_sbqp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2124] OBJ_sbqp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2132] OBJ_sbqp_routerIdentifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2140] OBJ_textNotice */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2148] OBJ_ipsecEndSystem */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2156] OBJ_ipsecTunnel */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2164] OBJ_ipsecUser */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2172] OBJ_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2180] OBJ_id_it_caProtEncCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2188] OBJ_id_it_signKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2196] OBJ_id_it_encKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2204] OBJ_id_it_preferredSymmAlg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2212] OBJ_id_it_caKeyUpdateInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2220] OBJ_id_it_currentCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2228] OBJ_id_it_unsupportedOIDs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2236] OBJ_id_it_subscriptionRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2244] OBJ_id_it_subscriptionResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2252] OBJ_id_it_keyPairParamReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2260] OBJ_id_it_keyPairParamRep */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2268] OBJ_id_it_revPassphrase */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2276] OBJ_id_it_implicitConfirm */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2284] OBJ_id_it_confirmWaitTime */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2292] OBJ_id_it_origPKIMessage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2300] OBJ_id_regCtrl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2308] OBJ_id_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2316] OBJ_id_regCtrl_regToken */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2325] OBJ_id_regCtrl_authenticator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2334] OBJ_id_regCtrl_pkiPublicationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2343] OBJ_id_regCtrl_pkiArchiveOptions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2352] OBJ_id_regCtrl_oldCertID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2361] OBJ_id_regCtrl_protocolEncrKey */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2370] OBJ_id_regInfo_utf8Pairs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2379] OBJ_id_regInfo_certReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2388] OBJ_id_alg_des40 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2396] OBJ_id_alg_noSignature */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2404] OBJ_id_alg_dh_sig_hmac_sha1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2412] OBJ_id_alg_dh_pop */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2420] OBJ_id_cmc_statusInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2428] OBJ_id_cmc_identification */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2436] OBJ_id_cmc_identityProof */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2444] OBJ_id_cmc_dataReturn */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2452] OBJ_id_cmc_transactionId */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2460] OBJ_id_cmc_senderNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2468] OBJ_id_cmc_recipientNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2476] OBJ_id_cmc_addExtensions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2484] OBJ_id_cmc_encryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2492] OBJ_id_cmc_decryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2500] OBJ_id_cmc_lraPOPWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2508] OBJ_id_cmc_getCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2516] OBJ_id_cmc_getCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2524] OBJ_id_cmc_revokeRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2532] OBJ_id_cmc_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2540] OBJ_id_cmc_responseInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2548] OBJ_id_cmc_queryPending */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2556] OBJ_id_cmc_popLinkRandom */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2564] OBJ_id_cmc_popLinkWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2572] OBJ_id_cmc_confirmCertAcceptance */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2580] OBJ_id_on_personalData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2588] OBJ_id_pda_dateOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2596] OBJ_id_pda_placeOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2604] OBJ_id_pda_gender */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2612] OBJ_id_pda_countryOfCitizenship */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2620] OBJ_id_pda_countryOfResidence */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2628] OBJ_id_aca_authenticationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2636] OBJ_id_aca_accessIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2644] OBJ_id_aca_chargingIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2652] OBJ_id_aca_group */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2660] OBJ_id_aca_role */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2668] OBJ_id_qcs_pkixQCSyntax_v1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2676] OBJ_id_cct_crs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2684] OBJ_id_cct_PKIData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2692] OBJ_id_cct_PKIResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2700] OBJ_ad_timeStamping */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2708] OBJ_ad_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2716] OBJ_id_pkix_OCSP_basic */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2725] OBJ_id_pkix_OCSP_Nonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2734] OBJ_id_pkix_OCSP_CrlID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2743] OBJ_id_pkix_OCSP_acceptableResponses */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2752] OBJ_id_pkix_OCSP_noCheck */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2761] OBJ_id_pkix_OCSP_archiveCutoff */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2770] OBJ_id_pkix_OCSP_serviceLocator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2779] OBJ_id_pkix_OCSP_extendedStatus */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2788] OBJ_id_pkix_OCSP_valid */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2797] OBJ_id_pkix_OCSP_path */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2806] OBJ_id_pkix_OCSP_trustRoot */
-0x2B,0x0E,0x03,0x02,                         /* [2815] OBJ_algorithm */
-0x2B,0x0E,0x03,0x02,0x0B,                    /* [2819] OBJ_rsaSignature */
-0x55,0x08,                                   /* [2824] OBJ_X500algorithms */
-0x2B,                                        /* [2826] OBJ_org */
-0x2B,0x06,                                   /* [2827] OBJ_dod */
-0x2B,0x06,0x01,                              /* [2829] OBJ_iana */
-0x2B,0x06,0x01,0x01,                         /* [2832] OBJ_Directory */
-0x2B,0x06,0x01,0x02,                         /* [2836] OBJ_Management */
-0x2B,0x06,0x01,0x03,                         /* [2840] OBJ_Experimental */
-0x2B,0x06,0x01,0x04,                         /* [2844] OBJ_Private */
-0x2B,0x06,0x01,0x05,                         /* [2848] OBJ_Security */
-0x2B,0x06,0x01,0x06,                         /* [2852] OBJ_SNMPv2 */
-0x2B,0x06,0x01,0x07,                         /* [2856] OBJ_Mail */
-0x2B,0x06,0x01,0x04,0x01,                    /* [2860] OBJ_Enterprises */
-0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */
-0x50,                                        /* [2894] OBJ_joint_iso_ccitt */
-0x55,0x01,0x05,                              /* [2895] OBJ_selected_attribute_types */
-0x55,0x01,0x05,0x37,                         /* [2898] OBJ_clearance */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2911] OBJ_ac_proxying */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2919] OBJ_sinfo_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2927] OBJ_id_aca_encAttrs */
-0x55,0x04,0x48,                              /* [2935] OBJ_role */
-0x55,0x1D,0x24,                              /* [2938] OBJ_policy_constraints */
-0x55,0x1D,0x37,                              /* [2941] OBJ_target_information */
-0x55,0x1D,0x38,                              /* [2944] OBJ_no_rev_avail */
-0x00,                                        /* [2947] OBJ_ccitt */
-0x2A,0x86,0x48,0xCE,0x3D,                    /* [2948] OBJ_ansi_X9_62 */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,          /* [2953] OBJ_X9_62_prime_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,          /* [2960] OBJ_X9_62_characteristic_two_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,          /* [2967] OBJ_X9_62_id_ecPublicKey */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,     /* [2974] OBJ_X9_62_prime192v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,     /* [2982] OBJ_X9_62_prime192v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,     /* [2990] OBJ_X9_62_prime192v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,     /* [2998] OBJ_X9_62_prime239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,     /* [3006] OBJ_X9_62_prime239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3014] OBJ_X9_62_prime239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3022] OBJ_X9_62_prime256v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3030] OBJ_ecdsa_with_SHA1 */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3037] OBJ_ms_csp_name */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3046] OBJ_aes_128_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3055] OBJ_aes_128_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3064] OBJ_aes_128_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3073] OBJ_aes_128_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3082] OBJ_aes_192_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3091] OBJ_aes_192_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3100] OBJ_aes_192_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3109] OBJ_aes_192_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3118] OBJ_aes_256_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3127] OBJ_aes_256_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3136] OBJ_aes_256_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3145] OBJ_aes_256_cfb128 */
-0x55,0x1D,0x17,                              /* [3154] OBJ_hold_instruction_code */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,          /* [3157] OBJ_hold_instruction_none */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,          /* [3164] OBJ_hold_instruction_call_issuer */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,          /* [3171] OBJ_hold_instruction_reject */
-0x09,                                        /* [3178] OBJ_data */
-0x09,0x92,0x26,                              /* [3179] OBJ_pss */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,          /* [3182] OBJ_ucl */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,     /* [3189] OBJ_pilot */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3197] OBJ_pilotAttributeType */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3206] OBJ_pilotAttributeSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3215] OBJ_pilotObjectClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3224] OBJ_pilotGroups */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3233] OBJ_iA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3243] OBJ_caseIgnoreIA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3253] OBJ_pilotObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3263] OBJ_pilotPerson */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3273] OBJ_account */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3283] OBJ_document */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3293] OBJ_room */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3303] OBJ_documentSeries */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3313] OBJ_rFC822localPart */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3323] OBJ_dNSDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3333] OBJ_domainRelatedObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3343] OBJ_friendlyCountry */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3353] OBJ_simpleSecurityObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3363] OBJ_pilotOrganization */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3373] OBJ_pilotDSA */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3383] OBJ_qualityLabelledData */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3393] OBJ_userId */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3403] OBJ_textEncodedORAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3413] OBJ_rfc822Mailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3423] OBJ_info */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3433] OBJ_favouriteDrink */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3443] OBJ_roomNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3453] OBJ_photo */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3463] OBJ_userClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3473] OBJ_host */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3483] OBJ_manager */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3493] OBJ_documentIdentifier */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3503] OBJ_documentTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3513] OBJ_documentVersion */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3523] OBJ_documentAuthor */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3533] OBJ_documentLocation */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3543] OBJ_homeTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3553] OBJ_secretary */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3563] OBJ_otherMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3573] OBJ_lastModifiedTime */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3583] OBJ_lastModifiedBy */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3593] OBJ_aRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3603] OBJ_pilotAttributeType27 */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3613] OBJ_mXRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3623] OBJ_nSRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3633] OBJ_sOARecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3643] OBJ_cNAMERecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3653] OBJ_associatedDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3663] OBJ_associatedName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3673] OBJ_homePostalAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3683] OBJ_personalTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3693] OBJ_mobileTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3703] OBJ_pagerTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3713] OBJ_friendlyCountryName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3723] OBJ_organizationalStatus */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3733] OBJ_janetMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3743] OBJ_mailPreferenceOption */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3753] OBJ_buildingName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3763] OBJ_dSAQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3773] OBJ_singleLevelQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3783] OBJ_subtreeMinimumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3793] OBJ_subtreeMaximumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3803] OBJ_personalSignature */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3813] OBJ_dITRedirect */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3823] OBJ_audio */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3833] OBJ_documentPublisher */
-0x55,0x04,0x2D,                              /* [3843] OBJ_x500UniqueIdentifier */
-0x2B,0x06,0x01,0x07,0x01,                    /* [3846] OBJ_mime_mhs */
-0x2B,0x06,0x01,0x07,0x01,0x01,               /* [3851] OBJ_mime_mhs_headings */
-0x2B,0x06,0x01,0x07,0x01,0x02,               /* [3857] OBJ_mime_mhs_bodies */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x01,          /* [3863] OBJ_id_hex_partial_message */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x02,          /* [3870] OBJ_id_hex_multipart_message */
-0x55,0x04,0x2C,                              /* [3877] OBJ_generationQualifier */
-0x55,0x04,0x41,                              /* [3880] OBJ_pseudonym */
-0x67,0x2A,                                   /* [3883] OBJ_id_set */
-0x67,0x2A,0x00,                              /* [3885] OBJ_set_ctype */
-0x67,0x2A,0x01,                              /* [3888] OBJ_set_msgExt */
-0x67,0x2A,0x03,                              /* [3891] OBJ_set_attr */
-0x67,0x2A,0x05,                              /* [3894] OBJ_set_policy */
-0x67,0x2A,0x07,                              /* [3897] OBJ_set_certExt */
-0x67,0x2A,0x08,                              /* [3900] OBJ_set_brand */
-0x67,0x2A,0x00,0x00,                         /* [3903] OBJ_setct_PANData */
-0x67,0x2A,0x00,0x01,                         /* [3907] OBJ_setct_PANToken */
-0x67,0x2A,0x00,0x02,                         /* [3911] OBJ_setct_PANOnly */
-0x67,0x2A,0x00,0x03,                         /* [3915] OBJ_setct_OIData */
-0x67,0x2A,0x00,0x04,                         /* [3919] OBJ_setct_PI */
-0x67,0x2A,0x00,0x05,                         /* [3923] OBJ_setct_PIData */
-0x67,0x2A,0x00,0x06,                         /* [3927] OBJ_setct_PIDataUnsigned */
-0x67,0x2A,0x00,0x07,                         /* [3931] OBJ_setct_HODInput */
-0x67,0x2A,0x00,0x08,                         /* [3935] OBJ_setct_AuthResBaggage */
-0x67,0x2A,0x00,0x09,                         /* [3939] OBJ_setct_AuthRevReqBaggage */
-0x67,0x2A,0x00,0x0A,                         /* [3943] OBJ_setct_AuthRevResBaggage */
-0x67,0x2A,0x00,0x0B,                         /* [3947] OBJ_setct_CapTokenSeq */
-0x67,0x2A,0x00,0x0C,                         /* [3951] OBJ_setct_PInitResData */
-0x67,0x2A,0x00,0x0D,                         /* [3955] OBJ_setct_PI_TBS */
-0x67,0x2A,0x00,0x0E,                         /* [3959] OBJ_setct_PResData */
-0x67,0x2A,0x00,0x10,                         /* [3963] OBJ_setct_AuthReqTBS */
-0x67,0x2A,0x00,0x11,                         /* [3967] OBJ_setct_AuthResTBS */
-0x67,0x2A,0x00,0x12,                         /* [3971] OBJ_setct_AuthResTBSX */
-0x67,0x2A,0x00,0x13,                         /* [3975] OBJ_setct_AuthTokenTBS */
-0x67,0x2A,0x00,0x14,                         /* [3979] OBJ_setct_CapTokenData */
-0x67,0x2A,0x00,0x15,                         /* [3983] OBJ_setct_CapTokenTBS */
-0x67,0x2A,0x00,0x16,                         /* [3987] OBJ_setct_AcqCardCodeMsg */
-0x67,0x2A,0x00,0x17,                         /* [3991] OBJ_setct_AuthRevReqTBS */
-0x67,0x2A,0x00,0x18,                         /* [3995] OBJ_setct_AuthRevResData */
-0x67,0x2A,0x00,0x19,                         /* [3999] OBJ_setct_AuthRevResTBS */
-0x67,0x2A,0x00,0x1A,                         /* [4003] OBJ_setct_CapReqTBS */
-0x67,0x2A,0x00,0x1B,                         /* [4007] OBJ_setct_CapReqTBSX */
-0x67,0x2A,0x00,0x1C,                         /* [4011] OBJ_setct_CapResData */
-0x67,0x2A,0x00,0x1D,                         /* [4015] OBJ_setct_CapRevReqTBS */
-0x67,0x2A,0x00,0x1E,                         /* [4019] OBJ_setct_CapRevReqTBSX */
-0x67,0x2A,0x00,0x1F,                         /* [4023] OBJ_setct_CapRevResData */
-0x67,0x2A,0x00,0x20,                         /* [4027] OBJ_setct_CredReqTBS */
-0x67,0x2A,0x00,0x21,                         /* [4031] OBJ_setct_CredReqTBSX */
-0x67,0x2A,0x00,0x22,                         /* [4035] OBJ_setct_CredResData */
-0x67,0x2A,0x00,0x23,                         /* [4039] OBJ_setct_CredRevReqTBS */
-0x67,0x2A,0x00,0x24,                         /* [4043] OBJ_setct_CredRevReqTBSX */
-0x67,0x2A,0x00,0x25,                         /* [4047] OBJ_setct_CredRevResData */
-0x67,0x2A,0x00,0x26,                         /* [4051] OBJ_setct_PCertReqData */
-0x67,0x2A,0x00,0x27,                         /* [4055] OBJ_setct_PCertResTBS */
-0x67,0x2A,0x00,0x28,                         /* [4059] OBJ_setct_BatchAdminReqData */
-0x67,0x2A,0x00,0x29,                         /* [4063] OBJ_setct_BatchAdminResData */
-0x67,0x2A,0x00,0x2A,                         /* [4067] OBJ_setct_CardCInitResTBS */
-0x67,0x2A,0x00,0x2B,                         /* [4071] OBJ_setct_MeAqCInitResTBS */
-0x67,0x2A,0x00,0x2C,                         /* [4075] OBJ_setct_RegFormResTBS */
-0x67,0x2A,0x00,0x2D,                         /* [4079] OBJ_setct_CertReqData */
-0x67,0x2A,0x00,0x2E,                         /* [4083] OBJ_setct_CertReqTBS */
-0x67,0x2A,0x00,0x2F,                         /* [4087] OBJ_setct_CertResData */
-0x67,0x2A,0x00,0x30,                         /* [4091] OBJ_setct_CertInqReqTBS */
-0x67,0x2A,0x00,0x31,                         /* [4095] OBJ_setct_ErrorTBS */
-0x67,0x2A,0x00,0x32,                         /* [4099] OBJ_setct_PIDualSignedTBE */
-0x67,0x2A,0x00,0x33,                         /* [4103] OBJ_setct_PIUnsignedTBE */
-0x67,0x2A,0x00,0x34,                         /* [4107] OBJ_setct_AuthReqTBE */
-0x67,0x2A,0x00,0x35,                         /* [4111] OBJ_setct_AuthResTBE */
-0x67,0x2A,0x00,0x36,                         /* [4115] OBJ_setct_AuthResTBEX */
-0x67,0x2A,0x00,0x37,                         /* [4119] OBJ_setct_AuthTokenTBE */
-0x67,0x2A,0x00,0x38,                         /* [4123] OBJ_setct_CapTokenTBE */
-0x67,0x2A,0x00,0x39,                         /* [4127] OBJ_setct_CapTokenTBEX */
-0x67,0x2A,0x00,0x3A,                         /* [4131] OBJ_setct_AcqCardCodeMsgTBE */
-0x67,0x2A,0x00,0x3B,                         /* [4135] OBJ_setct_AuthRevReqTBE */
-0x67,0x2A,0x00,0x3C,                         /* [4139] OBJ_setct_AuthRevResTBE */
-0x67,0x2A,0x00,0x3D,                         /* [4143] OBJ_setct_AuthRevResTBEB */
-0x67,0x2A,0x00,0x3E,                         /* [4147] OBJ_setct_CapReqTBE */
-0x67,0x2A,0x00,0x3F,                         /* [4151] OBJ_setct_CapReqTBEX */
-0x67,0x2A,0x00,0x40,                         /* [4155] OBJ_setct_CapResTBE */
-0x67,0x2A,0x00,0x41,                         /* [4159] OBJ_setct_CapRevReqTBE */
-0x67,0x2A,0x00,0x42,                         /* [4163] OBJ_setct_CapRevReqTBEX */
-0x67,0x2A,0x00,0x43,                         /* [4167] OBJ_setct_CapRevResTBE */
-0x67,0x2A,0x00,0x44,                         /* [4171] OBJ_setct_CredReqTBE */
-0x67,0x2A,0x00,0x45,                         /* [4175] OBJ_setct_CredReqTBEX */
-0x67,0x2A,0x00,0x46,                         /* [4179] OBJ_setct_CredResTBE */
-0x67,0x2A,0x00,0x47,                         /* [4183] OBJ_setct_CredRevReqTBE */
-0x67,0x2A,0x00,0x48,                         /* [4187] OBJ_setct_CredRevReqTBEX */
-0x67,0x2A,0x00,0x49,                         /* [4191] OBJ_setct_CredRevResTBE */
-0x67,0x2A,0x00,0x4A,                         /* [4195] OBJ_setct_BatchAdminReqTBE */
-0x67,0x2A,0x00,0x4B,                         /* [4199] OBJ_setct_BatchAdminResTBE */
-0x67,0x2A,0x00,0x4C,                         /* [4203] OBJ_setct_RegFormReqTBE */
-0x67,0x2A,0x00,0x4D,                         /* [4207] OBJ_setct_CertReqTBE */
-0x67,0x2A,0x00,0x4E,                         /* [4211] OBJ_setct_CertReqTBEX */
-0x67,0x2A,0x00,0x4F,                         /* [4215] OBJ_setct_CertResTBE */
-0x67,0x2A,0x00,0x50,                         /* [4219] OBJ_setct_CRLNotificationTBS */
-0x67,0x2A,0x00,0x51,                         /* [4223] OBJ_setct_CRLNotificationResTBS */
-0x67,0x2A,0x00,0x52,                         /* [4227] OBJ_setct_BCIDistributionTBS */
-0x67,0x2A,0x01,0x01,                         /* [4231] OBJ_setext_genCrypt */
-0x67,0x2A,0x01,0x03,                         /* [4235] OBJ_setext_miAuth */
-0x67,0x2A,0x01,0x04,                         /* [4239] OBJ_setext_pinSecure */
-0x67,0x2A,0x01,0x05,                         /* [4243] OBJ_setext_pinAny */
-0x67,0x2A,0x01,0x07,                         /* [4247] OBJ_setext_track2 */
-0x67,0x2A,0x01,0x08,                         /* [4251] OBJ_setext_cv */
-0x67,0x2A,0x05,0x00,                         /* [4255] OBJ_set_policy_root */
-0x67,0x2A,0x07,0x00,                         /* [4259] OBJ_setCext_hashedRoot */
-0x67,0x2A,0x07,0x01,                         /* [4263] OBJ_setCext_certType */
-0x67,0x2A,0x07,0x02,                         /* [4267] OBJ_setCext_merchData */
-0x67,0x2A,0x07,0x03,                         /* [4271] OBJ_setCext_cCertRequired */
-0x67,0x2A,0x07,0x04,                         /* [4275] OBJ_setCext_tunneling */
-0x67,0x2A,0x07,0x05,                         /* [4279] OBJ_setCext_setExt */
-0x67,0x2A,0x07,0x06,                         /* [4283] OBJ_setCext_setQualf */
-0x67,0x2A,0x07,0x07,                         /* [4287] OBJ_setCext_PGWYcapabilities */
-0x67,0x2A,0x07,0x08,                         /* [4291] OBJ_setCext_TokenIdentifier */
-0x67,0x2A,0x07,0x09,                         /* [4295] OBJ_setCext_Track2Data */
-0x67,0x2A,0x07,0x0A,                         /* [4299] OBJ_setCext_TokenType */
-0x67,0x2A,0x07,0x0B,                         /* [4303] OBJ_setCext_IssuerCapabilities */
-0x67,0x2A,0x03,0x00,                         /* [4307] OBJ_setAttr_Cert */
-0x67,0x2A,0x03,0x01,                         /* [4311] OBJ_setAttr_PGWYcap */
-0x67,0x2A,0x03,0x02,                         /* [4315] OBJ_setAttr_TokenType */
-0x67,0x2A,0x03,0x03,                         /* [4319] OBJ_setAttr_IssCap */
-0x67,0x2A,0x03,0x00,0x00,                    /* [4323] OBJ_set_rootKeyThumb */
-0x67,0x2A,0x03,0x00,0x01,                    /* [4328] OBJ_set_addPolicy */
-0x67,0x2A,0x03,0x02,0x01,                    /* [4333] OBJ_setAttr_Token_EMV */
-0x67,0x2A,0x03,0x02,0x02,                    /* [4338] OBJ_setAttr_Token_B0Prime */
-0x67,0x2A,0x03,0x03,0x03,                    /* [4343] OBJ_setAttr_IssCap_CVM */
-0x67,0x2A,0x03,0x03,0x04,                    /* [4348] OBJ_setAttr_IssCap_T2 */
-0x67,0x2A,0x03,0x03,0x05,                    /* [4353] OBJ_setAttr_IssCap_Sig */
-0x67,0x2A,0x03,0x03,0x03,0x01,               /* [4358] OBJ_setAttr_GenCryptgrm */
-0x67,0x2A,0x03,0x03,0x04,0x01,               /* [4364] OBJ_setAttr_T2Enc */
-0x67,0x2A,0x03,0x03,0x04,0x02,               /* [4370] OBJ_setAttr_T2cleartxt */
-0x67,0x2A,0x03,0x03,0x05,0x01,               /* [4376] OBJ_setAttr_TokICCsig */
-0x67,0x2A,0x03,0x03,0x05,0x02,               /* [4382] OBJ_setAttr_SecDevSig */
-0x67,0x2A,0x08,0x01,                         /* [4388] OBJ_set_brand_IATA_ATA */
-0x67,0x2A,0x08,0x1E,                         /* [4392] OBJ_set_brand_Diners */
-0x67,0x2A,0x08,0x22,                         /* [4396] OBJ_set_brand_AmericanExpress */
-0x67,0x2A,0x08,0x23,                         /* [4400] OBJ_set_brand_JCB */
-0x67,0x2A,0x08,0x04,                         /* [4404] OBJ_set_brand_Visa */
-0x67,0x2A,0x08,0x05,                         /* [4408] OBJ_set_brand_MasterCard */
-0x67,0x2A,0x08,0xAE,0x7B,                    /* [4412] OBJ_set_brand_Novus */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,     /* [4417] OBJ_des_cdmf */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4434] OBJ_ms_smartcard_login */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4444] OBJ_ms_upn */
-};
-
-static ASN1_OBJECT nid_objs[NUM_NID]={
-{"UNDEF","undefined",NID_undef,1,&(lvalues[0]),0},
-{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[1]),0},
-{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[7]),0},
-{"MD2","md2",NID_md2,8,&(lvalues[14]),0},
-{"MD5","md5",NID_md5,8,&(lvalues[22]),0},
-{"RC4","rc4",NID_rc4,8,&(lvalues[30]),0},
-{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[38]),0},
-{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9,
-        &(lvalues[47]),0},
-{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,
-        &(lvalues[56]),0},
-{"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9,
-        &(lvalues[65]),0},
-{"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9,
-        &(lvalues[74]),0},
-{"X500","directory services (X.500)",NID_X500,1,&(lvalues[83]),0},
-{"X509","X509",NID_X509,2,&(lvalues[84]),0},
-{"CN","commonName",NID_commonName,3,&(lvalues[86]),0},
-{"C","countryName",NID_countryName,3,&(lvalues[89]),0},
-{"L","localityName",NID_localityName,3,&(lvalues[92]),0},
-{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[95]),0},
-{"O","organizationName",NID_organizationName,3,&(lvalues[98]),0},
-{"OU","organizationalUnitName",NID_organizationalUnitName,3,
-        &(lvalues[101]),0},
-{"RSA","rsa",NID_rsa,4,&(lvalues[104]),0},
-{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[108]),0},
-{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[116]),0},
-{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9,
-        &(lvalues[125]),0},
-{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9,
-        &(lvalues[134]),0},
-{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData",
-        NID_pkcs7_signedAndEnveloped,9,&(lvalues[143]),0},
-{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9,
-        &(lvalues[152]),0},
-{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9,
-        &(lvalues[161]),0},
-{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[170]),0},
-{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9,
-        &(lvalues[178]),0},
-{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[187]),0},
-{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0},
-{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0},
-{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0},
-{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL},
-{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0},
-{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL},
-{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL},
-{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[218]),0},
-{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL},
-{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL},
-{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL},
-{"SHA","sha",NID_sha,5,&(lvalues[226]),0},
-{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
-        &(lvalues[231]),0},
-{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL},
-{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[236]),0},
-{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0},
-{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL},
-{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0},
-{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9,
-        &(lvalues[257]),0},
-{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
-        &(lvalues[266]),0},
-{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[275]),0},
-{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,
-        &(lvalues[284]),0},
-{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[293]),0},
-{"countersignature","countersignature",NID_pkcs9_countersignature,9,
-        &(lvalues[302]),0},
-{"challengePassword","challengePassword",NID_pkcs9_challengePassword,
-        9,&(lvalues[311]),0},
-{"unstructuredAddress","unstructuredAddress",
-        NID_pkcs9_unstructuredAddress,9,&(lvalues[320]),0},
-{"extendedCertificateAttributes","extendedCertificateAttributes",
-        NID_pkcs9_extCertAttributes,9,&(lvalues[329]),0},
-{"Netscape","Netscape Communications Corp.",NID_netscape,7,
-        &(lvalues[338]),0},
-{"nsCertExt","Netscape Certificate Extension",
-        NID_netscape_cert_extension,8,&(lvalues[345]),0},
-{"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
-        &(lvalues[353]),0},
-{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL},
-{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL},
-{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL},
-{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL},
-{"SHA1","sha1",NID_sha1,5,&(lvalues[361]),0},
-{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
-        &(lvalues[366]),0},
-{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[375]),0},
-{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[380]),0},
-{"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC,
-        9,&(lvalues[385]),0},
-{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[394]),0},
-{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[403]),0},
-{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
-        &(lvalues[408]),0},
-{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
-        &(lvalues[417]),0},
-{"nsRevocationUrl","Netscape Revocation Url",
-        NID_netscape_revocation_url,9,&(lvalues[426]),0},
-{"nsCaRevocationUrl","Netscape CA Revocation Url",
-        NID_netscape_ca_revocation_url,9,&(lvalues[435]),0},
-{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,
-        &(lvalues[444]),0},
-{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,
-        9,&(lvalues[453]),0},
-{"nsSslServerName","Netscape SSL Server Name",
-        NID_netscape_ssl_server_name,9,&(lvalues[462]),0},
-{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[471]),0},
-{"nsCertSequence","Netscape Certificate Sequence",
-        NID_netscape_cert_sequence,9,&(lvalues[480]),0},
-{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL},
-{"id-ce","id-ce",NID_id_ce,2,&(lvalues[489]),0},
-{"subjectKeyIdentifier","X509v3 Subject Key Identifier",
-        NID_subject_key_identifier,3,&(lvalues[491]),0},
-{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[494]),0},
-{"privateKeyUsagePeriod","X509v3 Private Key Usage Period",
-        NID_private_key_usage_period,3,&(lvalues[497]),0},
-{"subjectAltName","X509v3 Subject Alternative Name",
-        NID_subject_alt_name,3,&(lvalues[500]),0},
-{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,
-        3,&(lvalues[503]),0},
-{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,
-        3,&(lvalues[506]),0},
-{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[509]),0},
-{"certificatePolicies","X509v3 Certificate Policies",
-        NID_certificate_policies,3,&(lvalues[512]),0},
-{"authorityKeyIdentifier","X509v3 Authority Key Identifier",
-        NID_authority_key_identifier,3,&(lvalues[515]),0},
-{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[518]),0},
-{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL},
-{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL},
-{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL},
-{"MDC2","mdc2",NID_mdc2,4,&(lvalues[527]),0},
-{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0},
-{"RC4-40","rc4-40",NID_rc4_40,0,NULL},
-{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
-{"GN","givenName",NID_givenName,3,&(lvalues[535]),0},
-{"SN","surname",NID_surname,3,&(lvalues[538]),0},
-{"initials","initials",NID_initials,3,&(lvalues[541]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"crlDistributionPoints","X509v3 CRL Distribution Points",
-        NID_crl_distribution_points,3,&(lvalues[544]),0},
-{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[547]),0},
-{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[552]),0},
-{"title","title",NID_title,3,&(lvalues[555]),0},
-{"description","description",NID_description,3,&(lvalues[558]),0},
-{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[561]),0},
-{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL},
-{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL},
-{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL},
-{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
-        NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[570]),0},
-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[579]),0},
-{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL},
-{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[586]),0},
-{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[591]),0},
-{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[598]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
-        &(lvalues[603]),0},
-{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[609]),0},
-{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL},
-{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL},
-{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
-{"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0},
-{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0},
-{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
-        &(lvalues[629]),0},
-{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[632]),0},
-{"id-kp","id-kp",NID_id_kp,7,&(lvalues[638]),0},
-{"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
-        &(lvalues[645]),0},
-{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
-        &(lvalues[653]),0},
-{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[661]),0},
-{"emailProtection","E-mail Protection",NID_email_protect,8,
-        &(lvalues[669]),0},
-{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[677]),0},
-{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
-        &(lvalues[685]),0},
-{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
-        &(lvalues[695]),0},
-{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
-        &(lvalues[705]),0},
-{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[715]),0},
-{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
-        &(lvalues[725]),0},
-{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[735]),0},
-{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
-        &(lvalues[744]),0},
-{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[747]),0},
-{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
-        &(lvalues[750]),0},
-{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[753]),0},
-{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",
-        NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[758]),0},
-{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",
-        NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[768]),0},
-{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",
-        NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[778]),0},
-{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",
-        NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[788]),0},
-{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",
-        NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[798]),0},
-{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",
-        NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[808]),0},
-{"keyBag","keyBag",NID_keyBag,11,&(lvalues[818]),0},
-{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,
-        11,&(lvalues[829]),0},
-{"certBag","certBag",NID_certBag,11,&(lvalues[840]),0},
-{"crlBag","crlBag",NID_crlBag,11,&(lvalues[851]),0},
-{"secretBag","secretBag",NID_secretBag,11,&(lvalues[862]),0},
-{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,
-        &(lvalues[873]),0},
-{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[884]),0},
-{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[893]),0},
-{"x509Certificate","x509Certificate",NID_x509Certificate,10,
-        &(lvalues[902]),0},
-{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
-        &(lvalues[912]),0},
-{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[922]),0},
-{"PBES2","PBES2",NID_pbes2,9,&(lvalues[932]),0},
-{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[941]),0},
-{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[950]),0},
-{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0},
-{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
-        &(lvalues[966]),0},
-{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL},
-{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
-        &(lvalues[974]),0},
-{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
-        &(lvalues[983]),0},
-{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,
-        &(lvalues[992]),0},
-{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,
-        &(lvalues[1001]),0},
-{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,
-        &(lvalues[1010]),0},
-{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1020]),0},
-{"name","name",NID_name,3,&(lvalues[1029]),0},
-{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1032]),0},
-{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1035]),0},
-{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1042]),0},
-{"authorityInfoAccess","Authority Information Access",NID_info_access,
-        8,&(lvalues[1049]),0},
-{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1057]),0},
-{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1065]),0},
-{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1073]),0},
-{"ISO","iso",NID_iso,1,&(lvalues[1081]),0},
-{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1082]),0},
-{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1083]),0},
-{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1086]),0},
-{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1091]),0},
-{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1097]),0},
-{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1105]),0},
-{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1113]),0},
-{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1122]),0},
-{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1132]),0},
-{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1142]),0},
-{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1152]),0},
-{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1162]),0},
-{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1172]),0},
-{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1182]),0},
-{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,
-        &(lvalues[1192]),0},
-{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,
-        &(lvalues[1203]),0},
-{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,
-        &(lvalues[1214]),0},
-{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,
-        11,&(lvalues[1225]),0},
-{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",
-        NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1236]),0},
-{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",
-        NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1247]),0},
-{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",
-        NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1258]),0},
-{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",
-        NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1269]),0},
-{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,
-        11,&(lvalues[1280]),0},
-{"id-smime-ct-authData","id-smime-ct-authData",
-        NID_id_smime_ct_authData,11,&(lvalues[1291]),0},
-{"id-smime-ct-publishCert","id-smime-ct-publishCert",
-        NID_id_smime_ct_publishCert,11,&(lvalues[1302]),0},
-{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,
-        11,&(lvalues[1313]),0},
-{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,
-        11,&(lvalues[1324]),0},
-{"id-smime-ct-contentInfo","id-smime-ct-contentInfo",
-        NID_id_smime_ct_contentInfo,11,&(lvalues[1335]),0},
-{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",
-        NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1346]),0},
-{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",
-        NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1357]),0},
-{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",
-        NID_id_smime_aa_receiptRequest,11,&(lvalues[1368]),0},
-{"id-smime-aa-securityLabel","id-smime-aa-securityLabel",
-        NID_id_smime_aa_securityLabel,11,&(lvalues[1379]),0},
-{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",
-        NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1390]),0},
-{"id-smime-aa-contentHint","id-smime-aa-contentHint",
-        NID_id_smime_aa_contentHint,11,&(lvalues[1401]),0},
-{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",
-        NID_id_smime_aa_msgSigDigest,11,&(lvalues[1412]),0},
-{"id-smime-aa-encapContentType","id-smime-aa-encapContentType",
-        NID_id_smime_aa_encapContentType,11,&(lvalues[1423]),0},
-{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",
-        NID_id_smime_aa_contentIdentifier,11,&(lvalues[1434]),0},
-{"id-smime-aa-macValue","id-smime-aa-macValue",
-        NID_id_smime_aa_macValue,11,&(lvalues[1445]),0},
-{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",
-        NID_id_smime_aa_equivalentLabels,11,&(lvalues[1456]),0},
-{"id-smime-aa-contentReference","id-smime-aa-contentReference",
-        NID_id_smime_aa_contentReference,11,&(lvalues[1467]),0},
-{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",
-        NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1478]),0},
-{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",
-        NID_id_smime_aa_signingCertificate,11,&(lvalues[1489]),0},
-{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",
-        NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1500]),0},
-{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",
-        NID_id_smime_aa_timeStampToken,11,&(lvalues[1511]),0},
-{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",
-        NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1522]),0},
-{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",
-        NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1533]),0},
-{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",
-        NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1544]),0},
-{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",
-        NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1555]),0},
-{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",
-        NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1566]),0},
-{"id-smime-aa-ets-contentTimestamp",
-        "id-smime-aa-ets-contentTimestamp",
-        NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1577]),0},
-{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",
-        NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1588]),0},
-{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",
-        NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1599]),0},
-{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",
-        NID_id_smime_aa_ets_certValues,11,&(lvalues[1610]),0},
-{"id-smime-aa-ets-revocationValues",
-        "id-smime-aa-ets-revocationValues",
-        NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1621]),0},
-{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",
-        NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1632]),0},
-{"id-smime-aa-ets-certCRLTimestamp",
-        "id-smime-aa-ets-certCRLTimestamp",
-        NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1643]),0},
-{"id-smime-aa-ets-archiveTimeStamp",
-        "id-smime-aa-ets-archiveTimeStamp",
-        NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1654]),0},
-{"id-smime-aa-signatureType","id-smime-aa-signatureType",
-        NID_id_smime_aa_signatureType,11,&(lvalues[1665]),0},
-{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",
-        NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1676]),0},
-{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",
-        NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1687]),0},
-{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",
-        NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1698]),0},
-{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",
-        NID_id_smime_alg_3DESwrap,11,&(lvalues[1709]),0},
-{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",
-        NID_id_smime_alg_RC2wrap,11,&(lvalues[1720]),0},
-{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,
-        &(lvalues[1731]),0},
-{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",
-        NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1742]),0},
-{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",
-        NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1753]),0},
-{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,
-        &(lvalues[1764]),0},
-{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",
-        NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1775]),0},
-{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",
-        NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1786]),0},
-{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",
-        NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1797]),0},
-{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",
-        NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1808]),0},
-{"id-smime-cti-ets-proofOfDelivery",
-        "id-smime-cti-ets-proofOfDelivery",
-        NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1819]),0},
-{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",
-        NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1830]),0},
-{"id-smime-cti-ets-proofOfApproval",
-        "id-smime-cti-ets-proofOfApproval",
-        NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1841]),0},
-{"id-smime-cti-ets-proofOfCreation",
-        "id-smime-cti-ets-proofOfCreation",
-        NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1852]),0},
-{"MD4","md4",NID_md4,8,&(lvalues[1863]),0},
-{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1871]),0},
-{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1878]),0},
-{"id-it","id-it",NID_id_it,7,&(lvalues[1885]),0},
-{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1892]),0},
-{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1899]),0},
-{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1906]),0},
-{"id-on","id-on",NID_id_on,7,&(lvalues[1913]),0},
-{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1920]),0},
-{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1927]),0},
-{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1934]),0},
-{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1941]),0},
-{"id-pkix1-explicit-88","id-pkix1-explicit-88",
-        NID_id_pkix1_explicit_88,8,&(lvalues[1948]),0},
-{"id-pkix1-implicit-88","id-pkix1-implicit-88",
-        NID_id_pkix1_implicit_88,8,&(lvalues[1956]),0},
-{"id-pkix1-explicit-93","id-pkix1-explicit-93",
-        NID_id_pkix1_explicit_93,8,&(lvalues[1964]),0},
-{"id-pkix1-implicit-93","id-pkix1-implicit-93",
-        NID_id_pkix1_implicit_93,8,&(lvalues[1972]),0},
-{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1980]),0},
-{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1988]),0},
-{"id-mod-kea-profile-88","id-mod-kea-profile-88",
-        NID_id_mod_kea_profile_88,8,&(lvalues[1996]),0},
-{"id-mod-kea-profile-93","id-mod-kea-profile-93",
-        NID_id_mod_kea_profile_93,8,&(lvalues[2004]),0},
-{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2012]),0},
-{"id-mod-qualified-cert-88","id-mod-qualified-cert-88",
-        NID_id_mod_qualified_cert_88,8,&(lvalues[2020]),0},
-{"id-mod-qualified-cert-93","id-mod-qualified-cert-93",
-        NID_id_mod_qualified_cert_93,8,&(lvalues[2028]),0},
-{"id-mod-attribute-cert","id-mod-attribute-cert",
-        NID_id_mod_attribute_cert,8,&(lvalues[2036]),0},
-{"id-mod-timestamp-protocol","id-mod-timestamp-protocol",
-        NID_id_mod_timestamp_protocol,8,&(lvalues[2044]),0},
-{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2052]),0},
-{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2060]),0},
-{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,
-        &(lvalues[2068]),0},
-{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2076]),0},
-{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2084]),0},
-{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,
-        &(lvalues[2092]),0},
-{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0},
-{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0},
-{"sbqp-ipAddrBlock","sbqp-ipAddrBlock",NID_sbqp_ipAddrBlock,8,
-        &(lvalues[2116]),0},
-{"sbqp-autonomousSysNum","sbqp-autonomousSysNum",
-        NID_sbqp_autonomousSysNum,8,&(lvalues[2124]),0},
-{"sbqp-routerIdentifier","sbqp-routerIdentifier",
-        NID_sbqp_routerIdentifier,8,&(lvalues[2132]),0},
-{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0},
-{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
-        &(lvalues[2148]),0},
-{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2156]),0},
-{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2164]),0},
-{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2172]),0},
-{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,
-        8,&(lvalues[2180]),0},
-{"id-it-signKeyPairTypes","id-it-signKeyPairTypes",
-        NID_id_it_signKeyPairTypes,8,&(lvalues[2188]),0},
-{"id-it-encKeyPairTypes","id-it-encKeyPairTypes",
-        NID_id_it_encKeyPairTypes,8,&(lvalues[2196]),0},
-{"id-it-preferredSymmAlg","id-it-preferredSymmAlg",
-        NID_id_it_preferredSymmAlg,8,&(lvalues[2204]),0},
-{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",
-        NID_id_it_caKeyUpdateInfo,8,&(lvalues[2212]),0},
-{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,
-        &(lvalues[2220]),0},
-{"id-it-unsupportedOIDs","id-it-unsupportedOIDs",
-        NID_id_it_unsupportedOIDs,8,&(lvalues[2228]),0},
-{"id-it-subscriptionRequest","id-it-subscriptionRequest",
-        NID_id_it_subscriptionRequest,8,&(lvalues[2236]),0},
-{"id-it-subscriptionResponse","id-it-subscriptionResponse",
-        NID_id_it_subscriptionResponse,8,&(lvalues[2244]),0},
-{"id-it-keyPairParamReq","id-it-keyPairParamReq",
-        NID_id_it_keyPairParamReq,8,&(lvalues[2252]),0},
-{"id-it-keyPairParamRep","id-it-keyPairParamRep",
-        NID_id_it_keyPairParamRep,8,&(lvalues[2260]),0},
-{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,
-        8,&(lvalues[2268]),0},
-{"id-it-implicitConfirm","id-it-implicitConfirm",
-        NID_id_it_implicitConfirm,8,&(lvalues[2276]),0},
-{"id-it-confirmWaitTime","id-it-confirmWaitTime",
-        NID_id_it_confirmWaitTime,8,&(lvalues[2284]),0},
-{"id-it-origPKIMessage","id-it-origPKIMessage",
-        NID_id_it_origPKIMessage,8,&(lvalues[2292]),0},
-{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2300]),0},
-{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2308]),0},
-{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,
-        9,&(lvalues[2316]),0},
-{"id-regCtrl-authenticator","id-regCtrl-authenticator",
-        NID_id_regCtrl_authenticator,9,&(lvalues[2325]),0},
-{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",
-        NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2334]),0},
-{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",
-        NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2343]),0},
-{"id-regCtrl-oldCertID","id-regCtrl-oldCertID",
-        NID_id_regCtrl_oldCertID,9,&(lvalues[2352]),0},
-{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",
-        NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2361]),0},
-{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",
-        NID_id_regInfo_utf8Pairs,9,&(lvalues[2370]),0},
-{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,
-        &(lvalues[2379]),0},
-{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2388]),0},
-{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,
-        &(lvalues[2396]),0},
-{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",
-        NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2404]),0},
-{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2412]),0},
-{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,
-        &(lvalues[2420]),0},
-{"id-cmc-identification","id-cmc-identification",
-        NID_id_cmc_identification,8,&(lvalues[2428]),0},
-{"id-cmc-identityProof","id-cmc-identityProof",
-        NID_id_cmc_identityProof,8,&(lvalues[2436]),0},
-{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,
-        &(lvalues[2444]),0},
-{"id-cmc-transactionId","id-cmc-transactionId",
-        NID_id_cmc_transactionId,8,&(lvalues[2452]),0},
-{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,
-        &(lvalues[2460]),0},
-{"id-cmc-recipientNonce","id-cmc-recipientNonce",
-        NID_id_cmc_recipientNonce,8,&(lvalues[2468]),0},
-{"id-cmc-addExtensions","id-cmc-addExtensions",
-        NID_id_cmc_addExtensions,8,&(lvalues[2476]),0},
-{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,
-        8,&(lvalues[2484]),0},
-{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,
-        8,&(lvalues[2492]),0},
-{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",
-        NID_id_cmc_lraPOPWitness,8,&(lvalues[2500]),0},
-{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,
-        &(lvalues[2508]),0},
-{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2516]),0},
-{"id-cmc-revokeRequest","id-cmc-revokeRequest",
-        NID_id_cmc_revokeRequest,8,&(lvalues[2524]),0},
-{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,
-        &(lvalues[2532]),0},
-{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,
-        8,&(lvalues[2540]),0},
-{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,
-        8,&(lvalues[2548]),0},
-{"id-cmc-popLinkRandom","id-cmc-popLinkRandom",
-        NID_id_cmc_popLinkRandom,8,&(lvalues[2556]),0},
-{"id-cmc-popLinkWitness","id-cmc-popLinkWitness",
-        NID_id_cmc_popLinkWitness,8,&(lvalues[2564]),0},
-{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",
-        NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2572]),0},
-{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,
-        &(lvalues[2580]),0},
-{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,
-        &(lvalues[2588]),0},
-{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
-        8,&(lvalues[2596]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0},
-{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
-        NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0},
-{"id-pda-countryOfResidence","id-pda-countryOfResidence",
-        NID_id_pda_countryOfResidence,8,&(lvalues[2620]),0},
-{"id-aca-authenticationInfo","id-aca-authenticationInfo",
-        NID_id_aca_authenticationInfo,8,&(lvalues[2628]),0},
-{"id-aca-accessIdentity","id-aca-accessIdentity",
-        NID_id_aca_accessIdentity,8,&(lvalues[2636]),0},
-{"id-aca-chargingIdentity","id-aca-chargingIdentity",
-        NID_id_aca_chargingIdentity,8,&(lvalues[2644]),0},
-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2652]),0},
-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2660]),0},
-{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
-        NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2668]),0},
-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2676]),0},
-{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
-        &(lvalues[2684]),0},
-{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
-        &(lvalues[2692]),0},
-{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
-        &(lvalues[2700]),0},
-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2708]),0},
-{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
-        &(lvalues[2716]),0},
-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2725]),0},
-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2734]),0},
-{"acceptableResponses","Acceptable OCSP Responses",
-        NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2743]),0},
-{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2752]),0},
-{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
-        9,&(lvalues[2761]),0},
-{"serviceLocator","OCSP Service Locator",
-        NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2770]),0},
-{"extendedStatus","Extended OCSP Status",
-        NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2779]),0},
-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2788]),0},
-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2797]),0},
-{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
-        &(lvalues[2806]),0},
-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2815]),0},
-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2819]),0},
-{"X500algorithms","directory services - algorithms",
-        NID_X500algorithms,2,&(lvalues[2824]),0},
-{"ORG","org",NID_org,1,&(lvalues[2826]),0},
-{"DOD","dod",NID_dod,2,&(lvalues[2827]),0},
-{"IANA","iana",NID_iana,3,&(lvalues[2829]),0},
-{"directory","Directory",NID_Directory,4,&(lvalues[2832]),0},
-{"mgmt","Management",NID_Management,4,&(lvalues[2836]),0},
-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2840]),0},
-{"private","Private",NID_Private,4,&(lvalues[2844]),0},
-{"security","Security",NID_Security,4,&(lvalues[2848]),0},
-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2852]),0},
-{"Mail","Mail",NID_Mail,4,&(lvalues[2856]),0},
-{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2860]),0},
-{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0},
-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0},
-{"domain","Domain",NID_Domain,10,&(lvalues[2884]),0},
-{"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1,
-        &(lvalues[2894]),0},
-{"selected-attribute-types","Selected Attribute Types",
-        NID_selected_attribute_types,3,&(lvalues[2895]),0},
-{"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0},
-{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
-        &(lvalues[2902]),0},
-{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2911]),0},
-{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
-        &(lvalues[2919]),0},
-{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
-        &(lvalues[2927]),0},
-{"role","role",NID_role,3,&(lvalues[2935]),0},
-{"policyConstraints","X509v3 Policy Constraints",
-        NID_policy_constraints,3,&(lvalues[2938]),0},
-{"targetInformation","X509v3 AC Targeting",NID_target_information,3,
-        &(lvalues[2941]),0},
-{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
-        &(lvalues[2944]),0},
-{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2947]),0},
-{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0},
-{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0},
-{"characteristic-two-field","characteristic-two-field",
-        NID_X9_62_characteristic_two_field,7,&(lvalues[2960]),0},
-{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7,
-        &(lvalues[2967]),0},
-{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2974]),0},
-{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2982]),0},
-{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2990]),0},
-{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2998]),0},
-{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3006]),0},
-{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3014]),0},
-{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3022]),0},
-{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,
-        &(lvalues[3030]),0},
-{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3037]),0},
-{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3046]),0},
-{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3055]),0},
-{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3064]),0},
-{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3073]),0},
-{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3082]),0},
-{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3091]),0},
-{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3100]),0},
-{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3109]),0},
-{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3118]),0},
-{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3127]),0},
-{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3136]),0},
-{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3145]),0},
-{"holdInstructionCode","Hold Instruction Code",
-        NID_hold_instruction_code,3,&(lvalues[3154]),0},
-{"holdInstructionNone","Hold Instruction None",
-        NID_hold_instruction_none,7,&(lvalues[3157]),0},
-{"holdInstructionCallIssuer","Hold Instruction Call Issuer",
-        NID_hold_instruction_call_issuer,7,&(lvalues[3164]),0},
-{"holdInstructionReject","Hold Instruction Reject",
-        NID_hold_instruction_reject,7,&(lvalues[3171]),0},
-{"data","data",NID_data,1,&(lvalues[3178]),0},
-{"pss","pss",NID_pss,3,&(lvalues[3179]),0},
-{"ucl","ucl",NID_ucl,7,&(lvalues[3182]),0},
-{"pilot","pilot",NID_pilot,8,&(lvalues[3189]),0},
-{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9,
-        &(lvalues[3197]),0},
-{"pilotAttributeSyntax","pilotAttributeSyntax",
-        NID_pilotAttributeSyntax,9,&(lvalues[3206]),0},
-{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9,
-        &(lvalues[3215]),0},
-{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3224]),0},
-{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10,
-        &(lvalues[3233]),0},
-{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax",
-        NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3243]),0},
-{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3253]),0},
-{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3263]),0},
-{"account","account",NID_account,10,&(lvalues[3273]),0},
-{"document","document",NID_document,10,&(lvalues[3283]),0},
-{"room","room",NID_room,10,&(lvalues[3293]),0},
-{"documentSeries","documentSeries",NID_documentSeries,10,
-        &(lvalues[3303]),0},
-{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10,
-        &(lvalues[3313]),0},
-{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3323]),0},
-{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject,
-        10,&(lvalues[3333]),0},
-{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10,
-        &(lvalues[3343]),0},
-{"simpleSecurityObject","simpleSecurityObject",
-        NID_simpleSecurityObject,10,&(lvalues[3353]),0},
-{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10,
-        &(lvalues[3363]),0},
-{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3373]),0},
-{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData,
-        10,&(lvalues[3383]),0},
-{"UID","userId",NID_userId,10,&(lvalues[3393]),0},
-{"textEncodedORAddress","textEncodedORAddress",
-        NID_textEncodedORAddress,10,&(lvalues[3403]),0},
-{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0},
-{"info","info",NID_info,10,&(lvalues[3423]),0},
-{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10,
-        &(lvalues[3433]),0},
-{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3443]),0},
-{"photo","photo",NID_photo,10,&(lvalues[3453]),0},
-{"userClass","userClass",NID_userClass,10,&(lvalues[3463]),0},
-{"host","host",NID_host,10,&(lvalues[3473]),0},
-{"manager","manager",NID_manager,10,&(lvalues[3483]),0},
-{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10,
-        &(lvalues[3493]),0},
-{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3503]),0},
-{"documentVersion","documentVersion",NID_documentVersion,10,
-        &(lvalues[3513]),0},
-{"documentAuthor","documentAuthor",NID_documentAuthor,10,
-        &(lvalues[3523]),0},
-{"documentLocation","documentLocation",NID_documentLocation,10,
-        &(lvalues[3533]),0},
-{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber,
-        10,&(lvalues[3543]),0},
-{"secretary","secretary",NID_secretary,10,&(lvalues[3553]),0},
-{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3563]),0},
-{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10,
-        &(lvalues[3573]),0},
-{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10,
-        &(lvalues[3583]),0},
-{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3593]),0},
-{"pilotAttributeType27","pilotAttributeType27",
-        NID_pilotAttributeType27,10,&(lvalues[3603]),0},
-{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3613]),0},
-{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3623]),0},
-{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3633]),0},
-{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3643]),0},
-{"associatedDomain","associatedDomain",NID_associatedDomain,10,
-        &(lvalues[3653]),0},
-{"associatedName","associatedName",NID_associatedName,10,
-        &(lvalues[3663]),0},
-{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10,
-        &(lvalues[3673]),0},
-{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3683]),0},
-{"mobileTelephoneNumber","mobileTelephoneNumber",
-        NID_mobileTelephoneNumber,10,&(lvalues[3693]),0},
-{"pagerTelephoneNumber","pagerTelephoneNumber",
-        NID_pagerTelephoneNumber,10,&(lvalues[3703]),0},
-{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName,
-        10,&(lvalues[3713]),0},
-{"organizationalStatus","organizationalStatus",
-        NID_organizationalStatus,10,&(lvalues[3723]),0},
-{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3733]),0},
-{"mailPreferenceOption","mailPreferenceOption",
-        NID_mailPreferenceOption,10,&(lvalues[3743]),0},
-{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3753]),0},
-{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3763]),0},
-{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10,
-        &(lvalues[3773]),0},
-{"subtreeMinimumQuality","subtreeMinimumQuality",
-        NID_subtreeMinimumQuality,10,&(lvalues[3783]),0},
-{"subtreeMaximumQuality","subtreeMaximumQuality",
-        NID_subtreeMaximumQuality,10,&(lvalues[3793]),0},
-{"personalSignature","personalSignature",NID_personalSignature,10,
-        &(lvalues[3803]),0},
-{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3813]),0},
-{"audio","audio",NID_audio,10,&(lvalues[3823]),0},
-{"documentPublisher","documentPublisher",NID_documentPublisher,10,
-        &(lvalues[3833]),0},
-{"x500UniqueIdentifier","x500UniqueIdentifier",
-        NID_x500UniqueIdentifier,3,&(lvalues[3843]),0},
-{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3846]),0},
-{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6,
-        &(lvalues[3851]),0},
-{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6,
-        &(lvalues[3857]),0},
-{"id-hex-partial-message","id-hex-partial-message",
-        NID_id_hex_partial_message,7,&(lvalues[3863]),0},
-{"id-hex-multipart-message","id-hex-multipart-message",
-        NID_id_hex_multipart_message,7,&(lvalues[3870]),0},
-{"generationQualifier","generationQualifier",NID_generationQualifier,
-        3,&(lvalues[3877]),0},
-{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"id-set","Secure Electronic Transactions",NID_id_set,2,
-        &(lvalues[3883]),0},
-{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0},
-{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3888]),0},
-{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3891]),0},
-{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3894]),0},
-{"set-certExt","certificate extensions",NID_set_certExt,3,
-        &(lvalues[3897]),0},
-{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3900]),0},
-{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3903]),0},
-{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4,
-        &(lvalues[3907]),0},
-{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3911]),0},
-{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3915]),0},
-{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3919]),0},
-{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3923]),0},
-{"setct-PIDataUnsigned","setct-PIDataUnsigned",
-        NID_setct_PIDataUnsigned,4,&(lvalues[3927]),0},
-{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4,
-        &(lvalues[3931]),0},
-{"setct-AuthResBaggage","setct-AuthResBaggage",
-        NID_setct_AuthResBaggage,4,&(lvalues[3935]),0},
-{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage",
-        NID_setct_AuthRevReqBaggage,4,&(lvalues[3939]),0},
-{"setct-AuthRevResBaggage","setct-AuthRevResBaggage",
-        NID_setct_AuthRevResBaggage,4,&(lvalues[3943]),0},
-{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4,
-        &(lvalues[3947]),0},
-{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4,
-        &(lvalues[3951]),0},
-{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3955]),0},
-{"setct-PResData","setct-PResData",NID_setct_PResData,4,
-        &(lvalues[3959]),0},
-{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4,
-        &(lvalues[3963]),0},
-{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4,
-        &(lvalues[3967]),0},
-{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4,
-        &(lvalues[3971]),0},
-{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4,
-        &(lvalues[3975]),0},
-{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4,
-        &(lvalues[3979]),0},
-{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4,
-        &(lvalues[3983]),0},
-{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg",
-        NID_setct_AcqCardCodeMsg,4,&(lvalues[3987]),0},
-{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS,
-        4,&(lvalues[3991]),0},
-{"setct-AuthRevResData","setct-AuthRevResData",
-        NID_setct_AuthRevResData,4,&(lvalues[3995]),0},
-{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS,
-        4,&(lvalues[3999]),0},
-{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4,
-        &(lvalues[4003]),0},
-{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4,
-        &(lvalues[4007]),0},
-{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4,
-        &(lvalues[4011]),0},
-{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4,
-        &(lvalues[4015]),0},
-{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX,
-        4,&(lvalues[4019]),0},
-{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData,
-        4,&(lvalues[4023]),0},
-{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4,
-        &(lvalues[4027]),0},
-{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4,
-        &(lvalues[4031]),0},
-{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4,
-        &(lvalues[4035]),0},
-{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS,
-        4,&(lvalues[4039]),0},
-{"setct-CredRevReqTBSX","setct-CredRevReqTBSX",
-        NID_setct_CredRevReqTBSX,4,&(lvalues[4043]),0},
-{"setct-CredRevResData","setct-CredRevResData",
-        NID_setct_CredRevResData,4,&(lvalues[4047]),0},
-{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4,
-        &(lvalues[4051]),0},
-{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4,
-        &(lvalues[4055]),0},
-{"setct-BatchAdminReqData","setct-BatchAdminReqData",
-        NID_setct_BatchAdminReqData,4,&(lvalues[4059]),0},
-{"setct-BatchAdminResData","setct-BatchAdminResData",
-        NID_setct_BatchAdminResData,4,&(lvalues[4063]),0},
-{"setct-CardCInitResTBS","setct-CardCInitResTBS",
-        NID_setct_CardCInitResTBS,4,&(lvalues[4067]),0},
-{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS",
-        NID_setct_MeAqCInitResTBS,4,&(lvalues[4071]),0},
-{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS,
-        4,&(lvalues[4075]),0},
-{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4,
-        &(lvalues[4079]),0},
-{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4,
-        &(lvalues[4083]),0},
-{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4,
-        &(lvalues[4087]),0},
-{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS,
-        4,&(lvalues[4091]),0},
-{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4,
-        &(lvalues[4095]),0},
-{"setct-PIDualSignedTBE","setct-PIDualSignedTBE",
-        NID_setct_PIDualSignedTBE,4,&(lvalues[4099]),0},
-{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE,
-        4,&(lvalues[4103]),0},
-{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4,
-        &(lvalues[4107]),0},
-{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4,
-        &(lvalues[4111]),0},
-{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4,
-        &(lvalues[4115]),0},
-{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4,
-        &(lvalues[4119]),0},
-{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4,
-        &(lvalues[4123]),0},
-{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4,
-        &(lvalues[4127]),0},
-{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE",
-        NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4131]),0},
-{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE,
-        4,&(lvalues[4135]),0},
-{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE,
-        4,&(lvalues[4139]),0},
-{"setct-AuthRevResTBEB","setct-AuthRevResTBEB",
-        NID_setct_AuthRevResTBEB,4,&(lvalues[4143]),0},
-{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4,
-        &(lvalues[4147]),0},
-{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4,
-        &(lvalues[4151]),0},
-{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4,
-        &(lvalues[4155]),0},
-{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4,
-        &(lvalues[4159]),0},
-{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX,
-        4,&(lvalues[4163]),0},
-{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4,
-        &(lvalues[4167]),0},
-{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4,
-        &(lvalues[4171]),0},
-{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4,
-        &(lvalues[4175]),0},
-{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4,
-        &(lvalues[4179]),0},
-{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE,
-        4,&(lvalues[4183]),0},
-{"setct-CredRevReqTBEX","setct-CredRevReqTBEX",
-        NID_setct_CredRevReqTBEX,4,&(lvalues[4187]),0},
-{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE,
-        4,&(lvalues[4191]),0},
-{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE",
-        NID_setct_BatchAdminReqTBE,4,&(lvalues[4195]),0},
-{"setct-BatchAdminResTBE","setct-BatchAdminResTBE",
-        NID_setct_BatchAdminResTBE,4,&(lvalues[4199]),0},
-{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE,
-        4,&(lvalues[4203]),0},
-{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4,
-        &(lvalues[4207]),0},
-{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4,
-        &(lvalues[4211]),0},
-{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4,
-        &(lvalues[4215]),0},
-{"setct-CRLNotificationTBS","setct-CRLNotificationTBS",
-        NID_setct_CRLNotificationTBS,4,&(lvalues[4219]),0},
-{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS",
-        NID_setct_CRLNotificationResTBS,4,&(lvalues[4223]),0},
-{"setct-BCIDistributionTBS","setct-BCIDistributionTBS",
-        NID_setct_BCIDistributionTBS,4,&(lvalues[4227]),0},
-{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4,
-        &(lvalues[4231]),0},
-{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4,
-        &(lvalues[4235]),0},
-{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4,
-        &(lvalues[4239]),0},
-{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4243]),0},
-{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4247]),0},
-{"setext-cv","additional verification",NID_setext_cv,4,
-        &(lvalues[4251]),0},
-{"set-policy-root","set-policy-root",NID_set_policy_root,4,
-        &(lvalues[4255]),0},
-{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4,
-        &(lvalues[4259]),0},
-{"setCext-certType","setCext-certType",NID_setCext_certType,4,
-        &(lvalues[4263]),0},
-{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4,
-        &(lvalues[4267]),0},
-{"setCext-cCertRequired","setCext-cCertRequired",
-        NID_setCext_cCertRequired,4,&(lvalues[4271]),0},
-{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4,
-        &(lvalues[4275]),0},
-{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4,
-        &(lvalues[4279]),0},
-{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4,
-        &(lvalues[4283]),0},
-{"setCext-PGWYcapabilities","setCext-PGWYcapabilities",
-        NID_setCext_PGWYcapabilities,4,&(lvalues[4287]),0},
-{"setCext-TokenIdentifier","setCext-TokenIdentifier",
-        NID_setCext_TokenIdentifier,4,&(lvalues[4291]),0},
-{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4,
-        &(lvalues[4295]),0},
-{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4,
-        &(lvalues[4299]),0},
-{"setCext-IssuerCapabilities","setCext-IssuerCapabilities",
-        NID_setCext_IssuerCapabilities,4,&(lvalues[4303]),0},
-{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4307]),0},
-{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap,
-        4,&(lvalues[4311]),0},
-{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4,
-        &(lvalues[4315]),0},
-{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4,
-        &(lvalues[4319]),0},
-{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5,
-        &(lvalues[4323]),0},
-{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4328]),0},
-{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5,
-        &(lvalues[4333]),0},
-{"setAttr-Token-B0Prime","setAttr-Token-B0Prime",
-        NID_setAttr_Token_B0Prime,5,&(lvalues[4338]),0},
-{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5,
-        &(lvalues[4343]),0},
-{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
-        &(lvalues[4348]),0},
-{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
-        &(lvalues[4353]),0},
-{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm,
-        6,&(lvalues[4358]),0},
-{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6,
-        &(lvalues[4364]),0},
-{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6,
-        &(lvalues[4370]),0},
-{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6,
-        &(lvalues[4376]),0},
-{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig,
-        6,&(lvalues[4382]),0},
-{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4,
-        &(lvalues[4388]),0},
-{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4,
-        &(lvalues[4392]),0},
-{"set-brand-AmericanExpress","set-brand-AmericanExpress",
-        NID_set_brand_AmericanExpress,4,&(lvalues[4396]),0},
-{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4400]),0},
-{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4,
-        &(lvalues[4404]),0},
-{"set-brand-MasterCard","set-brand-MasterCard",
-        NID_set_brand_MasterCard,4,&(lvalues[4408]),0},
-{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5,
-        &(lvalues[4412]),0},
-{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0},
-{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET",
-        NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{NULL,NULL,NID_undef,0,NULL},
-{NULL,NULL,NID_undef,0,NULL},
-{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
-        10,&(lvalues[4434]),0},
-{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
-        &(lvalues[4444]),0},
-};
-
-static ASN1_OBJECT *sn_objs[NUM_SN]={
-&(nid_objs[364]),/* "AD_DVCS" */
-&(nid_objs[419]),/* "AES-128-CBC" */
-&(nid_objs[421]),/* "AES-128-CFB" */
-&(nid_objs[418]),/* "AES-128-ECB" */
-&(nid_objs[420]),/* "AES-128-OFB" */
-&(nid_objs[423]),/* "AES-192-CBC" */
-&(nid_objs[425]),/* "AES-192-CFB" */
-&(nid_objs[422]),/* "AES-192-ECB" */
-&(nid_objs[424]),/* "AES-192-OFB" */
-&(nid_objs[427]),/* "AES-256-CBC" */
-&(nid_objs[429]),/* "AES-256-CFB" */
-&(nid_objs[426]),/* "AES-256-ECB" */
-&(nid_objs[428]),/* "AES-256-OFB" */
-&(nid_objs[91]),/* "BF-CBC" */
-&(nid_objs[93]),/* "BF-CFB" */
-&(nid_objs[92]),/* "BF-ECB" */
-&(nid_objs[94]),/* "BF-OFB" */
-&(nid_objs[14]),/* "C" */
-&(nid_objs[108]),/* "CAST5-CBC" */
-&(nid_objs[110]),/* "CAST5-CFB" */
-&(nid_objs[109]),/* "CAST5-ECB" */
-&(nid_objs[111]),/* "CAST5-OFB" */
-&(nid_objs[404]),/* "CCITT" */
-&(nid_objs[13]),/* "CN" */
-&(nid_objs[141]),/* "CRLReason" */
-&(nid_objs[417]),/* "CSPName" */
-&(nid_objs[367]),/* "CrlID" */
-&(nid_objs[391]),/* "DC" */
-&(nid_objs[31]),/* "DES-CBC" */
-&(nid_objs[643]),/* "DES-CDMF" */
-&(nid_objs[30]),/* "DES-CFB" */
-&(nid_objs[29]),/* "DES-ECB" */
-&(nid_objs[32]),/* "DES-EDE" */
-&(nid_objs[43]),/* "DES-EDE-CBC" */
-&(nid_objs[60]),/* "DES-EDE-CFB" */
-&(nid_objs[62]),/* "DES-EDE-OFB" */
-&(nid_objs[33]),/* "DES-EDE3" */
-&(nid_objs[44]),/* "DES-EDE3-CBC" */
-&(nid_objs[61]),/* "DES-EDE3-CFB" */
-&(nid_objs[63]),/* "DES-EDE3-OFB" */
-&(nid_objs[45]),/* "DES-OFB" */
-&(nid_objs[80]),/* "DESX-CBC" */
-&(nid_objs[380]),/* "DOD" */
-&(nid_objs[116]),/* "DSA" */
-&(nid_objs[66]),/* "DSA-SHA" */
-&(nid_objs[113]),/* "DSA-SHA1" */
-&(nid_objs[70]),/* "DSA-SHA1-old" */
-&(nid_objs[67]),/* "DSA-old" */
-&(nid_objs[297]),/* "DVCS" */
-&(nid_objs[99]),/* "GN" */
-&(nid_objs[381]),/* "IANA" */
-&(nid_objs[34]),/* "IDEA-CBC" */
-&(nid_objs[35]),/* "IDEA-CFB" */
-&(nid_objs[36]),/* "IDEA-ECB" */
-&(nid_objs[46]),/* "IDEA-OFB" */
-&(nid_objs[181]),/* "ISO" */
-&(nid_objs[183]),/* "ISO-US" */
-&(nid_objs[393]),/* "JOINT-ISO-CCITT" */
-&(nid_objs[15]),/* "L" */
-&(nid_objs[ 3]),/* "MD2" */
-&(nid_objs[257]),/* "MD4" */
-&(nid_objs[ 4]),/* "MD5" */
-&(nid_objs[114]),/* "MD5-SHA1" */
-&(nid_objs[95]),/* "MDC2" */
-&(nid_objs[388]),/* "Mail" */
-&(nid_objs[57]),/* "Netscape" */
-&(nid_objs[366]),/* "Nonce" */
-&(nid_objs[17]),/* "O" */
-&(nid_objs[178]),/* "OCSP" */
-&(nid_objs[180]),/* "OCSPSigning" */
-&(nid_objs[379]),/* "ORG" */
-&(nid_objs[18]),/* "OU" */
-&(nid_objs[ 9]),/* "PBE-MD2-DES" */
-&(nid_objs[168]),/* "PBE-MD2-RC2-64" */
-&(nid_objs[10]),/* "PBE-MD5-DES" */
-&(nid_objs[169]),/* "PBE-MD5-RC2-64" */
-&(nid_objs[147]),/* "PBE-SHA1-2DES" */
-&(nid_objs[146]),/* "PBE-SHA1-3DES" */
-&(nid_objs[170]),/* "PBE-SHA1-DES" */
-&(nid_objs[148]),/* "PBE-SHA1-RC2-128" */
-&(nid_objs[149]),/* "PBE-SHA1-RC2-40" */
-&(nid_objs[68]),/* "PBE-SHA1-RC2-64" */
-&(nid_objs[144]),/* "PBE-SHA1-RC4-128" */
-&(nid_objs[145]),/* "PBE-SHA1-RC4-40" */
-&(nid_objs[161]),/* "PBES2" */
-&(nid_objs[69]),/* "PBKDF2" */
-&(nid_objs[162]),/* "PBMAC1" */
-&(nid_objs[127]),/* "PKIX" */
-&(nid_objs[98]),/* "RC2-40-CBC" */
-&(nid_objs[166]),/* "RC2-64-CBC" */
-&(nid_objs[37]),/* "RC2-CBC" */
-&(nid_objs[39]),/* "RC2-CFB" */
-&(nid_objs[38]),/* "RC2-ECB" */
-&(nid_objs[40]),/* "RC2-OFB" */
-&(nid_objs[ 5]),/* "RC4" */
-&(nid_objs[97]),/* "RC4-40" */
-&(nid_objs[120]),/* "RC5-CBC" */
-&(nid_objs[122]),/* "RC5-CFB" */
-&(nid_objs[121]),/* "RC5-ECB" */
-&(nid_objs[123]),/* "RC5-OFB" */
-&(nid_objs[117]),/* "RIPEMD160" */
-&(nid_objs[124]),/* "RLE" */
-&(nid_objs[19]),/* "RSA" */
-&(nid_objs[ 7]),/* "RSA-MD2" */
-&(nid_objs[396]),/* "RSA-MD4" */
-&(nid_objs[ 8]),/* "RSA-MD5" */
-&(nid_objs[96]),/* "RSA-MDC2" */
-&(nid_objs[104]),/* "RSA-NP-MD5" */
-&(nid_objs[119]),/* "RSA-RIPEMD160" */
-&(nid_objs[42]),/* "RSA-SHA" */
-&(nid_objs[65]),/* "RSA-SHA1" */
-&(nid_objs[115]),/* "RSA-SHA1-2" */
-&(nid_objs[41]),/* "SHA" */
-&(nid_objs[64]),/* "SHA1" */
-&(nid_objs[188]),/* "SMIME" */
-&(nid_objs[167]),/* "SMIME-CAPS" */
-&(nid_objs[100]),/* "SN" */
-&(nid_objs[16]),/* "ST" */
-&(nid_objs[143]),/* "SXNetID" */
-&(nid_objs[458]),/* "UID" */
-&(nid_objs[ 0]),/* "UNDEF" */
-&(nid_objs[11]),/* "X500" */
-&(nid_objs[378]),/* "X500algorithms" */
-&(nid_objs[12]),/* "X509" */
-&(nid_objs[184]),/* "X9-57" */
-&(nid_objs[185]),/* "X9cm" */
-&(nid_objs[125]),/* "ZLIB" */
-&(nid_objs[478]),/* "aRecord" */
-&(nid_objs[289]),/* "aaControls" */
-&(nid_objs[287]),/* "ac-auditEntity" */
-&(nid_objs[397]),/* "ac-proxying" */
-&(nid_objs[288]),/* "ac-targeting" */
-&(nid_objs[368]),/* "acceptableResponses" */
-&(nid_objs[446]),/* "account" */
-&(nid_objs[363]),/* "ad_timestamping" */
-&(nid_objs[376]),/* "algorithm" */
-&(nid_objs[405]),/* "ansi-X9-62" */
-&(nid_objs[370]),/* "archiveCutoff" */
-&(nid_objs[484]),/* "associatedDomain" */
-&(nid_objs[485]),/* "associatedName" */
-&(nid_objs[501]),/* "audio" */
-&(nid_objs[177]),/* "authorityInfoAccess" */
-&(nid_objs[90]),/* "authorityKeyIdentifier" */
-&(nid_objs[87]),/* "basicConstraints" */
-&(nid_objs[365]),/* "basicOCSPResponse" */
-&(nid_objs[285]),/* "biometricInfo" */
-&(nid_objs[494]),/* "buildingName" */
-&(nid_objs[483]),/* "cNAMERecord" */
-&(nid_objs[179]),/* "caIssuers" */
-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
-&(nid_objs[152]),/* "certBag" */
-&(nid_objs[89]),/* "certificatePolicies" */
-&(nid_objs[54]),/* "challengePassword" */
-&(nid_objs[407]),/* "characteristic-two-field" */
-&(nid_objs[395]),/* "clearance" */
-&(nid_objs[130]),/* "clientAuth" */
-&(nid_objs[131]),/* "codeSigning" */
-&(nid_objs[50]),/* "contentType" */
-&(nid_objs[53]),/* "countersignature" */
-&(nid_objs[153]),/* "crlBag" */
-&(nid_objs[103]),/* "crlDistributionPoints" */
-&(nid_objs[88]),/* "crlNumber" */
-&(nid_objs[500]),/* "dITRedirect" */
-&(nid_objs[451]),/* "dNSDomain" */
-&(nid_objs[495]),/* "dSAQuality" */
-&(nid_objs[434]),/* "data" */
-&(nid_objs[390]),/* "dcobject" */
-&(nid_objs[140]),/* "deltaCRL" */
-&(nid_objs[107]),/* "description" */
-&(nid_objs[28]),/* "dhKeyAgreement" */
-&(nid_objs[382]),/* "directory" */
-&(nid_objs[174]),/* "dnQualifier" */
-&(nid_objs[447]),/* "document" */
-&(nid_objs[471]),/* "documentAuthor" */
-&(nid_objs[468]),/* "documentIdentifier" */
-&(nid_objs[472]),/* "documentLocation" */
-&(nid_objs[502]),/* "documentPublisher" */
-&(nid_objs[449]),/* "documentSeries" */
-&(nid_objs[469]),/* "documentTitle" */
-&(nid_objs[470]),/* "documentVersion" */
-&(nid_objs[392]),/* "domain" */
-&(nid_objs[452]),/* "domainRelatedObject" */
-&(nid_objs[416]),/* "ecdsa-with-SHA1" */
-&(nid_objs[48]),/* "emailAddress" */
-&(nid_objs[132]),/* "emailProtection" */
-&(nid_objs[389]),/* "enterprises" */
-&(nid_objs[384]),/* "experimental" */
-&(nid_objs[172]),/* "extReq" */
-&(nid_objs[56]),/* "extendedCertificateAttributes" */
-&(nid_objs[126]),/* "extendedKeyUsage" */
-&(nid_objs[372]),/* "extendedStatus" */
-&(nid_objs[462]),/* "favouriteDrink" */
-&(nid_objs[453]),/* "friendlyCountry" */
-&(nid_objs[490]),/* "friendlyCountryName" */
-&(nid_objs[156]),/* "friendlyName" */
-&(nid_objs[509]),/* "generationQualifier" */
-&(nid_objs[163]),/* "hmacWithSHA1" */
-&(nid_objs[432]),/* "holdInstructionCallIssuer" */
-&(nid_objs[430]),/* "holdInstructionCode" */
-&(nid_objs[431]),/* "holdInstructionNone" */
-&(nid_objs[433]),/* "holdInstructionReject" */
-&(nid_objs[486]),/* "homePostalAddress" */
-&(nid_objs[473]),/* "homeTelephoneNumber" */
-&(nid_objs[466]),/* "host" */
-&(nid_objs[442]),/* "iA5StringSyntax" */
-&(nid_objs[266]),/* "id-aca" */
-&(nid_objs[355]),/* "id-aca-accessIdentity" */
-&(nid_objs[354]),/* "id-aca-authenticationInfo" */
-&(nid_objs[356]),/* "id-aca-chargingIdentity" */
-&(nid_objs[399]),/* "id-aca-encAttrs" */
-&(nid_objs[357]),/* "id-aca-group" */
-&(nid_objs[358]),/* "id-aca-role" */
-&(nid_objs[176]),/* "id-ad" */
-&(nid_objs[262]),/* "id-alg" */
-&(nid_objs[323]),/* "id-alg-des40" */
-&(nid_objs[326]),/* "id-alg-dh-pop" */
-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
-&(nid_objs[324]),/* "id-alg-noSignature" */
-&(nid_objs[268]),/* "id-cct" */
-&(nid_objs[361]),/* "id-cct-PKIData" */
-&(nid_objs[362]),/* "id-cct-PKIResponse" */
-&(nid_objs[360]),/* "id-cct-crs" */
-&(nid_objs[81]),/* "id-ce" */
-&(nid_objs[263]),/* "id-cmc" */
-&(nid_objs[334]),/* "id-cmc-addExtensions" */
-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
-&(nid_objs[330]),/* "id-cmc-dataReturn" */
-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
-&(nid_objs[339]),/* "id-cmc-getCRL" */
-&(nid_objs[338]),/* "id-cmc-getCert" */
-&(nid_objs[328]),/* "id-cmc-identification" */
-&(nid_objs[329]),/* "id-cmc-identityProof" */
-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
-&(nid_objs[343]),/* "id-cmc-queryPending" */
-&(nid_objs[333]),/* "id-cmc-recipientNonce" */
-&(nid_objs[341]),/* "id-cmc-regInfo" */
-&(nid_objs[342]),/* "id-cmc-responseInfo" */
-&(nid_objs[340]),/* "id-cmc-revokeRequest" */
-&(nid_objs[332]),/* "id-cmc-senderNonce" */
-&(nid_objs[327]),/* "id-cmc-statusInfo" */
-&(nid_objs[331]),/* "id-cmc-transactionId" */
-&(nid_objs[408]),/* "id-ecPublicKey" */
-&(nid_objs[508]),/* "id-hex-multipart-message" */
-&(nid_objs[507]),/* "id-hex-partial-message" */
-&(nid_objs[260]),/* "id-it" */
-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
-&(nid_objs[298]),/* "id-it-caProtEncCert" */
-&(nid_objs[311]),/* "id-it-confirmWaitTime" */
-&(nid_objs[303]),/* "id-it-currentCRL" */
-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
-&(nid_objs[310]),/* "id-it-implicitConfirm" */
-&(nid_objs[308]),/* "id-it-keyPairParamRep" */
-&(nid_objs[307]),/* "id-it-keyPairParamReq" */
-&(nid_objs[312]),/* "id-it-origPKIMessage" */
-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
-&(nid_objs[309]),/* "id-it-revPassphrase" */
-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
-&(nid_objs[305]),/* "id-it-subscriptionRequest" */
-&(nid_objs[306]),/* "id-it-subscriptionResponse" */
-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
-&(nid_objs[128]),/* "id-kp" */
-&(nid_objs[280]),/* "id-mod-attribute-cert" */
-&(nid_objs[274]),/* "id-mod-cmc" */
-&(nid_objs[277]),/* "id-mod-cmp" */
-&(nid_objs[284]),/* "id-mod-cmp2000" */
-&(nid_objs[273]),/* "id-mod-crmf" */
-&(nid_objs[283]),/* "id-mod-dvcs" */
-&(nid_objs[275]),/* "id-mod-kea-profile-88" */
-&(nid_objs[276]),/* "id-mod-kea-profile-93" */
-&(nid_objs[282]),/* "id-mod-ocsp" */
-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
-&(nid_objs[264]),/* "id-on" */
-&(nid_objs[347]),/* "id-on-personalData" */
-&(nid_objs[265]),/* "id-pda" */
-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
-&(nid_objs[353]),/* "id-pda-countryOfResidence" */
-&(nid_objs[348]),/* "id-pda-dateOfBirth" */
-&(nid_objs[351]),/* "id-pda-gender" */
-&(nid_objs[349]),/* "id-pda-placeOfBirth" */
-&(nid_objs[175]),/* "id-pe" */
-&(nid_objs[261]),/* "id-pkip" */
-&(nid_objs[258]),/* "id-pkix-mod" */
-&(nid_objs[269]),/* "id-pkix1-explicit-88" */
-&(nid_objs[271]),/* "id-pkix1-explicit-93" */
-&(nid_objs[270]),/* "id-pkix1-implicit-88" */
-&(nid_objs[272]),/* "id-pkix1-implicit-93" */
-&(nid_objs[267]),/* "id-qcs" */
-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
-&(nid_objs[259]),/* "id-qt" */
-&(nid_objs[164]),/* "id-qt-cps" */
-&(nid_objs[165]),/* "id-qt-unotice" */
-&(nid_objs[313]),/* "id-regCtrl" */
-&(nid_objs[316]),/* "id-regCtrl-authenticator" */
-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
-&(nid_objs[315]),/* "id-regCtrl-regToken" */
-&(nid_objs[314]),/* "id-regInfo" */
-&(nid_objs[322]),/* "id-regInfo-certReq" */
-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
-&(nid_objs[512]),/* "id-set" */
-&(nid_objs[191]),/* "id-smime-aa" */
-&(nid_objs[215]),/* "id-smime-aa-contentHint" */
-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
-&(nid_objs[221]),/* "id-smime-aa-contentReference" */
-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
-&(nid_objs[219]),/* "id-smime-aa-macValue" */
-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
-&(nid_objs[239]),/* "id-smime-aa-signatureType" */
-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
-&(nid_objs[192]),/* "id-smime-alg" */
-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
-&(nid_objs[245]),/* "id-smime-alg-ESDH" */
-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
-&(nid_objs[193]),/* "id-smime-cd" */
-&(nid_objs[248]),/* "id-smime-cd-ldap" */
-&(nid_objs[190]),/* "id-smime-ct" */
-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
-&(nid_objs[205]),/* "id-smime-ct-authData" */
-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
-&(nid_objs[206]),/* "id-smime-ct-publishCert" */
-&(nid_objs[204]),/* "id-smime-ct-receipt" */
-&(nid_objs[195]),/* "id-smime-cti" */
-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
-&(nid_objs[189]),/* "id-smime-mod" */
-&(nid_objs[196]),/* "id-smime-mod-cms" */
-&(nid_objs[197]),/* "id-smime-mod-ess" */
-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
-&(nid_objs[198]),/* "id-smime-mod-oid" */
-&(nid_objs[194]),/* "id-smime-spq" */
-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
-&(nid_objs[461]),/* "info" */
-&(nid_objs[101]),/* "initials" */
-&(nid_objs[142]),/* "invalidityDate" */
-&(nid_objs[294]),/* "ipsecEndSystem" */
-&(nid_objs[295]),/* "ipsecTunnel" */
-&(nid_objs[296]),/* "ipsecUser" */
-&(nid_objs[86]),/* "issuerAltName" */
-&(nid_objs[492]),/* "janetMailbox" */
-&(nid_objs[150]),/* "keyBag" */
-&(nid_objs[83]),/* "keyUsage" */
-&(nid_objs[477]),/* "lastModifiedBy" */
-&(nid_objs[476]),/* "lastModifiedTime" */
-&(nid_objs[157]),/* "localKeyID" */
-&(nid_objs[480]),/* "mXRecord" */
-&(nid_objs[460]),/* "mail" */
-&(nid_objs[493]),/* "mailPreferenceOption" */
-&(nid_objs[467]),/* "manager" */
-&(nid_objs[182]),/* "member-body" */
-&(nid_objs[51]),/* "messageDigest" */
-&(nid_objs[383]),/* "mgmt" */
-&(nid_objs[504]),/* "mime-mhs" */
-&(nid_objs[506]),/* "mime-mhs-bodies" */
-&(nid_objs[505]),/* "mime-mhs-headings" */
-&(nid_objs[488]),/* "mobileTelephoneNumber" */
-&(nid_objs[136]),/* "msCTLSign" */
-&(nid_objs[135]),/* "msCodeCom" */
-&(nid_objs[134]),/* "msCodeInd" */
-&(nid_objs[138]),/* "msEFS" */
-&(nid_objs[171]),/* "msExtReq" */
-&(nid_objs[137]),/* "msSGC" */
-&(nid_objs[648]),/* "msSmartcardLogin" */
-&(nid_objs[649]),/* "msUPN" */
-&(nid_objs[481]),/* "nSRecord" */
-&(nid_objs[173]),/* "name" */
-&(nid_objs[369]),/* "noCheck" */
-&(nid_objs[403]),/* "noRevAvail" */
-&(nid_objs[72]),/* "nsBaseUrl" */
-&(nid_objs[76]),/* "nsCaPolicyUrl" */
-&(nid_objs[74]),/* "nsCaRevocationUrl" */
-&(nid_objs[58]),/* "nsCertExt" */
-&(nid_objs[79]),/* "nsCertSequence" */
-&(nid_objs[71]),/* "nsCertType" */
-&(nid_objs[78]),/* "nsComment" */
-&(nid_objs[59]),/* "nsDataType" */
-&(nid_objs[75]),/* "nsRenewalUrl" */
-&(nid_objs[73]),/* "nsRevocationUrl" */
-&(nid_objs[139]),/* "nsSGC" */
-&(nid_objs[77]),/* "nsSslServerName" */
-&(nid_objs[491]),/* "organizationalStatus" */
-&(nid_objs[475]),/* "otherMailbox" */
-&(nid_objs[489]),/* "pagerTelephoneNumber" */
-&(nid_objs[374]),/* "path" */
-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
-&(nid_objs[499]),/* "personalSignature" */
-&(nid_objs[487]),/* "personalTitle" */
-&(nid_objs[464]),/* "photo" */
-&(nid_objs[437]),/* "pilot" */
-&(nid_objs[439]),/* "pilotAttributeSyntax" */
-&(nid_objs[438]),/* "pilotAttributeType" */
-&(nid_objs[479]),/* "pilotAttributeType27" */
-&(nid_objs[456]),/* "pilotDSA" */
-&(nid_objs[441]),/* "pilotGroups" */
-&(nid_objs[444]),/* "pilotObject" */
-&(nid_objs[440]),/* "pilotObjectClass" */
-&(nid_objs[455]),/* "pilotOrganization" */
-&(nid_objs[445]),/* "pilotPerson" */
-&(nid_objs[ 2]),/* "pkcs" */
-&(nid_objs[186]),/* "pkcs1" */
-&(nid_objs[27]),/* "pkcs3" */
-&(nid_objs[187]),/* "pkcs5" */
-&(nid_objs[20]),/* "pkcs7" */
-&(nid_objs[21]),/* "pkcs7-data" */
-&(nid_objs[25]),/* "pkcs7-digestData" */
-&(nid_objs[26]),/* "pkcs7-encryptedData" */
-&(nid_objs[23]),/* "pkcs7-envelopedData" */
-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
-&(nid_objs[22]),/* "pkcs7-signedData" */
-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
-&(nid_objs[47]),/* "pkcs9" */
-&(nid_objs[401]),/* "policyConstraints" */
-&(nid_objs[406]),/* "prime-field" */
-&(nid_objs[409]),/* "prime192v1" */
-&(nid_objs[410]),/* "prime192v2" */
-&(nid_objs[411]),/* "prime192v3" */
-&(nid_objs[412]),/* "prime239v1" */
-&(nid_objs[413]),/* "prime239v2" */
-&(nid_objs[414]),/* "prime239v3" */
-&(nid_objs[415]),/* "prime256v1" */
-&(nid_objs[385]),/* "private" */
-&(nid_objs[84]),/* "privateKeyUsagePeriod" */
-&(nid_objs[510]),/* "pseudonym" */
-&(nid_objs[435]),/* "pss" */
-&(nid_objs[286]),/* "qcStatements" */
-&(nid_objs[457]),/* "qualityLabelledData" */
-&(nid_objs[450]),/* "rFC822localPart" */
-&(nid_objs[400]),/* "role" */
-&(nid_objs[448]),/* "room" */
-&(nid_objs[463]),/* "roomNumber" */
-&(nid_objs[ 6]),/* "rsaEncryption" */
-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */
-&(nid_objs[377]),/* "rsaSignature" */
-&(nid_objs[ 1]),/* "rsadsi" */
-&(nid_objs[482]),/* "sOARecord" */
-&(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbqp-routerIdentifier" */
-&(nid_objs[159]),/* "sdsiCertificate" */
-&(nid_objs[154]),/* "secretBag" */
-&(nid_objs[474]),/* "secretary" */
-&(nid_objs[386]),/* "security" */
-&(nid_objs[394]),/* "selected-attribute-types" */
-&(nid_objs[105]),/* "serialNumber" */
-&(nid_objs[129]),/* "serverAuth" */
-&(nid_objs[371]),/* "serviceLocator" */
-&(nid_objs[625]),/* "set-addPolicy" */
-&(nid_objs[515]),/* "set-attr" */
-&(nid_objs[518]),/* "set-brand" */
-&(nid_objs[638]),/* "set-brand-AmericanExpress" */
-&(nid_objs[637]),/* "set-brand-Diners" */
-&(nid_objs[636]),/* "set-brand-IATA-ATA" */
-&(nid_objs[639]),/* "set-brand-JCB" */
-&(nid_objs[641]),/* "set-brand-MasterCard" */
-&(nid_objs[642]),/* "set-brand-Novus" */
-&(nid_objs[640]),/* "set-brand-Visa" */
-&(nid_objs[517]),/* "set-certExt" */
-&(nid_objs[513]),/* "set-ctype" */
-&(nid_objs[514]),/* "set-msgExt" */
-&(nid_objs[516]),/* "set-policy" */
-&(nid_objs[607]),/* "set-policy-root" */
-&(nid_objs[624]),/* "set-rootKeyThumb" */
-&(nid_objs[620]),/* "setAttr-Cert" */
-&(nid_objs[631]),/* "setAttr-GenCryptgrm" */
-&(nid_objs[623]),/* "setAttr-IssCap" */
-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */
-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */
-&(nid_objs[629]),/* "setAttr-IssCap-T2" */
-&(nid_objs[621]),/* "setAttr-PGWYcap" */
-&(nid_objs[635]),/* "setAttr-SecDevSig" */
-&(nid_objs[632]),/* "setAttr-T2Enc" */
-&(nid_objs[633]),/* "setAttr-T2cleartxt" */
-&(nid_objs[634]),/* "setAttr-TokICCsig" */
-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */
-&(nid_objs[626]),/* "setAttr-Token-EMV" */
-&(nid_objs[622]),/* "setAttr-TokenType" */
-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */
-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */
-&(nid_objs[616]),/* "setCext-TokenIdentifier" */
-&(nid_objs[618]),/* "setCext-TokenType" */
-&(nid_objs[617]),/* "setCext-Track2Data" */
-&(nid_objs[611]),/* "setCext-cCertRequired" */
-&(nid_objs[609]),/* "setCext-certType" */
-&(nid_objs[608]),/* "setCext-hashedRoot" */
-&(nid_objs[610]),/* "setCext-merchData" */
-&(nid_objs[613]),/* "setCext-setExt" */
-&(nid_objs[614]),/* "setCext-setQualf" */
-&(nid_objs[612]),/* "setCext-tunneling" */
-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */
-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */
-&(nid_objs[570]),/* "setct-AuthReqTBE" */
-&(nid_objs[534]),/* "setct-AuthReqTBS" */
-&(nid_objs[527]),/* "setct-AuthResBaggage" */
-&(nid_objs[571]),/* "setct-AuthResTBE" */
-&(nid_objs[572]),/* "setct-AuthResTBEX" */
-&(nid_objs[535]),/* "setct-AuthResTBS" */
-&(nid_objs[536]),/* "setct-AuthResTBSX" */
-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */
-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */
-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */
-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */
-&(nid_objs[542]),/* "setct-AuthRevResData" */
-&(nid_objs[578]),/* "setct-AuthRevResTBE" */
-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */
-&(nid_objs[543]),/* "setct-AuthRevResTBS" */
-&(nid_objs[573]),/* "setct-AuthTokenTBE" */
-&(nid_objs[537]),/* "setct-AuthTokenTBS" */
-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */
-&(nid_objs[558]),/* "setct-BatchAdminReqData" */
-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */
-&(nid_objs[559]),/* "setct-BatchAdminResData" */
-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */
-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */
-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */
-&(nid_objs[580]),/* "setct-CapReqTBE" */
-&(nid_objs[581]),/* "setct-CapReqTBEX" */
-&(nid_objs[544]),/* "setct-CapReqTBS" */
-&(nid_objs[545]),/* "setct-CapReqTBSX" */
-&(nid_objs[546]),/* "setct-CapResData" */
-&(nid_objs[582]),/* "setct-CapResTBE" */
-&(nid_objs[583]),/* "setct-CapRevReqTBE" */
-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */
-&(nid_objs[547]),/* "setct-CapRevReqTBS" */
-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */
-&(nid_objs[549]),/* "setct-CapRevResData" */
-&(nid_objs[585]),/* "setct-CapRevResTBE" */
-&(nid_objs[538]),/* "setct-CapTokenData" */
-&(nid_objs[530]),/* "setct-CapTokenSeq" */
-&(nid_objs[574]),/* "setct-CapTokenTBE" */
-&(nid_objs[575]),/* "setct-CapTokenTBEX" */
-&(nid_objs[539]),/* "setct-CapTokenTBS" */
-&(nid_objs[560]),/* "setct-CardCInitResTBS" */
-&(nid_objs[566]),/* "setct-CertInqReqTBS" */
-&(nid_objs[563]),/* "setct-CertReqData" */
-&(nid_objs[595]),/* "setct-CertReqTBE" */
-&(nid_objs[596]),/* "setct-CertReqTBEX" */
-&(nid_objs[564]),/* "setct-CertReqTBS" */
-&(nid_objs[565]),/* "setct-CertResData" */
-&(nid_objs[597]),/* "setct-CertResTBE" */
-&(nid_objs[586]),/* "setct-CredReqTBE" */
-&(nid_objs[587]),/* "setct-CredReqTBEX" */
-&(nid_objs[550]),/* "setct-CredReqTBS" */
-&(nid_objs[551]),/* "setct-CredReqTBSX" */
-&(nid_objs[552]),/* "setct-CredResData" */
-&(nid_objs[588]),/* "setct-CredResTBE" */
-&(nid_objs[589]),/* "setct-CredRevReqTBE" */
-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */
-&(nid_objs[553]),/* "setct-CredRevReqTBS" */
-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */
-&(nid_objs[555]),/* "setct-CredRevResData" */
-&(nid_objs[591]),/* "setct-CredRevResTBE" */
-&(nid_objs[567]),/* "setct-ErrorTBS" */
-&(nid_objs[526]),/* "setct-HODInput" */
-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */
-&(nid_objs[522]),/* "setct-OIData" */
-&(nid_objs[519]),/* "setct-PANData" */
-&(nid_objs[521]),/* "setct-PANOnly" */
-&(nid_objs[520]),/* "setct-PANToken" */
-&(nid_objs[556]),/* "setct-PCertReqData" */
-&(nid_objs[557]),/* "setct-PCertResTBS" */
-&(nid_objs[523]),/* "setct-PI" */
-&(nid_objs[532]),/* "setct-PI-TBS" */
-&(nid_objs[524]),/* "setct-PIData" */
-&(nid_objs[525]),/* "setct-PIDataUnsigned" */
-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */
-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */
-&(nid_objs[531]),/* "setct-PInitResData" */
-&(nid_objs[533]),/* "setct-PResData" */
-&(nid_objs[594]),/* "setct-RegFormReqTBE" */
-&(nid_objs[562]),/* "setct-RegFormResTBS" */
-&(nid_objs[606]),/* "setext-cv" */
-&(nid_objs[601]),/* "setext-genCrypt" */
-&(nid_objs[602]),/* "setext-miAuth" */
-&(nid_objs[604]),/* "setext-pinAny" */
-&(nid_objs[603]),/* "setext-pinSecure" */
-&(nid_objs[605]),/* "setext-track2" */
-&(nid_objs[52]),/* "signingTime" */
-&(nid_objs[454]),/* "simpleSecurityObject" */
-&(nid_objs[496]),/* "singleLevelQuality" */
-&(nid_objs[387]),/* "snmpv2" */
-&(nid_objs[85]),/* "subjectAltName" */
-&(nid_objs[398]),/* "subjectInfoAccess" */
-&(nid_objs[82]),/* "subjectKeyIdentifier" */
-&(nid_objs[498]),/* "subtreeMaximumQuality" */
-&(nid_objs[497]),/* "subtreeMinimumQuality" */
-&(nid_objs[402]),/* "targetInformation" */
-&(nid_objs[459]),/* "textEncodedORAddress" */
-&(nid_objs[293]),/* "textNotice" */
-&(nid_objs[133]),/* "timeStamping" */
-&(nid_objs[106]),/* "title" */
-&(nid_objs[375]),/* "trustRoot" */
-&(nid_objs[436]),/* "ucl" */
-&(nid_objs[55]),/* "unstructuredAddress" */
-&(nid_objs[49]),/* "unstructuredName" */
-&(nid_objs[465]),/* "userClass" */
-&(nid_objs[373]),/* "valid" */
-&(nid_objs[503]),/* "x500UniqueIdentifier" */
-&(nid_objs[158]),/* "x509Certificate" */
-&(nid_objs[160]),/* "x509Crl" */
-};
-
-static ASN1_OBJECT *ln_objs[NUM_LN]={
-&(nid_objs[363]),/* "AD Time Stamping" */
-&(nid_objs[405]),/* "ANSI X9.62" */
-&(nid_objs[368]),/* "Acceptable OCSP Responses" */
-&(nid_objs[177]),/* "Authority Information Access" */
-&(nid_objs[365]),/* "Basic OCSP Response" */
-&(nid_objs[285]),/* "Biometric Info" */
-&(nid_objs[179]),/* "CA Issuers" */
-&(nid_objs[131]),/* "Code Signing" */
-&(nid_objs[382]),/* "Directory" */
-&(nid_objs[392]),/* "Domain" */
-&(nid_objs[132]),/* "E-mail Protection" */
-&(nid_objs[389]),/* "Enterprises" */
-&(nid_objs[384]),/* "Experimental" */
-&(nid_objs[372]),/* "Extended OCSP Status" */
-&(nid_objs[172]),/* "Extension Request" */
-&(nid_objs[432]),/* "Hold Instruction Call Issuer" */
-&(nid_objs[430]),/* "Hold Instruction Code" */
-&(nid_objs[431]),/* "Hold Instruction None" */
-&(nid_objs[433]),/* "Hold Instruction Reject" */
-&(nid_objs[634]),/* "ICC or token signature" */
-&(nid_objs[294]),/* "IPSec End System" */
-&(nid_objs[295]),/* "IPSec Tunnel" */
-&(nid_objs[296]),/* "IPSec User" */
-&(nid_objs[182]),/* "ISO Member Body" */
-&(nid_objs[183]),/* "ISO US Member Body" */
-&(nid_objs[142]),/* "Invalidity Date" */
-&(nid_objs[504]),/* "MIME MHS" */
-&(nid_objs[388]),/* "Mail" */
-&(nid_objs[383]),/* "Management" */
-&(nid_objs[417]),/* "Microsoft CSP Name" */
-&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
-&(nid_objs[138]),/* "Microsoft Encrypted File System" */
-&(nid_objs[171]),/* "Microsoft Extension Request" */
-&(nid_objs[134]),/* "Microsoft Individual Code Signing" */
-&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
-&(nid_objs[648]),/* "Microsoft Smartcardlogin" */
-&(nid_objs[136]),/* "Microsoft Trust List Signing" */
-&(nid_objs[649]),/* "Microsoft Universal Principal Name" */
-&(nid_objs[72]),/* "Netscape Base Url" */
-&(nid_objs[76]),/* "Netscape CA Policy Url" */
-&(nid_objs[74]),/* "Netscape CA Revocation Url" */
-&(nid_objs[71]),/* "Netscape Cert Type" */
-&(nid_objs[58]),/* "Netscape Certificate Extension" */
-&(nid_objs[79]),/* "Netscape Certificate Sequence" */
-&(nid_objs[78]),/* "Netscape Comment" */
-&(nid_objs[57]),/* "Netscape Communications Corp." */
-&(nid_objs[59]),/* "Netscape Data Type" */
-&(nid_objs[75]),/* "Netscape Renewal Url" */
-&(nid_objs[73]),/* "Netscape Revocation Url" */
-&(nid_objs[77]),/* "Netscape SSL Server Name" */
-&(nid_objs[139]),/* "Netscape Server Gated Crypto" */
-&(nid_objs[178]),/* "OCSP" */
-&(nid_objs[370]),/* "OCSP Archive Cutoff" */
-&(nid_objs[367]),/* "OCSP CRL ID" */
-&(nid_objs[369]),/* "OCSP No Check" */
-&(nid_objs[366]),/* "OCSP Nonce" */
-&(nid_objs[371]),/* "OCSP Service Locator" */
-&(nid_objs[180]),/* "OCSP Signing" */
-&(nid_objs[161]),/* "PBES2" */
-&(nid_objs[69]),/* "PBKDF2" */
-&(nid_objs[162]),/* "PBMAC1" */
-&(nid_objs[127]),/* "PKIX" */
-&(nid_objs[164]),/* "Policy Qualifier CPS" */
-&(nid_objs[165]),/* "Policy Qualifier User Notice" */
-&(nid_objs[385]),/* "Private" */
-&(nid_objs[ 1]),/* "RSA Data Security, Inc." */
-&(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */
-&(nid_objs[188]),/* "S/MIME" */
-&(nid_objs[167]),/* "S/MIME Capabilities" */
-&(nid_objs[387]),/* "SNMPv2" */
-&(nid_objs[512]),/* "Secure Electronic Transactions" */
-&(nid_objs[386]),/* "Security" */
-&(nid_objs[394]),/* "Selected Attribute Types" */
-&(nid_objs[143]),/* "Strong Extranet ID" */
-&(nid_objs[398]),/* "Subject Information Access" */
-&(nid_objs[130]),/* "TLS Web Client Authentication" */
-&(nid_objs[129]),/* "TLS Web Server Authentication" */
-&(nid_objs[133]),/* "Time Stamping" */
-&(nid_objs[375]),/* "Trust Root" */
-&(nid_objs[12]),/* "X509" */
-&(nid_objs[402]),/* "X509v3 AC Targeting" */
-&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
-&(nid_objs[87]),/* "X509v3 Basic Constraints" */
-&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
-&(nid_objs[88]),/* "X509v3 CRL Number" */
-&(nid_objs[141]),/* "X509v3 CRL Reason Code" */
-&(nid_objs[89]),/* "X509v3 Certificate Policies" */
-&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
-&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
-&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
-&(nid_objs[83]),/* "X509v3 Key Usage" */
-&(nid_objs[403]),/* "X509v3 No Revocation Available" */
-&(nid_objs[401]),/* "X509v3 Policy Constraints" */
-&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
-&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
-&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
-&(nid_objs[184]),/* "X9.57" */
-&(nid_objs[185]),/* "X9.57 CM ?" */
-&(nid_objs[478]),/* "aRecord" */
-&(nid_objs[289]),/* "aaControls" */
-&(nid_objs[287]),/* "ac-auditEntity" */
-&(nid_objs[397]),/* "ac-proxying" */
-&(nid_objs[288]),/* "ac-targeting" */
-&(nid_objs[446]),/* "account" */
-&(nid_objs[364]),/* "ad dvcs" */
-&(nid_objs[606]),/* "additional verification" */
-&(nid_objs[419]),/* "aes-128-cbc" */
-&(nid_objs[421]),/* "aes-128-cfb" */
-&(nid_objs[418]),/* "aes-128-ecb" */
-&(nid_objs[420]),/* "aes-128-ofb" */
-&(nid_objs[423]),/* "aes-192-cbc" */
-&(nid_objs[425]),/* "aes-192-cfb" */
-&(nid_objs[422]),/* "aes-192-ecb" */
-&(nid_objs[424]),/* "aes-192-ofb" */
-&(nid_objs[427]),/* "aes-256-cbc" */
-&(nid_objs[429]),/* "aes-256-cfb" */
-&(nid_objs[426]),/* "aes-256-ecb" */
-&(nid_objs[428]),/* "aes-256-ofb" */
-&(nid_objs[376]),/* "algorithm" */
-&(nid_objs[484]),/* "associatedDomain" */
-&(nid_objs[485]),/* "associatedName" */
-&(nid_objs[501]),/* "audio" */
-&(nid_objs[91]),/* "bf-cbc" */
-&(nid_objs[93]),/* "bf-cfb" */
-&(nid_objs[92]),/* "bf-ecb" */
-&(nid_objs[94]),/* "bf-ofb" */
-&(nid_objs[494]),/* "buildingName" */
-&(nid_objs[483]),/* "cNAMERecord" */
-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
-&(nid_objs[108]),/* "cast5-cbc" */
-&(nid_objs[110]),/* "cast5-cfb" */
-&(nid_objs[109]),/* "cast5-ecb" */
-&(nid_objs[111]),/* "cast5-ofb" */
-&(nid_objs[404]),/* "ccitt" */
-&(nid_objs[152]),/* "certBag" */
-&(nid_objs[517]),/* "certificate extensions" */
-&(nid_objs[54]),/* "challengePassword" */
-&(nid_objs[407]),/* "characteristic-two-field" */
-&(nid_objs[395]),/* "clearance" */
-&(nid_objs[633]),/* "cleartext track 2" */
-&(nid_objs[13]),/* "commonName" */
-&(nid_objs[513]),/* "content types" */
-&(nid_objs[50]),/* "contentType" */
-&(nid_objs[53]),/* "countersignature" */
-&(nid_objs[14]),/* "countryName" */
-&(nid_objs[153]),/* "crlBag" */
-&(nid_objs[500]),/* "dITRedirect" */
-&(nid_objs[451]),/* "dNSDomain" */
-&(nid_objs[495]),/* "dSAQuality" */
-&(nid_objs[434]),/* "data" */
-&(nid_objs[390]),/* "dcObject" */
-&(nid_objs[31]),/* "des-cbc" */
-&(nid_objs[643]),/* "des-cdmf" */
-&(nid_objs[30]),/* "des-cfb" */
-&(nid_objs[29]),/* "des-ecb" */
-&(nid_objs[32]),/* "des-ede" */
-&(nid_objs[43]),/* "des-ede-cbc" */
-&(nid_objs[60]),/* "des-ede-cfb" */
-&(nid_objs[62]),/* "des-ede-ofb" */
-&(nid_objs[33]),/* "des-ede3" */
-&(nid_objs[44]),/* "des-ede3-cbc" */
-&(nid_objs[61]),/* "des-ede3-cfb" */
-&(nid_objs[63]),/* "des-ede3-ofb" */
-&(nid_objs[45]),/* "des-ofb" */
-&(nid_objs[107]),/* "description" */
-&(nid_objs[80]),/* "desx-cbc" */
-&(nid_objs[28]),/* "dhKeyAgreement" */
-&(nid_objs[11]),/* "directory services (X.500)" */
-&(nid_objs[378]),/* "directory services - algorithms" */
-&(nid_objs[174]),/* "dnQualifier" */
-&(nid_objs[447]),/* "document" */
-&(nid_objs[471]),/* "documentAuthor" */
-&(nid_objs[468]),/* "documentIdentifier" */
-&(nid_objs[472]),/* "documentLocation" */
-&(nid_objs[502]),/* "documentPublisher" */
-&(nid_objs[449]),/* "documentSeries" */
-&(nid_objs[469]),/* "documentTitle" */
-&(nid_objs[470]),/* "documentVersion" */
-&(nid_objs[380]),/* "dod" */
-&(nid_objs[391]),/* "domainComponent" */
-&(nid_objs[452]),/* "domainRelatedObject" */
-&(nid_objs[116]),/* "dsaEncryption" */
-&(nid_objs[67]),/* "dsaEncryption-old" */
-&(nid_objs[66]),/* "dsaWithSHA" */
-&(nid_objs[113]),/* "dsaWithSHA1" */
-&(nid_objs[70]),/* "dsaWithSHA1-old" */
-&(nid_objs[297]),/* "dvcs" */
-&(nid_objs[416]),/* "ecdsa-with-SHA1" */
-&(nid_objs[48]),/* "emailAddress" */
-&(nid_objs[632]),/* "encrypted track 2" */
-&(nid_objs[56]),/* "extendedCertificateAttributes" */
-&(nid_objs[462]),/* "favouriteDrink" */
-&(nid_objs[453]),/* "friendlyCountry" */
-&(nid_objs[490]),/* "friendlyCountryName" */
-&(nid_objs[156]),/* "friendlyName" */
-&(nid_objs[631]),/* "generate cryptogram" */
-&(nid_objs[509]),/* "generationQualifier" */
-&(nid_objs[601]),/* "generic cryptogram" */
-&(nid_objs[99]),/* "givenName" */
-&(nid_objs[163]),/* "hmacWithSHA1" */
-&(nid_objs[486]),/* "homePostalAddress" */
-&(nid_objs[473]),/* "homeTelephoneNumber" */
-&(nid_objs[466]),/* "host" */
-&(nid_objs[442]),/* "iA5StringSyntax" */
-&(nid_objs[381]),/* "iana" */
-&(nid_objs[266]),/* "id-aca" */
-&(nid_objs[355]),/* "id-aca-accessIdentity" */
-&(nid_objs[354]),/* "id-aca-authenticationInfo" */
-&(nid_objs[356]),/* "id-aca-chargingIdentity" */
-&(nid_objs[399]),/* "id-aca-encAttrs" */
-&(nid_objs[357]),/* "id-aca-group" */
-&(nid_objs[358]),/* "id-aca-role" */
-&(nid_objs[176]),/* "id-ad" */
-&(nid_objs[262]),/* "id-alg" */
-&(nid_objs[323]),/* "id-alg-des40" */
-&(nid_objs[326]),/* "id-alg-dh-pop" */
-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
-&(nid_objs[324]),/* "id-alg-noSignature" */
-&(nid_objs[268]),/* "id-cct" */
-&(nid_objs[361]),/* "id-cct-PKIData" */
-&(nid_objs[362]),/* "id-cct-PKIResponse" */
-&(nid_objs[360]),/* "id-cct-crs" */
-&(nid_objs[81]),/* "id-ce" */
-&(nid_objs[263]),/* "id-cmc" */
-&(nid_objs[334]),/* "id-cmc-addExtensions" */
-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
-&(nid_objs[330]),/* "id-cmc-dataReturn" */
-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
-&(nid_objs[339]),/* "id-cmc-getCRL" */
-&(nid_objs[338]),/* "id-cmc-getCert" */
-&(nid_objs[328]),/* "id-cmc-identification" */
-&(nid_objs[329]),/* "id-cmc-identityProof" */
-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
-&(nid_objs[343]),/* "id-cmc-queryPending" */
-&(nid_objs[333]),/* "id-cmc-recipientNonce" */
-&(nid_objs[341]),/* "id-cmc-regInfo" */
-&(nid_objs[342]),/* "id-cmc-responseInfo" */
-&(nid_objs[340]),/* "id-cmc-revokeRequest" */
-&(nid_objs[332]),/* "id-cmc-senderNonce" */
-&(nid_objs[327]),/* "id-cmc-statusInfo" */
-&(nid_objs[331]),/* "id-cmc-transactionId" */
-&(nid_objs[408]),/* "id-ecPublicKey" */
-&(nid_objs[508]),/* "id-hex-multipart-message" */
-&(nid_objs[507]),/* "id-hex-partial-message" */
-&(nid_objs[260]),/* "id-it" */
-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
-&(nid_objs[298]),/* "id-it-caProtEncCert" */
-&(nid_objs[311]),/* "id-it-confirmWaitTime" */
-&(nid_objs[303]),/* "id-it-currentCRL" */
-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
-&(nid_objs[310]),/* "id-it-implicitConfirm" */
-&(nid_objs[308]),/* "id-it-keyPairParamRep" */
-&(nid_objs[307]),/* "id-it-keyPairParamReq" */
-&(nid_objs[312]),/* "id-it-origPKIMessage" */
-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
-&(nid_objs[309]),/* "id-it-revPassphrase" */
-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
-&(nid_objs[305]),/* "id-it-subscriptionRequest" */
-&(nid_objs[306]),/* "id-it-subscriptionResponse" */
-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
-&(nid_objs[128]),/* "id-kp" */
-&(nid_objs[280]),/* "id-mod-attribute-cert" */
-&(nid_objs[274]),/* "id-mod-cmc" */
-&(nid_objs[277]),/* "id-mod-cmp" */
-&(nid_objs[284]),/* "id-mod-cmp2000" */
-&(nid_objs[273]),/* "id-mod-crmf" */
-&(nid_objs[283]),/* "id-mod-dvcs" */
-&(nid_objs[275]),/* "id-mod-kea-profile-88" */
-&(nid_objs[276]),/* "id-mod-kea-profile-93" */
-&(nid_objs[282]),/* "id-mod-ocsp" */
-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
-&(nid_objs[264]),/* "id-on" */
-&(nid_objs[347]),/* "id-on-personalData" */
-&(nid_objs[265]),/* "id-pda" */
-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
-&(nid_objs[353]),/* "id-pda-countryOfResidence" */
-&(nid_objs[348]),/* "id-pda-dateOfBirth" */
-&(nid_objs[351]),/* "id-pda-gender" */
-&(nid_objs[349]),/* "id-pda-placeOfBirth" */
-&(nid_objs[175]),/* "id-pe" */
-&(nid_objs[261]),/* "id-pkip" */
-&(nid_objs[258]),/* "id-pkix-mod" */
-&(nid_objs[269]),/* "id-pkix1-explicit-88" */
-&(nid_objs[271]),/* "id-pkix1-explicit-93" */
-&(nid_objs[270]),/* "id-pkix1-implicit-88" */
-&(nid_objs[272]),/* "id-pkix1-implicit-93" */
-&(nid_objs[267]),/* "id-qcs" */
-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
-&(nid_objs[259]),/* "id-qt" */
-&(nid_objs[313]),/* "id-regCtrl" */
-&(nid_objs[316]),/* "id-regCtrl-authenticator" */
-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
-&(nid_objs[315]),/* "id-regCtrl-regToken" */
-&(nid_objs[314]),/* "id-regInfo" */
-&(nid_objs[322]),/* "id-regInfo-certReq" */
-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
-&(nid_objs[191]),/* "id-smime-aa" */
-&(nid_objs[215]),/* "id-smime-aa-contentHint" */
-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
-&(nid_objs[221]),/* "id-smime-aa-contentReference" */
-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
-&(nid_objs[219]),/* "id-smime-aa-macValue" */
-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
-&(nid_objs[239]),/* "id-smime-aa-signatureType" */
-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
-&(nid_objs[192]),/* "id-smime-alg" */
-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
-&(nid_objs[245]),/* "id-smime-alg-ESDH" */
-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
-&(nid_objs[193]),/* "id-smime-cd" */
-&(nid_objs[248]),/* "id-smime-cd-ldap" */
-&(nid_objs[190]),/* "id-smime-ct" */
-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
-&(nid_objs[205]),/* "id-smime-ct-authData" */
-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
-&(nid_objs[206]),/* "id-smime-ct-publishCert" */
-&(nid_objs[204]),/* "id-smime-ct-receipt" */
-&(nid_objs[195]),/* "id-smime-cti" */
-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
-&(nid_objs[189]),/* "id-smime-mod" */
-&(nid_objs[196]),/* "id-smime-mod-cms" */
-&(nid_objs[197]),/* "id-smime-mod-ess" */
-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
-&(nid_objs[198]),/* "id-smime-mod-oid" */
-&(nid_objs[194]),/* "id-smime-spq" */
-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
-&(nid_objs[34]),/* "idea-cbc" */
-&(nid_objs[35]),/* "idea-cfb" */
-&(nid_objs[36]),/* "idea-ecb" */
-&(nid_objs[46]),/* "idea-ofb" */
-&(nid_objs[461]),/* "info" */
-&(nid_objs[101]),/* "initials" */
-&(nid_objs[181]),/* "iso" */
-&(nid_objs[623]),/* "issuer capabilities" */
-&(nid_objs[492]),/* "janetMailbox" */
-&(nid_objs[393]),/* "joint-iso-ccitt" */
-&(nid_objs[150]),/* "keyBag" */
-&(nid_objs[477]),/* "lastModifiedBy" */
-&(nid_objs[476]),/* "lastModifiedTime" */
-&(nid_objs[157]),/* "localKeyID" */
-&(nid_objs[15]),/* "localityName" */
-&(nid_objs[480]),/* "mXRecord" */
-&(nid_objs[493]),/* "mailPreferenceOption" */
-&(nid_objs[467]),/* "manager" */
-&(nid_objs[ 3]),/* "md2" */
-&(nid_objs[ 7]),/* "md2WithRSAEncryption" */
-&(nid_objs[257]),/* "md4" */
-&(nid_objs[396]),/* "md4WithRSAEncryption" */
-&(nid_objs[ 4]),/* "md5" */
-&(nid_objs[114]),/* "md5-sha1" */
-&(nid_objs[104]),/* "md5WithRSA" */
-&(nid_objs[ 8]),/* "md5WithRSAEncryption" */
-&(nid_objs[95]),/* "mdc2" */
-&(nid_objs[96]),/* "mdc2WithRSA" */
-&(nid_objs[602]),/* "merchant initiated auth" */
-&(nid_objs[514]),/* "message extensions" */
-&(nid_objs[51]),/* "messageDigest" */
-&(nid_objs[506]),/* "mime-mhs-bodies" */
-&(nid_objs[505]),/* "mime-mhs-headings" */
-&(nid_objs[488]),/* "mobileTelephoneNumber" */
-&(nid_objs[481]),/* "nSRecord" */
-&(nid_objs[173]),/* "name" */
-&(nid_objs[379]),/* "org" */
-&(nid_objs[17]),/* "organizationName" */
-&(nid_objs[491]),/* "organizationalStatus" */
-&(nid_objs[18]),/* "organizationalUnitName" */
-&(nid_objs[475]),/* "otherMailbox" */
-&(nid_objs[489]),/* "pagerTelephoneNumber" */
-&(nid_objs[374]),/* "path" */
-&(nid_objs[621]),/* "payment gateway capabilities" */
-&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */
-&(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */
-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
-&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */
-&(nid_objs[169]),/* "pbeWithMD5AndRC2-CBC" */
-&(nid_objs[148]),/* "pbeWithSHA1And128BitRC2-CBC" */
-&(nid_objs[144]),/* "pbeWithSHA1And128BitRC4" */
-&(nid_objs[147]),/* "pbeWithSHA1And2-KeyTripleDES-CBC" */
-&(nid_objs[146]),/* "pbeWithSHA1And3-KeyTripleDES-CBC" */
-&(nid_objs[149]),/* "pbeWithSHA1And40BitRC2-CBC" */
-&(nid_objs[145]),/* "pbeWithSHA1And40BitRC4" */
-&(nid_objs[170]),/* "pbeWithSHA1AndDES-CBC" */
-&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */
-&(nid_objs[499]),/* "personalSignature" */
-&(nid_objs[487]),/* "personalTitle" */
-&(nid_objs[464]),/* "photo" */
-&(nid_objs[437]),/* "pilot" */
-&(nid_objs[439]),/* "pilotAttributeSyntax" */
-&(nid_objs[438]),/* "pilotAttributeType" */
-&(nid_objs[479]),/* "pilotAttributeType27" */
-&(nid_objs[456]),/* "pilotDSA" */
-&(nid_objs[441]),/* "pilotGroups" */
-&(nid_objs[444]),/* "pilotObject" */
-&(nid_objs[440]),/* "pilotObjectClass" */
-&(nid_objs[455]),/* "pilotOrganization" */
-&(nid_objs[445]),/* "pilotPerson" */
-&(nid_objs[186]),/* "pkcs1" */
-&(nid_objs[27]),/* "pkcs3" */
-&(nid_objs[187]),/* "pkcs5" */
-&(nid_objs[20]),/* "pkcs7" */
-&(nid_objs[21]),/* "pkcs7-data" */
-&(nid_objs[25]),/* "pkcs7-digestData" */
-&(nid_objs[26]),/* "pkcs7-encryptedData" */
-&(nid_objs[23]),/* "pkcs7-envelopedData" */
-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
-&(nid_objs[22]),/* "pkcs7-signedData" */
-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
-&(nid_objs[47]),/* "pkcs9" */
-&(nid_objs[406]),/* "prime-field" */
-&(nid_objs[409]),/* "prime192v1" */
-&(nid_objs[410]),/* "prime192v2" */
-&(nid_objs[411]),/* "prime192v3" */
-&(nid_objs[412]),/* "prime239v1" */
-&(nid_objs[413]),/* "prime239v2" */
-&(nid_objs[414]),/* "prime239v3" */
-&(nid_objs[415]),/* "prime256v1" */
-&(nid_objs[510]),/* "pseudonym" */
-&(nid_objs[435]),/* "pss" */
-&(nid_objs[286]),/* "qcStatements" */
-&(nid_objs[457]),/* "qualityLabelledData" */
-&(nid_objs[450]),/* "rFC822localPart" */
-&(nid_objs[98]),/* "rc2-40-cbc" */
-&(nid_objs[166]),/* "rc2-64-cbc" */
-&(nid_objs[37]),/* "rc2-cbc" */
-&(nid_objs[39]),/* "rc2-cfb" */
-&(nid_objs[38]),/* "rc2-ecb" */
-&(nid_objs[40]),/* "rc2-ofb" */
-&(nid_objs[ 5]),/* "rc4" */
-&(nid_objs[97]),/* "rc4-40" */
-&(nid_objs[120]),/* "rc5-cbc" */
-&(nid_objs[122]),/* "rc5-cfb" */
-&(nid_objs[121]),/* "rc5-ecb" */
-&(nid_objs[123]),/* "rc5-ofb" */
-&(nid_objs[460]),/* "rfc822Mailbox" */
-&(nid_objs[117]),/* "ripemd160" */
-&(nid_objs[119]),/* "ripemd160WithRSA" */
-&(nid_objs[400]),/* "role" */
-&(nid_objs[448]),/* "room" */
-&(nid_objs[463]),/* "roomNumber" */
-&(nid_objs[19]),/* "rsa" */
-&(nid_objs[ 6]),/* "rsaEncryption" */
-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */
-&(nid_objs[377]),/* "rsaSignature" */
-&(nid_objs[124]),/* "run length compression" */
-&(nid_objs[482]),/* "sOARecord" */
-&(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbqp-routerIdentifier" */
-&(nid_objs[159]),/* "sdsiCertificate" */
-&(nid_objs[154]),/* "secretBag" */
-&(nid_objs[474]),/* "secretary" */
-&(nid_objs[635]),/* "secure device signature" */
-&(nid_objs[105]),/* "serialNumber" */
-&(nid_objs[625]),/* "set-addPolicy" */
-&(nid_objs[515]),/* "set-attr" */
-&(nid_objs[518]),/* "set-brand" */
-&(nid_objs[638]),/* "set-brand-AmericanExpress" */
-&(nid_objs[637]),/* "set-brand-Diners" */
-&(nid_objs[636]),/* "set-brand-IATA-ATA" */
-&(nid_objs[639]),/* "set-brand-JCB" */
-&(nid_objs[641]),/* "set-brand-MasterCard" */
-&(nid_objs[642]),/* "set-brand-Novus" */
-&(nid_objs[640]),/* "set-brand-Visa" */
-&(nid_objs[516]),/* "set-policy" */
-&(nid_objs[607]),/* "set-policy-root" */
-&(nid_objs[624]),/* "set-rootKeyThumb" */
-&(nid_objs[620]),/* "setAttr-Cert" */
-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */
-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */
-&(nid_objs[629]),/* "setAttr-IssCap-T2" */
-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */
-&(nid_objs[626]),/* "setAttr-Token-EMV" */
-&(nid_objs[622]),/* "setAttr-TokenType" */
-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */
-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */
-&(nid_objs[616]),/* "setCext-TokenIdentifier" */
-&(nid_objs[618]),/* "setCext-TokenType" */
-&(nid_objs[617]),/* "setCext-Track2Data" */
-&(nid_objs[611]),/* "setCext-cCertRequired" */
-&(nid_objs[609]),/* "setCext-certType" */
-&(nid_objs[608]),/* "setCext-hashedRoot" */
-&(nid_objs[610]),/* "setCext-merchData" */
-&(nid_objs[613]),/* "setCext-setExt" */
-&(nid_objs[614]),/* "setCext-setQualf" */
-&(nid_objs[612]),/* "setCext-tunneling" */
-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */
-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */
-&(nid_objs[570]),/* "setct-AuthReqTBE" */
-&(nid_objs[534]),/* "setct-AuthReqTBS" */
-&(nid_objs[527]),/* "setct-AuthResBaggage" */
-&(nid_objs[571]),/* "setct-AuthResTBE" */
-&(nid_objs[572]),/* "setct-AuthResTBEX" */
-&(nid_objs[535]),/* "setct-AuthResTBS" */
-&(nid_objs[536]),/* "setct-AuthResTBSX" */
-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */
-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */
-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */
-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */
-&(nid_objs[542]),/* "setct-AuthRevResData" */
-&(nid_objs[578]),/* "setct-AuthRevResTBE" */
-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */
-&(nid_objs[543]),/* "setct-AuthRevResTBS" */
-&(nid_objs[573]),/* "setct-AuthTokenTBE" */
-&(nid_objs[537]),/* "setct-AuthTokenTBS" */
-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */
-&(nid_objs[558]),/* "setct-BatchAdminReqData" */
-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */
-&(nid_objs[559]),/* "setct-BatchAdminResData" */
-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */
-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */
-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */
-&(nid_objs[580]),/* "setct-CapReqTBE" */
-&(nid_objs[581]),/* "setct-CapReqTBEX" */
-&(nid_objs[544]),/* "setct-CapReqTBS" */
-&(nid_objs[545]),/* "setct-CapReqTBSX" */
-&(nid_objs[546]),/* "setct-CapResData" */
-&(nid_objs[582]),/* "setct-CapResTBE" */
-&(nid_objs[583]),/* "setct-CapRevReqTBE" */
-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */
-&(nid_objs[547]),/* "setct-CapRevReqTBS" */
-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */
-&(nid_objs[549]),/* "setct-CapRevResData" */
-&(nid_objs[585]),/* "setct-CapRevResTBE" */
-&(nid_objs[538]),/* "setct-CapTokenData" */
-&(nid_objs[530]),/* "setct-CapTokenSeq" */
-&(nid_objs[574]),/* "setct-CapTokenTBE" */
-&(nid_objs[575]),/* "setct-CapTokenTBEX" */
-&(nid_objs[539]),/* "setct-CapTokenTBS" */
-&(nid_objs[560]),/* "setct-CardCInitResTBS" */
-&(nid_objs[566]),/* "setct-CertInqReqTBS" */
-&(nid_objs[563]),/* "setct-CertReqData" */
-&(nid_objs[595]),/* "setct-CertReqTBE" */
-&(nid_objs[596]),/* "setct-CertReqTBEX" */
-&(nid_objs[564]),/* "setct-CertReqTBS" */
-&(nid_objs[565]),/* "setct-CertResData" */
-&(nid_objs[597]),/* "setct-CertResTBE" */
-&(nid_objs[586]),/* "setct-CredReqTBE" */
-&(nid_objs[587]),/* "setct-CredReqTBEX" */
-&(nid_objs[550]),/* "setct-CredReqTBS" */
-&(nid_objs[551]),/* "setct-CredReqTBSX" */
-&(nid_objs[552]),/* "setct-CredResData" */
-&(nid_objs[588]),/* "setct-CredResTBE" */
-&(nid_objs[589]),/* "setct-CredRevReqTBE" */
-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */
-&(nid_objs[553]),/* "setct-CredRevReqTBS" */
-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */
-&(nid_objs[555]),/* "setct-CredRevResData" */
-&(nid_objs[591]),/* "setct-CredRevResTBE" */
-&(nid_objs[567]),/* "setct-ErrorTBS" */
-&(nid_objs[526]),/* "setct-HODInput" */
-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */
-&(nid_objs[522]),/* "setct-OIData" */
-&(nid_objs[519]),/* "setct-PANData" */
-&(nid_objs[521]),/* "setct-PANOnly" */
-&(nid_objs[520]),/* "setct-PANToken" */
-&(nid_objs[556]),/* "setct-PCertReqData" */
-&(nid_objs[557]),/* "setct-PCertResTBS" */
-&(nid_objs[523]),/* "setct-PI" */
-&(nid_objs[532]),/* "setct-PI-TBS" */
-&(nid_objs[524]),/* "setct-PIData" */
-&(nid_objs[525]),/* "setct-PIDataUnsigned" */
-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */
-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */
-&(nid_objs[531]),/* "setct-PInitResData" */
-&(nid_objs[533]),/* "setct-PResData" */
-&(nid_objs[594]),/* "setct-RegFormReqTBE" */
-&(nid_objs[562]),/* "setct-RegFormResTBS" */
-&(nid_objs[604]),/* "setext-pinAny" */
-&(nid_objs[603]),/* "setext-pinSecure" */
-&(nid_objs[605]),/* "setext-track2" */
-&(nid_objs[41]),/* "sha" */
-&(nid_objs[64]),/* "sha1" */
-&(nid_objs[115]),/* "sha1WithRSA" */
-&(nid_objs[65]),/* "sha1WithRSAEncryption" */
-&(nid_objs[42]),/* "shaWithRSAEncryption" */
-&(nid_objs[52]),/* "signingTime" */
-&(nid_objs[454]),/* "simpleSecurityObject" */
-&(nid_objs[496]),/* "singleLevelQuality" */
-&(nid_objs[16]),/* "stateOrProvinceName" */
-&(nid_objs[498]),/* "subtreeMaximumQuality" */
-&(nid_objs[497]),/* "subtreeMinimumQuality" */
-&(nid_objs[100]),/* "surname" */
-&(nid_objs[459]),/* "textEncodedORAddress" */
-&(nid_objs[293]),/* "textNotice" */
-&(nid_objs[106]),/* "title" */
-&(nid_objs[436]),/* "ucl" */
-&(nid_objs[ 0]),/* "undefined" */
-&(nid_objs[55]),/* "unstructuredAddress" */
-&(nid_objs[49]),/* "unstructuredName" */
-&(nid_objs[465]),/* "userClass" */
-&(nid_objs[458]),/* "userId" */
-&(nid_objs[373]),/* "valid" */
-&(nid_objs[503]),/* "x500UniqueIdentifier" */
-&(nid_objs[158]),/* "x509Certificate" */
-&(nid_objs[160]),/* "x509Crl" */
-&(nid_objs[125]),/* "zlib compression" */
-};
-
-static ASN1_OBJECT *obj_objs[NUM_OBJ]={
-&(nid_objs[ 0]),/* OBJ_undef                        0 */
-&(nid_objs[404]),/* OBJ_ccitt                        0 */
-&(nid_objs[434]),/* OBJ_data                         0 9 */
-&(nid_objs[181]),/* OBJ_iso                          1 */
-&(nid_objs[182]),/* OBJ_member_body                  1 2 */
-&(nid_objs[379]),/* OBJ_org                          1 3 */
-&(nid_objs[393]),/* OBJ_joint_iso_ccitt              2 */
-&(nid_objs[11]),/* OBJ_X500                         2 5 */
-&(nid_objs[380]),/* OBJ_dod                          1 3 6 */
-&(nid_objs[12]),/* OBJ_X509                         2 5 4 */
-&(nid_objs[378]),/* OBJ_X500algorithms               2 5 8 */
-&(nid_objs[81]),/* OBJ_id_ce                        2 5 29 */
-&(nid_objs[512]),/* OBJ_id_set                       2 23 42 */
-&(nid_objs[435]),/* OBJ_pss                          0 9 2342 */
-&(nid_objs[183]),/* OBJ_ISO_US                       1 2 840 */
-&(nid_objs[381]),/* OBJ_iana                         1 3 6 1 */
-&(nid_objs[394]),/* OBJ_selected_attribute_types     2 5 1 5 */
-&(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
-&(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
-&(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
-&(nid_objs[14]),/* OBJ_countryName                  2 5 4 6 */
-&(nid_objs[15]),/* OBJ_localityName                 2 5 4 7 */
-&(nid_objs[16]),/* OBJ_stateOrProvinceName          2 5 4 8 */
-&(nid_objs[17]),/* OBJ_organizationName             2 5 4 10 */
-&(nid_objs[18]),/* OBJ_organizationalUnitName       2 5 4 11 */
-&(nid_objs[106]),/* OBJ_title                        2 5 4 12 */
-&(nid_objs[107]),/* OBJ_description                  2 5 4 13 */
-&(nid_objs[173]),/* OBJ_name                         2 5 4 41 */
-&(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */
-&(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
-&(nid_objs[509]),/* OBJ_generationQualifier          2 5 4 44 */
-&(nid_objs[503]),/* OBJ_x500UniqueIdentifier         2 5 4 45 */
-&(nid_objs[174]),/* OBJ_dnQualifier                  2 5 4 46 */
-&(nid_objs[510]),/* OBJ_pseudonym                    2 5 4 65 */
-&(nid_objs[400]),/* OBJ_role                         2 5 4 72 */
-&(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
-&(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
-&(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
-&(nid_objs[85]),/* OBJ_subject_alt_name             2 5 29 17 */
-&(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
-&(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
-&(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
-&(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */
-&(nid_objs[430]),/* OBJ_hold_instruction_code        2 5 29 23 */
-&(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
-&(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
-&(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
-&(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
-&(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
-&(nid_objs[401]),/* OBJ_policy_constraints           2 5 29 36 */
-&(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
-&(nid_objs[402]),/* OBJ_target_information           2 5 29 55 */
-&(nid_objs[403]),/* OBJ_no_rev_avail                 2 5 29 56 */
-&(nid_objs[513]),/* OBJ_set_ctype                    2 23 42 0 */
-&(nid_objs[514]),/* OBJ_set_msgExt                   2 23 42 1 */
-&(nid_objs[515]),/* OBJ_set_attr                     2 23 42 3 */
-&(nid_objs[516]),/* OBJ_set_policy                   2 23 42 5 */
-&(nid_objs[517]),/* OBJ_set_certExt                  2 23 42 7 */
-&(nid_objs[518]),/* OBJ_set_brand                    2 23 42 8 */
-&(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */
-&(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */
-&(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */
-&(nid_objs[385]),/* OBJ_Private                      1 3 6 1 4 */
-&(nid_objs[386]),/* OBJ_Security                     1 3 6 1 5 */
-&(nid_objs[387]),/* OBJ_SNMPv2                       1 3 6 1 6 */
-&(nid_objs[388]),/* OBJ_Mail                         1 3 6 1 7 */
-&(nid_objs[376]),/* OBJ_algorithm                    1 3 14 3 2 */
-&(nid_objs[395]),/* OBJ_clearance                    2 5 1 5 55 */
-&(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
-&(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
-&(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
-&(nid_objs[519]),/* OBJ_setct_PANData                2 23 42 0 0 */
-&(nid_objs[520]),/* OBJ_setct_PANToken               2 23 42 0 1 */
-&(nid_objs[521]),/* OBJ_setct_PANOnly                2 23 42 0 2 */
-&(nid_objs[522]),/* OBJ_setct_OIData                 2 23 42 0 3 */
-&(nid_objs[523]),/* OBJ_setct_PI                     2 23 42 0 4 */
-&(nid_objs[524]),/* OBJ_setct_PIData                 2 23 42 0 5 */
-&(nid_objs[525]),/* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
-&(nid_objs[526]),/* OBJ_setct_HODInput               2 23 42 0 7 */
-&(nid_objs[527]),/* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
-&(nid_objs[528]),/* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
-&(nid_objs[529]),/* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
-&(nid_objs[530]),/* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
-&(nid_objs[531]),/* OBJ_setct_PInitResData           2 23 42 0 12 */
-&(nid_objs[532]),/* OBJ_setct_PI_TBS                 2 23 42 0 13 */
-&(nid_objs[533]),/* OBJ_setct_PResData               2 23 42 0 14 */
-&(nid_objs[534]),/* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
-&(nid_objs[535]),/* OBJ_setct_AuthResTBS             2 23 42 0 17 */
-&(nid_objs[536]),/* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
-&(nid_objs[537]),/* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
-&(nid_objs[538]),/* OBJ_setct_CapTokenData           2 23 42 0 20 */
-&(nid_objs[539]),/* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
-&(nid_objs[540]),/* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
-&(nid_objs[541]),/* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
-&(nid_objs[542]),/* OBJ_setct_AuthRevResData         2 23 42 0 24 */
-&(nid_objs[543]),/* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
-&(nid_objs[544]),/* OBJ_setct_CapReqTBS              2 23 42 0 26 */
-&(nid_objs[545]),/* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
-&(nid_objs[546]),/* OBJ_setct_CapResData             2 23 42 0 28 */
-&(nid_objs[547]),/* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
-&(nid_objs[548]),/* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
-&(nid_objs[549]),/* OBJ_setct_CapRevResData          2 23 42 0 31 */
-&(nid_objs[550]),/* OBJ_setct_CredReqTBS             2 23 42 0 32 */
-&(nid_objs[551]),/* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
-&(nid_objs[552]),/* OBJ_setct_CredResData            2 23 42 0 34 */
-&(nid_objs[553]),/* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
-&(nid_objs[554]),/* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
-&(nid_objs[555]),/* OBJ_setct_CredRevResData         2 23 42 0 37 */
-&(nid_objs[556]),/* OBJ_setct_PCertReqData           2 23 42 0 38 */
-&(nid_objs[557]),/* OBJ_setct_PCertResTBS            2 23 42 0 39 */
-&(nid_objs[558]),/* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
-&(nid_objs[559]),/* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
-&(nid_objs[560]),/* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
-&(nid_objs[561]),/* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
-&(nid_objs[562]),/* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
-&(nid_objs[563]),/* OBJ_setct_CertReqData            2 23 42 0 45 */
-&(nid_objs[564]),/* OBJ_setct_CertReqTBS             2 23 42 0 46 */
-&(nid_objs[565]),/* OBJ_setct_CertResData            2 23 42 0 47 */
-&(nid_objs[566]),/* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
-&(nid_objs[567]),/* OBJ_setct_ErrorTBS               2 23 42 0 49 */
-&(nid_objs[568]),/* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
-&(nid_objs[569]),/* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
-&(nid_objs[570]),/* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
-&(nid_objs[571]),/* OBJ_setct_AuthResTBE             2 23 42 0 53 */
-&(nid_objs[572]),/* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
-&(nid_objs[573]),/* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
-&(nid_objs[574]),/* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
-&(nid_objs[575]),/* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
-&(nid_objs[576]),/* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
-&(nid_objs[577]),/* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
-&(nid_objs[578]),/* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
-&(nid_objs[579]),/* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
-&(nid_objs[580]),/* OBJ_setct_CapReqTBE              2 23 42 0 62 */
-&(nid_objs[581]),/* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
-&(nid_objs[582]),/* OBJ_setct_CapResTBE              2 23 42 0 64 */
-&(nid_objs[583]),/* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
-&(nid_objs[584]),/* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
-&(nid_objs[585]),/* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
-&(nid_objs[586]),/* OBJ_setct_CredReqTBE             2 23 42 0 68 */
-&(nid_objs[587]),/* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
-&(nid_objs[588]),/* OBJ_setct_CredResTBE             2 23 42 0 70 */
-&(nid_objs[589]),/* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
-&(nid_objs[590]),/* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
-&(nid_objs[591]),/* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
-&(nid_objs[592]),/* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
-&(nid_objs[593]),/* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
-&(nid_objs[594]),/* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
-&(nid_objs[595]),/* OBJ_setct_CertReqTBE             2 23 42 0 77 */
-&(nid_objs[596]),/* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
-&(nid_objs[597]),/* OBJ_setct_CertResTBE             2 23 42 0 79 */
-&(nid_objs[598]),/* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
-&(nid_objs[599]),/* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
-&(nid_objs[600]),/* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
-&(nid_objs[601]),/* OBJ_setext_genCrypt              2 23 42 1 1 */
-&(nid_objs[602]),/* OBJ_setext_miAuth                2 23 42 1 3 */
-&(nid_objs[603]),/* OBJ_setext_pinSecure             2 23 42 1 4 */
-&(nid_objs[604]),/* OBJ_setext_pinAny                2 23 42 1 5 */
-&(nid_objs[605]),/* OBJ_setext_track2                2 23 42 1 7 */
-&(nid_objs[606]),/* OBJ_setext_cv                    2 23 42 1 8 */
-&(nid_objs[620]),/* OBJ_setAttr_Cert                 2 23 42 3 0 */
-&(nid_objs[621]),/* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
-&(nid_objs[622]),/* OBJ_setAttr_TokenType            2 23 42 3 2 */
-&(nid_objs[623]),/* OBJ_setAttr_IssCap               2 23 42 3 3 */
-&(nid_objs[607]),/* OBJ_set_policy_root              2 23 42 5 0 */
-&(nid_objs[608]),/* OBJ_setCext_hashedRoot           2 23 42 7 0 */
-&(nid_objs[609]),/* OBJ_setCext_certType             2 23 42 7 1 */
-&(nid_objs[610]),/* OBJ_setCext_merchData            2 23 42 7 2 */
-&(nid_objs[611]),/* OBJ_setCext_cCertRequired        2 23 42 7 3 */
-&(nid_objs[612]),/* OBJ_setCext_tunneling            2 23 42 7 4 */
-&(nid_objs[613]),/* OBJ_setCext_setExt               2 23 42 7 5 */
-&(nid_objs[614]),/* OBJ_setCext_setQualf             2 23 42 7 6 */
-&(nid_objs[615]),/* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
-&(nid_objs[616]),/* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
-&(nid_objs[617]),/* OBJ_setCext_Track2Data           2 23 42 7 9 */
-&(nid_objs[618]),/* OBJ_setCext_TokenType            2 23 42 7 10 */
-&(nid_objs[619]),/* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
-&(nid_objs[636]),/* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
-&(nid_objs[640]),/* OBJ_set_brand_Visa               2 23 42 8 4 */
-&(nid_objs[641]),/* OBJ_set_brand_MasterCard         2 23 42 8 5 */
-&(nid_objs[637]),/* OBJ_set_brand_Diners             2 23 42 8 30 */
-&(nid_objs[638]),/* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
-&(nid_objs[639]),/* OBJ_set_brand_JCB                2 23 42 8 35 */
-&(nid_objs[184]),/* OBJ_X9_57                        1 2 840 10040 */
-&(nid_objs[405]),/* OBJ_ansi_X9_62                   1 2 840 10045 */
-&(nid_objs[389]),/* OBJ_Enterprises                  1 3 6 1 4 1 */
-&(nid_objs[504]),/* OBJ_mime_mhs                     1 3 6 1 7 1 */
-&(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
-&(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
-&(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
-&(nid_objs[45]),/* OBJ_des_ofb64                    1 3 14 3 2 8 */
-&(nid_objs[30]),/* OBJ_des_cfb64                    1 3 14 3 2 9 */
-&(nid_objs[377]),/* OBJ_rsaSignature                 1 3 14 3 2 11 */
-&(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
-&(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
-&(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
-&(nid_objs[32]),/* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
-&(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
-&(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
-&(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
-&(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
-&(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
-&(nid_objs[143]),/* OBJ_sxnet                        1 3 101 1 4 1 */
-&(nid_objs[624]),/* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
-&(nid_objs[625]),/* OBJ_set_addPolicy                2 23 42 3 0 1 */
-&(nid_objs[626]),/* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
-&(nid_objs[627]),/* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
-&(nid_objs[628]),/* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
-&(nid_objs[629]),/* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
-&(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
-&(nid_objs[642]),/* OBJ_set_brand_Novus              2 23 42 8 6011 */
-&(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666 1 */
-&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666 2 */
-&(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
-&(nid_objs[185]),/* OBJ_X9cm                         1 2 840 10040 4 */
-&(nid_objs[127]),/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
-&(nid_objs[505]),/* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
-&(nid_objs[506]),/* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
-&(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
-&(nid_objs[631]),/* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
-&(nid_objs[632]),/* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
-&(nid_objs[633]),/* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
-&(nid_objs[634]),/* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
-&(nid_objs[635]),/* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
-&(nid_objs[436]),/* OBJ_ucl                          0 9 2342 19200300 */
-&(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
-&(nid_objs[431]),/* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
-&(nid_objs[432]),/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
-&(nid_objs[433]),/* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
-&(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
-&(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
-&(nid_objs[406]),/* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
-&(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
-&(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
-&(nid_objs[416]),/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
-&(nid_objs[258]),/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
-&(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
-&(nid_objs[259]),/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
-&(nid_objs[128]),/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
-&(nid_objs[260]),/* OBJ_id_it                        1 3 6 1 5 5 7 4 */
-&(nid_objs[261]),/* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
-&(nid_objs[262]),/* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
-&(nid_objs[263]),/* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
-&(nid_objs[264]),/* OBJ_id_on                        1 3 6 1 5 5 7 8 */
-&(nid_objs[265]),/* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
-&(nid_objs[266]),/* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
-&(nid_objs[267]),/* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
-&(nid_objs[268]),/* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
-&(nid_objs[176]),/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
-&(nid_objs[507]),/* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
-&(nid_objs[508]),/* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
-&(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
-&(nid_objs[437]),/* OBJ_pilot                        0 9 2342 19200300 100 */
-&(nid_objs[186]),/* OBJ_pkcs1                        1 2 840 113549 1 1 */
-&(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
-&(nid_objs[187]),/* OBJ_pkcs5                        1 2 840 113549 1 5 */
-&(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
-&(nid_objs[47]),/* OBJ_pkcs9                        1 2 840 113549 1 9 */
-&(nid_objs[ 3]),/* OBJ_md2                          1 2 840 113549 2 2 */
-&(nid_objs[257]),/* OBJ_md4                          1 2 840 113549 2 4 */
-&(nid_objs[ 4]),/* OBJ_md5                          1 2 840 113549 2 5 */
-&(nid_objs[163]),/* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
-&(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
-&(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
-&(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
-&(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
-&(nid_objs[643]),/* OBJ_des_cdmf                     1 2 840 113549 3 10 */
-&(nid_objs[409]),/* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
-&(nid_objs[410]),/* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
-&(nid_objs[411]),/* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
-&(nid_objs[412]),/* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
-&(nid_objs[413]),/* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
-&(nid_objs[414]),/* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
-&(nid_objs[415]),/* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
-&(nid_objs[269]),/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
-&(nid_objs[270]),/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
-&(nid_objs[271]),/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
-&(nid_objs[272]),/* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
-&(nid_objs[273]),/* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
-&(nid_objs[274]),/* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
-&(nid_objs[275]),/* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
-&(nid_objs[276]),/* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
-&(nid_objs[277]),/* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
-&(nid_objs[278]),/* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
-&(nid_objs[279]),/* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
-&(nid_objs[280]),/* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
-&(nid_objs[281]),/* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
-&(nid_objs[282]),/* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
-&(nid_objs[283]),/* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
-&(nid_objs[284]),/* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
-&(nid_objs[177]),/* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
-&(nid_objs[285]),/* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
-&(nid_objs[286]),/* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
-&(nid_objs[287]),/* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
-&(nid_objs[288]),/* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
-&(nid_objs[289]),/* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
-&(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
-&(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
-&(nid_objs[292]),/* OBJ_sbqp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
-&(nid_objs[397]),/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
-&(nid_objs[398]),/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
-&(nid_objs[164]),/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
-&(nid_objs[165]),/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
-&(nid_objs[293]),/* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
-&(nid_objs[129]),/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
-&(nid_objs[130]),/* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
-&(nid_objs[131]),/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
-&(nid_objs[132]),/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
-&(nid_objs[294]),/* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
-&(nid_objs[295]),/* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
-&(nid_objs[296]),/* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
-&(nid_objs[133]),/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
-&(nid_objs[180]),/* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
-&(nid_objs[297]),/* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
-&(nid_objs[298]),/* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
-&(nid_objs[299]),/* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
-&(nid_objs[300]),/* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
-&(nid_objs[301]),/* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
-&(nid_objs[302]),/* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
-&(nid_objs[303]),/* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
-&(nid_objs[304]),/* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
-&(nid_objs[305]),/* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
-&(nid_objs[306]),/* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
-&(nid_objs[307]),/* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
-&(nid_objs[308]),/* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
-&(nid_objs[309]),/* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
-&(nid_objs[310]),/* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
-&(nid_objs[311]),/* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
-&(nid_objs[312]),/* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
-&(nid_objs[313]),/* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
-&(nid_objs[314]),/* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
-&(nid_objs[323]),/* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
-&(nid_objs[324]),/* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
-&(nid_objs[325]),/* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
-&(nid_objs[326]),/* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
-&(nid_objs[327]),/* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
-&(nid_objs[328]),/* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
-&(nid_objs[329]),/* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
-&(nid_objs[330]),/* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
-&(nid_objs[331]),/* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
-&(nid_objs[332]),/* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
-&(nid_objs[333]),/* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
-&(nid_objs[334]),/* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
-&(nid_objs[335]),/* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
-&(nid_objs[336]),/* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
-&(nid_objs[337]),/* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
-&(nid_objs[338]),/* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
-&(nid_objs[339]),/* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
-&(nid_objs[340]),/* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
-&(nid_objs[341]),/* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
-&(nid_objs[342]),/* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
-&(nid_objs[343]),/* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
-&(nid_objs[344]),/* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
-&(nid_objs[345]),/* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
-&(nid_objs[346]),/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
-&(nid_objs[347]),/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
-&(nid_objs[348]),/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
-&(nid_objs[349]),/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
-&(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
-&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
-&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
-&(nid_objs[354]),/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
-&(nid_objs[355]),/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
-&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
-&(nid_objs[357]),/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
-&(nid_objs[358]),/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
-&(nid_objs[399]),/* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
-&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
-&(nid_objs[360]),/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
-&(nid_objs[361]),/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
-&(nid_objs[362]),/* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
-&(nid_objs[178]),/* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
-&(nid_objs[179]),/* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
-&(nid_objs[363]),/* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
-&(nid_objs[364]),/* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
-&(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
-&(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
-&(nid_objs[438]),/* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
-&(nid_objs[439]),/* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
-&(nid_objs[440]),/* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
-&(nid_objs[441]),/* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
-&(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
-&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
-&(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
-&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
-&(nid_objs[396]),/* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
-&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
-&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
-&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
-&(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
-&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
-&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
-&(nid_objs[168]),/* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
-&(nid_objs[169]),/* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
-&(nid_objs[170]),/* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
-&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
-&(nid_objs[69]),/* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
-&(nid_objs[161]),/* OBJ_pbes2                        1 2 840 113549 1 5 13 */
-&(nid_objs[162]),/* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
-&(nid_objs[21]),/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
-&(nid_objs[22]),/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
-&(nid_objs[23]),/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
-&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
-&(nid_objs[25]),/* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
-&(nid_objs[26]),/* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
-&(nid_objs[48]),/* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
-&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
-&(nid_objs[50]),/* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
-&(nid_objs[51]),/* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
-&(nid_objs[52]),/* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
-&(nid_objs[53]),/* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
-&(nid_objs[54]),/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
-&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
-&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
-&(nid_objs[172]),/* OBJ_ext_req                      1 2 840 113549 1 9 14 */
-&(nid_objs[167]),/* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
-&(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
-&(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
-&(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
-&(nid_objs[417]),/* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
-&(nid_objs[390]),/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
-&(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
-&(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
-&(nid_objs[316]),/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
-&(nid_objs[317]),/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
-&(nid_objs[318]),/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
-&(nid_objs[319]),/* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
-&(nid_objs[320]),/* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
-&(nid_objs[321]),/* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
-&(nid_objs[322]),/* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
-&(nid_objs[365]),/* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
-&(nid_objs[366]),/* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
-&(nid_objs[367]),/* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
-&(nid_objs[368]),/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
-&(nid_objs[369]),/* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
-&(nid_objs[370]),/* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
-&(nid_objs[371]),/* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
-&(nid_objs[372]),/* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
-&(nid_objs[373]),/* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
-&(nid_objs[374]),/* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
-&(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
-&(nid_objs[418]),/* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
-&(nid_objs[419]),/* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
-&(nid_objs[420]),/* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
-&(nid_objs[421]),/* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
-&(nid_objs[422]),/* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
-&(nid_objs[423]),/* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
-&(nid_objs[424]),/* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
-&(nid_objs[425]),/* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
-&(nid_objs[426]),/* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
-&(nid_objs[427]),/* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
-&(nid_objs[428]),/* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
-&(nid_objs[429]),/* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
-&(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
-&(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
-&(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
-&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
-&(nid_objs[75]),/* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
-&(nid_objs[76]),/* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
-&(nid_objs[77]),/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
-&(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
-&(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
-&(nid_objs[139]),/* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
-&(nid_objs[458]),/* OBJ_userId                       0 9 2342 19200300 100 1 1 */
-&(nid_objs[459]),/* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
-&(nid_objs[460]),/* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
-&(nid_objs[461]),/* OBJ_info                         0 9 2342 19200300 100 1 4 */
-&(nid_objs[462]),/* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
-&(nid_objs[463]),/* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
-&(nid_objs[464]),/* OBJ_photo                        0 9 2342 19200300 100 1 7 */
-&(nid_objs[465]),/* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
-&(nid_objs[466]),/* OBJ_host                         0 9 2342 19200300 100 1 9 */
-&(nid_objs[467]),/* OBJ_manager                      0 9 2342 19200300 100 1 10 */
-&(nid_objs[468]),/* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
-&(nid_objs[469]),/* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
-&(nid_objs[470]),/* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
-&(nid_objs[471]),/* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
-&(nid_objs[472]),/* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
-&(nid_objs[473]),/* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
-&(nid_objs[474]),/* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
-&(nid_objs[475]),/* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
-&(nid_objs[476]),/* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
-&(nid_objs[477]),/* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
-&(nid_objs[391]),/* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
-&(nid_objs[478]),/* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
-&(nid_objs[479]),/* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
-&(nid_objs[480]),/* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
-&(nid_objs[481]),/* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
-&(nid_objs[482]),/* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
-&(nid_objs[483]),/* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
-&(nid_objs[484]),/* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
-&(nid_objs[485]),/* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
-&(nid_objs[486]),/* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
-&(nid_objs[487]),/* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
-&(nid_objs[488]),/* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
-&(nid_objs[489]),/* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
-&(nid_objs[490]),/* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
-&(nid_objs[491]),/* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
-&(nid_objs[492]),/* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
-&(nid_objs[493]),/* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
-&(nid_objs[494]),/* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
-&(nid_objs[495]),/* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
-&(nid_objs[496]),/* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
-&(nid_objs[497]),/* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
-&(nid_objs[498]),/* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
-&(nid_objs[499]),/* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
-&(nid_objs[500]),/* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
-&(nid_objs[501]),/* OBJ_audio                        0 9 2342 19200300 100 1 55 */
-&(nid_objs[502]),/* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
-&(nid_objs[442]),/* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
-&(nid_objs[443]),/* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
-&(nid_objs[444]),/* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
-&(nid_objs[445]),/* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
-&(nid_objs[446]),/* OBJ_account                      0 9 2342 19200300 100 4 5 */
-&(nid_objs[447]),/* OBJ_document                     0 9 2342 19200300 100 4 6 */
-&(nid_objs[448]),/* OBJ_room                         0 9 2342 19200300 100 4 7 */
-&(nid_objs[449]),/* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
-&(nid_objs[392]),/* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
-&(nid_objs[450]),/* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
-&(nid_objs[451]),/* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
-&(nid_objs[452]),/* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
-&(nid_objs[453]),/* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
-&(nid_objs[454]),/* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
-&(nid_objs[455]),/* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
-&(nid_objs[456]),/* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
-&(nid_objs[457]),/* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
-&(nid_objs[189]),/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
-&(nid_objs[190]),/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
-&(nid_objs[191]),/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
-&(nid_objs[192]),/* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
-&(nid_objs[193]),/* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
-&(nid_objs[194]),/* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
-&(nid_objs[195]),/* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
-&(nid_objs[158]),/* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
-&(nid_objs[159]),/* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
-&(nid_objs[160]),/* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
-&(nid_objs[144]),/* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
-&(nid_objs[145]),/* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
-&(nid_objs[146]),/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
-&(nid_objs[147]),/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
-&(nid_objs[148]),/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
-&(nid_objs[149]),/* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
-&(nid_objs[171]),/* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
-&(nid_objs[134]),/* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
-&(nid_objs[135]),/* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
-&(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
-&(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
-&(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
-&(nid_objs[648]),/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
-&(nid_objs[649]),/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
-&(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
-&(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
-&(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
-&(nid_objs[199]),/* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
-&(nid_objs[200]),/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
-&(nid_objs[201]),/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
-&(nid_objs[202]),/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
-&(nid_objs[203]),/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
-&(nid_objs[204]),/* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
-&(nid_objs[205]),/* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
-&(nid_objs[206]),/* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
-&(nid_objs[207]),/* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
-&(nid_objs[208]),/* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
-&(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
-&(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
-&(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
-&(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
-&(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
-&(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
-&(nid_objs[215]),/* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
-&(nid_objs[216]),/* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
-&(nid_objs[217]),/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
-&(nid_objs[218]),/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
-&(nid_objs[219]),/* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
-&(nid_objs[220]),/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
-&(nid_objs[221]),/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
-&(nid_objs[222]),/* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
-&(nid_objs[223]),/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
-&(nid_objs[224]),/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
-&(nid_objs[225]),/* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
-&(nid_objs[226]),/* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
-&(nid_objs[227]),/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
-&(nid_objs[228]),/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
-&(nid_objs[229]),/* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
-&(nid_objs[230]),/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
-&(nid_objs[231]),/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
-&(nid_objs[232]),/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
-&(nid_objs[233]),/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
-&(nid_objs[234]),/* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
-&(nid_objs[235]),/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
-&(nid_objs[236]),/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
-&(nid_objs[237]),/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
-&(nid_objs[238]),/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
-&(nid_objs[239]),/* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
-&(nid_objs[240]),/* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
-&(nid_objs[241]),/* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
-&(nid_objs[242]),/* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
-&(nid_objs[243]),/* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
-&(nid_objs[244]),/* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
-&(nid_objs[245]),/* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
-&(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
-&(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
-&(nid_objs[248]),/* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
-&(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
-&(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
-&(nid_objs[251]),/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
-&(nid_objs[252]),/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
-&(nid_objs[253]),/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
-&(nid_objs[254]),/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
-&(nid_objs[255]),/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
-&(nid_objs[256]),/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
-&(nid_objs[150]),/* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
-&(nid_objs[151]),/* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
-&(nid_objs[152]),/* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
-&(nid_objs[153]),/* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
-&(nid_objs[154]),/* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
-&(nid_objs[155]),/* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
-&(nid_objs[34]),/* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
-};
-
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.pl b/src/lib/libssl/src/crypto/objects/obj_dat.pl
index 5dfb84ea00..d0371661f9 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.pl
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.pl
@@ -1,5 +1,9 @@
 #!/usr/local/bin/perl
 
+# fixes bug in floating point emulation on sparc64 when
+# this script produces off-by-one output on sparc64
+use integer;
+
 sub obj_cmp
         {
         local(@a,@b,$_,$r);
diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.h b/src/lib/libssl/src/crypto/objects/obj_mac.h
deleted file mode 100644
index 7645012298..0000000000
--- a/src/lib/libssl/src/crypto/objects/obj_mac.h
+++ /dev/null
@@ -1,2868 +0,0 @@
-/* crypto/objects/obj_mac.h */
-
-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
- * following command:
- * perl objects.pl objects.txt obj_mac.num obj_mac.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define SN_undef                        "UNDEF"
-#define LN_undef                        "undefined"
-#define NID_undef                       0
-#define OBJ_undef                       0L
-
-#define SN_ccitt                "CCITT"
-#define LN_ccitt                "ccitt"
-#define NID_ccitt               404
-#define OBJ_ccitt               0L
-
-#define SN_iso          "ISO"
-#define LN_iso          "iso"
-#define NID_iso         181
-#define OBJ_iso         1L
-
-#define SN_joint_iso_ccitt              "JOINT-ISO-CCITT"
-#define LN_joint_iso_ccitt              "joint-iso-ccitt"
-#define NID_joint_iso_ccitt             393
-#define OBJ_joint_iso_ccitt             2L
-
-#define SN_member_body          "member-body"
-#define LN_member_body          "ISO Member Body"
-#define NID_member_body         182
-#define OBJ_member_body         OBJ_iso,2L
-
-#define SN_selected_attribute_types             "selected-attribute-types"
-#define LN_selected_attribute_types             "Selected Attribute Types"
-#define NID_selected_attribute_types            394
-#define OBJ_selected_attribute_types            OBJ_joint_iso_ccitt,5L,1L,5L
-
-#define SN_clearance            "clearance"
-#define NID_clearance           395
-#define OBJ_clearance           OBJ_selected_attribute_types,55L
-
-#define SN_ISO_US               "ISO-US"
-#define LN_ISO_US               "ISO US Member Body"
-#define NID_ISO_US              183
-#define OBJ_ISO_US              OBJ_member_body,840L
-
-#define SN_X9_57                "X9-57"
-#define LN_X9_57                "X9.57"
-#define NID_X9_57               184
-#define OBJ_X9_57               OBJ_ISO_US,10040L
-
-#define SN_X9cm         "X9cm"
-#define LN_X9cm         "X9.57 CM ?"
-#define NID_X9cm                185
-#define OBJ_X9cm                OBJ_X9_57,4L
-
-#define SN_dsa          "DSA"
-#define LN_dsa          "dsaEncryption"
-#define NID_dsa         116
-#define OBJ_dsa         OBJ_X9cm,1L
-
-#define SN_dsaWithSHA1          "DSA-SHA1"
-#define LN_dsaWithSHA1          "dsaWithSHA1"
-#define NID_dsaWithSHA1         113
-#define OBJ_dsaWithSHA1         OBJ_X9cm,3L
-
-#define SN_ansi_X9_62           "ansi-X9-62"
-#define LN_ansi_X9_62           "ANSI X9.62"
-#define NID_ansi_X9_62          405
-#define OBJ_ansi_X9_62          OBJ_ISO_US,10045L
-
-#define OBJ_X9_62_id_fieldType          OBJ_ansi_X9_62,1L
-
-#define SN_X9_62_prime_field            "prime-field"
-#define NID_X9_62_prime_field           406
-#define OBJ_X9_62_prime_field           OBJ_X9_62_id_fieldType,1L
-
-#define SN_X9_62_characteristic_two_field               "characteristic-two-field"
-#define NID_X9_62_characteristic_two_field              407
-#define OBJ_X9_62_characteristic_two_field              OBJ_X9_62_id_fieldType,2L
-
-#define OBJ_X9_62_id_publicKeyType              OBJ_ansi_X9_62,2L
-
-#define SN_X9_62_id_ecPublicKey         "id-ecPublicKey"
-#define NID_X9_62_id_ecPublicKey                408
-#define OBJ_X9_62_id_ecPublicKey                OBJ_X9_62_id_publicKeyType,1L
-
-#define OBJ_X9_62_ellipticCurve         OBJ_ansi_X9_62,3L
-
-#define OBJ_X9_62_c_TwoCurve            OBJ_X9_62_ellipticCurve,0L
-
-#define OBJ_X9_62_primeCurve            OBJ_X9_62_ellipticCurve,1L
-
-#define SN_X9_62_prime192v1             "prime192v1"
-#define NID_X9_62_prime192v1            409
-#define OBJ_X9_62_prime192v1            OBJ_X9_62_primeCurve,1L
-
-#define SN_X9_62_prime192v2             "prime192v2"
-#define NID_X9_62_prime192v2            410
-#define OBJ_X9_62_prime192v2            OBJ_X9_62_primeCurve,2L
-
-#define SN_X9_62_prime192v3             "prime192v3"
-#define NID_X9_62_prime192v3            411
-#define OBJ_X9_62_prime192v3            OBJ_X9_62_primeCurve,3L
-
-#define SN_X9_62_prime239v1             "prime239v1"
-#define NID_X9_62_prime239v1            412
-#define OBJ_X9_62_prime239v1            OBJ_X9_62_primeCurve,4L
-
-#define SN_X9_62_prime239v2             "prime239v2"
-#define NID_X9_62_prime239v2            413
-#define OBJ_X9_62_prime239v2            OBJ_X9_62_primeCurve,5L
-
-#define SN_X9_62_prime239v3             "prime239v3"
-#define NID_X9_62_prime239v3            414
-#define OBJ_X9_62_prime239v3            OBJ_X9_62_primeCurve,6L
-
-#define SN_X9_62_prime256v1             "prime256v1"
-#define NID_X9_62_prime256v1            415
-#define OBJ_X9_62_prime256v1            OBJ_X9_62_primeCurve,7L
-
-#define OBJ_X9_62_id_ecSigType          OBJ_ansi_X9_62,4L
-
-#define SN_ecdsa_with_SHA1              "ecdsa-with-SHA1"
-#define NID_ecdsa_with_SHA1             416
-#define OBJ_ecdsa_with_SHA1             OBJ_X9_62_id_ecSigType,1L
-
-#define SN_cast5_cbc            "CAST5-CBC"
-#define LN_cast5_cbc            "cast5-cbc"
-#define NID_cast5_cbc           108
-#define OBJ_cast5_cbc           OBJ_ISO_US,113533L,7L,66L,10L
-
-#define SN_cast5_ecb            "CAST5-ECB"
-#define LN_cast5_ecb            "cast5-ecb"
-#define NID_cast5_ecb           109
-
-#define SN_cast5_cfb64          "CAST5-CFB"
-#define LN_cast5_cfb64          "cast5-cfb"
-#define NID_cast5_cfb64         110
-
-#define SN_cast5_ofb64          "CAST5-OFB"
-#define LN_cast5_ofb64          "cast5-ofb"
-#define NID_cast5_ofb64         111
-
-#define LN_pbeWithMD5AndCast5_CBC               "pbeWithMD5AndCast5CBC"
-#define NID_pbeWithMD5AndCast5_CBC              112
-#define OBJ_pbeWithMD5AndCast5_CBC              OBJ_ISO_US,113533L,7L,66L,12L
-
-#define SN_rsadsi               "rsadsi"
-#define LN_rsadsi               "RSA Data Security, Inc."
-#define NID_rsadsi              1
-#define OBJ_rsadsi              OBJ_ISO_US,113549L
-
-#define SN_pkcs         "pkcs"
-#define LN_pkcs         "RSA Data Security, Inc. PKCS"
-#define NID_pkcs                2
-#define OBJ_pkcs                OBJ_rsadsi,1L
-
-#define SN_pkcs1                "pkcs1"
-#define NID_pkcs1               186
-#define OBJ_pkcs1               OBJ_pkcs,1L
-
-#define LN_rsaEncryption                "rsaEncryption"
-#define NID_rsaEncryption               6
-#define OBJ_rsaEncryption               OBJ_pkcs1,1L
-
-#define SN_md2WithRSAEncryption         "RSA-MD2"
-#define LN_md2WithRSAEncryption         "md2WithRSAEncryption"
-#define NID_md2WithRSAEncryption                7
-#define OBJ_md2WithRSAEncryption                OBJ_pkcs1,2L
-
-#define SN_md4WithRSAEncryption         "RSA-MD4"
-#define LN_md4WithRSAEncryption         "md4WithRSAEncryption"
-#define NID_md4WithRSAEncryption                396
-#define OBJ_md4WithRSAEncryption                OBJ_pkcs1,3L
-
-#define SN_md5WithRSAEncryption         "RSA-MD5"
-#define LN_md5WithRSAEncryption         "md5WithRSAEncryption"
-#define NID_md5WithRSAEncryption                8
-#define OBJ_md5WithRSAEncryption                OBJ_pkcs1,4L
-
-#define SN_sha1WithRSAEncryption                "RSA-SHA1"
-#define LN_sha1WithRSAEncryption                "sha1WithRSAEncryption"
-#define NID_sha1WithRSAEncryption               65
-#define OBJ_sha1WithRSAEncryption               OBJ_pkcs1,5L
-
-#define SN_pkcs3                "pkcs3"
-#define NID_pkcs3               27
-#define OBJ_pkcs3               OBJ_pkcs,3L
-
-#define LN_dhKeyAgreement               "dhKeyAgreement"
-#define NID_dhKeyAgreement              28
-#define OBJ_dhKeyAgreement              OBJ_pkcs3,1L
-
-#define SN_pkcs5                "pkcs5"
-#define NID_pkcs5               187
-#define OBJ_pkcs5               OBJ_pkcs,5L
-
-#define SN_pbeWithMD2AndDES_CBC         "PBE-MD2-DES"
-#define LN_pbeWithMD2AndDES_CBC         "pbeWithMD2AndDES-CBC"
-#define NID_pbeWithMD2AndDES_CBC                9
-#define OBJ_pbeWithMD2AndDES_CBC                OBJ_pkcs5,1L
-
-#define SN_pbeWithMD5AndDES_CBC         "PBE-MD5-DES"
-#define LN_pbeWithMD5AndDES_CBC         "pbeWithMD5AndDES-CBC"
-#define NID_pbeWithMD5AndDES_CBC                10
-#define OBJ_pbeWithMD5AndDES_CBC                OBJ_pkcs5,3L
-
-#define SN_pbeWithMD2AndRC2_CBC         "PBE-MD2-RC2-64"
-#define LN_pbeWithMD2AndRC2_CBC         "pbeWithMD2AndRC2-CBC"
-#define NID_pbeWithMD2AndRC2_CBC                168
-#define OBJ_pbeWithMD2AndRC2_CBC                OBJ_pkcs5,4L
-
-#define SN_pbeWithMD5AndRC2_CBC         "PBE-MD5-RC2-64"
-#define LN_pbeWithMD5AndRC2_CBC         "pbeWithMD5AndRC2-CBC"
-#define NID_pbeWithMD5AndRC2_CBC                169
-#define OBJ_pbeWithMD5AndRC2_CBC                OBJ_pkcs5,6L
-
-#define SN_pbeWithSHA1AndDES_CBC                "PBE-SHA1-DES"
-#define LN_pbeWithSHA1AndDES_CBC                "pbeWithSHA1AndDES-CBC"
-#define NID_pbeWithSHA1AndDES_CBC               170
-#define OBJ_pbeWithSHA1AndDES_CBC               OBJ_pkcs5,10L
-
-#define SN_pbeWithSHA1AndRC2_CBC                "PBE-SHA1-RC2-64"
-#define LN_pbeWithSHA1AndRC2_CBC                "pbeWithSHA1AndRC2-CBC"
-#define NID_pbeWithSHA1AndRC2_CBC               68
-#define OBJ_pbeWithSHA1AndRC2_CBC               OBJ_pkcs5,11L
-
-#define LN_id_pbkdf2            "PBKDF2"
-#define NID_id_pbkdf2           69
-#define OBJ_id_pbkdf2           OBJ_pkcs5,12L
-
-#define LN_pbes2                "PBES2"
-#define NID_pbes2               161
-#define OBJ_pbes2               OBJ_pkcs5,13L
-
-#define LN_pbmac1               "PBMAC1"
-#define NID_pbmac1              162
-#define OBJ_pbmac1              OBJ_pkcs5,14L
-
-#define SN_pkcs7                "pkcs7"
-#define NID_pkcs7               20
-#define OBJ_pkcs7               OBJ_pkcs,7L
-
-#define LN_pkcs7_data           "pkcs7-data"
-#define NID_pkcs7_data          21
-#define OBJ_pkcs7_data          OBJ_pkcs7,1L
-
-#define LN_pkcs7_signed         "pkcs7-signedData"
-#define NID_pkcs7_signed                22
-#define OBJ_pkcs7_signed                OBJ_pkcs7,2L
-
-#define LN_pkcs7_enveloped              "pkcs7-envelopedData"
-#define NID_pkcs7_enveloped             23
-#define OBJ_pkcs7_enveloped             OBJ_pkcs7,3L
-
-#define LN_pkcs7_signedAndEnveloped             "pkcs7-signedAndEnvelopedData"
-#define NID_pkcs7_signedAndEnveloped            24
-#define OBJ_pkcs7_signedAndEnveloped            OBJ_pkcs7,4L
-
-#define LN_pkcs7_digest         "pkcs7-digestData"
-#define NID_pkcs7_digest                25
-#define OBJ_pkcs7_digest                OBJ_pkcs7,5L
-
-#define LN_pkcs7_encrypted              "pkcs7-encryptedData"
-#define NID_pkcs7_encrypted             26
-#define OBJ_pkcs7_encrypted             OBJ_pkcs7,6L
-
-#define SN_pkcs9                "pkcs9"
-#define NID_pkcs9               47
-#define OBJ_pkcs9               OBJ_pkcs,9L
-
-#define LN_pkcs9_emailAddress           "emailAddress"
-#define NID_pkcs9_emailAddress          48
-#define OBJ_pkcs9_emailAddress          OBJ_pkcs9,1L
-
-#define LN_pkcs9_unstructuredName               "unstructuredName"
-#define NID_pkcs9_unstructuredName              49
-#define OBJ_pkcs9_unstructuredName              OBJ_pkcs9,2L
-
-#define LN_pkcs9_contentType            "contentType"
-#define NID_pkcs9_contentType           50
-#define OBJ_pkcs9_contentType           OBJ_pkcs9,3L
-
-#define LN_pkcs9_messageDigest          "messageDigest"
-#define NID_pkcs9_messageDigest         51
-#define OBJ_pkcs9_messageDigest         OBJ_pkcs9,4L
-
-#define LN_pkcs9_signingTime            "signingTime"
-#define NID_pkcs9_signingTime           52
-#define OBJ_pkcs9_signingTime           OBJ_pkcs9,5L
-
-#define LN_pkcs9_countersignature               "countersignature"
-#define NID_pkcs9_countersignature              53
-#define OBJ_pkcs9_countersignature              OBJ_pkcs9,6L
-
-#define LN_pkcs9_challengePassword              "challengePassword"
-#define NID_pkcs9_challengePassword             54
-#define OBJ_pkcs9_challengePassword             OBJ_pkcs9,7L
-
-#define LN_pkcs9_unstructuredAddress            "unstructuredAddress"
-#define NID_pkcs9_unstructuredAddress           55
-#define OBJ_pkcs9_unstructuredAddress           OBJ_pkcs9,8L
-
-#define LN_pkcs9_extCertAttributes              "extendedCertificateAttributes"
-#define NID_pkcs9_extCertAttributes             56
-#define OBJ_pkcs9_extCertAttributes             OBJ_pkcs9,9L
-
-#define SN_ext_req              "extReq"
-#define LN_ext_req              "Extension Request"
-#define NID_ext_req             172
-#define OBJ_ext_req             OBJ_pkcs9,14L
-
-#define SN_SMIMECapabilities            "SMIME-CAPS"
-#define LN_SMIMECapabilities            "S/MIME Capabilities"
-#define NID_SMIMECapabilities           167
-#define OBJ_SMIMECapabilities           OBJ_pkcs9,15L
-
-#define SN_SMIME                "SMIME"
-#define LN_SMIME                "S/MIME"
-#define NID_SMIME               188
-#define OBJ_SMIME               OBJ_pkcs9,16L
-
-#define SN_id_smime_mod         "id-smime-mod"
-#define NID_id_smime_mod                189
-#define OBJ_id_smime_mod                OBJ_SMIME,0L
-
-#define SN_id_smime_ct          "id-smime-ct"
-#define NID_id_smime_ct         190
-#define OBJ_id_smime_ct         OBJ_SMIME,1L
-
-#define SN_id_smime_aa          "id-smime-aa"
-#define NID_id_smime_aa         191
-#define OBJ_id_smime_aa         OBJ_SMIME,2L
-
-#define SN_id_smime_alg         "id-smime-alg"
-#define NID_id_smime_alg                192
-#define OBJ_id_smime_alg                OBJ_SMIME,3L
-
-#define SN_id_smime_cd          "id-smime-cd"
-#define NID_id_smime_cd         193
-#define OBJ_id_smime_cd         OBJ_SMIME,4L
-
-#define SN_id_smime_spq         "id-smime-spq"
-#define NID_id_smime_spq                194
-#define OBJ_id_smime_spq                OBJ_SMIME,5L
-
-#define SN_id_smime_cti         "id-smime-cti"
-#define NID_id_smime_cti                195
-#define OBJ_id_smime_cti                OBJ_SMIME,6L
-
-#define SN_id_smime_mod_cms             "id-smime-mod-cms"
-#define NID_id_smime_mod_cms            196
-#define OBJ_id_smime_mod_cms            OBJ_id_smime_mod,1L
-
-#define SN_id_smime_mod_ess             "id-smime-mod-ess"
-#define NID_id_smime_mod_ess            197
-#define OBJ_id_smime_mod_ess            OBJ_id_smime_mod,2L
-
-#define SN_id_smime_mod_oid             "id-smime-mod-oid"
-#define NID_id_smime_mod_oid            198
-#define OBJ_id_smime_mod_oid            OBJ_id_smime_mod,3L
-
-#define SN_id_smime_mod_msg_v3          "id-smime-mod-msg-v3"
-#define NID_id_smime_mod_msg_v3         199
-#define OBJ_id_smime_mod_msg_v3         OBJ_id_smime_mod,4L
-
-#define SN_id_smime_mod_ets_eSignature_88               "id-smime-mod-ets-eSignature-88"
-#define NID_id_smime_mod_ets_eSignature_88              200
-#define OBJ_id_smime_mod_ets_eSignature_88              OBJ_id_smime_mod,5L
-
-#define SN_id_smime_mod_ets_eSignature_97               "id-smime-mod-ets-eSignature-97"
-#define NID_id_smime_mod_ets_eSignature_97              201
-#define OBJ_id_smime_mod_ets_eSignature_97              OBJ_id_smime_mod,6L
-
-#define SN_id_smime_mod_ets_eSigPolicy_88               "id-smime-mod-ets-eSigPolicy-88"
-#define NID_id_smime_mod_ets_eSigPolicy_88              202
-#define OBJ_id_smime_mod_ets_eSigPolicy_88              OBJ_id_smime_mod,7L
-
-#define SN_id_smime_mod_ets_eSigPolicy_97               "id-smime-mod-ets-eSigPolicy-97"
-#define NID_id_smime_mod_ets_eSigPolicy_97              203
-#define OBJ_id_smime_mod_ets_eSigPolicy_97              OBJ_id_smime_mod,8L
-
-#define SN_id_smime_ct_receipt          "id-smime-ct-receipt"
-#define NID_id_smime_ct_receipt         204
-#define OBJ_id_smime_ct_receipt         OBJ_id_smime_ct,1L
-
-#define SN_id_smime_ct_authData         "id-smime-ct-authData"
-#define NID_id_smime_ct_authData                205
-#define OBJ_id_smime_ct_authData                OBJ_id_smime_ct,2L
-
-#define SN_id_smime_ct_publishCert              "id-smime-ct-publishCert"
-#define NID_id_smime_ct_publishCert             206
-#define OBJ_id_smime_ct_publishCert             OBJ_id_smime_ct,3L
-
-#define SN_id_smime_ct_TSTInfo          "id-smime-ct-TSTInfo"
-#define NID_id_smime_ct_TSTInfo         207
-#define OBJ_id_smime_ct_TSTInfo         OBJ_id_smime_ct,4L
-
-#define SN_id_smime_ct_TDTInfo          "id-smime-ct-TDTInfo"
-#define NID_id_smime_ct_TDTInfo         208
-#define OBJ_id_smime_ct_TDTInfo         OBJ_id_smime_ct,5L
-
-#define SN_id_smime_ct_contentInfo              "id-smime-ct-contentInfo"
-#define NID_id_smime_ct_contentInfo             209
-#define OBJ_id_smime_ct_contentInfo             OBJ_id_smime_ct,6L
-
-#define SN_id_smime_ct_DVCSRequestData          "id-smime-ct-DVCSRequestData"
-#define NID_id_smime_ct_DVCSRequestData         210
-#define OBJ_id_smime_ct_DVCSRequestData         OBJ_id_smime_ct,7L
-
-#define SN_id_smime_ct_DVCSResponseData         "id-smime-ct-DVCSResponseData"
-#define NID_id_smime_ct_DVCSResponseData                211
-#define OBJ_id_smime_ct_DVCSResponseData                OBJ_id_smime_ct,8L
-
-#define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
-#define NID_id_smime_aa_receiptRequest          212
-#define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
-
-#define SN_id_smime_aa_securityLabel            "id-smime-aa-securityLabel"
-#define NID_id_smime_aa_securityLabel           213
-#define OBJ_id_smime_aa_securityLabel           OBJ_id_smime_aa,2L
-
-#define SN_id_smime_aa_mlExpandHistory          "id-smime-aa-mlExpandHistory"
-#define NID_id_smime_aa_mlExpandHistory         214
-#define OBJ_id_smime_aa_mlExpandHistory         OBJ_id_smime_aa,3L
-
-#define SN_id_smime_aa_contentHint              "id-smime-aa-contentHint"
-#define NID_id_smime_aa_contentHint             215
-#define OBJ_id_smime_aa_contentHint             OBJ_id_smime_aa,4L
-
-#define SN_id_smime_aa_msgSigDigest             "id-smime-aa-msgSigDigest"
-#define NID_id_smime_aa_msgSigDigest            216
-#define OBJ_id_smime_aa_msgSigDigest            OBJ_id_smime_aa,5L
-
-#define SN_id_smime_aa_encapContentType         "id-smime-aa-encapContentType"
-#define NID_id_smime_aa_encapContentType                217
-#define OBJ_id_smime_aa_encapContentType                OBJ_id_smime_aa,6L
-
-#define SN_id_smime_aa_contentIdentifier                "id-smime-aa-contentIdentifier"
-#define NID_id_smime_aa_contentIdentifier               218
-#define OBJ_id_smime_aa_contentIdentifier               OBJ_id_smime_aa,7L
-
-#define SN_id_smime_aa_macValue         "id-smime-aa-macValue"
-#define NID_id_smime_aa_macValue                219
-#define OBJ_id_smime_aa_macValue                OBJ_id_smime_aa,8L
-
-#define SN_id_smime_aa_equivalentLabels         "id-smime-aa-equivalentLabels"
-#define NID_id_smime_aa_equivalentLabels                220
-#define OBJ_id_smime_aa_equivalentLabels                OBJ_id_smime_aa,9L
-
-#define SN_id_smime_aa_contentReference         "id-smime-aa-contentReference"
-#define NID_id_smime_aa_contentReference                221
-#define OBJ_id_smime_aa_contentReference                OBJ_id_smime_aa,10L
-
-#define SN_id_smime_aa_encrypKeyPref            "id-smime-aa-encrypKeyPref"
-#define NID_id_smime_aa_encrypKeyPref           222
-#define OBJ_id_smime_aa_encrypKeyPref           OBJ_id_smime_aa,11L
-
-#define SN_id_smime_aa_signingCertificate               "id-smime-aa-signingCertificate"
-#define NID_id_smime_aa_signingCertificate              223
-#define OBJ_id_smime_aa_signingCertificate              OBJ_id_smime_aa,12L
-
-#define SN_id_smime_aa_smimeEncryptCerts                "id-smime-aa-smimeEncryptCerts"
-#define NID_id_smime_aa_smimeEncryptCerts               224
-#define OBJ_id_smime_aa_smimeEncryptCerts               OBJ_id_smime_aa,13L
-
-#define SN_id_smime_aa_timeStampToken           "id-smime-aa-timeStampToken"
-#define NID_id_smime_aa_timeStampToken          225
-#define OBJ_id_smime_aa_timeStampToken          OBJ_id_smime_aa,14L
-
-#define SN_id_smime_aa_ets_sigPolicyId          "id-smime-aa-ets-sigPolicyId"
-#define NID_id_smime_aa_ets_sigPolicyId         226
-#define OBJ_id_smime_aa_ets_sigPolicyId         OBJ_id_smime_aa,15L
-
-#define SN_id_smime_aa_ets_commitmentType               "id-smime-aa-ets-commitmentType"
-#define NID_id_smime_aa_ets_commitmentType              227
-#define OBJ_id_smime_aa_ets_commitmentType              OBJ_id_smime_aa,16L
-
-#define SN_id_smime_aa_ets_signerLocation               "id-smime-aa-ets-signerLocation"
-#define NID_id_smime_aa_ets_signerLocation              228
-#define OBJ_id_smime_aa_ets_signerLocation              OBJ_id_smime_aa,17L
-
-#define SN_id_smime_aa_ets_signerAttr           "id-smime-aa-ets-signerAttr"
-#define NID_id_smime_aa_ets_signerAttr          229
-#define OBJ_id_smime_aa_ets_signerAttr          OBJ_id_smime_aa,18L
-
-#define SN_id_smime_aa_ets_otherSigCert         "id-smime-aa-ets-otherSigCert"
-#define NID_id_smime_aa_ets_otherSigCert                230
-#define OBJ_id_smime_aa_ets_otherSigCert                OBJ_id_smime_aa,19L
-
-#define SN_id_smime_aa_ets_contentTimestamp             "id-smime-aa-ets-contentTimestamp"
-#define NID_id_smime_aa_ets_contentTimestamp            231
-#define OBJ_id_smime_aa_ets_contentTimestamp            OBJ_id_smime_aa,20L
-
-#define SN_id_smime_aa_ets_CertificateRefs              "id-smime-aa-ets-CertificateRefs"
-#define NID_id_smime_aa_ets_CertificateRefs             232
-#define OBJ_id_smime_aa_ets_CertificateRefs             OBJ_id_smime_aa,21L
-
-#define SN_id_smime_aa_ets_RevocationRefs               "id-smime-aa-ets-RevocationRefs"
-#define NID_id_smime_aa_ets_RevocationRefs              233
-#define OBJ_id_smime_aa_ets_RevocationRefs              OBJ_id_smime_aa,22L
-
-#define SN_id_smime_aa_ets_certValues           "id-smime-aa-ets-certValues"
-#define NID_id_smime_aa_ets_certValues          234
-#define OBJ_id_smime_aa_ets_certValues          OBJ_id_smime_aa,23L
-
-#define SN_id_smime_aa_ets_revocationValues             "id-smime-aa-ets-revocationValues"
-#define NID_id_smime_aa_ets_revocationValues            235
-#define OBJ_id_smime_aa_ets_revocationValues            OBJ_id_smime_aa,24L
-
-#define SN_id_smime_aa_ets_escTimeStamp         "id-smime-aa-ets-escTimeStamp"
-#define NID_id_smime_aa_ets_escTimeStamp                236
-#define OBJ_id_smime_aa_ets_escTimeStamp                OBJ_id_smime_aa,25L
-
-#define SN_id_smime_aa_ets_certCRLTimestamp             "id-smime-aa-ets-certCRLTimestamp"
-#define NID_id_smime_aa_ets_certCRLTimestamp            237
-#define OBJ_id_smime_aa_ets_certCRLTimestamp            OBJ_id_smime_aa,26L
-
-#define SN_id_smime_aa_ets_archiveTimeStamp             "id-smime-aa-ets-archiveTimeStamp"
-#define NID_id_smime_aa_ets_archiveTimeStamp            238
-#define OBJ_id_smime_aa_ets_archiveTimeStamp            OBJ_id_smime_aa,27L
-
-#define SN_id_smime_aa_signatureType            "id-smime-aa-signatureType"
-#define NID_id_smime_aa_signatureType           239
-#define OBJ_id_smime_aa_signatureType           OBJ_id_smime_aa,28L
-
-#define SN_id_smime_aa_dvcs_dvc         "id-smime-aa-dvcs-dvc"
-#define NID_id_smime_aa_dvcs_dvc                240
-#define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
-
-#define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
-#define NID_id_smime_alg_ESDHwith3DES           241
-#define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
-
-#define SN_id_smime_alg_ESDHwithRC2             "id-smime-alg-ESDHwithRC2"
-#define NID_id_smime_alg_ESDHwithRC2            242
-#define OBJ_id_smime_alg_ESDHwithRC2            OBJ_id_smime_alg,2L
-
-#define SN_id_smime_alg_3DESwrap                "id-smime-alg-3DESwrap"
-#define NID_id_smime_alg_3DESwrap               243
-#define OBJ_id_smime_alg_3DESwrap               OBJ_id_smime_alg,3L
-
-#define SN_id_smime_alg_RC2wrap         "id-smime-alg-RC2wrap"
-#define NID_id_smime_alg_RC2wrap                244
-#define OBJ_id_smime_alg_RC2wrap                OBJ_id_smime_alg,4L
-
-#define SN_id_smime_alg_ESDH            "id-smime-alg-ESDH"
-#define NID_id_smime_alg_ESDH           245
-#define OBJ_id_smime_alg_ESDH           OBJ_id_smime_alg,5L
-
-#define SN_id_smime_alg_CMS3DESwrap             "id-smime-alg-CMS3DESwrap"
-#define NID_id_smime_alg_CMS3DESwrap            246
-#define OBJ_id_smime_alg_CMS3DESwrap            OBJ_id_smime_alg,6L
-
-#define SN_id_smime_alg_CMSRC2wrap              "id-smime-alg-CMSRC2wrap"
-#define NID_id_smime_alg_CMSRC2wrap             247
-#define OBJ_id_smime_alg_CMSRC2wrap             OBJ_id_smime_alg,7L
-
-#define SN_id_smime_cd_ldap             "id-smime-cd-ldap"
-#define NID_id_smime_cd_ldap            248
-#define OBJ_id_smime_cd_ldap            OBJ_id_smime_cd,1L
-
-#define SN_id_smime_spq_ets_sqt_uri             "id-smime-spq-ets-sqt-uri"
-#define NID_id_smime_spq_ets_sqt_uri            249
-#define OBJ_id_smime_spq_ets_sqt_uri            OBJ_id_smime_spq,1L
-
-#define SN_id_smime_spq_ets_sqt_unotice         "id-smime-spq-ets-sqt-unotice"
-#define NID_id_smime_spq_ets_sqt_unotice                250
-#define OBJ_id_smime_spq_ets_sqt_unotice                OBJ_id_smime_spq,2L
-
-#define SN_id_smime_cti_ets_proofOfOrigin               "id-smime-cti-ets-proofOfOrigin"
-#define NID_id_smime_cti_ets_proofOfOrigin              251
-#define OBJ_id_smime_cti_ets_proofOfOrigin              OBJ_id_smime_cti,1L
-
-#define SN_id_smime_cti_ets_proofOfReceipt              "id-smime-cti-ets-proofOfReceipt"
-#define NID_id_smime_cti_ets_proofOfReceipt             252
-#define OBJ_id_smime_cti_ets_proofOfReceipt             OBJ_id_smime_cti,2L
-
-#define SN_id_smime_cti_ets_proofOfDelivery             "id-smime-cti-ets-proofOfDelivery"
-#define NID_id_smime_cti_ets_proofOfDelivery            253
-#define OBJ_id_smime_cti_ets_proofOfDelivery            OBJ_id_smime_cti,3L
-
-#define SN_id_smime_cti_ets_proofOfSender               "id-smime-cti-ets-proofOfSender"
-#define NID_id_smime_cti_ets_proofOfSender              254
-#define OBJ_id_smime_cti_ets_proofOfSender              OBJ_id_smime_cti,4L
-
-#define SN_id_smime_cti_ets_proofOfApproval             "id-smime-cti-ets-proofOfApproval"
-#define NID_id_smime_cti_ets_proofOfApproval            255
-#define OBJ_id_smime_cti_ets_proofOfApproval            OBJ_id_smime_cti,5L
-
-#define SN_id_smime_cti_ets_proofOfCreation             "id-smime-cti-ets-proofOfCreation"
-#define NID_id_smime_cti_ets_proofOfCreation            256
-#define OBJ_id_smime_cti_ets_proofOfCreation            OBJ_id_smime_cti,6L
-
-#define LN_friendlyName         "friendlyName"
-#define NID_friendlyName                156
-#define OBJ_friendlyName                OBJ_pkcs9,20L
-
-#define LN_localKeyID           "localKeyID"
-#define NID_localKeyID          157
-#define OBJ_localKeyID          OBJ_pkcs9,21L
-
-#define SN_ms_csp_name          "CSPName"
-#define LN_ms_csp_name          "Microsoft CSP Name"
-#define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
-
-#define OBJ_certTypes           OBJ_pkcs9,22L
-
-#define LN_x509Certificate              "x509Certificate"
-#define NID_x509Certificate             158
-#define OBJ_x509Certificate             OBJ_certTypes,1L
-
-#define LN_sdsiCertificate              "sdsiCertificate"
-#define NID_sdsiCertificate             159
-#define OBJ_sdsiCertificate             OBJ_certTypes,2L
-
-#define OBJ_crlTypes            OBJ_pkcs9,23L
-
-#define LN_x509Crl              "x509Crl"
-#define NID_x509Crl             160
-#define OBJ_x509Crl             OBJ_crlTypes,1L
-
-#define OBJ_pkcs12              OBJ_pkcs,12L
-
-#define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
-
-#define SN_pbe_WithSHA1And128BitRC4             "PBE-SHA1-RC4-128"
-#define LN_pbe_WithSHA1And128BitRC4             "pbeWithSHA1And128BitRC4"
-#define NID_pbe_WithSHA1And128BitRC4            144
-#define OBJ_pbe_WithSHA1And128BitRC4            OBJ_pkcs12_pbeids,1L
-
-#define SN_pbe_WithSHA1And40BitRC4              "PBE-SHA1-RC4-40"
-#define LN_pbe_WithSHA1And40BitRC4              "pbeWithSHA1And40BitRC4"
-#define NID_pbe_WithSHA1And40BitRC4             145
-#define OBJ_pbe_WithSHA1And40BitRC4             OBJ_pkcs12_pbeids,2L
-
-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC           "PBE-SHA1-3DES"
-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC           "pbeWithSHA1And3-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC          146
-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,3L
-
-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC           "PBE-SHA1-2DES"
-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC           "pbeWithSHA1And2-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC          147
-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,4L
-
-#define SN_pbe_WithSHA1And128BitRC2_CBC         "PBE-SHA1-RC2-128"
-#define LN_pbe_WithSHA1And128BitRC2_CBC         "pbeWithSHA1And128BitRC2-CBC"
-#define NID_pbe_WithSHA1And128BitRC2_CBC                148
-#define OBJ_pbe_WithSHA1And128BitRC2_CBC                OBJ_pkcs12_pbeids,5L
-
-#define SN_pbe_WithSHA1And40BitRC2_CBC          "PBE-SHA1-RC2-40"
-#define LN_pbe_WithSHA1And40BitRC2_CBC          "pbeWithSHA1And40BitRC2-CBC"
-#define NID_pbe_WithSHA1And40BitRC2_CBC         149
-#define OBJ_pbe_WithSHA1And40BitRC2_CBC         OBJ_pkcs12_pbeids,6L
-
-#define OBJ_pkcs12_Version1             OBJ_pkcs12,10L
-
-#define OBJ_pkcs12_BagIds               OBJ_pkcs12_Version1,1L
-
-#define LN_keyBag               "keyBag"
-#define NID_keyBag              150
-#define OBJ_keyBag              OBJ_pkcs12_BagIds,1L
-
-#define LN_pkcs8ShroudedKeyBag          "pkcs8ShroudedKeyBag"
-#define NID_pkcs8ShroudedKeyBag         151
-#define OBJ_pkcs8ShroudedKeyBag         OBJ_pkcs12_BagIds,2L
-
-#define LN_certBag              "certBag"
-#define NID_certBag             152
-#define OBJ_certBag             OBJ_pkcs12_BagIds,3L
-
-#define LN_crlBag               "crlBag"
-#define NID_crlBag              153
-#define OBJ_crlBag              OBJ_pkcs12_BagIds,4L
-
-#define LN_secretBag            "secretBag"
-#define NID_secretBag           154
-#define OBJ_secretBag           OBJ_pkcs12_BagIds,5L
-
-#define LN_safeContentsBag              "safeContentsBag"
-#define NID_safeContentsBag             155
-#define OBJ_safeContentsBag             OBJ_pkcs12_BagIds,6L
-
-#define SN_md2          "MD2"
-#define LN_md2          "md2"
-#define NID_md2         3
-#define OBJ_md2         OBJ_rsadsi,2L,2L
-
-#define SN_md4          "MD4"
-#define LN_md4          "md4"
-#define NID_md4         257
-#define OBJ_md4         OBJ_rsadsi,2L,4L
-
-#define SN_md5          "MD5"
-#define LN_md5          "md5"
-#define NID_md5         4
-#define OBJ_md5         OBJ_rsadsi,2L,5L
-
-#define SN_md5_sha1             "MD5-SHA1"
-#define LN_md5_sha1             "md5-sha1"
-#define NID_md5_sha1            114
-
-#define LN_hmacWithSHA1         "hmacWithSHA1"
-#define NID_hmacWithSHA1                163
-#define OBJ_hmacWithSHA1                OBJ_rsadsi,2L,7L
-
-#define SN_rc2_cbc              "RC2-CBC"
-#define LN_rc2_cbc              "rc2-cbc"
-#define NID_rc2_cbc             37
-#define OBJ_rc2_cbc             OBJ_rsadsi,3L,2L
-
-#define SN_rc2_ecb              "RC2-ECB"
-#define LN_rc2_ecb              "rc2-ecb"
-#define NID_rc2_ecb             38
-
-#define SN_rc2_cfb64            "RC2-CFB"
-#define LN_rc2_cfb64            "rc2-cfb"
-#define NID_rc2_cfb64           39
-
-#define SN_rc2_ofb64            "RC2-OFB"
-#define LN_rc2_ofb64            "rc2-ofb"
-#define NID_rc2_ofb64           40
-
-#define SN_rc2_40_cbc           "RC2-40-CBC"
-#define LN_rc2_40_cbc           "rc2-40-cbc"
-#define NID_rc2_40_cbc          98
-
-#define SN_rc2_64_cbc           "RC2-64-CBC"
-#define LN_rc2_64_cbc           "rc2-64-cbc"
-#define NID_rc2_64_cbc          166
-
-#define SN_rc4          "RC4"
-#define LN_rc4          "rc4"
-#define NID_rc4         5
-#define OBJ_rc4         OBJ_rsadsi,3L,4L
-
-#define SN_rc4_40               "RC4-40"
-#define LN_rc4_40               "rc4-40"
-#define NID_rc4_40              97
-
-#define SN_des_ede3_cbc         "DES-EDE3-CBC"
-#define LN_des_ede3_cbc         "des-ede3-cbc"
-#define NID_des_ede3_cbc                44
-#define OBJ_des_ede3_cbc                OBJ_rsadsi,3L,7L
-
-#define SN_rc5_cbc              "RC5-CBC"
-#define LN_rc5_cbc              "rc5-cbc"
-#define NID_rc5_cbc             120
-#define OBJ_rc5_cbc             OBJ_rsadsi,3L,8L
-
-#define SN_rc5_ecb              "RC5-ECB"
-#define LN_rc5_ecb              "rc5-ecb"
-#define NID_rc5_ecb             121
-
-#define SN_rc5_cfb64            "RC5-CFB"
-#define LN_rc5_cfb64            "rc5-cfb"
-#define NID_rc5_cfb64           122
-
-#define SN_rc5_ofb64            "RC5-OFB"
-#define LN_rc5_ofb64            "rc5-ofb"
-#define NID_rc5_ofb64           123
-
-#define SN_ms_ext_req           "msExtReq"
-#define LN_ms_ext_req           "Microsoft Extension Request"
-#define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
-
-#define SN_ms_code_ind          "msCodeInd"
-#define LN_ms_code_ind          "Microsoft Individual Code Signing"
-#define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
-
-#define SN_ms_code_com          "msCodeCom"
-#define LN_ms_code_com          "Microsoft Commercial Code Signing"
-#define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
-
-#define SN_ms_ctl_sign          "msCTLSign"
-#define LN_ms_ctl_sign          "Microsoft Trust List Signing"
-#define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
-
-#define SN_ms_sgc               "msSGC"
-#define LN_ms_sgc               "Microsoft Server Gated Crypto"
-#define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
-
-#define SN_ms_efs               "msEFS"
-#define LN_ms_efs               "Microsoft Encrypted File System"
-#define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
-
-#define SN_ms_smartcard_login           "msSmartcardLogin"
-#define LN_ms_smartcard_login           "Microsoft Smartcardlogin"
-#define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
-
-#define SN_ms_upn               "msUPN"
-#define LN_ms_upn               "Microsoft Universal Principal Name"
-#define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
-
-#define SN_idea_cbc             "IDEA-CBC"
-#define LN_idea_cbc             "idea-cbc"
-#define NID_idea_cbc            34
-#define OBJ_idea_cbc            1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
-
-#define SN_idea_ecb             "IDEA-ECB"
-#define LN_idea_ecb             "idea-ecb"
-#define NID_idea_ecb            36
-
-#define SN_idea_cfb64           "IDEA-CFB"
-#define LN_idea_cfb64           "idea-cfb"
-#define NID_idea_cfb64          35
-
-#define SN_idea_ofb64           "IDEA-OFB"
-#define LN_idea_ofb64           "idea-ofb"
-#define NID_idea_ofb64          46
-
-#define SN_bf_cbc               "BF-CBC"
-#define LN_bf_cbc               "bf-cbc"
-#define NID_bf_cbc              91
-#define OBJ_bf_cbc              1L,3L,6L,1L,4L,1L,3029L,1L,2L
-
-#define SN_bf_ecb               "BF-ECB"
-#define LN_bf_ecb               "bf-ecb"
-#define NID_bf_ecb              92
-
-#define SN_bf_cfb64             "BF-CFB"
-#define LN_bf_cfb64             "bf-cfb"
-#define NID_bf_cfb64            93
-
-#define SN_bf_ofb64             "BF-OFB"
-#define LN_bf_ofb64             "bf-ofb"
-#define NID_bf_ofb64            94
-
-#define SN_id_pkix              "PKIX"
-#define NID_id_pkix             127
-#define OBJ_id_pkix             1L,3L,6L,1L,5L,5L,7L
-
-#define SN_id_pkix_mod          "id-pkix-mod"
-#define NID_id_pkix_mod         258
-#define OBJ_id_pkix_mod         OBJ_id_pkix,0L
-
-#define SN_id_pe                "id-pe"
-#define NID_id_pe               175
-#define OBJ_id_pe               OBJ_id_pkix,1L
-
-#define SN_id_qt                "id-qt"
-#define NID_id_qt               259
-#define OBJ_id_qt               OBJ_id_pkix,2L
-
-#define SN_id_kp                "id-kp"
-#define NID_id_kp               128
-#define OBJ_id_kp               OBJ_id_pkix,3L
-
-#define SN_id_it                "id-it"
-#define NID_id_it               260
-#define OBJ_id_it               OBJ_id_pkix,4L
-
-#define SN_id_pkip              "id-pkip"
-#define NID_id_pkip             261
-#define OBJ_id_pkip             OBJ_id_pkix,5L
-
-#define SN_id_alg               "id-alg"
-#define NID_id_alg              262
-#define OBJ_id_alg              OBJ_id_pkix,6L
-
-#define SN_id_cmc               "id-cmc"
-#define NID_id_cmc              263
-#define OBJ_id_cmc              OBJ_id_pkix,7L
-
-#define SN_id_on                "id-on"
-#define NID_id_on               264
-#define OBJ_id_on               OBJ_id_pkix,8L
-
-#define SN_id_pda               "id-pda"
-#define NID_id_pda              265
-#define OBJ_id_pda              OBJ_id_pkix,9L
-
-#define SN_id_aca               "id-aca"
-#define NID_id_aca              266
-#define OBJ_id_aca              OBJ_id_pkix,10L
-
-#define SN_id_qcs               "id-qcs"
-#define NID_id_qcs              267
-#define OBJ_id_qcs              OBJ_id_pkix,11L
-
-#define SN_id_cct               "id-cct"
-#define NID_id_cct              268
-#define OBJ_id_cct              OBJ_id_pkix,12L
-
-#define SN_id_ad                "id-ad"
-#define NID_id_ad               176
-#define OBJ_id_ad               OBJ_id_pkix,48L
-
-#define SN_id_pkix1_explicit_88         "id-pkix1-explicit-88"
-#define NID_id_pkix1_explicit_88                269
-#define OBJ_id_pkix1_explicit_88                OBJ_id_pkix_mod,1L
-
-#define SN_id_pkix1_implicit_88         "id-pkix1-implicit-88"
-#define NID_id_pkix1_implicit_88                270
-#define OBJ_id_pkix1_implicit_88                OBJ_id_pkix_mod,2L
-
-#define SN_id_pkix1_explicit_93         "id-pkix1-explicit-93"
-#define NID_id_pkix1_explicit_93                271
-#define OBJ_id_pkix1_explicit_93                OBJ_id_pkix_mod,3L
-
-#define SN_id_pkix1_implicit_93         "id-pkix1-implicit-93"
-#define NID_id_pkix1_implicit_93                272
-#define OBJ_id_pkix1_implicit_93                OBJ_id_pkix_mod,4L
-
-#define SN_id_mod_crmf          "id-mod-crmf"
-#define NID_id_mod_crmf         273
-#define OBJ_id_mod_crmf         OBJ_id_pkix_mod,5L
-
-#define SN_id_mod_cmc           "id-mod-cmc"
-#define NID_id_mod_cmc          274
-#define OBJ_id_mod_cmc          OBJ_id_pkix_mod,6L
-
-#define SN_id_mod_kea_profile_88                "id-mod-kea-profile-88"
-#define NID_id_mod_kea_profile_88               275
-#define OBJ_id_mod_kea_profile_88               OBJ_id_pkix_mod,7L
-
-#define SN_id_mod_kea_profile_93                "id-mod-kea-profile-93"
-#define NID_id_mod_kea_profile_93               276
-#define OBJ_id_mod_kea_profile_93               OBJ_id_pkix_mod,8L
-
-#define SN_id_mod_cmp           "id-mod-cmp"
-#define NID_id_mod_cmp          277
-#define OBJ_id_mod_cmp          OBJ_id_pkix_mod,9L
-
-#define SN_id_mod_qualified_cert_88             "id-mod-qualified-cert-88"
-#define NID_id_mod_qualified_cert_88            278
-#define OBJ_id_mod_qualified_cert_88            OBJ_id_pkix_mod,10L
-
-#define SN_id_mod_qualified_cert_93             "id-mod-qualified-cert-93"
-#define NID_id_mod_qualified_cert_93            279
-#define OBJ_id_mod_qualified_cert_93            OBJ_id_pkix_mod,11L
-
-#define SN_id_mod_attribute_cert                "id-mod-attribute-cert"
-#define NID_id_mod_attribute_cert               280
-#define OBJ_id_mod_attribute_cert               OBJ_id_pkix_mod,12L
-
-#define SN_id_mod_timestamp_protocol            "id-mod-timestamp-protocol"
-#define NID_id_mod_timestamp_protocol           281
-#define OBJ_id_mod_timestamp_protocol           OBJ_id_pkix_mod,13L
-
-#define SN_id_mod_ocsp          "id-mod-ocsp"
-#define NID_id_mod_ocsp         282
-#define OBJ_id_mod_ocsp         OBJ_id_pkix_mod,14L
-
-#define SN_id_mod_dvcs          "id-mod-dvcs"
-#define NID_id_mod_dvcs         283
-#define OBJ_id_mod_dvcs         OBJ_id_pkix_mod,15L
-
-#define SN_id_mod_cmp2000               "id-mod-cmp2000"
-#define NID_id_mod_cmp2000              284
-#define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
-
-#define SN_info_access          "authorityInfoAccess"
-#define LN_info_access          "Authority Information Access"
-#define NID_info_access         177
-#define OBJ_info_access         OBJ_id_pe,1L
-
-#define SN_biometricInfo                "biometricInfo"
-#define LN_biometricInfo                "Biometric Info"
-#define NID_biometricInfo               285
-#define OBJ_biometricInfo               OBJ_id_pe,2L
-
-#define SN_qcStatements         "qcStatements"
-#define NID_qcStatements                286
-#define OBJ_qcStatements                OBJ_id_pe,3L
-
-#define SN_ac_auditEntity               "ac-auditEntity"
-#define NID_ac_auditEntity              287
-#define OBJ_ac_auditEntity              OBJ_id_pe,4L
-
-#define SN_ac_targeting         "ac-targeting"
-#define NID_ac_targeting                288
-#define OBJ_ac_targeting                OBJ_id_pe,5L
-
-#define SN_aaControls           "aaControls"
-#define NID_aaControls          289
-#define OBJ_aaControls          OBJ_id_pe,6L
-
-#define SN_sbqp_ipAddrBlock             "sbqp-ipAddrBlock"
-#define NID_sbqp_ipAddrBlock            290
-#define OBJ_sbqp_ipAddrBlock            OBJ_id_pe,7L
-
-#define SN_sbqp_autonomousSysNum                "sbqp-autonomousSysNum"
-#define NID_sbqp_autonomousSysNum               291
-#define OBJ_sbqp_autonomousSysNum               OBJ_id_pe,8L
-
-#define SN_sbqp_routerIdentifier                "sbqp-routerIdentifier"
-#define NID_sbqp_routerIdentifier               292
-#define OBJ_sbqp_routerIdentifier               OBJ_id_pe,9L
-
-#define SN_ac_proxying          "ac-proxying"
-#define NID_ac_proxying         397
-#define OBJ_ac_proxying         OBJ_id_pe,10L
-
-#define SN_sinfo_access         "subjectInfoAccess"
-#define LN_sinfo_access         "Subject Information Access"
-#define NID_sinfo_access                398
-#define OBJ_sinfo_access                OBJ_id_pe,11L
-
-#define SN_id_qt_cps            "id-qt-cps"
-#define LN_id_qt_cps            "Policy Qualifier CPS"
-#define NID_id_qt_cps           164
-#define OBJ_id_qt_cps           OBJ_id_qt,1L
-
-#define SN_id_qt_unotice                "id-qt-unotice"
-#define LN_id_qt_unotice                "Policy Qualifier User Notice"
-#define NID_id_qt_unotice               165
-#define OBJ_id_qt_unotice               OBJ_id_qt,2L
-
-#define SN_textNotice           "textNotice"
-#define NID_textNotice          293
-#define OBJ_textNotice          OBJ_id_qt,3L
-
-#define SN_server_auth          "serverAuth"
-#define LN_server_auth          "TLS Web Server Authentication"
-#define NID_server_auth         129
-#define OBJ_server_auth         OBJ_id_kp,1L
-
-#define SN_client_auth          "clientAuth"
-#define LN_client_auth          "TLS Web Client Authentication"
-#define NID_client_auth         130
-#define OBJ_client_auth         OBJ_id_kp,2L
-
-#define SN_code_sign            "codeSigning"
-#define LN_code_sign            "Code Signing"
-#define NID_code_sign           131
-#define OBJ_code_sign           OBJ_id_kp,3L
-
-#define SN_email_protect                "emailProtection"
-#define LN_email_protect                "E-mail Protection"
-#define NID_email_protect               132
-#define OBJ_email_protect               OBJ_id_kp,4L
-
-#define SN_ipsecEndSystem               "ipsecEndSystem"
-#define LN_ipsecEndSystem               "IPSec End System"
-#define NID_ipsecEndSystem              294
-#define OBJ_ipsecEndSystem              OBJ_id_kp,5L
-
-#define SN_ipsecTunnel          "ipsecTunnel"
-#define LN_ipsecTunnel          "IPSec Tunnel"
-#define NID_ipsecTunnel         295
-#define OBJ_ipsecTunnel         OBJ_id_kp,6L
-
-#define SN_ipsecUser            "ipsecUser"
-#define LN_ipsecUser            "IPSec User"
-#define NID_ipsecUser           296
-#define OBJ_ipsecUser           OBJ_id_kp,7L
-
-#define SN_time_stamp           "timeStamping"
-#define LN_time_stamp           "Time Stamping"
-#define NID_time_stamp          133
-#define OBJ_time_stamp          OBJ_id_kp,8L
-
-#define SN_OCSP_sign            "OCSPSigning"
-#define LN_OCSP_sign            "OCSP Signing"
-#define NID_OCSP_sign           180
-#define OBJ_OCSP_sign           OBJ_id_kp,9L
-
-#define SN_dvcs         "DVCS"
-#define LN_dvcs         "dvcs"
-#define NID_dvcs                297
-#define OBJ_dvcs                OBJ_id_kp,10L
-
-#define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
-#define NID_id_it_caProtEncCert         298
-#define OBJ_id_it_caProtEncCert         OBJ_id_it,1L
-
-#define SN_id_it_signKeyPairTypes               "id-it-signKeyPairTypes"
-#define NID_id_it_signKeyPairTypes              299
-#define OBJ_id_it_signKeyPairTypes              OBJ_id_it,2L
-
-#define SN_id_it_encKeyPairTypes                "id-it-encKeyPairTypes"
-#define NID_id_it_encKeyPairTypes               300
-#define OBJ_id_it_encKeyPairTypes               OBJ_id_it,3L
-
-#define SN_id_it_preferredSymmAlg               "id-it-preferredSymmAlg"
-#define NID_id_it_preferredSymmAlg              301
-#define OBJ_id_it_preferredSymmAlg              OBJ_id_it,4L
-
-#define SN_id_it_caKeyUpdateInfo                "id-it-caKeyUpdateInfo"
-#define NID_id_it_caKeyUpdateInfo               302
-#define OBJ_id_it_caKeyUpdateInfo               OBJ_id_it,5L
-
-#define SN_id_it_currentCRL             "id-it-currentCRL"
-#define NID_id_it_currentCRL            303
-#define OBJ_id_it_currentCRL            OBJ_id_it,6L
-
-#define SN_id_it_unsupportedOIDs                "id-it-unsupportedOIDs"
-#define NID_id_it_unsupportedOIDs               304
-#define OBJ_id_it_unsupportedOIDs               OBJ_id_it,7L
-
-#define SN_id_it_subscriptionRequest            "id-it-subscriptionRequest"
-#define NID_id_it_subscriptionRequest           305
-#define OBJ_id_it_subscriptionRequest           OBJ_id_it,8L
-
-#define SN_id_it_subscriptionResponse           "id-it-subscriptionResponse"
-#define NID_id_it_subscriptionResponse          306
-#define OBJ_id_it_subscriptionResponse          OBJ_id_it,9L
-
-#define SN_id_it_keyPairParamReq                "id-it-keyPairParamReq"
-#define NID_id_it_keyPairParamReq               307
-#define OBJ_id_it_keyPairParamReq               OBJ_id_it,10L
-
-#define SN_id_it_keyPairParamRep                "id-it-keyPairParamRep"
-#define NID_id_it_keyPairParamRep               308
-#define OBJ_id_it_keyPairParamRep               OBJ_id_it,11L
-
-#define SN_id_it_revPassphrase          "id-it-revPassphrase"
-#define NID_id_it_revPassphrase         309
-#define OBJ_id_it_revPassphrase         OBJ_id_it,12L
-
-#define SN_id_it_implicitConfirm                "id-it-implicitConfirm"
-#define NID_id_it_implicitConfirm               310
-#define OBJ_id_it_implicitConfirm               OBJ_id_it,13L
-
-#define SN_id_it_confirmWaitTime                "id-it-confirmWaitTime"
-#define NID_id_it_confirmWaitTime               311
-#define OBJ_id_it_confirmWaitTime               OBJ_id_it,14L
-
-#define SN_id_it_origPKIMessage         "id-it-origPKIMessage"
-#define NID_id_it_origPKIMessage                312
-#define OBJ_id_it_origPKIMessage                OBJ_id_it,15L
-
-#define SN_id_regCtrl           "id-regCtrl"
-#define NID_id_regCtrl          313
-#define OBJ_id_regCtrl          OBJ_id_pkip,1L
-
-#define SN_id_regInfo           "id-regInfo"
-#define NID_id_regInfo          314
-#define OBJ_id_regInfo          OBJ_id_pkip,2L
-
-#define SN_id_regCtrl_regToken          "id-regCtrl-regToken"
-#define NID_id_regCtrl_regToken         315
-#define OBJ_id_regCtrl_regToken         OBJ_id_regCtrl,1L
-
-#define SN_id_regCtrl_authenticator             "id-regCtrl-authenticator"
-#define NID_id_regCtrl_authenticator            316
-#define OBJ_id_regCtrl_authenticator            OBJ_id_regCtrl,2L
-
-#define SN_id_regCtrl_pkiPublicationInfo                "id-regCtrl-pkiPublicationInfo"
-#define NID_id_regCtrl_pkiPublicationInfo               317
-#define OBJ_id_regCtrl_pkiPublicationInfo               OBJ_id_regCtrl,3L
-
-#define SN_id_regCtrl_pkiArchiveOptions         "id-regCtrl-pkiArchiveOptions"
-#define NID_id_regCtrl_pkiArchiveOptions                318
-#define OBJ_id_regCtrl_pkiArchiveOptions                OBJ_id_regCtrl,4L
-
-#define SN_id_regCtrl_oldCertID         "id-regCtrl-oldCertID"
-#define NID_id_regCtrl_oldCertID                319
-#define OBJ_id_regCtrl_oldCertID                OBJ_id_regCtrl,5L
-
-#define SN_id_regCtrl_protocolEncrKey           "id-regCtrl-protocolEncrKey"
-#define NID_id_regCtrl_protocolEncrKey          320
-#define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
-
-#define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
-#define NID_id_regInfo_utf8Pairs                321
-#define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
-
-#define SN_id_regInfo_certReq           "id-regInfo-certReq"
-#define NID_id_regInfo_certReq          322
-#define OBJ_id_regInfo_certReq          OBJ_id_regInfo,2L
-
-#define SN_id_alg_des40         "id-alg-des40"
-#define NID_id_alg_des40                323
-#define OBJ_id_alg_des40                OBJ_id_alg,1L
-
-#define SN_id_alg_noSignature           "id-alg-noSignature"
-#define NID_id_alg_noSignature          324
-#define OBJ_id_alg_noSignature          OBJ_id_alg,2L
-
-#define SN_id_alg_dh_sig_hmac_sha1              "id-alg-dh-sig-hmac-sha1"
-#define NID_id_alg_dh_sig_hmac_sha1             325
-#define OBJ_id_alg_dh_sig_hmac_sha1             OBJ_id_alg,3L
-
-#define SN_id_alg_dh_pop                "id-alg-dh-pop"
-#define NID_id_alg_dh_pop               326
-#define OBJ_id_alg_dh_pop               OBJ_id_alg,4L
-
-#define SN_id_cmc_statusInfo            "id-cmc-statusInfo"
-#define NID_id_cmc_statusInfo           327
-#define OBJ_id_cmc_statusInfo           OBJ_id_cmc,1L
-
-#define SN_id_cmc_identification                "id-cmc-identification"
-#define NID_id_cmc_identification               328
-#define OBJ_id_cmc_identification               OBJ_id_cmc,2L
-
-#define SN_id_cmc_identityProof         "id-cmc-identityProof"
-#define NID_id_cmc_identityProof                329
-#define OBJ_id_cmc_identityProof                OBJ_id_cmc,3L
-
-#define SN_id_cmc_dataReturn            "id-cmc-dataReturn"
-#define NID_id_cmc_dataReturn           330
-#define OBJ_id_cmc_dataReturn           OBJ_id_cmc,4L
-
-#define SN_id_cmc_transactionId         "id-cmc-transactionId"
-#define NID_id_cmc_transactionId                331
-#define OBJ_id_cmc_transactionId                OBJ_id_cmc,5L
-
-#define SN_id_cmc_senderNonce           "id-cmc-senderNonce"
-#define NID_id_cmc_senderNonce          332
-#define OBJ_id_cmc_senderNonce          OBJ_id_cmc,6L
-
-#define SN_id_cmc_recipientNonce                "id-cmc-recipientNonce"
-#define NID_id_cmc_recipientNonce               333
-#define OBJ_id_cmc_recipientNonce               OBJ_id_cmc,7L
-
-#define SN_id_cmc_addExtensions         "id-cmc-addExtensions"
-#define NID_id_cmc_addExtensions                334
-#define OBJ_id_cmc_addExtensions                OBJ_id_cmc,8L
-
-#define SN_id_cmc_encryptedPOP          "id-cmc-encryptedPOP"
-#define NID_id_cmc_encryptedPOP         335
-#define OBJ_id_cmc_encryptedPOP         OBJ_id_cmc,9L
-
-#define SN_id_cmc_decryptedPOP          "id-cmc-decryptedPOP"
-#define NID_id_cmc_decryptedPOP         336
-#define OBJ_id_cmc_decryptedPOP         OBJ_id_cmc,10L
-
-#define SN_id_cmc_lraPOPWitness         "id-cmc-lraPOPWitness"
-#define NID_id_cmc_lraPOPWitness                337
-#define OBJ_id_cmc_lraPOPWitness                OBJ_id_cmc,11L
-
-#define SN_id_cmc_getCert               "id-cmc-getCert"
-#define NID_id_cmc_getCert              338
-#define OBJ_id_cmc_getCert              OBJ_id_cmc,15L
-
-#define SN_id_cmc_getCRL                "id-cmc-getCRL"
-#define NID_id_cmc_getCRL               339
-#define OBJ_id_cmc_getCRL               OBJ_id_cmc,16L
-
-#define SN_id_cmc_revokeRequest         "id-cmc-revokeRequest"
-#define NID_id_cmc_revokeRequest                340
-#define OBJ_id_cmc_revokeRequest                OBJ_id_cmc,17L
-
-#define SN_id_cmc_regInfo               "id-cmc-regInfo"
-#define NID_id_cmc_regInfo              341
-#define OBJ_id_cmc_regInfo              OBJ_id_cmc,18L
-
-#define SN_id_cmc_responseInfo          "id-cmc-responseInfo"
-#define NID_id_cmc_responseInfo         342
-#define OBJ_id_cmc_responseInfo         OBJ_id_cmc,19L
-
-#define SN_id_cmc_queryPending          "id-cmc-queryPending"
-#define NID_id_cmc_queryPending         343
-#define OBJ_id_cmc_queryPending         OBJ_id_cmc,21L
-
-#define SN_id_cmc_popLinkRandom         "id-cmc-popLinkRandom"
-#define NID_id_cmc_popLinkRandom                344
-#define OBJ_id_cmc_popLinkRandom                OBJ_id_cmc,22L
-
-#define SN_id_cmc_popLinkWitness                "id-cmc-popLinkWitness"
-#define NID_id_cmc_popLinkWitness               345
-#define OBJ_id_cmc_popLinkWitness               OBJ_id_cmc,23L
-
-#define SN_id_cmc_confirmCertAcceptance         "id-cmc-confirmCertAcceptance"
-#define NID_id_cmc_confirmCertAcceptance                346
-#define OBJ_id_cmc_confirmCertAcceptance                OBJ_id_cmc,24L
-
-#define SN_id_on_personalData           "id-on-personalData"
-#define NID_id_on_personalData          347
-#define OBJ_id_on_personalData          OBJ_id_on,1L
-
-#define SN_id_pda_dateOfBirth           "id-pda-dateOfBirth"
-#define NID_id_pda_dateOfBirth          348
-#define OBJ_id_pda_dateOfBirth          OBJ_id_pda,1L
-
-#define SN_id_pda_placeOfBirth          "id-pda-placeOfBirth"
-#define NID_id_pda_placeOfBirth         349
-#define OBJ_id_pda_placeOfBirth         OBJ_id_pda,2L
-
-#define SN_id_pda_gender                "id-pda-gender"
-#define NID_id_pda_gender               351
-#define OBJ_id_pda_gender               OBJ_id_pda,3L
-
-#define SN_id_pda_countryOfCitizenship          "id-pda-countryOfCitizenship"
-#define NID_id_pda_countryOfCitizenship         352
-#define OBJ_id_pda_countryOfCitizenship         OBJ_id_pda,4L
-
-#define SN_id_pda_countryOfResidence            "id-pda-countryOfResidence"
-#define NID_id_pda_countryOfResidence           353
-#define OBJ_id_pda_countryOfResidence           OBJ_id_pda,5L
-
-#define SN_id_aca_authenticationInfo            "id-aca-authenticationInfo"
-#define NID_id_aca_authenticationInfo           354
-#define OBJ_id_aca_authenticationInfo           OBJ_id_aca,1L
-
-#define SN_id_aca_accessIdentity                "id-aca-accessIdentity"
-#define NID_id_aca_accessIdentity               355
-#define OBJ_id_aca_accessIdentity               OBJ_id_aca,2L
-
-#define SN_id_aca_chargingIdentity              "id-aca-chargingIdentity"
-#define NID_id_aca_chargingIdentity             356
-#define OBJ_id_aca_chargingIdentity             OBJ_id_aca,3L
-
-#define SN_id_aca_group         "id-aca-group"
-#define NID_id_aca_group                357
-#define OBJ_id_aca_group                OBJ_id_aca,4L
-
-#define SN_id_aca_role          "id-aca-role"
-#define NID_id_aca_role         358
-#define OBJ_id_aca_role         OBJ_id_aca,5L
-
-#define SN_id_aca_encAttrs              "id-aca-encAttrs"
-#define NID_id_aca_encAttrs             399
-#define OBJ_id_aca_encAttrs             OBJ_id_aca,6L
-
-#define SN_id_qcs_pkixQCSyntax_v1               "id-qcs-pkixQCSyntax-v1"
-#define NID_id_qcs_pkixQCSyntax_v1              359
-#define OBJ_id_qcs_pkixQCSyntax_v1              OBJ_id_qcs,1L
-
-#define SN_id_cct_crs           "id-cct-crs"
-#define NID_id_cct_crs          360
-#define OBJ_id_cct_crs          OBJ_id_cct,1L
-
-#define SN_id_cct_PKIData               "id-cct-PKIData"
-#define NID_id_cct_PKIData              361
-#define OBJ_id_cct_PKIData              OBJ_id_cct,2L
-
-#define SN_id_cct_PKIResponse           "id-cct-PKIResponse"
-#define NID_id_cct_PKIResponse          362
-#define OBJ_id_cct_PKIResponse          OBJ_id_cct,3L
-
-#define SN_ad_OCSP              "OCSP"
-#define LN_ad_OCSP              "OCSP"
-#define NID_ad_OCSP             178
-#define OBJ_ad_OCSP             OBJ_id_ad,1L
-
-#define SN_ad_ca_issuers                "caIssuers"
-#define LN_ad_ca_issuers                "CA Issuers"
-#define NID_ad_ca_issuers               179
-#define OBJ_ad_ca_issuers               OBJ_id_ad,2L
-
-#define SN_ad_timeStamping              "ad_timestamping"
-#define LN_ad_timeStamping              "AD Time Stamping"
-#define NID_ad_timeStamping             363
-#define OBJ_ad_timeStamping             OBJ_id_ad,3L
-
-#define SN_ad_dvcs              "AD_DVCS"
-#define LN_ad_dvcs              "ad dvcs"
-#define NID_ad_dvcs             364
-#define OBJ_ad_dvcs             OBJ_id_ad,4L
-
-#define OBJ_id_pkix_OCSP                OBJ_ad_OCSP
-
-#define SN_id_pkix_OCSP_basic           "basicOCSPResponse"
-#define LN_id_pkix_OCSP_basic           "Basic OCSP Response"
-#define NID_id_pkix_OCSP_basic          365
-#define OBJ_id_pkix_OCSP_basic          OBJ_id_pkix_OCSP,1L
-
-#define SN_id_pkix_OCSP_Nonce           "Nonce"
-#define LN_id_pkix_OCSP_Nonce           "OCSP Nonce"
-#define NID_id_pkix_OCSP_Nonce          366
-#define OBJ_id_pkix_OCSP_Nonce          OBJ_id_pkix_OCSP,2L
-
-#define SN_id_pkix_OCSP_CrlID           "CrlID"
-#define LN_id_pkix_OCSP_CrlID           "OCSP CRL ID"
-#define NID_id_pkix_OCSP_CrlID          367
-#define OBJ_id_pkix_OCSP_CrlID          OBJ_id_pkix_OCSP,3L
-
-#define SN_id_pkix_OCSP_acceptableResponses             "acceptableResponses"
-#define LN_id_pkix_OCSP_acceptableResponses             "Acceptable OCSP Responses"
-#define NID_id_pkix_OCSP_acceptableResponses            368
-#define OBJ_id_pkix_OCSP_acceptableResponses            OBJ_id_pkix_OCSP,4L
-
-#define SN_id_pkix_OCSP_noCheck         "noCheck"
-#define LN_id_pkix_OCSP_noCheck         "OCSP No Check"
-#define NID_id_pkix_OCSP_noCheck                369
-#define OBJ_id_pkix_OCSP_noCheck                OBJ_id_pkix_OCSP,5L
-
-#define SN_id_pkix_OCSP_archiveCutoff           "archiveCutoff"
-#define LN_id_pkix_OCSP_archiveCutoff           "OCSP Archive Cutoff"
-#define NID_id_pkix_OCSP_archiveCutoff          370
-#define OBJ_id_pkix_OCSP_archiveCutoff          OBJ_id_pkix_OCSP,6L
-
-#define SN_id_pkix_OCSP_serviceLocator          "serviceLocator"
-#define LN_id_pkix_OCSP_serviceLocator          "OCSP Service Locator"
-#define NID_id_pkix_OCSP_serviceLocator         371
-#define OBJ_id_pkix_OCSP_serviceLocator         OBJ_id_pkix_OCSP,7L
-
-#define SN_id_pkix_OCSP_extendedStatus          "extendedStatus"
-#define LN_id_pkix_OCSP_extendedStatus          "Extended OCSP Status"
-#define NID_id_pkix_OCSP_extendedStatus         372
-#define OBJ_id_pkix_OCSP_extendedStatus         OBJ_id_pkix_OCSP,8L
-
-#define SN_id_pkix_OCSP_valid           "valid"
-#define NID_id_pkix_OCSP_valid          373
-#define OBJ_id_pkix_OCSP_valid          OBJ_id_pkix_OCSP,9L
-
-#define SN_id_pkix_OCSP_path            "path"
-#define NID_id_pkix_OCSP_path           374
-#define OBJ_id_pkix_OCSP_path           OBJ_id_pkix_OCSP,10L
-
-#define SN_id_pkix_OCSP_trustRoot               "trustRoot"
-#define LN_id_pkix_OCSP_trustRoot               "Trust Root"
-#define NID_id_pkix_OCSP_trustRoot              375
-#define OBJ_id_pkix_OCSP_trustRoot              OBJ_id_pkix_OCSP,11L
-
-#define SN_algorithm            "algorithm"
-#define LN_algorithm            "algorithm"
-#define NID_algorithm           376
-#define OBJ_algorithm           1L,3L,14L,3L,2L
-
-#define SN_md5WithRSA           "RSA-NP-MD5"
-#define LN_md5WithRSA           "md5WithRSA"
-#define NID_md5WithRSA          104
-#define OBJ_md5WithRSA          OBJ_algorithm,3L
-
-#define SN_des_ecb              "DES-ECB"
-#define LN_des_ecb              "des-ecb"
-#define NID_des_ecb             29
-#define OBJ_des_ecb             OBJ_algorithm,6L
-
-#define SN_des_cbc              "DES-CBC"
-#define LN_des_cbc              "des-cbc"
-#define NID_des_cbc             31
-#define OBJ_des_cbc             OBJ_algorithm,7L
-
-#define SN_des_ofb64            "DES-OFB"
-#define LN_des_ofb64            "des-ofb"
-#define NID_des_ofb64           45
-#define OBJ_des_ofb64           OBJ_algorithm,8L
-
-#define SN_des_cfb64            "DES-CFB"
-#define LN_des_cfb64            "des-cfb"
-#define NID_des_cfb64           30
-#define OBJ_des_cfb64           OBJ_algorithm,9L
-
-#define SN_rsaSignature         "rsaSignature"
-#define NID_rsaSignature                377
-#define OBJ_rsaSignature                OBJ_algorithm,11L
-
-#define SN_dsa_2                "DSA-old"
-#define LN_dsa_2                "dsaEncryption-old"
-#define NID_dsa_2               67
-#define OBJ_dsa_2               OBJ_algorithm,12L
-
-#define SN_dsaWithSHA           "DSA-SHA"
-#define LN_dsaWithSHA           "dsaWithSHA"
-#define NID_dsaWithSHA          66
-#define OBJ_dsaWithSHA          OBJ_algorithm,13L
-
-#define SN_shaWithRSAEncryption         "RSA-SHA"
-#define LN_shaWithRSAEncryption         "shaWithRSAEncryption"
-#define NID_shaWithRSAEncryption                42
-#define OBJ_shaWithRSAEncryption                OBJ_algorithm,15L
-
-#define SN_des_ede_ecb          "DES-EDE"
-#define LN_des_ede_ecb          "des-ede"
-#define NID_des_ede_ecb         32
-#define OBJ_des_ede_ecb         OBJ_algorithm,17L
-
-#define SN_des_ede3_ecb         "DES-EDE3"
-#define LN_des_ede3_ecb         "des-ede3"
-#define NID_des_ede3_ecb                33
-
-#define SN_des_ede_cbc          "DES-EDE-CBC"
-#define LN_des_ede_cbc          "des-ede-cbc"
-#define NID_des_ede_cbc         43
-
-#define SN_des_ede_cfb64                "DES-EDE-CFB"
-#define LN_des_ede_cfb64                "des-ede-cfb"
-#define NID_des_ede_cfb64               60
-
-#define SN_des_ede3_cfb64               "DES-EDE3-CFB"
-#define LN_des_ede3_cfb64               "des-ede3-cfb"
-#define NID_des_ede3_cfb64              61
-
-#define SN_des_ede_ofb64                "DES-EDE-OFB"
-#define LN_des_ede_ofb64                "des-ede-ofb"
-#define NID_des_ede_ofb64               62
-
-#define SN_des_ede3_ofb64               "DES-EDE3-OFB"
-#define LN_des_ede3_ofb64               "des-ede3-ofb"
-#define NID_des_ede3_ofb64              63
-
-#define SN_desx_cbc             "DESX-CBC"
-#define LN_desx_cbc             "desx-cbc"
-#define NID_desx_cbc            80
-
-#define SN_sha          "SHA"
-#define LN_sha          "sha"
-#define NID_sha         41
-#define OBJ_sha         OBJ_algorithm,18L
-
-#define SN_sha1         "SHA1"
-#define LN_sha1         "sha1"
-#define NID_sha1                64
-#define OBJ_sha1                OBJ_algorithm,26L
-
-#define SN_dsaWithSHA1_2                "DSA-SHA1-old"
-#define LN_dsaWithSHA1_2                "dsaWithSHA1-old"
-#define NID_dsaWithSHA1_2               70
-#define OBJ_dsaWithSHA1_2               OBJ_algorithm,27L
-
-#define SN_sha1WithRSA          "RSA-SHA1-2"
-#define LN_sha1WithRSA          "sha1WithRSA"
-#define NID_sha1WithRSA         115
-#define OBJ_sha1WithRSA         OBJ_algorithm,29L
-
-#define SN_ripemd160            "RIPEMD160"
-#define LN_ripemd160            "ripemd160"
-#define NID_ripemd160           117
-#define OBJ_ripemd160           1L,3L,36L,3L,2L,1L
-
-#define SN_ripemd160WithRSA             "RSA-RIPEMD160"
-#define LN_ripemd160WithRSA             "ripemd160WithRSA"
-#define NID_ripemd160WithRSA            119
-#define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
-
-#define SN_sxnet                "SXNetID"
-#define LN_sxnet                "Strong Extranet ID"
-#define NID_sxnet               143
-#define OBJ_sxnet               1L,3L,101L,1L,4L,1L
-
-#define SN_X500         "X500"
-#define LN_X500         "directory services (X.500)"
-#define NID_X500                11
-#define OBJ_X500                2L,5L
-
-#define SN_X509         "X509"
-#define NID_X509                12
-#define OBJ_X509                OBJ_X500,4L
-
-#define SN_commonName           "CN"
-#define LN_commonName           "commonName"
-#define NID_commonName          13
-#define OBJ_commonName          OBJ_X509,3L
-
-#define SN_surname              "SN"
-#define LN_surname              "surname"
-#define NID_surname             100
-#define OBJ_surname             OBJ_X509,4L
-
-#define LN_serialNumber         "serialNumber"
-#define NID_serialNumber                105
-#define OBJ_serialNumber                OBJ_X509,5L
-
-#define SN_countryName          "C"
-#define LN_countryName          "countryName"
-#define NID_countryName         14
-#define OBJ_countryName         OBJ_X509,6L
-
-#define SN_localityName         "L"
-#define LN_localityName         "localityName"
-#define NID_localityName                15
-#define OBJ_localityName                OBJ_X509,7L
-
-#define SN_stateOrProvinceName          "ST"
-#define LN_stateOrProvinceName          "stateOrProvinceName"
-#define NID_stateOrProvinceName         16
-#define OBJ_stateOrProvinceName         OBJ_X509,8L
-
-#define SN_organizationName             "O"
-#define LN_organizationName             "organizationName"
-#define NID_organizationName            17
-#define OBJ_organizationName            OBJ_X509,10L
-
-#define SN_organizationalUnitName               "OU"
-#define LN_organizationalUnitName               "organizationalUnitName"
-#define NID_organizationalUnitName              18
-#define OBJ_organizationalUnitName              OBJ_X509,11L
-
-#define LN_title                "title"
-#define NID_title               106
-#define OBJ_title               OBJ_X509,12L
-
-#define LN_description          "description"
-#define NID_description         107
-#define OBJ_description         OBJ_X509,13L
-
-#define SN_name         "name"
-#define LN_name         "name"
-#define NID_name                173
-#define OBJ_name                OBJ_X509,41L
-
-#define SN_givenName            "GN"
-#define LN_givenName            "givenName"
-#define NID_givenName           99
-#define OBJ_givenName           OBJ_X509,42L
-
-#define LN_initials             "initials"
-#define NID_initials            101
-#define OBJ_initials            OBJ_X509,43L
-
-#define LN_generationQualifier          "generationQualifier"
-#define NID_generationQualifier         509
-#define OBJ_generationQualifier         OBJ_X509,44L
-
-#define LN_x500UniqueIdentifier         "x500UniqueIdentifier"
-#define NID_x500UniqueIdentifier                503
-#define OBJ_x500UniqueIdentifier                OBJ_X509,45L
-
-#define SN_dnQualifier          "dnQualifier"
-#define LN_dnQualifier          "dnQualifier"
-#define NID_dnQualifier         174
-#define OBJ_dnQualifier         OBJ_X509,46L
-
-#define LN_pseudonym            "pseudonym"
-#define NID_pseudonym           510
-#define OBJ_pseudonym           OBJ_X509,65L
-
-#define SN_role         "role"
-#define LN_role         "role"
-#define NID_role                400
-#define OBJ_role                OBJ_X509,72L
-
-#define SN_X500algorithms               "X500algorithms"
-#define LN_X500algorithms               "directory services - algorithms"
-#define NID_X500algorithms              378
-#define OBJ_X500algorithms              OBJ_X500,8L
-
-#define SN_rsa          "RSA"
-#define LN_rsa          "rsa"
-#define NID_rsa         19
-#define OBJ_rsa         OBJ_X500algorithms,1L,1L
-
-#define SN_mdc2WithRSA          "RSA-MDC2"
-#define LN_mdc2WithRSA          "mdc2WithRSA"
-#define NID_mdc2WithRSA         96
-#define OBJ_mdc2WithRSA         OBJ_X500algorithms,3L,100L
-
-#define SN_mdc2         "MDC2"
-#define LN_mdc2         "mdc2"
-#define NID_mdc2                95
-#define OBJ_mdc2                OBJ_X500algorithms,3L,101L
-
-#define SN_id_ce                "id-ce"
-#define NID_id_ce               81
-#define OBJ_id_ce               OBJ_X500,29L
-
-#define SN_subject_key_identifier               "subjectKeyIdentifier"
-#define LN_subject_key_identifier               "X509v3 Subject Key Identifier"
-#define NID_subject_key_identifier              82
-#define OBJ_subject_key_identifier              OBJ_id_ce,14L
-
-#define SN_key_usage            "keyUsage"
-#define LN_key_usage            "X509v3 Key Usage"
-#define NID_key_usage           83
-#define OBJ_key_usage           OBJ_id_ce,15L
-
-#define SN_private_key_usage_period             "privateKeyUsagePeriod"
-#define LN_private_key_usage_period             "X509v3 Private Key Usage Period"
-#define NID_private_key_usage_period            84
-#define OBJ_private_key_usage_period            OBJ_id_ce,16L
-
-#define SN_subject_alt_name             "subjectAltName"
-#define LN_subject_alt_name             "X509v3 Subject Alternative Name"
-#define NID_subject_alt_name            85
-#define OBJ_subject_alt_name            OBJ_id_ce,17L
-
-#define SN_issuer_alt_name              "issuerAltName"
-#define LN_issuer_alt_name              "X509v3 Issuer Alternative Name"
-#define NID_issuer_alt_name             86
-#define OBJ_issuer_alt_name             OBJ_id_ce,18L
-
-#define SN_basic_constraints            "basicConstraints"
-#define LN_basic_constraints            "X509v3 Basic Constraints"
-#define NID_basic_constraints           87
-#define OBJ_basic_constraints           OBJ_id_ce,19L
-
-#define SN_crl_number           "crlNumber"
-#define LN_crl_number           "X509v3 CRL Number"
-#define NID_crl_number          88
-#define OBJ_crl_number          OBJ_id_ce,20L
-
-#define SN_crl_reason           "CRLReason"
-#define LN_crl_reason           "X509v3 CRL Reason Code"
-#define NID_crl_reason          141
-#define OBJ_crl_reason          OBJ_id_ce,21L
-
-#define SN_invalidity_date              "invalidityDate"
-#define LN_invalidity_date              "Invalidity Date"
-#define NID_invalidity_date             142
-#define OBJ_invalidity_date             OBJ_id_ce,24L
-
-#define SN_delta_crl            "deltaCRL"
-#define LN_delta_crl            "X509v3 Delta CRL Indicator"
-#define NID_delta_crl           140
-#define OBJ_delta_crl           OBJ_id_ce,27L
-
-#define SN_crl_distribution_points              "crlDistributionPoints"
-#define LN_crl_distribution_points              "X509v3 CRL Distribution Points"
-#define NID_crl_distribution_points             103
-#define OBJ_crl_distribution_points             OBJ_id_ce,31L
-
-#define SN_certificate_policies         "certificatePolicies"
-#define LN_certificate_policies         "X509v3 Certificate Policies"
-#define NID_certificate_policies                89
-#define OBJ_certificate_policies                OBJ_id_ce,32L
-
-#define SN_authority_key_identifier             "authorityKeyIdentifier"
-#define LN_authority_key_identifier             "X509v3 Authority Key Identifier"
-#define NID_authority_key_identifier            90
-#define OBJ_authority_key_identifier            OBJ_id_ce,35L
-
-#define SN_policy_constraints           "policyConstraints"
-#define LN_policy_constraints           "X509v3 Policy Constraints"
-#define NID_policy_constraints          401
-#define OBJ_policy_constraints          OBJ_id_ce,36L
-
-#define SN_ext_key_usage                "extendedKeyUsage"
-#define LN_ext_key_usage                "X509v3 Extended Key Usage"
-#define NID_ext_key_usage               126
-#define OBJ_ext_key_usage               OBJ_id_ce,37L
-
-#define SN_target_information           "targetInformation"
-#define LN_target_information           "X509v3 AC Targeting"
-#define NID_target_information          402
-#define OBJ_target_information          OBJ_id_ce,55L
-
-#define SN_no_rev_avail         "noRevAvail"
-#define LN_no_rev_avail         "X509v3 No Revocation Available"
-#define NID_no_rev_avail                403
-#define OBJ_no_rev_avail                OBJ_id_ce,56L
-
-#define SN_netscape             "Netscape"
-#define LN_netscape             "Netscape Communications Corp."
-#define NID_netscape            57
-#define OBJ_netscape            2L,16L,840L,1L,113730L
-
-#define SN_netscape_cert_extension              "nsCertExt"
-#define LN_netscape_cert_extension              "Netscape Certificate Extension"
-#define NID_netscape_cert_extension             58
-#define OBJ_netscape_cert_extension             OBJ_netscape,1L
-
-#define SN_netscape_data_type           "nsDataType"
-#define LN_netscape_data_type           "Netscape Data Type"
-#define NID_netscape_data_type          59
-#define OBJ_netscape_data_type          OBJ_netscape,2L
-
-#define SN_netscape_cert_type           "nsCertType"
-#define LN_netscape_cert_type           "Netscape Cert Type"
-#define NID_netscape_cert_type          71
-#define OBJ_netscape_cert_type          OBJ_netscape_cert_extension,1L
-
-#define SN_netscape_base_url            "nsBaseUrl"
-#define LN_netscape_base_url            "Netscape Base Url"
-#define NID_netscape_base_url           72
-#define OBJ_netscape_base_url           OBJ_netscape_cert_extension,2L
-
-#define SN_netscape_revocation_url              "nsRevocationUrl"
-#define LN_netscape_revocation_url              "Netscape Revocation Url"
-#define NID_netscape_revocation_url             73
-#define OBJ_netscape_revocation_url             OBJ_netscape_cert_extension,3L
-
-#define SN_netscape_ca_revocation_url           "nsCaRevocationUrl"
-#define LN_netscape_ca_revocation_url           "Netscape CA Revocation Url"
-#define NID_netscape_ca_revocation_url          74
-#define OBJ_netscape_ca_revocation_url          OBJ_netscape_cert_extension,4L
-
-#define SN_netscape_renewal_url         "nsRenewalUrl"
-#define LN_netscape_renewal_url         "Netscape Renewal Url"
-#define NID_netscape_renewal_url                75
-#define OBJ_netscape_renewal_url                OBJ_netscape_cert_extension,7L
-
-#define SN_netscape_ca_policy_url               "nsCaPolicyUrl"
-#define LN_netscape_ca_policy_url               "Netscape CA Policy Url"
-#define NID_netscape_ca_policy_url              76
-#define OBJ_netscape_ca_policy_url              OBJ_netscape_cert_extension,8L
-
-#define SN_netscape_ssl_server_name             "nsSslServerName"
-#define LN_netscape_ssl_server_name             "Netscape SSL Server Name"
-#define NID_netscape_ssl_server_name            77
-#define OBJ_netscape_ssl_server_name            OBJ_netscape_cert_extension,12L
-
-#define SN_netscape_comment             "nsComment"
-#define LN_netscape_comment             "Netscape Comment"
-#define NID_netscape_comment            78
-#define OBJ_netscape_comment            OBJ_netscape_cert_extension,13L
-
-#define SN_netscape_cert_sequence               "nsCertSequence"
-#define LN_netscape_cert_sequence               "Netscape Certificate Sequence"
-#define NID_netscape_cert_sequence              79
-#define OBJ_netscape_cert_sequence              OBJ_netscape_data_type,5L
-
-#define SN_ns_sgc               "nsSGC"
-#define LN_ns_sgc               "Netscape Server Gated Crypto"
-#define NID_ns_sgc              139
-#define OBJ_ns_sgc              OBJ_netscape,4L,1L
-
-#define SN_org          "ORG"
-#define LN_org          "org"
-#define NID_org         379
-#define OBJ_org         OBJ_iso,3L
-
-#define SN_dod          "DOD"
-#define LN_dod          "dod"
-#define NID_dod         380
-#define OBJ_dod         OBJ_org,6L
-
-#define SN_iana         "IANA"
-#define LN_iana         "iana"
-#define NID_iana                381
-#define OBJ_iana                OBJ_dod,1L
-
-#define OBJ_internet            OBJ_iana
-
-#define SN_Directory            "directory"
-#define LN_Directory            "Directory"
-#define NID_Directory           382
-#define OBJ_Directory           OBJ_internet,1L
-
-#define SN_Management           "mgmt"
-#define LN_Management           "Management"
-#define NID_Management          383
-#define OBJ_Management          OBJ_internet,2L
-
-#define SN_Experimental         "experimental"
-#define LN_Experimental         "Experimental"
-#define NID_Experimental                384
-#define OBJ_Experimental                OBJ_internet,3L
-
-#define SN_Private              "private"
-#define LN_Private              "Private"
-#define NID_Private             385
-#define OBJ_Private             OBJ_internet,4L
-
-#define SN_Security             "security"
-#define LN_Security             "Security"
-#define NID_Security            386
-#define OBJ_Security            OBJ_internet,5L
-
-#define SN_SNMPv2               "snmpv2"
-#define LN_SNMPv2               "SNMPv2"
-#define NID_SNMPv2              387
-#define OBJ_SNMPv2              OBJ_internet,6L
-
-#define LN_Mail         "Mail"
-#define NID_Mail                388
-#define OBJ_Mail                OBJ_internet,7L
-
-#define SN_Enterprises          "enterprises"
-#define LN_Enterprises          "Enterprises"
-#define NID_Enterprises         389
-#define OBJ_Enterprises         OBJ_Private,1L
-
-#define SN_dcObject             "dcobject"
-#define LN_dcObject             "dcObject"
-#define NID_dcObject            390
-#define OBJ_dcObject            OBJ_Enterprises,1466L,344L
-
-#define SN_mime_mhs             "mime-mhs"
-#define LN_mime_mhs             "MIME MHS"
-#define NID_mime_mhs            504
-#define OBJ_mime_mhs            OBJ_Mail,1L
-
-#define SN_mime_mhs_headings            "mime-mhs-headings"
-#define LN_mime_mhs_headings            "mime-mhs-headings"
-#define NID_mime_mhs_headings           505
-#define OBJ_mime_mhs_headings           OBJ_mime_mhs,1L
-
-#define SN_mime_mhs_bodies              "mime-mhs-bodies"
-#define LN_mime_mhs_bodies              "mime-mhs-bodies"
-#define NID_mime_mhs_bodies             506
-#define OBJ_mime_mhs_bodies             OBJ_mime_mhs,2L
-
-#define SN_id_hex_partial_message               "id-hex-partial-message"
-#define LN_id_hex_partial_message               "id-hex-partial-message"
-#define NID_id_hex_partial_message              507
-#define OBJ_id_hex_partial_message              OBJ_mime_mhs_headings,1L
-
-#define SN_id_hex_multipart_message             "id-hex-multipart-message"
-#define LN_id_hex_multipart_message             "id-hex-multipart-message"
-#define NID_id_hex_multipart_message            508
-#define OBJ_id_hex_multipart_message            OBJ_mime_mhs_headings,2L
-
-#define SN_rle_compression              "RLE"
-#define LN_rle_compression              "run length compression"
-#define NID_rle_compression             124
-#define OBJ_rle_compression             1L,1L,1L,1L,666L,1L
-
-#define SN_zlib_compression             "ZLIB"
-#define LN_zlib_compression             "zlib compression"
-#define NID_zlib_compression            125
-#define OBJ_zlib_compression            1L,1L,1L,1L,666L,2L
-
-#define OBJ_csor                2L,16L,840L,1L,101L,3L
-
-#define OBJ_nistAlgorithms              OBJ_csor,4L
-
-#define OBJ_aes         OBJ_nistAlgorithms,1L
-
-#define SN_aes_128_ecb          "AES-128-ECB"
-#define LN_aes_128_ecb          "aes-128-ecb"
-#define NID_aes_128_ecb         418
-#define OBJ_aes_128_ecb         OBJ_aes,1L
-
-#define SN_aes_128_cbc          "AES-128-CBC"
-#define LN_aes_128_cbc          "aes-128-cbc"
-#define NID_aes_128_cbc         419
-#define OBJ_aes_128_cbc         OBJ_aes,2L
-
-#define SN_aes_128_ofb128               "AES-128-OFB"
-#define LN_aes_128_ofb128               "aes-128-ofb"
-#define NID_aes_128_ofb128              420
-#define OBJ_aes_128_ofb128              OBJ_aes,3L
-
-#define SN_aes_128_cfb128               "AES-128-CFB"
-#define LN_aes_128_cfb128               "aes-128-cfb"
-#define NID_aes_128_cfb128              421
-#define OBJ_aes_128_cfb128              OBJ_aes,4L
-
-#define SN_aes_192_ecb          "AES-192-ECB"
-#define LN_aes_192_ecb          "aes-192-ecb"
-#define NID_aes_192_ecb         422
-#define OBJ_aes_192_ecb         OBJ_aes,21L
-
-#define SN_aes_192_cbc          "AES-192-CBC"
-#define LN_aes_192_cbc          "aes-192-cbc"
-#define NID_aes_192_cbc         423
-#define OBJ_aes_192_cbc         OBJ_aes,22L
-
-#define SN_aes_192_ofb128               "AES-192-OFB"
-#define LN_aes_192_ofb128               "aes-192-ofb"
-#define NID_aes_192_ofb128              424
-#define OBJ_aes_192_ofb128              OBJ_aes,23L
-
-#define SN_aes_192_cfb128               "AES-192-CFB"
-#define LN_aes_192_cfb128               "aes-192-cfb"
-#define NID_aes_192_cfb128              425
-#define OBJ_aes_192_cfb128              OBJ_aes,24L
-
-#define SN_aes_256_ecb          "AES-256-ECB"
-#define LN_aes_256_ecb          "aes-256-ecb"
-#define NID_aes_256_ecb         426
-#define OBJ_aes_256_ecb         OBJ_aes,41L
-
-#define SN_aes_256_cbc          "AES-256-CBC"
-#define LN_aes_256_cbc          "aes-256-cbc"
-#define NID_aes_256_cbc         427
-#define OBJ_aes_256_cbc         OBJ_aes,42L
-
-#define SN_aes_256_ofb128               "AES-256-OFB"
-#define LN_aes_256_ofb128               "aes-256-ofb"
-#define NID_aes_256_ofb128              428
-#define OBJ_aes_256_ofb128              OBJ_aes,43L
-
-#define SN_aes_256_cfb128               "AES-256-CFB"
-#define LN_aes_256_cfb128               "aes-256-cfb"
-#define NID_aes_256_cfb128              429
-#define OBJ_aes_256_cfb128              OBJ_aes,44L
-
-#define SN_hold_instruction_code                "holdInstructionCode"
-#define LN_hold_instruction_code                "Hold Instruction Code"
-#define NID_hold_instruction_code               430
-#define OBJ_hold_instruction_code               OBJ_id_ce,23L
-
-#define OBJ_holdInstruction             OBJ_X9_57,2L
-
-#define SN_hold_instruction_none                "holdInstructionNone"
-#define LN_hold_instruction_none                "Hold Instruction None"
-#define NID_hold_instruction_none               431
-#define OBJ_hold_instruction_none               OBJ_holdInstruction,1L
-
-#define SN_hold_instruction_call_issuer         "holdInstructionCallIssuer"
-#define LN_hold_instruction_call_issuer         "Hold Instruction Call Issuer"
-#define NID_hold_instruction_call_issuer                432
-#define OBJ_hold_instruction_call_issuer                OBJ_holdInstruction,2L
-
-#define SN_hold_instruction_reject              "holdInstructionReject"
-#define LN_hold_instruction_reject              "Hold Instruction Reject"
-#define NID_hold_instruction_reject             433
-#define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
-
-#define SN_data         "data"
-#define NID_data                434
-#define OBJ_data                OBJ_ccitt,9L
-
-#define SN_pss          "pss"
-#define NID_pss         435
-#define OBJ_pss         OBJ_data,2342L
-
-#define SN_ucl          "ucl"
-#define NID_ucl         436
-#define OBJ_ucl         OBJ_pss,19200300L
-
-#define SN_pilot                "pilot"
-#define NID_pilot               437
-#define OBJ_pilot               OBJ_ucl,100L
-
-#define LN_pilotAttributeType           "pilotAttributeType"
-#define NID_pilotAttributeType          438
-#define OBJ_pilotAttributeType          OBJ_pilot,1L
-
-#define LN_pilotAttributeSyntax         "pilotAttributeSyntax"
-#define NID_pilotAttributeSyntax                439
-#define OBJ_pilotAttributeSyntax                OBJ_pilot,3L
-
-#define LN_pilotObjectClass             "pilotObjectClass"
-#define NID_pilotObjectClass            440
-#define OBJ_pilotObjectClass            OBJ_pilot,4L
-
-#define LN_pilotGroups          "pilotGroups"
-#define NID_pilotGroups         441
-#define OBJ_pilotGroups         OBJ_pilot,10L
-
-#define LN_iA5StringSyntax              "iA5StringSyntax"
-#define NID_iA5StringSyntax             442
-#define OBJ_iA5StringSyntax             OBJ_pilotAttributeSyntax,4L
-
-#define LN_caseIgnoreIA5StringSyntax            "caseIgnoreIA5StringSyntax"
-#define NID_caseIgnoreIA5StringSyntax           443
-#define OBJ_caseIgnoreIA5StringSyntax           OBJ_pilotAttributeSyntax,5L
-
-#define LN_pilotObject          "pilotObject"
-#define NID_pilotObject         444
-#define OBJ_pilotObject         OBJ_pilotObjectClass,3L
-
-#define LN_pilotPerson          "pilotPerson"
-#define NID_pilotPerson         445
-#define OBJ_pilotPerson         OBJ_pilotObjectClass,4L
-
-#define SN_account              "account"
-#define NID_account             446
-#define OBJ_account             OBJ_pilotObjectClass,5L
-
-#define SN_document             "document"
-#define NID_document            447
-#define OBJ_document            OBJ_pilotObjectClass,6L
-
-#define SN_room         "room"
-#define NID_room                448
-#define OBJ_room                OBJ_pilotObjectClass,7L
-
-#define LN_documentSeries               "documentSeries"
-#define NID_documentSeries              449
-#define OBJ_documentSeries              OBJ_pilotObjectClass,9L
-
-#define SN_Domain               "domain"
-#define LN_Domain               "Domain"
-#define NID_Domain              392
-#define OBJ_Domain              OBJ_pilotObjectClass,13L
-
-#define LN_rFC822localPart              "rFC822localPart"
-#define NID_rFC822localPart             450
-#define OBJ_rFC822localPart             OBJ_pilotObjectClass,14L
-
-#define LN_dNSDomain            "dNSDomain"
-#define NID_dNSDomain           451
-#define OBJ_dNSDomain           OBJ_pilotObjectClass,15L
-
-#define LN_domainRelatedObject          "domainRelatedObject"
-#define NID_domainRelatedObject         452
-#define OBJ_domainRelatedObject         OBJ_pilotObjectClass,17L
-
-#define LN_friendlyCountry              "friendlyCountry"
-#define NID_friendlyCountry             453
-#define OBJ_friendlyCountry             OBJ_pilotObjectClass,18L
-
-#define LN_simpleSecurityObject         "simpleSecurityObject"
-#define NID_simpleSecurityObject                454
-#define OBJ_simpleSecurityObject                OBJ_pilotObjectClass,19L
-
-#define LN_pilotOrganization            "pilotOrganization"
-#define NID_pilotOrganization           455
-#define OBJ_pilotOrganization           OBJ_pilotObjectClass,20L
-
-#define LN_pilotDSA             "pilotDSA"
-#define NID_pilotDSA            456
-#define OBJ_pilotDSA            OBJ_pilotObjectClass,21L
-
-#define LN_qualityLabelledData          "qualityLabelledData"
-#define NID_qualityLabelledData         457
-#define OBJ_qualityLabelledData         OBJ_pilotObjectClass,22L
-
-#define SN_userId               "UID"
-#define LN_userId               "userId"
-#define NID_userId              458
-#define OBJ_userId              OBJ_pilotAttributeType,1L
-
-#define LN_textEncodedORAddress         "textEncodedORAddress"
-#define NID_textEncodedORAddress                459
-#define OBJ_textEncodedORAddress                OBJ_pilotAttributeType,2L
-
-#define SN_rfc822Mailbox                "mail"
-#define LN_rfc822Mailbox                "rfc822Mailbox"
-#define NID_rfc822Mailbox               460
-#define OBJ_rfc822Mailbox               OBJ_pilotAttributeType,3L
-
-#define SN_info         "info"
-#define NID_info                461
-#define OBJ_info                OBJ_pilotAttributeType,4L
-
-#define LN_favouriteDrink               "favouriteDrink"
-#define NID_favouriteDrink              462
-#define OBJ_favouriteDrink              OBJ_pilotAttributeType,5L
-
-#define LN_roomNumber           "roomNumber"
-#define NID_roomNumber          463
-#define OBJ_roomNumber          OBJ_pilotAttributeType,6L
-
-#define SN_photo                "photo"
-#define NID_photo               464
-#define OBJ_photo               OBJ_pilotAttributeType,7L
-
-#define LN_userClass            "userClass"
-#define NID_userClass           465
-#define OBJ_userClass           OBJ_pilotAttributeType,8L
-
-#define SN_host         "host"
-#define NID_host                466
-#define OBJ_host                OBJ_pilotAttributeType,9L
-
-#define SN_manager              "manager"
-#define NID_manager             467
-#define OBJ_manager             OBJ_pilotAttributeType,10L
-
-#define LN_documentIdentifier           "documentIdentifier"
-#define NID_documentIdentifier          468
-#define OBJ_documentIdentifier          OBJ_pilotAttributeType,11L
-
-#define LN_documentTitle                "documentTitle"
-#define NID_documentTitle               469
-#define OBJ_documentTitle               OBJ_pilotAttributeType,12L
-
-#define LN_documentVersion              "documentVersion"
-#define NID_documentVersion             470
-#define OBJ_documentVersion             OBJ_pilotAttributeType,13L
-
-#define LN_documentAuthor               "documentAuthor"
-#define NID_documentAuthor              471
-#define OBJ_documentAuthor              OBJ_pilotAttributeType,14L
-
-#define LN_documentLocation             "documentLocation"
-#define NID_documentLocation            472
-#define OBJ_documentLocation            OBJ_pilotAttributeType,15L
-
-#define LN_homeTelephoneNumber          "homeTelephoneNumber"
-#define NID_homeTelephoneNumber         473
-#define OBJ_homeTelephoneNumber         OBJ_pilotAttributeType,20L
-
-#define SN_secretary            "secretary"
-#define NID_secretary           474
-#define OBJ_secretary           OBJ_pilotAttributeType,21L
-
-#define LN_otherMailbox         "otherMailbox"
-#define NID_otherMailbox                475
-#define OBJ_otherMailbox                OBJ_pilotAttributeType,22L
-
-#define LN_lastModifiedTime             "lastModifiedTime"
-#define NID_lastModifiedTime            476
-#define OBJ_lastModifiedTime            OBJ_pilotAttributeType,23L
-
-#define LN_lastModifiedBy               "lastModifiedBy"
-#define NID_lastModifiedBy              477
-#define OBJ_lastModifiedBy              OBJ_pilotAttributeType,24L
-
-#define SN_domainComponent              "DC"
-#define LN_domainComponent              "domainComponent"
-#define NID_domainComponent             391
-#define OBJ_domainComponent             OBJ_pilotAttributeType,25L
-
-#define LN_aRecord              "aRecord"
-#define NID_aRecord             478
-#define OBJ_aRecord             OBJ_pilotAttributeType,26L
-
-#define LN_pilotAttributeType27         "pilotAttributeType27"
-#define NID_pilotAttributeType27                479
-#define OBJ_pilotAttributeType27                OBJ_pilotAttributeType,27L
-
-#define LN_mXRecord             "mXRecord"
-#define NID_mXRecord            480
-#define OBJ_mXRecord            OBJ_pilotAttributeType,28L
-
-#define LN_nSRecord             "nSRecord"
-#define NID_nSRecord            481
-#define OBJ_nSRecord            OBJ_pilotAttributeType,29L
-
-#define LN_sOARecord            "sOARecord"
-#define NID_sOARecord           482
-#define OBJ_sOARecord           OBJ_pilotAttributeType,30L
-
-#define LN_cNAMERecord          "cNAMERecord"
-#define NID_cNAMERecord         483
-#define OBJ_cNAMERecord         OBJ_pilotAttributeType,31L
-
-#define LN_associatedDomain             "associatedDomain"
-#define NID_associatedDomain            484
-#define OBJ_associatedDomain            OBJ_pilotAttributeType,37L
-
-#define LN_associatedName               "associatedName"
-#define NID_associatedName              485
-#define OBJ_associatedName              OBJ_pilotAttributeType,38L
-
-#define LN_homePostalAddress            "homePostalAddress"
-#define NID_homePostalAddress           486
-#define OBJ_homePostalAddress           OBJ_pilotAttributeType,39L
-
-#define LN_personalTitle                "personalTitle"
-#define NID_personalTitle               487
-#define OBJ_personalTitle               OBJ_pilotAttributeType,40L
-
-#define LN_mobileTelephoneNumber                "mobileTelephoneNumber"
-#define NID_mobileTelephoneNumber               488
-#define OBJ_mobileTelephoneNumber               OBJ_pilotAttributeType,41L
-
-#define LN_pagerTelephoneNumber         "pagerTelephoneNumber"
-#define NID_pagerTelephoneNumber                489
-#define OBJ_pagerTelephoneNumber                OBJ_pilotAttributeType,42L
-
-#define LN_friendlyCountryName          "friendlyCountryName"
-#define NID_friendlyCountryName         490
-#define OBJ_friendlyCountryName         OBJ_pilotAttributeType,43L
-
-#define LN_organizationalStatus         "organizationalStatus"
-#define NID_organizationalStatus                491
-#define OBJ_organizationalStatus                OBJ_pilotAttributeType,45L
-
-#define LN_janetMailbox         "janetMailbox"
-#define NID_janetMailbox                492
-#define OBJ_janetMailbox                OBJ_pilotAttributeType,46L
-
-#define LN_mailPreferenceOption         "mailPreferenceOption"
-#define NID_mailPreferenceOption                493
-#define OBJ_mailPreferenceOption                OBJ_pilotAttributeType,47L
-
-#define LN_buildingName         "buildingName"
-#define NID_buildingName                494
-#define OBJ_buildingName                OBJ_pilotAttributeType,48L
-
-#define LN_dSAQuality           "dSAQuality"
-#define NID_dSAQuality          495
-#define OBJ_dSAQuality          OBJ_pilotAttributeType,49L
-
-#define LN_singleLevelQuality           "singleLevelQuality"
-#define NID_singleLevelQuality          496
-#define OBJ_singleLevelQuality          OBJ_pilotAttributeType,50L
-
-#define LN_subtreeMinimumQuality                "subtreeMinimumQuality"
-#define NID_subtreeMinimumQuality               497
-#define OBJ_subtreeMinimumQuality               OBJ_pilotAttributeType,51L
-
-#define LN_subtreeMaximumQuality                "subtreeMaximumQuality"
-#define NID_subtreeMaximumQuality               498
-#define OBJ_subtreeMaximumQuality               OBJ_pilotAttributeType,52L
-
-#define LN_personalSignature            "personalSignature"
-#define NID_personalSignature           499
-#define OBJ_personalSignature           OBJ_pilotAttributeType,53L
-
-#define LN_dITRedirect          "dITRedirect"
-#define NID_dITRedirect         500
-#define OBJ_dITRedirect         OBJ_pilotAttributeType,54L
-
-#define SN_audio                "audio"
-#define NID_audio               501
-#define OBJ_audio               OBJ_pilotAttributeType,55L
-
-#define LN_documentPublisher            "documentPublisher"
-#define NID_documentPublisher           502
-#define OBJ_documentPublisher           OBJ_pilotAttributeType,56L
-
-#define SN_id_set               "id-set"
-#define LN_id_set               "Secure Electronic Transactions"
-#define NID_id_set              512
-#define OBJ_id_set              2L,23L,42L
-
-#define SN_set_ctype            "set-ctype"
-#define LN_set_ctype            "content types"
-#define NID_set_ctype           513
-#define OBJ_set_ctype           OBJ_id_set,0L
-
-#define SN_set_msgExt           "set-msgExt"
-#define LN_set_msgExt           "message extensions"
-#define NID_set_msgExt          514
-#define OBJ_set_msgExt          OBJ_id_set,1L
-
-#define SN_set_attr             "set-attr"
-#define NID_set_attr            515
-#define OBJ_set_attr            OBJ_id_set,3L
-
-#define SN_set_policy           "set-policy"
-#define NID_set_policy          516
-#define OBJ_set_policy          OBJ_id_set,5L
-
-#define SN_set_certExt          "set-certExt"
-#define LN_set_certExt          "certificate extensions"
-#define NID_set_certExt         517
-#define OBJ_set_certExt         OBJ_id_set,7L
-
-#define SN_set_brand            "set-brand"
-#define NID_set_brand           518
-#define OBJ_set_brand           OBJ_id_set,8L
-
-#define SN_setct_PANData                "setct-PANData"
-#define NID_setct_PANData               519
-#define OBJ_setct_PANData               OBJ_set_ctype,0L
-
-#define SN_setct_PANToken               "setct-PANToken"
-#define NID_setct_PANToken              520
-#define OBJ_setct_PANToken              OBJ_set_ctype,1L
-
-#define SN_setct_PANOnly                "setct-PANOnly"
-#define NID_setct_PANOnly               521
-#define OBJ_setct_PANOnly               OBJ_set_ctype,2L
-
-#define SN_setct_OIData         "setct-OIData"
-#define NID_setct_OIData                522
-#define OBJ_setct_OIData                OBJ_set_ctype,3L
-
-#define SN_setct_PI             "setct-PI"
-#define NID_setct_PI            523
-#define OBJ_setct_PI            OBJ_set_ctype,4L
-
-#define SN_setct_PIData         "setct-PIData"
-#define NID_setct_PIData                524
-#define OBJ_setct_PIData                OBJ_set_ctype,5L
-
-#define SN_setct_PIDataUnsigned         "setct-PIDataUnsigned"
-#define NID_setct_PIDataUnsigned                525
-#define OBJ_setct_PIDataUnsigned                OBJ_set_ctype,6L
-
-#define SN_setct_HODInput               "setct-HODInput"
-#define NID_setct_HODInput              526
-#define OBJ_setct_HODInput              OBJ_set_ctype,7L
-
-#define SN_setct_AuthResBaggage         "setct-AuthResBaggage"
-#define NID_setct_AuthResBaggage                527
-#define OBJ_setct_AuthResBaggage                OBJ_set_ctype,8L
-
-#define SN_setct_AuthRevReqBaggage              "setct-AuthRevReqBaggage"
-#define NID_setct_AuthRevReqBaggage             528
-#define OBJ_setct_AuthRevReqBaggage             OBJ_set_ctype,9L
-
-#define SN_setct_AuthRevResBaggage              "setct-AuthRevResBaggage"
-#define NID_setct_AuthRevResBaggage             529
-#define OBJ_setct_AuthRevResBaggage             OBJ_set_ctype,10L
-
-#define SN_setct_CapTokenSeq            "setct-CapTokenSeq"
-#define NID_setct_CapTokenSeq           530
-#define OBJ_setct_CapTokenSeq           OBJ_set_ctype,11L
-
-#define SN_setct_PInitResData           "setct-PInitResData"
-#define NID_setct_PInitResData          531
-#define OBJ_setct_PInitResData          OBJ_set_ctype,12L
-
-#define SN_setct_PI_TBS         "setct-PI-TBS"
-#define NID_setct_PI_TBS                532
-#define OBJ_setct_PI_TBS                OBJ_set_ctype,13L
-
-#define SN_setct_PResData               "setct-PResData"
-#define NID_setct_PResData              533
-#define OBJ_setct_PResData              OBJ_set_ctype,14L
-
-#define SN_setct_AuthReqTBS             "setct-AuthReqTBS"
-#define NID_setct_AuthReqTBS            534
-#define OBJ_setct_AuthReqTBS            OBJ_set_ctype,16L
-
-#define SN_setct_AuthResTBS             "setct-AuthResTBS"
-#define NID_setct_AuthResTBS            535
-#define OBJ_setct_AuthResTBS            OBJ_set_ctype,17L
-
-#define SN_setct_AuthResTBSX            "setct-AuthResTBSX"
-#define NID_setct_AuthResTBSX           536
-#define OBJ_setct_AuthResTBSX           OBJ_set_ctype,18L
-
-#define SN_setct_AuthTokenTBS           "setct-AuthTokenTBS"
-#define NID_setct_AuthTokenTBS          537
-#define OBJ_setct_AuthTokenTBS          OBJ_set_ctype,19L
-
-#define SN_setct_CapTokenData           "setct-CapTokenData"
-#define NID_setct_CapTokenData          538
-#define OBJ_setct_CapTokenData          OBJ_set_ctype,20L
-
-#define SN_setct_CapTokenTBS            "setct-CapTokenTBS"
-#define NID_setct_CapTokenTBS           539
-#define OBJ_setct_CapTokenTBS           OBJ_set_ctype,21L
-
-#define SN_setct_AcqCardCodeMsg         "setct-AcqCardCodeMsg"
-#define NID_setct_AcqCardCodeMsg                540
-#define OBJ_setct_AcqCardCodeMsg                OBJ_set_ctype,22L
-
-#define SN_setct_AuthRevReqTBS          "setct-AuthRevReqTBS"
-#define NID_setct_AuthRevReqTBS         541
-#define OBJ_setct_AuthRevReqTBS         OBJ_set_ctype,23L
-
-#define SN_setct_AuthRevResData         "setct-AuthRevResData"
-#define NID_setct_AuthRevResData                542
-#define OBJ_setct_AuthRevResData                OBJ_set_ctype,24L
-
-#define SN_setct_AuthRevResTBS          "setct-AuthRevResTBS"
-#define NID_setct_AuthRevResTBS         543
-#define OBJ_setct_AuthRevResTBS         OBJ_set_ctype,25L
-
-#define SN_setct_CapReqTBS              "setct-CapReqTBS"
-#define NID_setct_CapReqTBS             544
-#define OBJ_setct_CapReqTBS             OBJ_set_ctype,26L
-
-#define SN_setct_CapReqTBSX             "setct-CapReqTBSX"
-#define NID_setct_CapReqTBSX            545
-#define OBJ_setct_CapReqTBSX            OBJ_set_ctype,27L
-
-#define SN_setct_CapResData             "setct-CapResData"
-#define NID_setct_CapResData            546
-#define OBJ_setct_CapResData            OBJ_set_ctype,28L
-
-#define SN_setct_CapRevReqTBS           "setct-CapRevReqTBS"
-#define NID_setct_CapRevReqTBS          547
-#define OBJ_setct_CapRevReqTBS          OBJ_set_ctype,29L
-
-#define SN_setct_CapRevReqTBSX          "setct-CapRevReqTBSX"
-#define NID_setct_CapRevReqTBSX         548
-#define OBJ_setct_CapRevReqTBSX         OBJ_set_ctype,30L
-
-#define SN_setct_CapRevResData          "setct-CapRevResData"
-#define NID_setct_CapRevResData         549
-#define OBJ_setct_CapRevResData         OBJ_set_ctype,31L
-
-#define SN_setct_CredReqTBS             "setct-CredReqTBS"
-#define NID_setct_CredReqTBS            550
-#define OBJ_setct_CredReqTBS            OBJ_set_ctype,32L
-
-#define SN_setct_CredReqTBSX            "setct-CredReqTBSX"
-#define NID_setct_CredReqTBSX           551
-#define OBJ_setct_CredReqTBSX           OBJ_set_ctype,33L
-
-#define SN_setct_CredResData            "setct-CredResData"
-#define NID_setct_CredResData           552
-#define OBJ_setct_CredResData           OBJ_set_ctype,34L
-
-#define SN_setct_CredRevReqTBS          "setct-CredRevReqTBS"
-#define NID_setct_CredRevReqTBS         553
-#define OBJ_setct_CredRevReqTBS         OBJ_set_ctype,35L
-
-#define SN_setct_CredRevReqTBSX         "setct-CredRevReqTBSX"
-#define NID_setct_CredRevReqTBSX                554
-#define OBJ_setct_CredRevReqTBSX                OBJ_set_ctype,36L
-
-#define SN_setct_CredRevResData         "setct-CredRevResData"
-#define NID_setct_CredRevResData                555
-#define OBJ_setct_CredRevResData                OBJ_set_ctype,37L
-
-#define SN_setct_PCertReqData           "setct-PCertReqData"
-#define NID_setct_PCertReqData          556
-#define OBJ_setct_PCertReqData          OBJ_set_ctype,38L
-
-#define SN_setct_PCertResTBS            "setct-PCertResTBS"
-#define NID_setct_PCertResTBS           557
-#define OBJ_setct_PCertResTBS           OBJ_set_ctype,39L
-
-#define SN_setct_BatchAdminReqData              "setct-BatchAdminReqData"
-#define NID_setct_BatchAdminReqData             558
-#define OBJ_setct_BatchAdminReqData             OBJ_set_ctype,40L
-
-#define SN_setct_BatchAdminResData              "setct-BatchAdminResData"
-#define NID_setct_BatchAdminResData             559
-#define OBJ_setct_BatchAdminResData             OBJ_set_ctype,41L
-
-#define SN_setct_CardCInitResTBS                "setct-CardCInitResTBS"
-#define NID_setct_CardCInitResTBS               560
-#define OBJ_setct_CardCInitResTBS               OBJ_set_ctype,42L
-
-#define SN_setct_MeAqCInitResTBS                "setct-MeAqCInitResTBS"
-#define NID_setct_MeAqCInitResTBS               561
-#define OBJ_setct_MeAqCInitResTBS               OBJ_set_ctype,43L
-
-#define SN_setct_RegFormResTBS          "setct-RegFormResTBS"
-#define NID_setct_RegFormResTBS         562
-#define OBJ_setct_RegFormResTBS         OBJ_set_ctype,44L
-
-#define SN_setct_CertReqData            "setct-CertReqData"
-#define NID_setct_CertReqData           563
-#define OBJ_setct_CertReqData           OBJ_set_ctype,45L
-
-#define SN_setct_CertReqTBS             "setct-CertReqTBS"
-#define NID_setct_CertReqTBS            564
-#define OBJ_setct_CertReqTBS            OBJ_set_ctype,46L
-
-#define SN_setct_CertResData            "setct-CertResData"
-#define NID_setct_CertResData           565
-#define OBJ_setct_CertResData           OBJ_set_ctype,47L
-
-#define SN_setct_CertInqReqTBS          "setct-CertInqReqTBS"
-#define NID_setct_CertInqReqTBS         566
-#define OBJ_setct_CertInqReqTBS         OBJ_set_ctype,48L
-
-#define SN_setct_ErrorTBS               "setct-ErrorTBS"
-#define NID_setct_ErrorTBS              567
-#define OBJ_setct_ErrorTBS              OBJ_set_ctype,49L
-
-#define SN_setct_PIDualSignedTBE                "setct-PIDualSignedTBE"
-#define NID_setct_PIDualSignedTBE               568
-#define OBJ_setct_PIDualSignedTBE               OBJ_set_ctype,50L
-
-#define SN_setct_PIUnsignedTBE          "setct-PIUnsignedTBE"
-#define NID_setct_PIUnsignedTBE         569
-#define OBJ_setct_PIUnsignedTBE         OBJ_set_ctype,51L
-
-#define SN_setct_AuthReqTBE             "setct-AuthReqTBE"
-#define NID_setct_AuthReqTBE            570
-#define OBJ_setct_AuthReqTBE            OBJ_set_ctype,52L
-
-#define SN_setct_AuthResTBE             "setct-AuthResTBE"
-#define NID_setct_AuthResTBE            571
-#define OBJ_setct_AuthResTBE            OBJ_set_ctype,53L
-
-#define SN_setct_AuthResTBEX            "setct-AuthResTBEX"
-#define NID_setct_AuthResTBEX           572
-#define OBJ_setct_AuthResTBEX           OBJ_set_ctype,54L
-
-#define SN_setct_AuthTokenTBE           "setct-AuthTokenTBE"
-#define NID_setct_AuthTokenTBE          573
-#define OBJ_setct_AuthTokenTBE          OBJ_set_ctype,55L
-
-#define SN_setct_CapTokenTBE            "setct-CapTokenTBE"
-#define NID_setct_CapTokenTBE           574
-#define OBJ_setct_CapTokenTBE           OBJ_set_ctype,56L
-
-#define SN_setct_CapTokenTBEX           "setct-CapTokenTBEX"
-#define NID_setct_CapTokenTBEX          575
-#define OBJ_setct_CapTokenTBEX          OBJ_set_ctype,57L
-
-#define SN_setct_AcqCardCodeMsgTBE              "setct-AcqCardCodeMsgTBE"
-#define NID_setct_AcqCardCodeMsgTBE             576
-#define OBJ_setct_AcqCardCodeMsgTBE             OBJ_set_ctype,58L
-
-#define SN_setct_AuthRevReqTBE          "setct-AuthRevReqTBE"
-#define NID_setct_AuthRevReqTBE         577
-#define OBJ_setct_AuthRevReqTBE         OBJ_set_ctype,59L
-
-#define SN_setct_AuthRevResTBE          "setct-AuthRevResTBE"
-#define NID_setct_AuthRevResTBE         578
-#define OBJ_setct_AuthRevResTBE         OBJ_set_ctype,60L
-
-#define SN_setct_AuthRevResTBEB         "setct-AuthRevResTBEB"
-#define NID_setct_AuthRevResTBEB                579
-#define OBJ_setct_AuthRevResTBEB                OBJ_set_ctype,61L
-
-#define SN_setct_CapReqTBE              "setct-CapReqTBE"
-#define NID_setct_CapReqTBE             580
-#define OBJ_setct_CapReqTBE             OBJ_set_ctype,62L
-
-#define SN_setct_CapReqTBEX             "setct-CapReqTBEX"
-#define NID_setct_CapReqTBEX            581
-#define OBJ_setct_CapReqTBEX            OBJ_set_ctype,63L
-
-#define SN_setct_CapResTBE              "setct-CapResTBE"
-#define NID_setct_CapResTBE             582
-#define OBJ_setct_CapResTBE             OBJ_set_ctype,64L
-
-#define SN_setct_CapRevReqTBE           "setct-CapRevReqTBE"
-#define NID_setct_CapRevReqTBE          583
-#define OBJ_setct_CapRevReqTBE          OBJ_set_ctype,65L
-
-#define SN_setct_CapRevReqTBEX          "setct-CapRevReqTBEX"
-#define NID_setct_CapRevReqTBEX         584
-#define OBJ_setct_CapRevReqTBEX         OBJ_set_ctype,66L
-
-#define SN_setct_CapRevResTBE           "setct-CapRevResTBE"
-#define NID_setct_CapRevResTBE          585
-#define OBJ_setct_CapRevResTBE          OBJ_set_ctype,67L
-
-#define SN_setct_CredReqTBE             "setct-CredReqTBE"
-#define NID_setct_CredReqTBE            586
-#define OBJ_setct_CredReqTBE            OBJ_set_ctype,68L
-
-#define SN_setct_CredReqTBEX            "setct-CredReqTBEX"
-#define NID_setct_CredReqTBEX           587
-#define OBJ_setct_CredReqTBEX           OBJ_set_ctype,69L
-
-#define SN_setct_CredResTBE             "setct-CredResTBE"
-#define NID_setct_CredResTBE            588
-#define OBJ_setct_CredResTBE            OBJ_set_ctype,70L
-
-#define SN_setct_CredRevReqTBE          "setct-CredRevReqTBE"
-#define NID_setct_CredRevReqTBE         589
-#define OBJ_setct_CredRevReqTBE         OBJ_set_ctype,71L
-
-#define SN_setct_CredRevReqTBEX         "setct-CredRevReqTBEX"
-#define NID_setct_CredRevReqTBEX                590
-#define OBJ_setct_CredRevReqTBEX                OBJ_set_ctype,72L
-
-#define SN_setct_CredRevResTBE          "setct-CredRevResTBE"
-#define NID_setct_CredRevResTBE         591
-#define OBJ_setct_CredRevResTBE         OBJ_set_ctype,73L
-
-#define SN_setct_BatchAdminReqTBE               "setct-BatchAdminReqTBE"
-#define NID_setct_BatchAdminReqTBE              592
-#define OBJ_setct_BatchAdminReqTBE              OBJ_set_ctype,74L
-
-#define SN_setct_BatchAdminResTBE               "setct-BatchAdminResTBE"
-#define NID_setct_BatchAdminResTBE              593
-#define OBJ_setct_BatchAdminResTBE              OBJ_set_ctype,75L
-
-#define SN_setct_RegFormReqTBE          "setct-RegFormReqTBE"
-#define NID_setct_RegFormReqTBE         594
-#define OBJ_setct_RegFormReqTBE         OBJ_set_ctype,76L
-
-#define SN_setct_CertReqTBE             "setct-CertReqTBE"
-#define NID_setct_CertReqTBE            595
-#define OBJ_setct_CertReqTBE            OBJ_set_ctype,77L
-
-#define SN_setct_CertReqTBEX            "setct-CertReqTBEX"
-#define NID_setct_CertReqTBEX           596
-#define OBJ_setct_CertReqTBEX           OBJ_set_ctype,78L
-
-#define SN_setct_CertResTBE             "setct-CertResTBE"
-#define NID_setct_CertResTBE            597
-#define OBJ_setct_CertResTBE            OBJ_set_ctype,79L
-
-#define SN_setct_CRLNotificationTBS             "setct-CRLNotificationTBS"
-#define NID_setct_CRLNotificationTBS            598
-#define OBJ_setct_CRLNotificationTBS            OBJ_set_ctype,80L
-
-#define SN_setct_CRLNotificationResTBS          "setct-CRLNotificationResTBS"
-#define NID_setct_CRLNotificationResTBS         599
-#define OBJ_setct_CRLNotificationResTBS         OBJ_set_ctype,81L
-
-#define SN_setct_BCIDistributionTBS             "setct-BCIDistributionTBS"
-#define NID_setct_BCIDistributionTBS            600
-#define OBJ_setct_BCIDistributionTBS            OBJ_set_ctype,82L
-
-#define SN_setext_genCrypt              "setext-genCrypt"
-#define LN_setext_genCrypt              "generic cryptogram"
-#define NID_setext_genCrypt             601
-#define OBJ_setext_genCrypt             OBJ_set_msgExt,1L
-
-#define SN_setext_miAuth                "setext-miAuth"
-#define LN_setext_miAuth                "merchant initiated auth"
-#define NID_setext_miAuth               602
-#define OBJ_setext_miAuth               OBJ_set_msgExt,3L
-
-#define SN_setext_pinSecure             "setext-pinSecure"
-#define NID_setext_pinSecure            603
-#define OBJ_setext_pinSecure            OBJ_set_msgExt,4L
-
-#define SN_setext_pinAny                "setext-pinAny"
-#define NID_setext_pinAny               604
-#define OBJ_setext_pinAny               OBJ_set_msgExt,5L
-
-#define SN_setext_track2                "setext-track2"
-#define NID_setext_track2               605
-#define OBJ_setext_track2               OBJ_set_msgExt,7L
-
-#define SN_setext_cv            "setext-cv"
-#define LN_setext_cv            "additional verification"
-#define NID_setext_cv           606
-#define OBJ_setext_cv           OBJ_set_msgExt,8L
-
-#define SN_set_policy_root              "set-policy-root"
-#define NID_set_policy_root             607
-#define OBJ_set_policy_root             OBJ_set_policy,0L
-
-#define SN_setCext_hashedRoot           "setCext-hashedRoot"
-#define NID_setCext_hashedRoot          608
-#define OBJ_setCext_hashedRoot          OBJ_set_certExt,0L
-
-#define SN_setCext_certType             "setCext-certType"
-#define NID_setCext_certType            609
-#define OBJ_setCext_certType            OBJ_set_certExt,1L
-
-#define SN_setCext_merchData            "setCext-merchData"
-#define NID_setCext_merchData           610
-#define OBJ_setCext_merchData           OBJ_set_certExt,2L
-
-#define SN_setCext_cCertRequired                "setCext-cCertRequired"
-#define NID_setCext_cCertRequired               611
-#define OBJ_setCext_cCertRequired               OBJ_set_certExt,3L
-
-#define SN_setCext_tunneling            "setCext-tunneling"
-#define NID_setCext_tunneling           612
-#define OBJ_setCext_tunneling           OBJ_set_certExt,4L
-
-#define SN_setCext_setExt               "setCext-setExt"
-#define NID_setCext_setExt              613
-#define OBJ_setCext_setExt              OBJ_set_certExt,5L
-
-#define SN_setCext_setQualf             "setCext-setQualf"
-#define NID_setCext_setQualf            614
-#define OBJ_setCext_setQualf            OBJ_set_certExt,6L
-
-#define SN_setCext_PGWYcapabilities             "setCext-PGWYcapabilities"
-#define NID_setCext_PGWYcapabilities            615
-#define OBJ_setCext_PGWYcapabilities            OBJ_set_certExt,7L
-
-#define SN_setCext_TokenIdentifier              "setCext-TokenIdentifier"
-#define NID_setCext_TokenIdentifier             616
-#define OBJ_setCext_TokenIdentifier             OBJ_set_certExt,8L
-
-#define SN_setCext_Track2Data           "setCext-Track2Data"
-#define NID_setCext_Track2Data          617
-#define OBJ_setCext_Track2Data          OBJ_set_certExt,9L
-
-#define SN_setCext_TokenType            "setCext-TokenType"
-#define NID_setCext_TokenType           618
-#define OBJ_setCext_TokenType           OBJ_set_certExt,10L
-
-#define SN_setCext_IssuerCapabilities           "setCext-IssuerCapabilities"
-#define NID_setCext_IssuerCapabilities          619
-#define OBJ_setCext_IssuerCapabilities          OBJ_set_certExt,11L
-
-#define SN_setAttr_Cert         "setAttr-Cert"
-#define NID_setAttr_Cert                620
-#define OBJ_setAttr_Cert                OBJ_set_attr,0L
-
-#define SN_setAttr_PGWYcap              "setAttr-PGWYcap"
-#define LN_setAttr_PGWYcap              "payment gateway capabilities"
-#define NID_setAttr_PGWYcap             621
-#define OBJ_setAttr_PGWYcap             OBJ_set_attr,1L
-
-#define SN_setAttr_TokenType            "setAttr-TokenType"
-#define NID_setAttr_TokenType           622
-#define OBJ_setAttr_TokenType           OBJ_set_attr,2L
-
-#define SN_setAttr_IssCap               "setAttr-IssCap"
-#define LN_setAttr_IssCap               "issuer capabilities"
-#define NID_setAttr_IssCap              623
-#define OBJ_setAttr_IssCap              OBJ_set_attr,3L
-
-#define SN_set_rootKeyThumb             "set-rootKeyThumb"
-#define NID_set_rootKeyThumb            624
-#define OBJ_set_rootKeyThumb            OBJ_setAttr_Cert,0L
-
-#define SN_set_addPolicy                "set-addPolicy"
-#define NID_set_addPolicy               625
-#define OBJ_set_addPolicy               OBJ_setAttr_Cert,1L
-
-#define SN_setAttr_Token_EMV            "setAttr-Token-EMV"
-#define NID_setAttr_Token_EMV           626
-#define OBJ_setAttr_Token_EMV           OBJ_setAttr_TokenType,1L
-
-#define SN_setAttr_Token_B0Prime                "setAttr-Token-B0Prime"
-#define NID_setAttr_Token_B0Prime               627
-#define OBJ_setAttr_Token_B0Prime               OBJ_setAttr_TokenType,2L
-
-#define SN_setAttr_IssCap_CVM           "setAttr-IssCap-CVM"
-#define NID_setAttr_IssCap_CVM          628
-#define OBJ_setAttr_IssCap_CVM          OBJ_setAttr_IssCap,3L
-
-#define SN_setAttr_IssCap_T2            "setAttr-IssCap-T2"
-#define NID_setAttr_IssCap_T2           629
-#define OBJ_setAttr_IssCap_T2           OBJ_setAttr_IssCap,4L
-
-#define SN_setAttr_IssCap_Sig           "setAttr-IssCap-Sig"
-#define NID_setAttr_IssCap_Sig          630
-#define OBJ_setAttr_IssCap_Sig          OBJ_setAttr_IssCap,5L
-
-#define SN_setAttr_GenCryptgrm          "setAttr-GenCryptgrm"
-#define LN_setAttr_GenCryptgrm          "generate cryptogram"
-#define NID_setAttr_GenCryptgrm         631
-#define OBJ_setAttr_GenCryptgrm         OBJ_setAttr_IssCap_CVM,1L
-
-#define SN_setAttr_T2Enc                "setAttr-T2Enc"
-#define LN_setAttr_T2Enc                "encrypted track 2"
-#define NID_setAttr_T2Enc               632
-#define OBJ_setAttr_T2Enc               OBJ_setAttr_IssCap_T2,1L
-
-#define SN_setAttr_T2cleartxt           "setAttr-T2cleartxt"
-#define LN_setAttr_T2cleartxt           "cleartext track 2"
-#define NID_setAttr_T2cleartxt          633
-#define OBJ_setAttr_T2cleartxt          OBJ_setAttr_IssCap_T2,2L
-
-#define SN_setAttr_TokICCsig            "setAttr-TokICCsig"
-#define LN_setAttr_TokICCsig            "ICC or token signature"
-#define NID_setAttr_TokICCsig           634
-#define OBJ_setAttr_TokICCsig           OBJ_setAttr_IssCap_Sig,1L
-
-#define SN_setAttr_SecDevSig            "setAttr-SecDevSig"
-#define LN_setAttr_SecDevSig            "secure device signature"
-#define NID_setAttr_SecDevSig           635
-#define OBJ_setAttr_SecDevSig           OBJ_setAttr_IssCap_Sig,2L
-
-#define SN_set_brand_IATA_ATA           "set-brand-IATA-ATA"
-#define NID_set_brand_IATA_ATA          636
-#define OBJ_set_brand_IATA_ATA          OBJ_set_brand,1L
-
-#define SN_set_brand_Diners             "set-brand-Diners"
-#define NID_set_brand_Diners            637
-#define OBJ_set_brand_Diners            OBJ_set_brand,30L
-
-#define SN_set_brand_AmericanExpress            "set-brand-AmericanExpress"
-#define NID_set_brand_AmericanExpress           638
-#define OBJ_set_brand_AmericanExpress           OBJ_set_brand,34L
-
-#define SN_set_brand_JCB                "set-brand-JCB"
-#define NID_set_brand_JCB               639
-#define OBJ_set_brand_JCB               OBJ_set_brand,35L
-
-#define SN_set_brand_Visa               "set-brand-Visa"
-#define NID_set_brand_Visa              640
-#define OBJ_set_brand_Visa              OBJ_set_brand,4L
-
-#define SN_set_brand_MasterCard         "set-brand-MasterCard"
-#define NID_set_brand_MasterCard                641
-#define OBJ_set_brand_MasterCard                OBJ_set_brand,5L
-
-#define SN_set_brand_Novus              "set-brand-Novus"
-#define NID_set_brand_Novus             642
-#define OBJ_set_brand_Novus             OBJ_set_brand,6011L
-
-#define SN_des_cdmf             "DES-CDMF"
-#define LN_des_cdmf             "des-cdmf"
-#define NID_des_cdmf            643
-#define OBJ_des_cdmf            OBJ_rsadsi,3L,10L
-
-#define SN_rsaOAEPEncryptionSET         "rsaOAEPEncryptionSET"
-#define NID_rsaOAEPEncryptionSET                644
-#define OBJ_rsaOAEPEncryptionSET                OBJ_rsadsi,1L,1L,6L
-
diff --git a/src/lib/libssl/src/crypto/objects/objects.pl b/src/lib/libssl/src/crypto/objects/objects.pl
index 76c06cc8f9..76bb8da677 100644
--- a/src/lib/libssl/src/crypto/objects/objects.pl
+++ b/src/lib/libssl/src/crypto/objects/objects.pl
@@ -107,12 +107,13 @@ while (<IN>)
         }
 close IN;
 
-open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
-foreach (sort { $a <=> $b } keys %nidn)
-        {
-        print NUMOUT $nidn{$_},"\t\t",$_,"\n";
-        }
-close NUMOUT;
+#XXX don't modify input files
+#open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
+#foreach (sort { $a <=> $b } keys %nidn)
+#       {
+#       print NUMOUT $nidn{$_},"\t\t",$_,"\n";
+#       }
+#close NUMOUT;
 
 open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
 print OUT <<'EOF';
diff --git a/src/lib/libssl/src/crypto/ocsp/Makefile.ssl b/src/lib/libssl/src/crypto/ocsp/Makefile.ssl
new file mode 100644
index 0000000000..02477be538
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ocsp/Makefile.ssl
@@ -0,0 +1,293 @@
+#
+# OpenSSL/ocsp/Makefile.ssl
+#
+
+DIR=    ocsp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
+        ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c
+
+LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \
+        ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ocsp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ocsp_asn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ocsp_asn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_asn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+ocsp_asn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_asn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_asn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_asn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_asn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_asn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_asn.o: ../../include/openssl/x509v3.h ocsp_asn.c
+ocsp_cl.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_cl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_cl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_cl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_cl.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_cl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_cl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_cl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_cl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+ocsp_cl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_cl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_cl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c
+ocsp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_err.o: ../../include/openssl/x509v3.h ocsp_err.c
+ocsp_ext.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_ext.o: ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_ext.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ext.o: ../cryptlib.h ocsp_ext.c
+ocsp_ht.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_ht.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_ht.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_ht.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_ht.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_ht.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_ht.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_ht.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_ht.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_ht.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_ht.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c
+ocsp_lib.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_lib.o: ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_lib.o: ../cryptlib.h ocsp_lib.c
+ocsp_prn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_prn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_prn.o: ../../include/openssl/x509v3.h ocsp_prn.c
+ocsp_srv.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_srv.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_srv.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_srv.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_srv.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_srv.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_srv.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_srv.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_srv.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_srv.o: ../../include/openssl/opensslconf.h
+ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_srv.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_srv.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_srv.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_srv.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_srv.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_srv.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_srv.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_srv.o: ../cryptlib.h ocsp_srv.c
+ocsp_vfy.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_vfy.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_vfy.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_vfy.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_vfy.o: ../../include/openssl/x509v3.h ocsp_vfy.c
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h
index e226d9de79..08cb1d5018 100644
--- a/src/lib/libssl/src/crypto/opensslv.h
+++ b/src/lib/libssl/src/crypto/opensslv.h
@@ -25,8 +25,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER  0x0090703fL
-#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.7c 30 Sep 2003"
+#define OPENSSL_VERSION_NUMBER  0x0090702fL
+#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.7b 10 Apr 2003"
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
 
diff --git a/src/lib/libssl/src/crypto/pem/Makefile.ssl b/src/lib/libssl/src/crypto/pem/Makefile.ssl
new file mode 100644
index 0000000000..d3043eb401
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pem/Makefile.ssl
@@ -0,0 +1,336 @@
+#
+# SSLeay/crypto/pem/Makefile
+#
+
+DIR=    pem
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \
+        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c
+
+LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \
+        pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= pem.h pem2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links: $(EXHEADER)
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pem_all.o: ../../e_os.h ../../include/openssl/aes.h
+pem_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_all.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c
+pem_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pem_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pem_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pem_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pem_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pem_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pem_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_err.o: pem_err.c
+pem_info.o: ../../e_os.h ../../include/openssl/aes.h
+pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_info.o: ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../cryptlib.h pem_info.c
+pem_lib.o: ../../e_os.h ../../include/openssl/aes.h
+pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c
+pem_oth.o: ../../e_os.h ../../include/openssl/aes.h
+pem_oth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_oth.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_oth.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_oth.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_oth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_oth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_oth.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_oth.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_oth.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_oth.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_oth.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_oth.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_oth.o: ../cryptlib.h pem_oth.c
+pem_pk8.o: ../../e_os.h ../../include/openssl/aes.h
+pem_pk8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_pk8.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_pk8.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_pk8.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_pk8.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_pk8.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_pk8.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_pk8.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_pk8.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_pk8.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_pk8.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_pk8.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_pk8.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c
+pem_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+pem_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_pkey.o: ../../include/openssl/opensslconf.h
+pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_pkey.o: ../cryptlib.h pem_pkey.c
+pem_seal.o: ../../e_os.h ../../include/openssl/aes.h
+pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_seal.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_seal.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_seal.o: ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_seal.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_seal.c
+pem_sign.o: ../../e_os.h ../../include/openssl/aes.h
+pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_sign.o: ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_sign.c
+pem_x509.o: ../../e_os.h ../../include/openssl/aes.h
+pem_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_x509.o: ../../include/openssl/opensslconf.h
+pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_x509.o: ../cryptlib.h pem_x509.c
+pem_xaux.o: ../../e_os.h ../../include/openssl/aes.h
+pem_xaux.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_xaux.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_xaux.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_xaux.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_xaux.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_xaux.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_xaux.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_xaux.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_xaux.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_xaux.o: ../../include/openssl/opensslconf.h
+pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_xaux.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_xaux.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_xaux.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_xaux.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_xaux.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_xaux.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_xaux.o: ../cryptlib.h pem_xaux.c
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c
index 70b5446797..3bec2d7e9f 100644
--- a/src/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/src/lib/libssl/src/crypto/pem/pem_lib.c
@@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type)
         else
                 str="BAD-TYPE";
                 
-        strcat(buf,"Proc-Type: 4,");
-        strcat(buf,str);
-        strcat(buf,"\n");
+        strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
+        strlcat(buf,str,PEM_BUFSIZE);
+        strlcat(buf,"\n",PEM_BUFSIZE);
         }
 
 void PEM_dek_info(char *buf, const char *type, int len, char *str)
@@ -142,10 +142,12 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
         long i;
         int j;
 
-        strcat(buf,"DEK-Info: ");
-        strcat(buf,type);
-        strcat(buf,",");
+        strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
+        strlcat(buf,type,PEM_BUFSIZE);
+        strlcat(buf,",",PEM_BUFSIZE);
         j=strlen(buf);
+        if (j + (len * 2) + 1 > PEM_BUFSIZE)
+                return;
         for (i=0; i<len; i++)
                 {
                 buf[j+i*2]  =map[(str[i]>>4)&0x0f];
diff --git a/src/lib/libssl/src/crypto/perlasm/x86ms.pl b/src/lib/libssl/src/crypto/perlasm/x86ms.pl
index fbb4afb9bd..35f1a4ddb9 100644
--- a/src/lib/libssl/src/crypto/perlasm/x86ms.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86ms.pl
@@ -144,10 +144,7 @@ sub main'jle	{ &out1("jle",@_); }
 sub main'jz     { &out1("jz",@_); }
 sub main'jge    { &out1("jge",@_); }
 sub main'jl     { &out1("jl",@_); }
-sub main'ja     { &out1("ja",@_); }
-sub main'jae    { &out1("jae",@_); }
 sub main'jb     { &out1("jb",@_); }
-sub main'jbe    { &out1("jbe",@_); }
 sub main'jc     { &out1("jc",@_); }
 sub main'jnc    { &out1("jnc",@_); }
 sub main'jnz    { &out1("jnz",@_); }
diff --git a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
index 30346af4ea..f30b7466d4 100644
--- a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
@@ -152,10 +152,7 @@ sub main'jle	{ &out1("jle NEAR",@_); }
 sub main'jz     { &out1("jz NEAR",@_); }
 sub main'jge    { &out1("jge NEAR",@_); }
 sub main'jl     { &out1("jl NEAR",@_); }
-sub main'ja     { &out1("ja NEAR",@_); }
-sub main'jae    { &out1("jae NEAR",@_); }
 sub main'jb     { &out1("jb NEAR",@_); }
-sub main'jbe    { &out1("jbe NEAR",@_); }
 sub main'jc     { &out1("jc NEAR",@_); }
 sub main'jnc    { &out1("jnc NEAR",@_); }
 sub main'jnz    { &out1("jnz NEAR",@_); }
diff --git a/src/lib/libssl/src/crypto/perlasm/x86unix.pl b/src/lib/libssl/src/crypto/perlasm/x86unix.pl
index 10b669bf04..72bde061c5 100644
--- a/src/lib/libssl/src/crypto/perlasm/x86unix.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86unix.pl
@@ -156,10 +156,7 @@ sub main'jnz	{ &out1("jnz",@_); }
 sub main'jz     { &out1("jz",@_); }
 sub main'jge    { &out1("jge",@_); }
 sub main'jl     { &out1("jl",@_); }
-sub main'ja     { &out1("ja",@_); }
-sub main'jae    { &out1("jae",@_); }
 sub main'jb     { &out1("jb",@_); }
-sub main'jbe    { &out1("jbe",@_); }
 sub main'jc     { &out1("jc",@_); }
 sub main'jnc    { &out1("jnc",@_); }
 sub main'jno    { &out1("jno",@_); }
diff --git a/src/lib/libssl/src/crypto/pkcs12/Makefile.ssl b/src/lib/libssl/src/crypto/pkcs12/Makefile.ssl
new file mode 100644
index 0000000000..a6e47b4085
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs12/Makefile.ssl
@@ -0,0 +1,417 @@
+#
+# SSLeay/crypto/pkcs12/Makefile
+#
+
+DIR=    pkcs12
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \
+        p12_init.c p12_key.c p12_kiss.c p12_mutl.c\
+        p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
+LIBOBJ= p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_decr.o \
+        p12_init.o p12_key.o p12_kiss.o p12_mutl.o\
+        p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  pkcs12.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+p12_add.o: ../../e_os.h ../../include/openssl/aes.h
+p12_add.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_add.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_add.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_add.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_add.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_add.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_add.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_add.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_add.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_add.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_add.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_add.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_add.o: ../cryptlib.h p12_add.c
+p12_asn.o: ../../e_os.h ../../include/openssl/aes.h
+p12_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p12_asn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_asn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_asn.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p12_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_asn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_asn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_asn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_asn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_asn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_asn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_asn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c
+p12_attr.o: ../../e_os.h ../../include/openssl/aes.h
+p12_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_attr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_attr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_attr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_attr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_attr.o: ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_attr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_attr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_attr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_attr.c
+p12_crpt.o: ../../e_os.h ../../include/openssl/aes.h
+p12_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crpt.o: ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_crpt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crpt.c
+p12_crt.o: ../../e_os.h ../../include/openssl/aes.h
+p12_crt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_crt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_crt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_crt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_crt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_crt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_crt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_crt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_crt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_crt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_crt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_crt.o: ../cryptlib.h p12_crt.c
+p12_decr.o: ../../e_os.h ../../include/openssl/aes.h
+p12_decr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_decr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_decr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_decr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_decr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_decr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_decr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_decr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_decr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_decr.o: ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_decr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_decr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_decr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_decr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_decr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_decr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_decr.c
+p12_init.o: ../../e_os.h ../../include/openssl/aes.h
+p12_init.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_init.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_init.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_init.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_init.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_init.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_init.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_init.o: ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_init.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_init.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_init.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_init.c
+p12_key.o: ../../e_os.h ../../include/openssl/aes.h
+p12_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_key.o: ../cryptlib.h p12_key.c
+p12_kiss.o: ../../e_os.h ../../include/openssl/aes.h
+p12_kiss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_kiss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_kiss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_kiss.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_kiss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_kiss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_kiss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_kiss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_kiss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_kiss.o: ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_kiss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_kiss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_kiss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_kiss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_kiss.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_kiss.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_kiss.c
+p12_mutl.o: ../../e_os.h ../../include/openssl/aes.h
+p12_mutl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_mutl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_mutl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_mutl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_mutl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_mutl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_mutl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_mutl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p12_mutl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_mutl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_mutl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_mutl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_mutl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_mutl.o: ../cryptlib.h p12_mutl.c
+p12_npas.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p12_npas.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_npas.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_npas.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_npas.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p12_npas.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_npas.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_npas.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_npas.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_npas.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_npas.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_npas.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_npas.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_npas.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_npas.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_npas.o: ../../include/openssl/x509_vfy.h p12_npas.c
+p12_p8d.o: ../../e_os.h ../../include/openssl/aes.h
+p12_p8d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_p8d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_p8d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_p8d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_p8d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_p8d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_p8d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_p8d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_p8d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_p8d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_p8d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8d.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8d.o: ../cryptlib.h p12_p8d.c
+p12_p8e.o: ../../e_os.h ../../include/openssl/aes.h
+p12_p8e.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_p8e.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_p8e.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_p8e.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_p8e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_p8e.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_p8e.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_p8e.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_p8e.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_p8e.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_p8e.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8e.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8e.o: ../cryptlib.h p12_p8e.c
+p12_utl.o: ../../e_os.h ../../include/openssl/aes.h
+p12_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_utl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_utl.o: ../cryptlib.h p12_utl.c
+pk12err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pk12err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk12err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk12err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk12err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk12err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk12err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk12err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk12err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pk12err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk12err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk12err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk12err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c
diff --git a/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl b/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl
new file mode 100644
index 0000000000..c3bfc7d560
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl
@@ -0,0 +1,243 @@
+#
+# SSLeay/crypto/pkcs7/Makefile
+#
+
+DIR=    pkcs7
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
+        pk7_mime.c
+LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \
+        pk7_mime.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  pkcs7.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:    lib
+
+testapps: enc dec sign verify
+
+enc: enc.o lib
+        $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+dec: dec.o lib
+        $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+sign: sign.o lib
+        $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+verify: verify.o example.o lib
+        $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pk7_asn1.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+pk7_asn1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk7_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk7_asn1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk7_asn1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_asn1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_asn1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_asn1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_asn1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_asn1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_asn1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_asn1.o: ../cryptlib.h pk7_asn1.c
+pk7_attr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk7_attr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk7_attr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk7_attr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_attr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_attr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_attr.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_attr.o: pk7_attr.c
+pk7_doit.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_doit.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_doit.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_doit.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_doit.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_doit.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_doit.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_doit.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_doit.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_doit.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_doit.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pk7_doit.o: ../cryptlib.h pk7_doit.c
+pk7_lib.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pk7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c
+pk7_mime.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_mime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_mime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_mime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_mime.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pk7_mime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pk7_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_mime.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_mime.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pk7_mime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_mime.o: ../../include/openssl/opensslconf.h
+pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_mime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_mime.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_mime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_mime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_mime.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_mime.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_mime.c
+pk7_smime.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_smime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_smime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_smime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_smime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_smime.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_smime.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_smime.o: ../../include/openssl/objects.h
+pk7_smime.o: ../../include/openssl/opensslconf.h
+pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_smime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_smime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_smime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_smime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_smime.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_smime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_smime.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_smime.c
+pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pkcs7err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+pkcs7err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pkcs7err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pkcs7err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pkcs7err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pkcs7err.o: pkcs7err.c
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index 190ca0e9bf..0060a2ea3d 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -767,11 +767,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
                         }
                 if (EVP_MD_CTX_type(mdc) == md_type)
                         break;
-                /* Workaround for some broken clients that put the signature
-                 * OID instead of the digest OID in digest_alg->algorithm
-                 */
-                if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
-                        break;
                 btmp=BIO_next(btmp);
                 }
 
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
index 5d2a97839d..086d394270 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
@@ -3,7 +3,7 @@
  * project 1999.
  */
 /* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -101,7 +101,7 @@ static int mime_param_cmp(const MIME_PARAM * const *a,
 static void mime_param_free(MIME_PARAM *param);
 static int mime_bound_check(char *line, int linelen, char *bound, int blen);
 static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
-static int strip_eol(char *linebuf, int *plen);
+static int iscrlf(char c);
 static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
 static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
 static void mime_hdr_free(MIME_HEADER *hdr);
@@ -150,17 +150,9 @@ static PKCS7 *B64_read_PKCS7(BIO *bio)
 
 int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 {
+        char linebuf[MAX_SMLEN];
         char bound[33], c;
         int i;
-        char *mime_prefix, *mime_eol;
-        if (flags & PKCS7_NOOLDMIMETYPE)
-                mime_prefix = "application/pkcs7-";
-        else
-                mime_prefix = "application/x-pkcs7-";
-        if (flags & PKCS7_CRLFEOL)
-                mime_eol = "\r\n";
-        else
-                mime_eol = "\n";
         if((flags & PKCS7_DETACHED) && data) {
         /* We want multipart/signed */
                 /* Generate a random boundary */
@@ -172,42 +164,34 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
                         bound[i] = c;
                 }
                 bound[32] = 0;
-                BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+                BIO_printf(bio, "MIME-Version: 1.0\n");
                 BIO_printf(bio, "Content-Type: multipart/signed;");
-                BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
-                BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
-                                                bound, mime_eol, mime_eol);
-                BIO_printf(bio, "This is an S/MIME signed message%s%s",
-                                                mime_eol, mime_eol);
+                BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
+                BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
+                BIO_printf(bio, "This is an S/MIME signed message\n\n");
                 /* Now write out the first part */
-                BIO_printf(bio, "------%s%s", bound, mime_eol);
-                SMIME_crlf_copy(data, bio, flags);
-                BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+                BIO_printf(bio, "------%s\n", bound);
+                if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
+                while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) 
+                                                BIO_write(bio, linebuf, i);
+                BIO_printf(bio, "\n------%s\n", bound);
 
                 /* Headers for signature */
 
-                BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
-                BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
-                BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
-                                                                mime_eol);
-                BIO_printf(bio, "Content-Disposition: attachment;");
-                BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
-                                                        mime_eol, mime_eol);
+                BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
+                BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
+                BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
                 B64_write_PKCS7(bio, p7);
-                BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
-                                                mime_eol, mime_eol);
+                BIO_printf(bio,"\n------%s--\n\n", bound);
                 return 1;
         }
         /* MIME headers */
-        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-        BIO_printf(bio, "Content-Disposition: attachment;");
-        BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
-        BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
-        BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
-        BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
-                                                mime_eol, mime_eol);
+        BIO_printf(bio, "MIME-Version: 1.0\n");
+        BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
+        BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
+        BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
         B64_write_PKCS7(bio, p7);
-        BIO_printf(bio, "%s", mime_eol);
+        BIO_printf(bio, "\n");
         return 1;
 }
 
@@ -332,9 +316,12 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
         }
         if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
         while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
-                eol = strip_eol(linebuf, &len);
-                if (len)
-                        BIO_write(out, linebuf, len);
+                eol = 0;
+                while(iscrlf(linebuf[len - 1])) {
+                        len--;
+                        eol = 1;
+                }       
+                BIO_write(out, linebuf, len);
                 if(eol) BIO_write(out, "\r\n", 2);
         }
         return 1;
@@ -377,7 +364,6 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
 {
         char linebuf[MAX_SMLEN];
         int len, blen;
-        int eol = 0, next_eol = 0;
         BIO *bpart = NULL;
         STACK_OF(BIO) *parts;
         char state, part, first;
@@ -397,23 +383,26 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
                         sk_BIO_push(parts, bpart);
                         return 1;
                 } else if(part) {
-                        /* Strip CR+LF from linebuf */
-                        next_eol = strip_eol(linebuf, &len);
                         if(first) {
                                 first = 0;
                                 if(bpart) sk_BIO_push(parts, bpart);
                                 bpart = BIO_new(BIO_s_mem());
-                                BIO_set_mem_eof_return(bpart, 0);
-                        } else if (eol)
-                                BIO_write(bpart, "\r\n", 2);
-                        eol = next_eol;
-                        if (len)
-                                BIO_write(bpart, linebuf, len);
+                                
+                        } else BIO_write(bpart, "\r\n", 2);
+                        /* Strip CR+LF from linebuf */
+                        while(iscrlf(linebuf[len - 1])) len--;
+                        BIO_write(bpart, linebuf, len);
                 }
         }
         return 0;
 }
 
+static int iscrlf(char c)
+{
+        if(c == '\r' || c == '\n') return 1;
+        return 0;
+}
+
 /* This is the big one: parse MIME header lines up to message body */
 
 #define MIME_INVALID    0
@@ -694,21 +683,3 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen)
         }
         return 0;
 }
-
-static int strip_eol(char *linebuf, int *plen)
-        {
-        int len = *plen;
-        char *p, c;
-        int is_eol = 0;
-        p = linebuf + len - 1;
-        for (p = linebuf + len - 1; len > 0; len--, p--)
-                {
-                c = *p;
-                if (c == '\n')
-                        is_eol = 1;
-                else if (c != '\r')
-                        break;
-                }
-        *plen = len;
-        return is_eol;
-        }
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
index 6e5735de11..f0d071e282 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
@@ -3,7 +3,7 @@
  * project 1999.
  */
 /* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7.h b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h
index 15372e18f8..5819700a85 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pkcs7.h
+++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h
@@ -260,8 +260,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_BINARY            0x80
 #define PKCS7_NOATTR            0x100
 #define PKCS7_NOSMIMECAP        0x200
-#define PKCS7_NOOLDMIMETYPE     0x400
-#define PKCS7_CRLFEOL           0x800
 
 /* Flags: for compatibility with older code */
 
diff --git a/src/lib/libssl/src/crypto/rand/Makefile.ssl b/src/lib/libssl/src/crypto/rand/Makefile.ssl
new file mode 100644
index 0000000000..df80702373
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rand/Makefile.ssl
@@ -0,0 +1,194 @@
+#
+# SSLeay/crypto/rand/Makefile
+#
+
+DIR=    rand
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= randtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
+        rand_win.c rand_unix.c rand_os2.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
+        rand_win.o rand_unix.o rand_os2.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rand.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md_rand.o: ../../e_os.h ../../include/openssl/aes.h
+md_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+md_rand.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+md_rand.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+md_rand.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+md_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+md_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+md_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+md_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+md_rand.o: md_rand.c rand_lcl.h
+rand_egd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_egd.o: rand_egd.c
+rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_err.o: rand_err.c
+rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rand_lib.o: ../../include/openssl/opensslconf.h
+rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rand_lib.o: ../cryptlib.h rand_lib.c
+rand_os2.o: ../../e_os.h ../../include/openssl/aes.h
+rand_os2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_os2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_os2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_os2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_os2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_os2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_os2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_os2.o: ../../include/openssl/opensslconf.h
+rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_os2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_os2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_os2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_os2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_os2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_os2.o: ../cryptlib.h rand_lcl.h rand_os2.c
+rand_unix.o: ../../e_os.h ../../include/openssl/aes.h
+rand_unix.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_unix.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_unix.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_unix.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_unix.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_unix.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_unix.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_unix.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_unix.o: ../../include/openssl/opensslconf.h
+rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_unix.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_unix.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_unix.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_unix.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_unix.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_unix.o: ../cryptlib.h rand_lcl.h rand_unix.c
+rand_win.o: ../../e_os.h ../../include/openssl/aes.h
+rand_win.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_win.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_win.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_win.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_win.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_win.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_win.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_win.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_win.o: ../../include/openssl/opensslconf.h
+rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_win.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_win.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_win.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c
+randfile.o: ../../e_os.h ../../include/openssl/crypto.h
+randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+randfile.o: randfile.c
diff --git a/src/lib/libssl/src/crypto/rand/rand_egd.c b/src/lib/libssl/src/crypto/rand/rand_egd.c
index 1f168221e3..895967476e 100644
--- a/src/lib/libssl/src/crypto/rand/rand_egd.c
+++ b/src/lib/libssl/src/crypto/rand/rand_egd.c
@@ -145,7 +145,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
         addr.sun_family = AF_UNIX;
         if (strlen(path) >= sizeof(addr.sun_path))
                 return (-1);
-        strcpy(addr.sun_path,path);
+        strlcpy(addr.sun_path,path,sizeof addr.sun_path);
         len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
         fd = socket(AF_UNIX, SOCK_STREAM, 0);
         if (fd == -1) return (-1);
diff --git a/src/lib/libssl/src/crypto/rand/rand_unix.c b/src/lib/libssl/src/crypto/rand/rand_unix.c
index a776e52243..0599719dd1 100644
--- a/src/lib/libssl/src/crypto/rand/rand_unix.c
+++ b/src/lib/libssl/src/crypto/rand/rand_unix.c
@@ -124,6 +124,24 @@
 #include <unistd.h>
 #include <time.h>
 
+#ifdef __OpenBSD__
+int RAND_poll(void)
+{
+        u_int32_t rnd = 0, i;
+        unsigned char buf[ENTROPY_NEEDED];
+
+        for (i = 0; i < sizeof(buf); i++) {
+                if (i % 4 == 0)
+                        rnd = arc4random();
+                buf[i] = rnd;
+                rnd >>= 8;
+        }
+        RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+        memset(buf, 0, sizeof(buf));
+
+        return 1;
+}
+#else
 int RAND_poll(void)
 {
         unsigned long l;
@@ -236,6 +254,7 @@ int RAND_poll(void)
 }
 
 #endif
+#endif
 
 #if defined(OPENSSL_SYS_VXWORKS)
 int RAND_poll(void)
diff --git a/src/lib/libssl/src/crypto/rand/rand_win.c b/src/lib/libssl/src/crypto/rand/rand_win.c
index 263068d256..113b58678f 100644
--- a/src/lib/libssl/src/crypto/rand/rand_win.c
+++ b/src/lib/libssl/src/crypto/rand/rand_win.c
@@ -162,7 +162,6 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
 typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
 
 typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
-typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
 typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
 typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
 typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
@@ -432,7 +431,7 @@ int RAND_poll(void)
          * This seeding method was proposed in Peter Gutmann, Software
          * Generation of Practically Strong Random Numbers,
          * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
-         * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+     * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
          * (The assignment of entropy estimates below is arbitrary, but based
          * on Peter's analysis the full poll appears to be safe. Additional
          * interactive seeding is encouraged.)
@@ -441,7 +440,6 @@ int RAND_poll(void)
         if (kernel)
                 {
                 CREATETOOLHELP32SNAPSHOT snap;
-                CLOSETOOLHELP32SNAPSHOT close_snap;
                 HANDLE handle;
 
                 HEAP32FIRST heap_first;
@@ -459,8 +457,6 @@ int RAND_poll(void)
 
                 snap = (CREATETOOLHELP32SNAPSHOT)
                         GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot"));
-                close_snap = (CLOSETOOLHELP32SNAPSHOT)
-                        GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot"));
                 heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First"));
                 heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next"));
                 heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst"));
@@ -476,7 +472,7 @@ int RAND_poll(void)
                         heaplist_next && process_first && process_next &&
                         thread_first && thread_next && module_first &&
                         module_next && (handle = snap(TH32CS_SNAPALL,0))
-                        != INVALID_HANDLE_VALUE)
+                        != NULL)
                         {
                         /* heap list and heap walking */
                         /* HEAPLIST32 contains 3 fields that will change with
@@ -538,10 +534,8 @@ int RAND_poll(void)
                                 do
                                         RAND_add(&m, m.dwSize, 9);
                                 while (module_next(handle, &m));
-                        if (close_snap)
-                                close_snap(handle);
-                        else
-                                CloseHandle(handle);
+
+                        CloseHandle(handle);
                         }
 
                 FreeLibrary(kernel);
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c
index 41574768ab..cfbec2ac1f 100644
--- a/src/lib/libssl/src/crypto/rand/randfile.c
+++ b/src/lib/libssl/src/crypto/rand/randfile.c
@@ -106,6 +106,14 @@ int RAND_load_file(const char *file, long bytes)
 
         in=fopen(file,"rb");
         if (in == NULL) goto err;
+        if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+          /* this file is a device. we don't want read an infinite number
+           * of bytes from a random device, nor do we want to use buffered
+           * I/O because we will waste system entropy. 
+           */
+          bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
+          setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
+        }
         for (;;)
                 {
                 if (bytes > 0)
@@ -135,7 +143,20 @@ int RAND_write_file(const char *file)
         int i,ret=0,rand_err=0;
         FILE *out = NULL;
         int n;
+        struct stat sb;
         
+        i=stat(file,&sb);
+        if (i != -1) { 
+          if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+            /* this file is a device. we don't write back to it. 
+             * we "succeed" on the assumption this is some sort 
+             * of random device. Otherwise attempting to write to 
+             * and chmod the device causes problems.
+             */
+            return(1); 
+          }
+        }
+
 #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
         /* For some reason Win32 can't write to files created this way */
         
@@ -197,20 +218,19 @@ err:
 const char *RAND_file_name(char *buf, size_t size)
         {
         char *s=NULL;
-        char *ret=NULL;
+        int ok = 0;
+        struct stat sb;
 
-        if (OPENSSL_issetugid() == 0)
+        if (issetugid() == 0)
                 s=getenv("RANDFILE");
-        if (s != NULL)
+        if (s != NULL && *s && strlen(s) + 1 < size)
                 {
-                if(strlen(s) >= size)
+                if (strlcpy(buf,s,size) >= size)
                         return NULL;
-                strcpy(buf,s);
-                ret=buf;
                 }
         else
                 {
-                if (OPENSSL_issetugid() == 0)
+                if (issetugid() == 0)
                         s=getenv("HOME");
 #ifdef DEFAULT_HOME
                 if (s == NULL)
@@ -218,17 +238,36 @@ const char *RAND_file_name(char *buf, size_t size)
                         s = DEFAULT_HOME;
                         }
 #endif
-                if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
+                if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
                         {
-                        strcpy(buf,s);
+                        strlcpy(buf,s,size);
 #ifndef OPENSSL_SYS_VMS
-                        strcat(buf,"/");
+                        strlcat(buf,"/",size);
 #endif
-                        strcat(buf,RFILE);
-                        ret=buf;
+                        strlcat(buf,RFILE,size);
+                        ok = 1;
                         }
                 else
                         buf[0] = '\0'; /* no file name */
                 }
-        return(ret);
+
+#ifdef __OpenBSD__
+        /* given that all random loads just fail if the file can't be 
+         * seen on a stat, we stat the file we're returning, if it
+         * fails, use /dev/arandom instead. this allows the user to 
+         * use their own source for good random data, but defaults
+         * to something hopefully decent if that isn't available. 
+         */
+
+        if (!ok)
+                if (strlcpy(buf,"/dev/arandom",size) >= size) {
+                        return(NULL);
+                }       
+        if (stat(buf,&sb) == -1)
+                if (strlcpy(buf,"/dev/arandom",size) >= size) {
+                        return(NULL);
+                }       
+
+#endif
+        return(buf);
         }
diff --git a/src/lib/libssl/src/crypto/rc2/Makefile.ssl b/src/lib/libssl/src/crypto/rc2/Makefile.ssl
new file mode 100644
index 0000000000..98d5960d5d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/Makefile.ssl
@@ -0,0 +1,91 @@
+#
+# SSLeay/crypto/rc2/Makefile
+#
+
+DIR=    rc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc2.h
+HEADER= rc2_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_cbc.o: rc2_cbc.c rc2_locl.h
+rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
+rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_skey.o: rc2_locl.h rc2_skey.c
+rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2cfb64.o: rc2_locl.h rc2cfb64.c
+rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2ofb64.o: rc2_locl.h rc2ofb64.c
diff --git a/src/lib/libssl/src/crypto/rc4/Makefile.ssl b/src/lib/libssl/src/crypto/rc4/Makefile.ssl
new file mode 100644
index 0000000000..9f9e16068f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/Makefile.ssl
@@ -0,0 +1,109 @@
+#
+# SSLeay/crypto/rc4/Makefile
+#
+
+DIR=    rc4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RC4_ENC=rc4_enc.o
+# or use
+#RC4_ENC=asm/rx86-elf.o
+#RC4_ENC=asm/rx86-out.o
+#RC4_ENC=asm/rx86-sol.o
+#RC4_ENC=asm/rx86bdsi.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc4test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc4_skey.c rc4_enc.c
+LIBOBJ=rc4_skey.o $(RC4_ENC)
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc4.h
+HEADER= $(EXHEADER) rc4_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > rx86-elf.s)
+
+# a.out
+asm/rx86-out.o: asm/rx86unix.cpp
+        $(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+
+# bsdi
+asm/rx86bsdi.o: asm/rx86unix.cpp
+        $(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o
+
+asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/rx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h
+rc4_enc.o: rc4_enc.c rc4_locl.h
+rc4_skey.o: ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
+rc4_skey.o: rc4_locl.h rc4_skey.c
diff --git a/src/lib/libssl/src/crypto/rc5/Makefile.ssl b/src/lib/libssl/src/crypto/rc5/Makefile.ssl
new file mode 100644
index 0000000000..a86f202f7b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc5/Makefile.ssl
@@ -0,0 +1,107 @@
+#
+# SSLeay/crypto/rc5/Makefile
+#
+
+DIR=    rc5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RC5_ENC=                rc5_enc.o
+# or use
+#DES_ENC=       r586-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc5test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c 
+LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc5.h
+HEADER= rc5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > r586-elf.s)
+
+# a.out
+asm/r586-out.o: asm/r586unix.cpp
+        $(CPP) -DOUT asm/r586unix.cpp | as -o asm/r586-out.o
+
+# bsdi
+asm/r586bsdi.o: asm/r586unix.cpp
+        $(CPP) -DBSDI asm/r586unix.cpp | sed 's/ :/:/' | as -o asm/r586bsdi.o
+
+asm/r586unix.cpp: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) rc5-586.pl cpp >r586unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/r586unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
+rc5_ecb.o: rc5_ecb.c rc5_locl.h
+rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h
+rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h rc5_skey.c
+rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5cfb64.c
+rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5ofb64.c
diff --git a/src/lib/libssl/src/crypto/ripemd/Makefile.ssl b/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
new file mode 100644
index 0000000000..d85515353b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
@@ -0,0 +1,107 @@
+#
+# SSLeay/crypto/ripemd/Makefile
+#
+
+DIR=    ripemd
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RIP_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rmdtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rmd_dgst.c rmd_one.c
+LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= ripemd.h
+HEADER= rmd_locl.h rmdconst.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > rm86-elf.s)
+
+# a.out
+asm/rm86-out.o: asm/rm86unix.cpp
+        $(CPP) -DOUT asm/rm86unix.cpp | as -o asm/rm86-out.o
+
+# bsdi
+asm/rm86bsdi.o: asm/rm86unix.cpp
+        $(CPP) -DBSDI asm/rm86unix.cpp | sed 's/ :/:/' | as -o asm/rm86bsdi.o
+
+asm/rm86unix.cpp: asm/rmd-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rmd-586.pl cpp >rm86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/rm86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
+rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rmd_one.o: rmd_one.c
diff --git a/src/lib/libssl/src/crypto/rsa/Makefile.ssl b/src/lib/libssl/src/crypto/rsa/Makefile.ssl
new file mode 100644
index 0000000000..8089344a04
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/Makefile.ssl
@@ -0,0 +1,241 @@
+#
+# SSLeay/crypto/rsa/Makefile
+#
+
+DIR=    rsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rsa_test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
+        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
+        rsa_asn1.c
+LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
+        rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
+        rsa_asn1.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rsa.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_asn1.o: ../../include/openssl/opensslconf.h
+rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_asn1.o: ../cryptlib.h rsa_asn1.c
+rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_chk.o: rsa_chk.c
+rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
+rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_err.o: rsa_err.c
+rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_gen.o: ../cryptlib.h rsa_gen.c
+rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h rsa_lib.c
+rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_none.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c
+rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c
+rsa_oaep.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_oaep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_oaep.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_oaep.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_oaep.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_oaep.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_oaep.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_oaep.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_oaep.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_oaep.o: ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rsa_oaep.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_oaep.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_oaep.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_oaep.o: ../cryptlib.h rsa_oaep.c
+rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_saos.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_saos.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_saos.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_saos.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_saos.o: ../../include/openssl/opensslconf.h
+rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+rsa_saos.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_saos.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_saos.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_saos.o: ../cryptlib.h rsa_saos.c
+rsa_sign.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_sign.o: ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_sign.o: ../cryptlib.h rsa_sign.c
+rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_ssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h
index 62fa745f79..e26a68b482 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa.h
+++ b/src/lib/libssl/src/crypto/rsa/rsa.h
@@ -158,6 +158,11 @@ struct rsa_st
 #define RSA_FLAG_CACHE_PUBLIC           0x02
 #define RSA_FLAG_CACHE_PRIVATE          0x04
 #define RSA_FLAG_BLINDING               0x08
+#define RSA_FLAG_NO_BLINDING            0x80 /* new with 0.9.6j and 0.9.7b; the built-in
+                                              * RSA implementation now uses blinding by
+                                              * default (ignoring RSA_FLAG_BLINDING),
+                                              * but other engines might not need it
+                                              */
 #define RSA_FLAG_THREAD_SAFE            0x10
 /* This flag means the private key operations will be handled by rsa_mod_exp
  * and that they do not depend on the private key components being present:
@@ -170,11 +175,7 @@ struct rsa_st
  */
 #define RSA_FLAG_SIGN_VER               0x40
 
-#define RSA_FLAG_NO_BLINDING            0x80 /* new with 0.9.6j and 0.9.7b; the built-in
-                                              * RSA implementation now uses blinding by
-                                              * default (ignoring RSA_FLAG_BLINDING),
-                                              * but other engines might not need it
-                                              */
+#define RSA_FLAG_NO_BLINDING            0x80
 
 #define RSA_PKCS1_PADDING       1
 #define RSA_SSLV23_PADDING      2
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index e0d286266e..027b4dc754 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -484,8 +484,6 @@ err:
         if (ctx != NULL) BN_CTX_free(ctx);
         BN_clear_free(&f);
         BN_clear_free(&ret);
-        if (local_blinding)
-                BN_BLINDING_free(blinding);
         if (buf != NULL)
                 {
                 OPENSSL_cleanse(buf,num);
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
index e4d622851e..53c5092014 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -316,7 +316,7 @@ void RSA_blinding_off(RSA *rsa)
 
 int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
         {
-        BIGNUM *A,*Ai = NULL;
+        BIGNUM *A,*Ai;
         BN_CTX *ctx;
         int ret=0;
 
@@ -327,12 +327,8 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
         else
                 ctx=p_ctx;
 
-        /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
         if (rsa->blinding != NULL)
-                {
                 BN_BLINDING_free(rsa->blinding);
-                rsa->blinding = NULL;
-                }
 
         /* NB: similar code appears in setup_blinding (rsa_eay.c);
          * this should be placed in a new function of its own, but for reasons
@@ -360,9 +356,9 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
         rsa->blinding->thread_id = CRYPTO_thread_id();
         rsa->flags |= RSA_FLAG_BLINDING;
         rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+        BN_free(Ai);
         ret=1;
 err:
-        if (Ai != NULL) BN_free(Ai);
         BN_CTX_end(ctx);
         if (ctx != p_ctx) BN_CTX_free(ctx);
         return(ret);
diff --git a/src/lib/libssl/src/crypto/sha/Makefile.ssl b/src/lib/libssl/src/crypto/sha/Makefile.ssl
new file mode 100644
index 0000000000..d52fb62b4f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/Makefile.ssl
@@ -0,0 +1,115 @@
+#
+# SSLeay/crypto/sha/Makefile
+#
+
+DIR=    sha
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+SHA1_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=shatest.c sha1test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA1_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= sha.h
+HEADER= sha_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > sx86-elf.s)
+
+# a.out
+asm/sx86-out.o: asm/sx86unix.cpp
+        $(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+
+# bsdi
+asm/sx86bsdi.o: asm/sx86unix.cpp
+        $(CPP) -DBSDI asm/sx86unix.cpp | sed 's/ :/:/' | as -o asm/sx86bsdi.o
+
+asm/sx86unix.cpp: asm/sha1-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/sx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha1_one.o: ../../include/openssl/opensslconf.h
+sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
+sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
+sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha_one.o: sha_one.c
diff --git a/src/lib/libssl/src/crypto/stack/Makefile.ssl b/src/lib/libssl/src/crypto/stack/Makefile.ssl
new file mode 100644
index 0000000000..7120fb804a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/stack/Makefile.ssl
@@ -0,0 +1,88 @@
+#
+# SSLeay/crypto/stack/Makefile
+#
+
+DIR=    stack
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=stack.c
+LIBOBJ=stack.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= stack.h safestack.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+stack.o: ../../e_os.h ../../include/openssl/bio.h
+stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+stack.o: ../cryptlib.h stack.c
diff --git a/src/lib/libssl/src/crypto/threads/mttest.c b/src/lib/libssl/src/crypto/threads/mttest.c
index 54d598565d..8973921778 100644
--- a/src/lib/libssl/src/crypto/threads/mttest.c
+++ b/src/lib/libssl/src/crypto/threads/mttest.c
@@ -243,7 +243,8 @@ bad:
                 goto end;
                 }
 
-        if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+        if (cipher == NULL && issetugid() == 0)
+                cipher=getenv("SSL_CIPHER");
 
         SSL_load_error_strings();
         OpenSSL_add_ssl_algorithms();
diff --git a/src/lib/libssl/src/crypto/txt_db/Makefile.ssl b/src/lib/libssl/src/crypto/txt_db/Makefile.ssl
new file mode 100644
index 0000000000..6221dfae4d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/txt_db/Makefile.ssl
@@ -0,0 +1,88 @@
+#
+# SSLeay/crypto/txt_db/Makefile
+#
+
+DIR=    txt_db
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=txt_db.c
+LIBOBJ=txt_db.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= txt_db.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+txt_db.o: ../../e_os.h ../../include/openssl/bio.h
+txt_db.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+txt_db.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+txt_db.o: ../../include/openssl/txt_db.h ../cryptlib.h txt_db.c
diff --git a/src/lib/libssl/src/crypto/ui/Makefile.ssl b/src/lib/libssl/src/crypto/ui/Makefile.ssl
new file mode 100644
index 0000000000..ba46951d1c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ui/Makefile.ssl
@@ -0,0 +1,117 @@
+#
+# OpenSSL/crypto/ui/Makefile
+#
+
+DIR=    ui
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST= uitest.c
+TEST=
+APPS=
+
+COMPATSRC= ui_compat.c
+COMPATOBJ= ui_compat.o
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c $(COMPATSRC)
+LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o $(COMPATOBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= ui.h ui_compat.h
+HEADER= $(EXHEADER) ui_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ui_compat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_compat.o: ../../include/openssl/opensslconf.h
+ui_compat.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_compat.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ui_compat.o: ui_compat.c
+ui_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ui_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_err.o: ../../include/openssl/ui.h ui_err.c
+ui_lib.o: ../../e_os.h ../../include/openssl/bio.h
+ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_lib.o: ../../include/openssl/ui.h ../cryptlib.h ui_lib.c ui_locl.h
+ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_openssl.o: ../../include/openssl/opensslv.h
+ui_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_openssl.o: ../cryptlib.h ui_locl.h ui_openssl.c
+ui_util.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_util.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ui_util.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_util.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_util.o: ui_util.c
diff --git a/src/lib/libssl/src/crypto/ui/ui_lib.c b/src/lib/libssl/src/crypto/ui/ui_lib.c
index 13e5f20dcb..33c86d76ef 100644
--- a/src/lib/libssl/src/crypto/ui/ui_lib.c
+++ b/src/lib/libssl/src/crypto/ui/ui_lib.c
@@ -430,14 +430,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
                 len += sizeof(prompt3) - 1;
 
                 prompt = (char *)OPENSSL_malloc(len + 1);
-                strcpy(prompt, prompt1);
-                strcat(prompt, object_desc);
+                strlcpy(prompt, prompt1, len + 1);
+                strlcat(prompt, object_desc, len + 1);
                 if (object_name)
                         {
-                        strcat(prompt, prompt2);
-                        strcat(prompt, object_name);
+                        strlcat(prompt, prompt2, len + 1);
+                        strlcat(prompt, object_name, len + 1);
                         }
-                strcat(prompt, prompt3);
+                strlcat(prompt, prompt3, len + 1);
                 }
         return prompt;
         }
@@ -865,7 +865,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
                         return -1;
                         }
 
-                strcpy(uis->result_buf, result);
+                strlcpy(uis->result_buf, result,
+                        uis->_.string_data.result_maxsize + 1);
                 break;
         case UIT_BOOLEAN:
                 {
diff --git a/src/lib/libssl/src/crypto/x509/Makefile.ssl b/src/lib/libssl/src/crypto/x509/Makefile.ssl
new file mode 100644
index 0000000000..3a3452536c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/Makefile.ssl
@@ -0,0 +1,594 @@
+#
+# SSLeay/crypto/x509/Makefile
+#
+
+DIR=    x509
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+        x509_obj.c x509_req.c x509spki.c x509_vfy.c \
+        x509_set.c x509cset.c x509rset.c x509_err.c \
+        x509name.c x509_v3.c x509_ext.c x509_att.c \
+        x509type.c x509_lu.c x_all.c x509_txt.c \
+        x509_trs.c by_file.c by_dir.c 
+LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
+        x509_obj.o x509_req.o x509spki.o x509_vfy.o \
+        x509_set.o x509cset.o x509rset.o x509_err.o \
+        x509name.o x509_v3.o x509_ext.o x509_att.o \
+        x509type.o x509_lu.o x_all.o x509_txt.o \
+        x509_trs.o by_file.o by_dir.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509.h x509_vfy.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+by_dir.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+by_dir.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+by_dir.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+by_dir.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+by_dir.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+by_dir.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+by_dir.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_dir.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_dir.o: ../cryptlib.h by_dir.c
+by_file.o: ../../e_os.h ../../include/openssl/aes.h
+by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+by_file.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+by_file.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+by_file.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+by_file.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+by_file.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+by_file.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+by_file.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+by_file.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+by_file.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c
+x509_att.o: ../../e_os.h ../../include/openssl/aes.h
+x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_att.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_att.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_att.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_att.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_att.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_att.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_att.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_att.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_att.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_att.c
+x509_cmp.o: ../../e_os.h ../../include/openssl/aes.h
+x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_cmp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_cmp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_cmp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_cmp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_cmp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_cmp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_cmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_cmp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_cmp.c
+x509_d2.o: ../../e_os.h ../../include/openssl/aes.h
+x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_d2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_d2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_d2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x509_d2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c
+x509_def.o: ../../e_os.h ../../include/openssl/aes.h
+x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_def.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_def.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_def.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_def.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_def.o: ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_def.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_def.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_def.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_def.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_def.o: ../cryptlib.h x509_def.c
+x509_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x509_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x509_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x509_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_err.o: x509_err.c
+x509_ext.o: ../../e_os.h ../../include/openssl/aes.h
+x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_ext.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_ext.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_ext.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_ext.c
+x509_lu.o: ../../e_os.h ../../include/openssl/aes.h
+x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_lu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_lu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_lu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_lu.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c
+x509_obj.o: ../../e_os.h ../../include/openssl/aes.h
+x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_obj.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_obj.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_obj.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_obj.o: ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_obj.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_obj.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_obj.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_obj.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_obj.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_obj.o: ../cryptlib.h x509_obj.c
+x509_r2x.o: ../../e_os.h ../../include/openssl/aes.h
+x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_r2x.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_r2x.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_r2x.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_r2x.o: ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_r2x.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_r2x.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_r2x.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_r2x.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_r2x.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_r2x.o: ../cryptlib.h x509_r2x.c
+x509_req.o: ../../e_os.h ../../include/openssl/aes.h
+x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_req.o: ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_req.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_req.o: ../cryptlib.h x509_req.c
+x509_set.o: ../../e_os.h ../../include/openssl/aes.h
+x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_set.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_set.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_set.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_set.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_set.o: ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_set.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_set.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_set.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_set.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_set.o: ../cryptlib.h x509_set.c
+x509_trs.o: ../../e_os.h ../../include/openssl/aes.h
+x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_trs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_trs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_trs.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_trs.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_trs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_trs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_trs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_trs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_trs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_trs.c
+x509_txt.o: ../../e_os.h ../../include/openssl/aes.h
+x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_txt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_txt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_txt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_txt.o: ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_txt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_txt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_txt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_txt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_txt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_txt.o: ../cryptlib.h x509_txt.c
+x509_v3.o: ../../e_os.h ../../include/openssl/aes.h
+x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_v3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_v3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_v3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_v3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_v3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c
+x509_vfy.o: ../../e_os.h ../../include/openssl/aes.h
+x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_vfy.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_vfy.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_vfy.c
+x509cset.o: ../../e_os.h ../../include/openssl/aes.h
+x509cset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509cset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509cset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509cset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509cset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509cset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509cset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509cset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509cset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509cset.o: ../../include/openssl/opensslconf.h
+x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509cset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509cset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509cset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509cset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509cset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509cset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509cset.o: ../cryptlib.h x509cset.c
+x509name.o: ../../e_os.h ../../include/openssl/aes.h
+x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509name.o: ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509name.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509name.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509name.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509name.o: ../cryptlib.h x509name.c
+x509rset.o: ../../e_os.h ../../include/openssl/aes.h
+x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509rset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509rset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509rset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509rset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509rset.o: ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509rset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509rset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509rset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509rset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509rset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509rset.o: ../cryptlib.h x509rset.c
+x509spki.o: ../../e_os.h ../../include/openssl/aes.h
+x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509spki.o: ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509spki.o: ../cryptlib.h x509spki.c
+x509type.o: ../../e_os.h ../../include/openssl/aes.h
+x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509type.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509type.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509type.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509type.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509type.o: ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509type.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509type.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509type.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509type.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509type.o: ../cryptlib.h x509type.c
+x_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_all.o: ../cryptlib.h x_all.c
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c
index 448bd7e69c..a5c306f1fd 100644
--- a/src/lib/libssl/src/crypto/x509/by_dir.c
+++ b/src/lib/libssl/src/crypto/x509/by_dir.c
@@ -302,8 +302,8 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
                 k=0;
                 for (;;)
                         {
-                        sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
-                                postfix,k);
+                        snprintf(b->data,b->max,"%s/%08lx.%s%d",ctx->dirs[i],h,
+                                 postfix,k);
                         k++;
                         if (stat(b->data,&st) < 0)
                                 break;
diff --git a/src/lib/libssl/src/crypto/x509/x509_trs.c b/src/lib/libssl/src/crypto/x509/x509_trs.c
index 881252608d..17d69ac005 100644
--- a/src/lib/libssl/src/crypto/x509/x509_trs.c
+++ b/src/lib/libssl/src/crypto/x509/x509_trs.c
@@ -82,7 +82,6 @@ static X509_TRUST trstandard[] = {
 {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
 {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
 {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
-{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
 {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
 {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
 };
diff --git a/src/lib/libssl/src/crypto/x509/x509_txt.c b/src/lib/libssl/src/crypto/x509/x509_txt.c
index 4f83db8ba2..9d09ae17e8 100644
--- a/src/lib/libssl/src/crypto/x509/x509_txt.c
+++ b/src/lib/libssl/src/crypto/x509/x509_txt.c
@@ -148,7 +148,7 @@ const char *X509_verify_cert_error_string(long n)
                 return("unhandled critical extension");
 
         default:
-                sprintf(buf,"error number %ld",n);
+                snprintf(buf,sizeof buf,"error number %ld",n);
                 return(buf);
                 }
         }
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c
index 2bb21b443e..04997ba456 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx)
         if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
                 return 1;
         if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
-                last = sk_X509_num(ctx->chain) - 1;
-        else
                 last = 0;
+        else
+                last = sk_X509_num(ctx->chain) - 1;
         for(i = 0; i <= last; i++)
                 {
                 ctx->error_depth = i;
diff --git a/src/lib/libssl/src/crypto/x509/x509type.c b/src/lib/libssl/src/crypto/x509/x509type.c
index f78c2a6b43..8e78b34458 100644
--- a/src/lib/libssl/src/crypto/x509/x509type.c
+++ b/src/lib/libssl/src/crypto/x509/x509type.c
@@ -99,15 +99,14 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
         case EVP_PKEY_RSA:
                 ret|=EVP_PKS_RSA;
                 break;
-        case EVP_PKEY_DSA:
+        case EVP_PKS_DSA:
                 ret|=EVP_PKS_DSA;
                 break;
         default:
                 break;
                 }
 
-        if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look
-                                           for, not bytes */
+        if (EVP_PKEY_size(pk) <= 512)
                 ret|=EVP_PKT_EXP;
         if(pkey==NULL) EVP_PKEY_free(pk);
         return(ret);
diff --git a/src/lib/libssl/src/crypto/x509v3/Makefile.ssl b/src/lib/libssl/src/crypto/x509v3/Makefile.ssl
new file mode 100644
index 0000000000..66df90c346
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509v3/Makefile.ssl
@@ -0,0 +1,603 @@
+#
+# SSLeay/crypto/x509v3/Makefile
+#
+
+DIR=    x509v3
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
+v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
+v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
+v3_ocsp.c v3_akeya.c
+LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
+v3_ocsp.o v3_akeya.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509v3.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+v3_akey.o: ../../e_os.h ../../include/openssl/aes.h
+v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_akey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_akey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_akey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_akey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_akey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akey.o: ../cryptlib.h v3_akey.c
+v3_akeya.o: ../../e_os.h ../../include/openssl/aes.h
+v3_akeya.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_akeya.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akeya.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akeya.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_akeya.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_akeya.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_akeya.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_akeya.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_akeya.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_akeya.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akeya.o: ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_akeya.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_akeya.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_akeya.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_akeya.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_akeya.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_akeya.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_akeya.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akeya.c
+v3_alt.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_alt.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_alt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_alt.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_alt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_alt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_alt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_alt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_alt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_alt.o: ../cryptlib.h v3_alt.c
+v3_bcons.o: ../../e_os.h ../../include/openssl/aes.h
+v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_bcons.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_bcons.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_bcons.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bcons.o: ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_bcons.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_bcons.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_bcons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_bcons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_bcons.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bcons.c
+v3_bitst.o: ../../e_os.h ../../include/openssl/aes.h
+v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bitst.c
+v3_conf.o: ../../e_os.h ../../include/openssl/aes.h
+v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_conf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_conf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_conf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_conf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_conf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_conf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_conf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c
+v3_cpols.o: ../../e_os.h ../../include/openssl/aes.h
+v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_cpols.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_cpols.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_cpols.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_cpols.o: ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_cpols.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_cpols.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_cpols.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_cpols.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_cpols.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_cpols.c
+v3_crld.o: ../../e_os.h ../../include/openssl/aes.h
+v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_crld.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_crld.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_crld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_crld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_crld.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_crld.o: ../cryptlib.h v3_crld.c
+v3_enum.o: ../../e_os.h ../../include/openssl/aes.h
+v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_enum.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_enum.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_enum.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_enum.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_enum.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_enum.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_enum.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c
+v3_extku.o: ../../e_os.h ../../include/openssl/aes.h
+v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_extku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_extku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_extku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_extku.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_extku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_extku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_extku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_extku.o: ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_extku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_extku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_extku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_extku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_extku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_extku.c
+v3_genn.o: ../../e_os.h ../../include/openssl/aes.h
+v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_genn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_genn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_genn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_genn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_genn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_genn.o: ../cryptlib.h v3_genn.c
+v3_ia5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_ia5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_ia5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_ia5.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_ia5.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_ia5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_ia5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_ia5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_ia5.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ia5.o: ../cryptlib.h v3_ia5.c
+v3_info.o: ../../e_os.h ../../include/openssl/aes.h
+v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_info.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_info.o: ../cryptlib.h v3_info.c
+v3_int.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_int.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_int.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_int.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_int.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_int.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_int.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_int.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_int.o: ../cryptlib.h v3_int.c
+v3_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_lib.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c
+v3_ocsp.o: ../../e_os.h ../../include/openssl/aes.h
+v3_ocsp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_ocsp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_ocsp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_ocsp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_ocsp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_ocsp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_ocsp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_ocsp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ocsp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_ocsp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_ocsp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_ocsp.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ocsp.o: ../cryptlib.h v3_ocsp.c
+v3_pku.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_pku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_pku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_pku.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_pku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_pku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c
+v3_prn.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_prn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_prn.o: ../cryptlib.h v3_prn.c
+v3_purp.o: ../../e_os.h ../../include/openssl/aes.h
+v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_purp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_purp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_purp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_purp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_purp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_purp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_purp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c
+v3_skey.o: ../../e_os.h ../../include/openssl/aes.h
+v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_skey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_skey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_skey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_skey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_skey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_skey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_skey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c
+v3_sxnet.o: ../../e_os.h ../../include/openssl/aes.h
+v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_sxnet.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_sxnet.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_sxnet.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_sxnet.o: ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_sxnet.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_sxnet.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_sxnet.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_sxnet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_sxnet.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_sxnet.c
+v3_utl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_utl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_utl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_utl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_utl.o: ../cryptlib.h v3_utl.c
+v3err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3err.o: v3err.c
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_alt.c b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
index 0e9e7dcb4f..0fae31a3a6 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_alt.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
@@ -137,7 +137,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
                         X509V3_add_value("IP Address","<invalid>", &ret);
                         break;
                 }
-                sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+                snprintf(oline, sizeof oline, "%d.%d.%d.%d", p[0], p[1], p[2],
+                         p[3]);
                 X509V3_add_value("IP Address",oline, &ret);
                 break;
 
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_conf.c b/src/lib/libssl/src/crypto/x509v3/v3_conf.c
index 1284d5aaa5..1a3448e121 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_conf.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_conf.c
@@ -236,7 +236,7 @@ static int v3_check_critical(char **value)
 static int v3_check_generic(char **value)
 {
         char *p = *value;
-        if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0;
+        if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
         p+=4;
         while (isspace((unsigned char)*p)) p++;
         *value = p;
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
index 0d554f3a2c..0d4ab1f680 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
@@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
                                  STACK_OF(CONF_VALUE) *polstrs, int ia5org);
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                         STACK_OF(CONF_VALUE) *unot, int ia5org);
-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
+static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
 
 X509V3_EXT_METHOD v3_cpols = {
 NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
@@ -226,8 +226,6 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
                         qual = notice_section(ctx, unot, ia5org);
                         X509V3_section_free(ctx, unot);
                         if(!qual) goto err;
-                        if(!pol->qualifiers) pol->qualifiers =
-                                                 sk_POLICYQUALINFO_new_null();
                         if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
                                                                  goto merr;
                 } else {
@@ -257,7 +255,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                         STACK_OF(CONF_VALUE) *unot, int ia5org)
 {
-        int i, ret;
+        int i;
         CONF_VALUE *cnf;
         USERNOTICE *not;
         POLICYQUALINFO *qual;
@@ -277,8 +275,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                 if(!(nref = NOTICEREF_new())) goto merr;
                                 not->noticeref = nref;
                         } else nref = not->noticeref;
-                        if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
-                        else nref->organization->type = V_ASN1_VISIBLESTRING;
+                        if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
+                        else nref->organization = M_ASN1_VISIBLESTRING_new();
                         if(!ASN1_STRING_set(nref->organization, cnf->value,
                                                  strlen(cnf->value))) goto merr;
                 } else if(!strcmp(cnf->name, "noticeNumbers")) {
@@ -294,12 +292,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                 X509V3_conf_err(cnf);
                                 goto err;
                         }
-                        ret = nref_nos(nref->noticenos, nos);
+                        nref->noticenos = nref_nos(nos);
                         sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
-                        if (!ret)
-                                goto err;
+                        if(!nref->noticenos) goto err;
                 } else {
                         X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
+
                         X509V3_conf_err(cnf);
                         goto err;
                 }
@@ -321,13 +319,15 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
         return NULL;
 }
 
-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
+static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
 {
+        STACK_OF(ASN1_INTEGER) *nnums;
         CONF_VALUE *cnf;
         ASN1_INTEGER *aint;
 
         int i;
 
+        if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr;
         for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
                 cnf = sk_CONF_VALUE_value(nos, i);
                 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
@@ -336,14 +336,14 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
                 }
                 if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
         }
-        return 1;
+        return nnums;
 
         merr:
         X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
 
         err:
         sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
-        return 0;
+        return NULL;
 }
 
 
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_info.c b/src/lib/libssl/src/crypto/x509v3/v3_info.c
index e269df1373..28cc00686a 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_info.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_info.c
@@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
                                                 STACK_OF(CONF_VALUE) *ret)
 {
         ACCESS_DESCRIPTION *desc;
-        int i;
+        int i,nlen;
         char objtmp[80], *ntmp;
         CONF_VALUE *vtmp;
         for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
@@ -114,15 +114,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
                 if(!ret) break;
                 vtmp = sk_CONF_VALUE_value(ret, i);
                 i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
-                ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
+                nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
+                ntmp = OPENSSL_malloc(nlen);
                 if(!ntmp) {
                         X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
                                         ERR_R_MALLOC_FAILURE);
                         return NULL;
                 }
-                strcpy(ntmp, objtmp);
-                strcat(ntmp, " - ");
-                strcat(ntmp, vtmp->name);
+                strlcpy(ntmp, objtmp, nlen);
+                strlcat(ntmp, " - ", nlen);
+                strlcat(ntmp, vtmp->name, nlen);
                 OPENSSL_free(vtmp->name);
                 vtmp->name = ntmp;
                 
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_lib.c b/src/lib/libssl/src/crypto/x509v3/v3_lib.c
index ca5a4a4a57..482ca8ccf5 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_lib.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_lib.c
@@ -202,7 +202,6 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
                 if(OBJ_obj2nid(ex->object) == nid) {
                         if(idx) {
                                 *idx = i;
-                                found_ex = ex;
                                 break;
                         } else if(found_ex) {
                                 /* Found more than one */
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_prn.c b/src/lib/libssl/src/crypto/x509v3/v3_prn.c
index 5d268eb768..754808b625 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_prn.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_prn.c
@@ -184,7 +184,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts
                 j=X509_EXTENSION_get_critical(ex);
                 if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
                         return 0;
-                if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
+                if(!X509V3_EXT_print(bp, ex, flag, 12))
                         {
                         BIO_printf(bp, "%*s", indent + 4, "");
                         M_ASN1_OCTET_STRING_print(bp,ex->value);
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_utl.c b/src/lib/libssl/src/crypto/x509v3/v3_utl.c
index 34ac2998de..466c91d0e8 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_utl.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_utl.c
@@ -78,7 +78,7 @@ int X509V3_add_value(const char *name, const char *value,
         CONF_VALUE *vtmp = NULL;
         char *tname = NULL, *tvalue = NULL;
         if(name && !(tname = BUF_strdup(name))) goto err;
-        if(value && !(tvalue = BUF_strdup(value))) goto err;;
+        if(value && !(tvalue = BUF_strdup(value))) goto err;
         if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
         if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
         vtmp->section = NULL;
diff --git a/src/lib/libssl/src/demos/easy_tls/Makefile b/src/lib/libssl/src/demos/easy_tls/Makefile
index 31a54eaf27..bec7e7265e 100644
--- a/src/lib/libssl/src/demos/easy_tls/Makefile
+++ b/src/lib/libssl/src/demos/easy_tls/Makefile
@@ -1,5 +1,5 @@
 # Makefile for easy-tls example application (rudimentary client and server)
-# $Id: Makefile,v 1.1.1.1 2002/09/05 12:51:06 markus Exp $
+# $Id: Makefile,v 1.3 2002/09/10 16:31:56 markus Exp $
 
 SOLARIS_CFLAGS=-Wall -pedantic -g -O2
 SOLARIS_LIBS=-lxnet
diff --git a/src/lib/libssl/src/demos/easy_tls/cacerts.pem b/src/lib/libssl/src/demos/easy_tls/cacerts.pem
index 18ab66b57c..b6db7cf2bb 100644
--- a/src/lib/libssl/src/demos/easy_tls/cacerts.pem
+++ b/src/lib/libssl/src/demos/easy_tls/cacerts.pem
@@ -1,4 +1,4 @@
-$Id: cacerts.pem,v 1.1.1.1 2002/09/05 12:51:05 markus Exp $
+$Id: cacerts.pem,v 1.3 2002/09/10 16:31:56 markus Exp $
 
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
diff --git a/src/lib/libssl/src/demos/easy_tls/cert.pem b/src/lib/libssl/src/demos/easy_tls/cert.pem
index c984d023b7..3fcf302e2b 100644
--- a/src/lib/libssl/src/demos/easy_tls/cert.pem
+++ b/src/lib/libssl/src/demos/easy_tls/cert.pem
@@ -1,4 +1,4 @@
-$Id: cert.pem,v 1.1.1.1 2002/09/05 12:51:05 markus Exp $
+$Id: cert.pem,v 1.3 2002/09/10 16:31:56 markus Exp $
 
 Example certificate and key.
 
diff --git a/src/lib/libssl/src/demos/easy_tls/easy-tls.c b/src/lib/libssl/src/demos/easy_tls/easy-tls.c
index 66fac1f1e6..c958f4b609 100644
--- a/src/lib/libssl/src/demos/easy_tls/easy-tls.c
+++ b/src/lib/libssl/src/demos/easy_tls/easy-tls.c
@@ -1,7 +1,7 @@
 /* -*- Mode: C; c-file-style: "bsd" -*- */
 /*
  * easy-tls.c -- generic TLS proxy.
- * $Id: easy-tls.c,v 1.1.1.1 2002/09/05 12:51:06 markus Exp $
+ * $Id: easy-tls.c,v 1.3 2002/09/10 16:31:56 markus Exp $
  */
 /*
  (c) Copyright 1999 Bodo Moeller.  All rights reserved.
@@ -73,7 +73,7 @@
  */
 
 static char const rcsid[] =
-"$Id: easy-tls.c,v 1.1.1.1 2002/09/05 12:51:06 markus Exp $";
+"$Id: easy-tls.c,v 1.3 2002/09/10 16:31:56 markus Exp $";
 
 #include <assert.h>
 #include <errno.h>
diff --git a/src/lib/libssl/src/demos/easy_tls/easy-tls.h b/src/lib/libssl/src/demos/easy_tls/easy-tls.h
index c1a6448116..7ea26203c1 100644
--- a/src/lib/libssl/src/demos/easy_tls/easy-tls.h
+++ b/src/lib/libssl/src/demos/easy_tls/easy-tls.h
@@ -1,7 +1,7 @@
 /* -*- Mode: C; c-file-style: "bsd" -*- */
 /*
  * easy-tls.h -- generic TLS proxy.
- * $Id: easy-tls.h,v 1.1.1.1 2002/09/05 12:51:06 markus Exp $
+ * $Id: easy-tls.h,v 1.3 2002/09/10 16:31:56 markus Exp $
  */
 /*
  * (c) Copyright 1999 Bodo Moeller.  All rights reserved.
diff --git a/src/lib/libssl/src/demos/easy_tls/test.c b/src/lib/libssl/src/demos/easy_tls/test.c
index e7ccd26d30..9b478c3fd8 100644
--- a/src/lib/libssl/src/demos/easy_tls/test.c
+++ b/src/lib/libssl/src/demos/easy_tls/test.c
@@ -1,5 +1,5 @@
 /* test.c */
-/* $Id: test.c,v 1.1.1.1 2002/09/05 12:51:06 markus Exp $ */
+/* $Id: test.c,v 1.3 2002/09/10 16:31:56 markus Exp $ */
 
 #define L_PORT 9999
 #define C_PORT 443
diff --git a/src/lib/libssl/src/demos/easy_tls/test.h b/src/lib/libssl/src/demos/easy_tls/test.h
index 1af31dc456..b5792a0a81 100644
--- a/src/lib/libssl/src/demos/easy_tls/test.h
+++ b/src/lib/libssl/src/demos/easy_tls/test.h
@@ -1,5 +1,5 @@
 /* test.h */
-/* $Id: test.h,v 1.1.1.1 2002/09/05 12:51:06 markus Exp $ */
+/* $Id: test.h,v 1.3 2002/09/10 16:31:56 markus Exp $ */
 
 
 void test_process_init(int fd, int client_p, void *apparg);
diff --git a/src/lib/libssl/src/doc/apps/ca.pod b/src/lib/libssl/src/doc/apps/ca.pod
index 74f45ca2f9..de66c534b5 100644
--- a/src/lib/libssl/src/doc/apps/ca.pod
+++ b/src/lib/libssl/src/doc/apps/ca.pod
@@ -359,7 +359,7 @@ the same as the B<-md> option. The message digest to use. Mandatory.
 the text database file to use. Mandatory. This file must be present
 though initially it will be empty.
 
-=item B<serial>
+=item B<serialfile>
 
 a text file containing the next serial number to use in hex. Mandatory.
 This file must be present and contain a valid serial number.
@@ -400,7 +400,7 @@ here, except the B<no_signame> and B<no_sigdump> are permanently set
 and cannot be disabled (this is because the certificate signature cannot
 be displayed because the certificate has not been signed at this point).
 
-For convenience the values B<ca_default> are accepted by both to produce
+For convenience the values B<default_ca> are accepted by both to produce
 a reasonable output.
 
 If neither option is present the format used in earlier versions of
@@ -513,8 +513,8 @@ A sample configuration file with the relevant sections for B<ca>:
  policy         = policy_any            # default policy
  email_in_dn    = no                    # Don't add the email into cert DN
 
- nameopt        = ca_default            # Subject name display option
- certopt        = ca_default            # Certificate display option
+ nameopt        = default_ca            # Subject name display option
+ certopt        = default_ca            # Certificate display option
  copy_extensions = none                 # Don't copy extensions from request
 
  [ policy_any ]
diff --git a/src/lib/libssl/src/doc/apps/s_client.pod b/src/lib/libssl/src/doc/apps/s_client.pod
index d061326c1f..47dc93cb3f 100644
--- a/src/lib/libssl/src/doc/apps/s_client.pod
+++ b/src/lib/libssl/src/doc/apps/s_client.pod
@@ -168,7 +168,7 @@ command for more information.
 
 send the protocol-specific message(s) to switch to TLS for communication.
 B<protocol> is a keyword for the intended protocol.  Currently, the only
-supported keywords are "smtp" and "pop3".
+supported keyword is "smtp".
 
 =item B<-engine id>
 
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod b/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod
index 929557d22f..fdb603b38e 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod
@@ -55,15 +55,16 @@ to standard output:
 Read Base64 encoded data from standard input and write the decoded
 data to standard output:
 
- BIO *bio, *b64, *bio_out;
+ BIO *bio, *b64, bio_out;
  char inbuf[512];
  int inlen;
+ char message[] = "Hello World \n";
 
  b64 = BIO_new(BIO_f_base64());
  bio = BIO_new_fp(stdin, BIO_NOCLOSE);
  bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
  bio = BIO_push(b64, bio);
- while((inlen = BIO_read(bio, inbuf, 512) > 0) 
+ while((inlen = BIO_read(bio, inbuf, strlen(message))) > 0) 
         BIO_write(bio_out, inbuf, inlen);
 
  BIO_free_all(bio);
diff --git a/src/lib/libssl/src/doc/crypto/BIO_new_bio_pair.pod b/src/lib/libssl/src/doc/crypto/BIO_new_bio_pair.pod
new file mode 100644
index 0000000000..1a8dbc577b
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_new_bio_pair.pod
@@ -0,0 +1,103 @@
+=pod
+
+=head1 NAME
+
+BIO_new_bio_pair - create a new BIO pair
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
+
+=head1 DESCRIPTION
+
+BIO_new_bio_pair() creates a buffering BIO pair based on the
+L<SSL_set_bio(3)|SSL_set_bio(3)> method. The BIO pair has two endpoints between which
+data can be buffered. Its typical use is to connect one endpoint as underlying
+input/output BIO to an SSL and access the other one controlled by the program
+instead of accessing the network connection directly.
+
+The two new BIOs B<bio1> and B<bio2> are symmetric with respect to their
+functionality. The size of their buffers is determined by B<writebuf1> and
+B<writebuf2>. If the size give is 0, the default size is used.
+
+BIO_new_bio_pair() does not check whether B<bio1> or B<bio2> do point to
+some other BIO, the values are overwritten, BIO_free() is not called.
+
+The two BIOs, even though forming a BIO pair and must be BIO_free()'ed
+separately. This can be of importance, as some SSL-functions like SSL_set_bio()
+or SSL_free() call BIO_free() implicitly, so that the peer-BIO is left
+untouched and must also be BIO_free()'ed.
+
+=head1 EXAMPLE
+
+The BIO pair can be used to have full control over the network access of an
+application. The application can call select() on the socket as required
+without having to go through the SSL-interface.
+
+ BIO *internal_bio, *network_bio;
+ ...
+ BIO_new_bio_pair(internal_bio, 0, network_bio, 0);
+ SSL_set_bio(ssl, internal_bio, internal_bio);
+ SSL_operations();
+ ...
+
+ application |   TLS-engine
+    |        |
+    +----------> SSL_operations()
+             |     /\    ||
+             |     ||    \/
+             |   BIO-pair (internal_bio)
+    +----------< BIO-pair (network_bio)
+    |        |
+  socket     |
+
+  ...
+  SSL_free(ssl);                /* implicitly frees internal_bio */
+  BIO_free(network_bio);
+  ...
+
+As the BIO pair will only buffer the data and never directly access the
+connection, it behaves non-blocking and will return as soon as the write
+buffer is full or the read buffer is drained. Then the application has to
+flush the write buffer and/or fill the read buffer.
+
+Use the BIO_ctrl_pending(), to find out whether data is buffered in the BIO
+and must be transfered to the network. Use BIO_ctrl_get_read_request() to
+find out, how many bytes must be written into the buffer before the
+SSL_operation() can successfully be continued.
+
+=head1 WARNING
+
+As the data is buffered, SSL_operation() may return with a ERROR_SSL_WANT_READ
+condition, but there is still data in the write buffer. An application must
+not rely on the error value of SSL_operation() but must assure that the
+write buffer is always flushed first. Otherwise a deadlock may occur as
+the peer might be waiting for the data before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 1
+
+The BIO pair was created successfully. The new BIOs are available in
+B<bio1> and B<bio2>.
+
+=item 0
+
+The operation failed. The NULL pointer is stored into the locations for
+B<bio1> and B<bio2>. Check the error stack for more information.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_set_bio(3)|SSL_set_bio(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+L<BIO_ctrl_pending(3)|BIO_ctrl_pending(3)>,
+L<BIO_ctrl_get_read_request(3)|BIO_ctrl_get_read_request(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index 5901c39526..58afd8f0b8 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -236,9 +236,9 @@ even though they are identical digests.
 
 =head1 SEE ALSO
 
-L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
+L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD160(3)|RIPEMD160(3)>,
+L<SHA1(3)|SHA1(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
index b203c3a1c5..e65e54ce52 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
@@ -81,10 +81,10 @@ EVP_SignUpdate() could not be made after calling EVP_SignFinal().
 =head1 SEE ALSO
 
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
-L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
+L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
+L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod b/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod
index 486c903430..e63411b5bb 100644
--- a/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod
+++ b/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod
@@ -36,7 +36,7 @@ None of the functions return a value.
 
 =head1 NOTES
 
-A typical application will will call OpenSSL_add_all_algorithms() initially and
+A typical application will call OpenSSL_add_all_algorithms() initially and
 EVP_cleanup() before exiting.
 
 An application does not need to add algorithms to use them explicitly, for example
diff --git a/src/lib/libssl/src/doc/crypto/RSA_print.pod b/src/lib/libssl/src/doc/crypto/RSA_print.pod
index e28d107d1c..c971e91f4d 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_print.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_print.pod
@@ -44,6 +44,6 @@ L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
 
 RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
 DH_print_fp() are available in all versions of SSLeay and OpenSSL.
-DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8.
+DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8.
 
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/des_modes.pod b/src/lib/libssl/src/doc/crypto/des_modes.pod
index da75e8007d..0cc22150e7 100644
--- a/src/lib/libssl/src/doc/crypto/des_modes.pod
+++ b/src/lib/libssl/src/doc/crypto/des_modes.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-Modes of DES - the variants of DES and other crypto algorithms of OpenSSL
+des_modes - the variants of DES and other crypto algorithms of OpenSSL
 
 =head1 DESCRIPTION
 
@@ -246,8 +246,7 @@ it to:
 
 =head1 SEE ALSO
 
-L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<idea(3)|idea(3)>,
-L<rc2(3)|rc2(3)>
+L<blowfish(3)|blowfish(3)>
 
 =cut
 
diff --git a/src/lib/libssl/src/doc/crypto/dsa.pod b/src/lib/libssl/src/doc/crypto/dsa.pod
index da07d2b930..ae2e5d81f9 100644
--- a/src/lib/libssl/src/doc/crypto/dsa.pod
+++ b/src/lib/libssl/src/doc/crypto/dsa.pod
@@ -101,8 +101,7 @@ Standard, DSS), ANSI X9.30
 =head1 SEE ALSO
 
 L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>,
-L<DSA_new(3)|DSA_new(3)>,
+L<rsa(3)|rsa(3)>, L<SHA1(3)|SHA1(3)>, L<DSA_new(3)|DSA_new(3)>,
 L<DSA_size(3)|DSA_size(3)>,
 L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
 L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
diff --git a/src/lib/libssl/src/doc/crypto/hmac.pod b/src/lib/libssl/src/doc/crypto/hmac.pod
index 3976baf226..b1f5f368ed 100644
--- a/src/lib/libssl/src/doc/crypto/hmac.pod
+++ b/src/lib/libssl/src/doc/crypto/hmac.pod
@@ -89,7 +89,7 @@ RFC 2104
 
 =head1 SEE ALSO
 
-L<sha(3)|sha(3)>, L<evp(3)|evp(3)>
+L<SHA1(3)|SHA1(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/mdc2.pod b/src/lib/libssl/src/doc/crypto/mdc2.pod
index 11dc303e04..538f474e30 100644
--- a/src/lib/libssl/src/doc/crypto/mdc2.pod
+++ b/src/lib/libssl/src/doc/crypto/mdc2.pod
@@ -54,7 +54,7 @@ ISO/IEC 10118-2, with DES
 
 =head1 SEE ALSO
 
-L<sha(3)|sha(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+L<SHA1(3)|SHA1(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/ripemd.pod b/src/lib/libssl/src/doc/crypto/ripemd.pod
index 31054b6a8c..9a634ca866 100644
--- a/src/lib/libssl/src/doc/crypto/ripemd.pod
+++ b/src/lib/libssl/src/doc/crypto/ripemd.pod
@@ -56,7 +56,7 @@ ISO/IEC 10118-3 (draft) (??)
 
 =head1 SEE ALSO
 
-L<sha(3)|sha(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+L<SHA1(3)|SHA1(3)>, L<HMAC(3)|HMAC(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/sha.pod b/src/lib/libssl/src/doc/crypto/sha.pod
index 0ba315d6d7..158457270f 100644
--- a/src/lib/libssl/src/doc/crypto/sha.pod
+++ b/src/lib/libssl/src/doc/crypto/sha.pod
@@ -60,7 +60,7 @@ ANSI X9.30
 
 =head1 SEE ALSO
 
-L<ripemd(3)|ripemd(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+L<RIPEMD160(3)|RIPEMD160(3)>, L<HMAC(3)|HMAC(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod b/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
index 4b91c63ba0..914eb7c9e3 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
@@ -28,7 +28,7 @@ SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently
 
 SSL_CIPHER_description() returns a textual description of the cipher used
 into the buffer B<buf> of length B<len> provided. B<len> must be at least
-128 bytes, otherwise a pointer to the the string "Buffer too small" is
+128 bytes, otherwise a pointer to the string "Buffer too small" is
 returned. If B<buf> is NULL, a buffer of 128 bytes is allocated using
 OPENSSL_malloc(). If the allocation fails, a pointer to the string
 "OPENSSL_malloc Error" is returned.
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod
index ca8d81b82c..74f05301ec 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod
@@ -28,7 +28,7 @@ specifies the B<verify_callback> function to be used. If no callback function
 shall be specified, the NULL pointer can be used for B<verify_callback>. In
 this case last B<verify_callback> set specifically for this B<ssl> remains. If
 no special B<callback> was set before, the default callback for the underlying
-B<ctx> is used, that was valid at the the time B<ssl> was created with
+B<ctx> is used, that was valid at the time B<ssl> was created with
 L<SSL_new(3)|SSL_new(3)>.
 
 SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain
@@ -135,9 +135,9 @@ process is immediately stopped with "verification failed" state. If
 SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and
 the TLS/SSL handshake is terminated. If B<verify_callback> returns 1,
 the verification process is continued. If B<verify_callback> always returns
-1, the TLS/SSL handshake will not be terminated with respect to verification
-failures and the connection will be established. The calling process can
-however retrieve the error code of the last verification error using
+1, the TLS/SSL handshake will never be terminated because of this application
+experiencing a verification failure. The calling process can however
+retrieve the error code of the last verification error using
 L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> or by maintaining its
 own error storage managed by B<verify_callback>.
 
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod
index ea2faba3ec..b8868f18bf 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod
@@ -68,9 +68,7 @@ should be preferred.
 
 SSL_CTX_use_certificate_chain_file() loads a certificate chain from 
 B<file> into B<ctx>. The certificates must be in PEM format and must
-be sorted starting with the subject's certificate (actual client or server
-certificate), followed by intermediate CA certificates if applicable, and
-ending at the highest level (root) CA.
+be sorted starting with the certificate to the highest level (root CA).
 There is no corresponding function working on a single SSL object.
 
 SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
diff --git a/src/lib/libssl/src/doc/ssl/SSL_SESSION_free.pod b/src/lib/libssl/src/doc/ssl/SSL_SESSION_free.pod
index 558de01df9..110ec73ab6 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_SESSION_free.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_SESSION_free.pod
@@ -14,7 +14,7 @@ SSL_SESSION_free - free an allocated SSL_SESSION structure
 
 SSL_SESSION_free() decrements the reference count of B<session> and removes
 the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
-memory, if the the reference count has reached 0.
+memory, if the reference count has reached 0.
 
 =head1 NOTES
 
diff --git a/src/lib/libssl/src/doc/ssl/SSL_accept.pod b/src/lib/libssl/src/doc/ssl/SSL_accept.pod
index cc724c0d56..a673edba85 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_accept.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_accept.pod
@@ -28,8 +28,7 @@ should be called again.
 
 If the underlying BIO is B<non-blocking>, SSL_accept() will also return
 when the underlying BIO could not satisfy the needs of SSL_accept()
-to continue the handshake, indicating the problem by the return value -1.
-In this case a call to SSL_get_error() with the
+to continue the handshake. In this case a call to SSL_get_error() with the
 return value of SSL_accept() will yield B<SSL_ERROR_WANT_READ> or
 B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
 taking appropriate action to satisfy the needs of SSL_accept().
diff --git a/src/lib/libssl/src/doc/ssl/SSL_connect.pod b/src/lib/libssl/src/doc/ssl/SSL_connect.pod
index cc56ebb75f..8426310c0d 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_connect.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_connect.pod
@@ -25,8 +25,7 @@ handshake has been finished or an error occurred.
 
 If the underlying BIO is B<non-blocking>, SSL_connect() will also return
 when the underlying BIO could not satisfy the needs of SSL_connect()
-to continue the handshake, indicating the problem by the return value -1.
-In this case a call to SSL_get_error() with the
+to continue the handshake. In this case a call to SSL_get_error() with the
 return value of SSL_connect() will yield B<SSL_ERROR_WANT_READ> or
 B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
 taking appropriate action to satisfy the needs of SSL_connect().
diff --git a/src/lib/libssl/src/doc/ssl/SSL_free.pod b/src/lib/libssl/src/doc/ssl/SSL_free.pod
index 2d4f8b6168..13c1abd9ec 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_free.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_free.pod
@@ -14,7 +14,7 @@ SSL_free - free an allocated SSL structure
 
 SSL_free() decrements the reference count of B<ssl>, and removes the SSL
 structure pointed to by B<ssl> and frees up the allocated memory if the
-the reference count has reached 0.
+reference count has reached 0.
 
 =head1 NOTES
 
diff --git a/src/lib/libssl/src/doc/ssl/ssl.pod b/src/lib/libssl/src/doc/ssl/ssl.pod
index 3dc5358ef6..4d7a6b7e2b 100644
--- a/src/lib/libssl/src/doc/ssl/ssl.pod
+++ b/src/lib/libssl/src/doc/ssl/ssl.pod
@@ -3,7 +3,7 @@
 
 =head1 NAME
 
-SSL - OpenSSL SSL/TLS library
+ssl - OpenSSL SSL/TLS library
 
 =head1 SYNOPSIS
 
diff --git a/src/lib/libssl/src/doc/ssleay.txt b/src/lib/libssl/src/doc/ssleay.txt
index c6049d5e53..d19da310eb 100644
--- a/src/lib/libssl/src/doc/ssleay.txt
+++ b/src/lib/libssl/src/doc/ssleay.txt
@@ -6245,7 +6245,7 @@ SSL_get_app_data
 void SSL_CTX_set_default_verify
 
 /* This callback, if set, totaly overrides the normal SSLeay verification
- * functions and should return 1 on sucesss and 0 on failure */
+ * functions and should return 1 on successs and 0 on failure */
 void SSL_CTX_set_cert_verify_callback
 
 /* The following are the same as the equivilent SSL_xxx functions.
diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h
index 096eabe09a..f7d09c5295 100644
--- a/src/lib/libssl/src/e_os.h
+++ b/src/lib/libssl/src/e_os.h
@@ -174,13 +174,6 @@ extern "C" {
 #define closesocket(s)          close(s)
 #define readsocket(s,b,n)       recv((s),(b),(n),0)
 #define writesocket(s,b,n)      send((s),(b),(n),0)
-#elif defined(OPENSSL_SYS_VXWORKS)
-#define get_last_socket_error() errno
-#define clear_socket_error()    errno=0
-#define ioctlsocket(a,b,c)          ioctl((a),(b),(int)(c))
-#define closesocket(s)              close(s)
-#define readsocket(s,b,n)           read((s),(b),(n))
-#define writesocket(s,b,n)          write((s),(char *)(b),(n))
 #else
 #define get_last_socket_error() errno
 #define clear_socket_error()    errno=0
@@ -257,7 +250,7 @@ extern "C" {
 #    define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
 #    define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
 #  else
-#    define EXIT(n) exit(n)
+#    define EXIT(n) return(n)
 #  endif
 #  define LIST_SEPARATOR_CHAR ';'
 #  ifndef X_OK
@@ -338,8 +331,6 @@ extern "C" {
 #      define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
                          * (unless when compiling with -D_POSIX_SOURCE,
                          * which doesn't work for us) */
-#    endif
-#    if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
 #      define ssize_t int /* ditto */
 #    endif
 #    ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */
@@ -526,6 +517,10 @@ extern char *sys_errlist[]; extern int sys_nerr;
 #define TTY_STRUCT int
 
 #define sleep(a) taskDelay((a) * sysClkRateGet())
+#if defined(ioctlsocket)
+#undef ioctlsocket
+#endif
+#define ioctlsocket(a,b,c) ioctl((a),(b),*(c))
 
 #include <vxWorks.h>
 #include <sockLib.h>
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec
index 9ce236e0d2..9bd9c8375e 100644
--- a/src/lib/libssl/src/openssl.spec
+++ b/src/lib/libssl/src/openssl.spec
@@ -1,7 +1,7 @@
 %define libmaj 0
 %define libmin 9
 %define librel 7
-%define librev c
+%define librev b
 Release: 1
 
 %define openssldir /var/ssl
@@ -83,18 +83,18 @@ documentation and POD files from which the man pages were produced.
 
 %build 
 
-%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir}
+%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr 
 
 perl util/perlpath.pl /usr/bin/perl
 
 %ifarch i386 i486 i586 i686
-./Configure %{CONFIG_FLAGS} linux-elf shared
+./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-elf shared
 %endif
 %ifarch ppc
-./Configure %{CONFIG_FLAGS} linux-ppc shared
+./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared
 %endif
 %ifarch alpha
-./Configure %{CONFIG_FLAGS} linux-alpha shared
+./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared
 %endif
 LD_LIBRARY_PATH=`pwd` make
 LD_LIBRARY_PATH=`pwd` make rehash
@@ -102,7 +102,12 @@ LD_LIBRARY_PATH=`pwd` make test
 
 %install
 rm -rf $RPM_BUILD_ROOT
-make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install
+make MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" install
+
+# Rename manpages
+for x in $RPM_BUILD_ROOT/usr/man/man*/* 
+        do mv ${x} ${x}ssl
+done
 
 # Make backwards-compatibility symlink to ssleay
 ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
@@ -130,7 +135,6 @@ rm -rf $RPM_BUILD_ROOT
 %doc CHANGES CHANGES.SSLeay LICENSE NEWS README
 
 %attr(0644,root,root) /usr/lib/*.a
-%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc
 %attr(0644,root,root) /usr/include/openssl/*
 %attr(0644,root,root) /usr/man/man[3]/*
 
@@ -146,8 +150,6 @@ ldconfig
 ldconfig
 
 %changelog
-* Wed May  7 2003 Richard Levitte <richard@levitte.org>
-- Add /usr/lib/pkgconfig/openssl.pc to the development section.
 * Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
 - Removed redundant subsection that re-installed libcrypto.a and libssl.a
   as well.  Also remove RSAref stuff completely, since it's not needed
diff --git a/src/lib/libssl/src/ssl/Makefile.ssl b/src/lib/libssl/src/ssl/Makefile.ssl
new file mode 100644
index 0000000000..e48b5cedfb
--- /dev/null
+++ b/src/lib/libssl/src/ssl/Makefile.ssl
@@ -0,0 +1,1024 @@
+#
+# SSLeay/ssl/Makefile
+#
+
+DIR=    ssl
+TOP=    ..
+CC=     cc
+INCLUDES= -I../crypto -I$(TOP) -I../include $(KRB5_INCLUDES)
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+# KRB5 stuff
+KRB5_INCLUDES=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README ssl-lib.com install.com
+TEST=ssltest.c
+APPS=
+
+LIB=$(TOP)/libssl.a
+SHARED_LIB= libssl$(SHLIB_EXT)
+LIBSRC= \
+        s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
+        s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
+        s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
+        t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
+        ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
+        ssl_ciph.c ssl_stat.c ssl_rsa.c \
+        ssl_asn1.c ssl_txt.c ssl_algs.c \
+        bio_ssl.c ssl_err.c kssl.c
+LIBOBJ= \
+        s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
+        s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
+        s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
+        t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
+        ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
+        ssl_ciph.o ssl_stat.o ssl_rsa.o \
+        ssl_asn1.o ssl_txt.o ssl_algs.o \
+        bio_ssl.o ssl_err.o kssl.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h kssl.h
+HEADER= $(EXHEADER) ssl_locl.h kssl_lcl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:    lib shared
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+shared:
+        if [ -n "$(SHARED_LIBS)" ]; then \
+                (cd ..; $(MAKE) $(SHARED_LIB)); \
+        fi
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_ssl.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+bio_ssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+bio_ssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+bio_ssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+bio_ssl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+bio_ssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+bio_ssl.o: ../include/openssl/err.h ../include/openssl/evp.h
+bio_ssl.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+bio_ssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+bio_ssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+bio_ssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+bio_ssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+bio_ssl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c
+kssl.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+kssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+kssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+kssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+kssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+kssl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+kssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+kssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
+kssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+kssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+kssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+kssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+kssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+kssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+kssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+kssl.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+kssl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+kssl.o: ../include/openssl/x509_vfy.h kssl.c
+s23_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s23_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s23_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s23_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s23_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_clnt.c
+s23_clnt.o: ssl_locl.h
+s23_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s23_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s23_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s23_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s23_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s23_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s23_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s23_lib.o: ../include/openssl/x509_vfy.h s23_lib.c ssl_locl.h
+s23_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_meth.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s23_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s23_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s23_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s23_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s23_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s23_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s23_meth.o: ../include/openssl/x509_vfy.h s23_meth.c ssl_locl.h
+s23_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s23_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s23_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s23_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s23_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s23_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s23_pkt.o: ../include/openssl/x509_vfy.h s23_pkt.c ssl_locl.h
+s23_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s23_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s23_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s23_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s23_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c
+s23_srvr.o: ssl_locl.h
+s2_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
+s2_enc.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_enc.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c
+s2_enc.o: ssl_locl.h
+s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
+s2_lib.o: ssl_locl.h
+s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_meth.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s2_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h
+s2_pkt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_pkt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_pkt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_pkt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
+s2_pkt.o: ssl_locl.h
+s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h
+s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_both.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_both.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_both.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_both.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s3_both.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_both.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_both.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_both.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s3_both.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_both.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_both.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c
+s3_both.o: ssl_locl.h
+s3_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h
+s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s3_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_enc.o: ../include/openssl/x509_vfy.h s3_enc.c ssl_locl.h
+s3_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s3_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_lib.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_lib.c ssl_locl.h
+s3_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_meth.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s3_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s3_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_meth.o: ../include/openssl/x509_vfy.h s3_meth.c ssl_locl.h
+s3_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s3_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h
+s3_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
+s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s3_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_srvr.o: s3_srvr.c ssl_locl.h
+ssl_algs.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_algs.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_algs.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_algs.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_algs.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_algs.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_algs.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_algs.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_algs.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_algs.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_algs.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_algs.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_algs.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_algs.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h
+ssl_asn1.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_asn1.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_asn1.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_asn1.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h
+ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_cert.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_cert.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ssl_cert.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_cert.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_cert.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_cert.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_cert.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_cert.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_cert.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_cert.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_cert.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssl_cert.o: ../include/openssl/x509v3.h ssl_cert.c ssl_locl.h
+ssl_ciph.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_ciph.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_ciph.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_ciph.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_ciph.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_ciph.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_ciph.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_ciph.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_ciph.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_ciph.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_ciph.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_ciph.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_ciph.c ssl_locl.h
+ssl_err.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_err.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_err.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_err.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_err.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_err.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_err.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_err.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_err.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_err.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_err.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_err.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_err.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_err.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_err.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_err.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_err.o: ../include/openssl/x509_vfy.h ssl_err.c
+ssl_err2.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_err2.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_err2.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_err2.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_err2.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_err2.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_err2.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_err2.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_err2.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_err2.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_err2.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_err2.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_err2.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c
+ssl_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h
+ssl_lib.o: ssl_lib.c ssl_locl.h
+ssl_rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_rsa.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_rsa.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c
+ssl_sess.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_sess.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_sess.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_sess.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c
+ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_stat.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_stat.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_stat.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_stat.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_stat.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_stat.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_stat.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_stat.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_stat.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_stat.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_stat.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_stat.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_stat.c
+ssl_txt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_txt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_txt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_txt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_txt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_txt.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_txt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_txt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_txt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_txt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_txt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_txt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_txt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_txt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_txt.c
+t1_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+t1_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+t1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+t1_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_clnt.o: t1_clnt.c
+t1_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_enc.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+t1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+t1_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
+t1_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_enc.o: t1_enc.c
+t1_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+t1_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+t1_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+t1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+t1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+t1_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+t1_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+t1_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_lib.c
+t1_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_meth.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+t1_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
+t1_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+t1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+t1_meth.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_meth.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+t1_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_meth.c
+t1_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+t1_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+t1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+t1_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_srvr.o: t1_srvr.c
diff --git a/src/lib/libssl/src/ssl/kssl.c b/src/lib/libssl/src/ssl/kssl.c
index 7c45f8ff4e..a80f5b2f74 100644
--- a/src/lib/libssl/src/ssl/kssl.c
+++ b/src/lib/libssl/src/ssl/kssl.c
@@ -1496,9 +1496,8 @@ kssl_sget_tkt(	/* UPDATE */	KSSL_CTX		*kssl_ctx,
                         "bad ticket from krb5_rd_req.\n");
                 }
         else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
-                 &krb5ticket->enc_part2->client->realm,
-                 krb5ticket->enc_part2->client->data,
-                 krb5ticket->enc_part2->client->length))
+                &krb5ticket->enc_part2->client->realm,
+                krb5ticket->enc_part2->client->data))
                 {
                 kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
                         "kssl_ctx_setprinc() fails.\n");
@@ -1565,17 +1564,16 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx)
         }
 
 
-/*      Given an array of (krb5_data *) entity (and optional realm),
+/*      Given a (krb5_data *) entity (and optional realm),
 **      set the plain (char *) client_princ or service_host member
 **      of the kssl_ctx struct.
 */
 krb5_error_code
 kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-        krb5_data *realm, krb5_data *entity, int nentities)
+        krb5_data *realm, krb5_data *entity)
         {
         char    **princ;
         int     length;
-        int i;
 
         if (kssl_ctx == NULL  ||  entity == NULL)  return KSSL_CTX_ERR;
 
@@ -1587,33 +1585,18 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
                 }
         if (*princ)  free(*princ);
 
-        /* Add up all the entity->lengths */
-        length = 0;
-        for (i=0; i < nentities; i++)
-                {
-                length += entity[i].length;
-                }
-        /* Add in space for the '/' character(s) (if any) */
-        length += nentities-1;
-        /* Space for the ('@'+realm+NULL | NULL) */
-        length += ((realm)? realm->length + 2: 1);
-
+        length = entity->length + ((realm)? realm->length + 2: 1);
         if ((*princ = calloc(1, length)) == NULL)
                 return KSSL_CTX_ERR;
         else
-                {
-                for (i = 0; i < nentities; i++)
-                        {
-                        strncat(*princ, entity[i].data, entity[i].length);
-                        if (i < nentities-1)
-                                {
-                                strcat (*princ, "/");
-                                }
-                        }
+                {
+                strncpy(*princ, entity->data, entity->length);
+                (*princ)[entity->length]='\0';
                 if (realm)
                         {
                         strcat (*princ, "@");
                         (void) strncat(*princ, realm->data, realm->length);
+                        (*princ)[entity->length+1+realm->length]='\0';
                         }
                 }
 
diff --git a/src/lib/libssl/src/ssl/kssl.h b/src/lib/libssl/src/ssl/kssl.h
index 19a689b089..cf7ebdd168 100644
--- a/src/lib/libssl/src/ssl/kssl.h
+++ b/src/lib/libssl/src/ssl/kssl.h
@@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void);
 KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
 void kssl_ctx_show(KSSL_CTX *kssl_ctx);
 krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-        krb5_data *realm, krb5_data *entity, int nentities);
+        krb5_data *realm, krb5_data *entity);
 krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,
         krb5_data *authenp, KSSL_ERR *kssl_err);
 krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index 1d24dedc91..43b32eb415 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -116,7 +116,6 @@
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
diff --git a/src/lib/libssl/src/ssl/s2_enc.c b/src/lib/libssl/src/ssl/s2_enc.c
index d3b144f1c5..21a06f76cb 100644
--- a/src/lib/libssl/src/ssl/s2_enc.c
+++ b/src/lib/libssl/src/ssl/s2_enc.c
@@ -59,7 +59,6 @@
 #include "ssl_locl.h"
 #ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
-#include "cryptlib.h"
 
 int ssl2_enc_init(SSL *s, int client)
         {
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c
index 910b9fe097..edcef4dda2 100644
--- a/src/lib/libssl/src/ssl/s2_lib.c
+++ b/src/lib/libssl/src/ssl/s2_lib.c
@@ -63,7 +63,6 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-#include "cryptlib.h"
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -139,6 +138,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 /* IDEA_128_CBC_WITH_MD5 */
+#ifndef OPENSSL_NO_IDEA
         {
         1,
         SSL2_TXT_IDEA_128_CBC_WITH_MD5,
@@ -151,6 +151,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
+#endif
 /* DES_64_CBC_WITH_MD5 */
         {
         1,
diff --git a/src/lib/libssl/src/ssl/s2_pkt.c b/src/lib/libssl/src/ssl/s2_pkt.c
index d82f137613..a10929a757 100644
--- a/src/lib/libssl/src/ssl/s2_pkt.c
+++ b/src/lib/libssl/src/ssl/s2_pkt.c
@@ -113,7 +113,6 @@
 #ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <errno.h>
-#include "cryptlib.h"
 #define USE_SOCKETS
 
 static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index 62859a2d95..5da2a54af3 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -116,7 +116,6 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index eb7daebfdf..d51b60e343 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -117,7 +117,6 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -169,7 +168,7 @@ int ssl3_connect(SSL *s)
         long num1;
         void (*cb)(const SSL *ssl,int type,int val)=NULL;
         int ret= -1;
-        int new_state,state,skip=0;;
+        int new_state,state,skip=0;
 
         RAND_add(&Time,sizeof(Time),0);
         ERR_clear_error();
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 896b12fc4f..d04096016c 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -271,6 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 /* Cipher 07 */
+#ifndef OPENSSL_NO_IDEA
         {
         1,
         SSL3_TXT_RSA_IDEA_128_SHA,
@@ -283,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
+#endif
 /* Cipher 08 */
         {
         1,
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 881f68b998..57f1d3f52a 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -121,9 +121,10 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_KRB5
 #include <openssl/krb5_asn.h>
+#endif
 #include <openssl/md5.h>
-#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index 16bc11b559..d8ff8fc4a3 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -62,7 +62,6 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include "cryptlib.h"
 
 typedef struct ssl_session_asn1_st
         {
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 888b667fa1..532fb4e80d 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -73,7 +73,7 @@
 #define SSL_ENC_NUM_IDX         9
 
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
-        NULL,NULL,NULL,NULL,NULL,NULL,
+        NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
         };
 
 static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
@@ -125,7 +125,9 @@ static const SSL_CIPHER cipher_aliases[]={
         {0,SSL_TXT_3DES,0,SSL_3DES,  0,0,0,0,SSL_ENC_MASK,0},
         {0,SSL_TXT_RC4, 0,SSL_RC4,   0,0,0,0,SSL_ENC_MASK,0},
         {0,SSL_TXT_RC2, 0,SSL_RC2,   0,0,0,0,SSL_ENC_MASK,0},
+#ifndef OPENSSL_NO_IDEA
         {0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
+#endif
         {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
         {0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
         {0,SSL_TXT_AES, 0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},
@@ -166,8 +168,12 @@ static void load_ciphers(void)
                 EVP_get_cipherbyname(SN_rc4);
         ssl_cipher_methods[SSL_ENC_RC2_IDX]= 
                 EVP_get_cipherbyname(SN_rc2_cbc);
+#ifndef OPENSSL_NO_IDEA
         ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
                 EVP_get_cipherbyname(SN_idea_cbc);
+#else
+        ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
+#endif
         ssl_cipher_methods[SSL_ENC_AES128_IDX]=
           EVP_get_cipherbyname(SN_aes_128_cbc);
         ssl_cipher_methods[SSL_ENC_AES256_IDX]=
@@ -245,7 +251,7 @@ int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
                 break;
                 }
 
-        if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+        if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
                 *enc=NULL;
         else
                 {
@@ -267,7 +273,7 @@ int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
                 i= -1;
                 break;
                 }
-        if ((i < 0) || (i > SSL_MD_NUM_IDX))
+        if ((i < 0) || (i >= SSL_MD_NUM_IDX))
                 *md=NULL;
         else
                 *md=ssl_digest_methods[i];
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 6d69890688..8701fb33ca 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -121,7 +121,6 @@
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
 #include <openssl/x509v3.h>
-#include "cryptlib.h"
 
 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
@@ -473,11 +472,6 @@ void SSL_free(SSL *s)
 
         if (s->method != NULL) s->method->ssl_free(s);
 
-#ifndef OPENSSL_NO_KRB5
-        if (s->kssl_ctx != NULL)
-                kssl_ctx_free(s->kssl_ctx);
-#endif  /* OPENSSL_NO_KRB5 */
-
         OPENSSL_free(s);
         }
 
diff --git a/src/lib/libssl/src/ssl/ssl_rsa.c b/src/lib/libssl/src/ssl/ssl_rsa.c
index 330390519b..03828b6632 100644
--- a/src/lib/libssl/src/ssl/ssl_rsa.c
+++ b/src/lib/libssl/src/ssl/ssl_rsa.c
@@ -207,7 +207,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
                          ok=1;
                 else
 #endif
-                     if (!X509_check_private_key(c->pkeys[i].x509,pkey))
+                        if (!X509_check_private_key(c->pkeys[i].x509,pkey))
                         {
                         if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
                                 {
@@ -241,8 +241,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
                 return(0);
                 }
 
-        ERR_clear_error(); /* make sure no error from X509_check_private_key()
-                            * is left if we have chosen to ignore it */
         if (c->pkeys[i].privatekey != NULL)
                 EVP_PKEY_free(c->pkeys[i].privatekey);
         CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index fabcdefa6e..a505e388fb 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -60,7 +60,6 @@
 #include <openssl/lhash.h>
 #include <openssl/rand.h>
 #include "ssl_locl.h"
-#include "cryptlib.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -79,11 +78,11 @@ SSL_SESSION *SSL_get1_session(SSL *ssl)
         /* Need to lock this all up rather than just use CRYPTO_add so that
          * somebody doesn't free ssl->session between when we check it's
          * non-null and when we up the reference count. */
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
+        CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION);
         sess = ssl->session;
         if(sess)
                 sess->references++;
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
+        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION);
         return(sess);
         }
 
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 42289c255b..84c25d2c30 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -119,6 +119,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
+#include <inttypes.h>
 
 #define USE_SOCKETS
 #include "e_os.h"
@@ -1500,8 +1501,8 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
 
         fprintf(stderr, "In app_verify_callback, allowing cert. ");
         fprintf(stderr, "Arg is: %s\n", (char *)arg);
-        fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n",
-                        (unsigned int)ctx, (unsigned int)ctx->cert);
+        fprintf(stderr, "Finished printing do we have a context? 0x%lx a cert? 0x%lx\n",
+                        (uintptr_t)ctx, (uintptr_t)ctx->cert);
         if (ctx->cert)
                 s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
         if (s != NULL)
diff --git a/src/lib/libssl/src/test/Makefile.ssl b/src/lib/libssl/src/test/Makefile.ssl
new file mode 100644
index 0000000000..373f17a929
--- /dev/null
+++ b/src/lib/libssl/src/test/Makefile.ssl
@@ -0,0 +1,796 @@
+#
+# test/Makefile.ssl
+#
+
+DIR=            test
+TOP=            ..
+CC=             cc
+INCLUDES=       -I$(TOP) -I../include $(KRB5_INCLUDES)
+CFLAG=          -g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=     /usr/local/ssl
+MAKEFILE=       Makefile.ssl
+MAKE=           make -f $(MAKEFILE)
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+PERL=           perl
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+PEX_LIBS=
+EX_LIBS= #-lnsl -lsocket
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile.ssl maketests.com \
+        tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \
+        tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \
+        testca.com VMSca-response.1 VMSca-response.2
+
+DLIBCRYPTO= ../libcrypto.a
+DLIBSSL= ../libssl.a
+LIBCRYPTO= -L.. -lcrypto
+LIBSSL= -L.. -lssl
+
+BNTEST=         bntest
+ECTEST=         ectest
+EXPTEST=        exptest
+IDEATEST=       ideatest
+SHATEST=        shatest
+SHA1TEST=       sha1test
+MDC2TEST=       mdc2test
+RMDTEST=        rmdtest
+MD2TEST=        md2test
+MD4TEST=        md4test
+MD5TEST=        md5test
+HMACTEST=       hmactest
+RC2TEST=        rc2test
+RC4TEST=        rc4test
+RC5TEST=        rc5test
+BFTEST=         bftest
+CASTTEST=       casttest
+DESTEST=        destest
+RANDTEST=       randtest
+DHTEST=         dhtest
+DSATEST=        dsatest
+METHTEST=       methtest
+SSLTEST=        ssltest
+RSATEST=        rsa_test
+ENGINETEST=     enginetest
+EVPTEST=        evp_test
+
+TESTS=          alltests
+
+EXE=    $(BNTEST) $(ECTEST) $(IDEATEST) $(MD2TEST)  $(MD4TEST) $(MD5TEST) $(HMACTEST) \
+        $(RC2TEST) $(RC4TEST) $(RC5TEST) \
+        $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
+        $(RANDTEST) $(DHTEST) $(ENGINETEST) \
+        $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST) \
+        $(EVPTEST)
+
+# $(METHTEST)
+
+OBJ=    $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
+        $(HMACTEST).o \
+        $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+        $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+        $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
+        $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o \
+        $(EVPTEST).o
+SRC=    $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
+        $(HMACTEST).c \
+        $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+        $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+        $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
+        $(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c \
+        $(EVPTEST).c
+
+EXHEADER= 
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ..; $(MAKE) DIRS=$(DIR) TESTS=$(TESTS) all)
+
+all:    exe
+
+exe:    $(EXE) dummytest
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+
+generate: $(SRC)
+$(SRC):
+        @sh $(TOP)/util/point.sh dummytest.c $@
+
+errors:
+
+install:
+
+tags:
+        ctags $(SRC)
+
+tests:  exe apps $(TESTS)
+
+apps:
+        @(cd ..; $(MAKE) DIRS=apps all)
+
+SET_SO_PATHS=OSSL_LIBPATH="`cd ..; pwd`"; \
+                LD_LIBRARY_PATH="$$OSSL_LIBPATH:$$LD_LIBRARY_PATH"; \
+                DYLD_LIBRARY_PATH="$$OSSL_LIBPATH:$$DYLD_LIBRARY_PATH"; \
+                SHLIB_PATH="$$OSSL_LIBPATH:$$SHLIB_PATH"; \
+                LIBPATH="$$OSSL_LIBPATH:$$LIBPATH"; \
+                if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \
+                export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH
+
+alltests: \
+        test_des test_idea test_sha test_md4 test_md5 test_hmac \
+        test_md2 test_mdc2 \
+        test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+        test_rand test_bn test_ec test_enc test_x509 test_rsa test_crl test_sid \
+        test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
+        test_ss test_ca test_engine test_evp test_ssl
+
+test_evp:
+        $(SET_SO_PATHS); ./$(EVPTEST) evptests.txt
+
+test_des:
+        $(SET_SO_PATHS); ./$(DESTEST)
+
+test_idea:
+        $(SET_SO_PATHS); ./$(IDEATEST)
+
+test_sha:
+        $(SET_SO_PATHS); ./$(SHATEST)
+        $(SET_SO_PATHS); ./$(SHA1TEST)
+
+test_mdc2:
+        $(SET_SO_PATHS); ./$(MDC2TEST)
+
+test_md5:
+        $(SET_SO_PATHS); ./$(MD5TEST)
+
+test_md4:
+        $(SET_SO_PATHS); ./$(MD4TEST)
+
+test_hmac:
+        $(SET_SO_PATHS); ./$(HMACTEST)
+
+test_md2:
+        $(SET_SO_PATHS); ./$(MD2TEST)
+
+test_rmd:
+        $(SET_SO_PATHS); ./$(RMDTEST)
+
+test_bf:
+        $(SET_SO_PATHS); ./$(BFTEST)
+
+test_cast:
+        $(SET_SO_PATHS); ./$(CASTTEST)
+
+test_rc2:
+        $(SET_SO_PATHS); ./$(RC2TEST)
+
+test_rc4:
+        $(SET_SO_PATHS); ./$(RC4TEST)
+
+test_rc5:
+        $(SET_SO_PATHS); ./$(RC5TEST)
+
+test_rand:
+        $(SET_SO_PATHS); ./$(RANDTEST)
+
+test_enc:
+        @$(SET_SO_PATHS); sh ./testenc
+
+test_x509:
+        echo test normal x509v1 certificate
+        $(SET_SO_PATHS); sh ./tx509 2>/dev/null
+        echo test first x509v3 certificate
+        $(SET_SO_PATHS); sh ./tx509 v3-cert1.pem 2>/dev/null
+        echo test second x509v3 certificate
+        $(SET_SO_PATHS); sh ./tx509 v3-cert2.pem 2>/dev/null
+
+test_rsa:
+        @$(SET_SO_PATHS); sh ./trsa 2>/dev/null
+        $(SET_SO_PATHS); ./$(RSATEST)
+
+test_crl:
+        @$(SET_SO_PATHS); sh ./tcrl 2>/dev/null
+
+test_sid:
+        @$(SET_SO_PATHS); sh ./tsid 2>/dev/null
+
+test_req:
+        @$(SET_SO_PATHS); sh ./treq 2>/dev/null
+        @$(SET_SO_PATHS); sh ./treq testreq2.pem 2>/dev/null
+
+test_pkcs7:
+        @$(SET_SO_PATHS); sh ./tpkcs7 2>/dev/null
+        @$(SET_SO_PATHS); sh ./tpkcs7d 2>/dev/null
+
+test_bn:
+        @echo starting big number library test, could take a while...
+        @$(SET_SO_PATHS); ./$(BNTEST) >tmp.bntest
+        @echo quit >>tmp.bntest
+        @echo "running bc"
+        @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
+        @echo 'test a^b%c implementations'
+        $(SET_SO_PATHS); ./$(EXPTEST)
+
+test_ec:
+        @echo 'test elliptic curves'
+        $(SET_SO_PATHS); ./$(ECTEST)
+
+test_verify:
+        @echo "The following command should have some OK's and some failures"
+        @echo "There are definitly a few expired certificates"
+        -$(SET_SO_PATHS); ../apps/openssl verify -CApath ../certs ../certs/*.pem
+
+test_dh:
+        @echo "Generate a set of DH parameters"
+        $(SET_SO_PATHS); ./$(DHTEST)
+
+test_dsa:
+        @echo "Generate a set of DSA parameters"
+        $(SET_SO_PATHS); ./$(DSATEST)
+        $(SET_SO_PATHS); ./$(DSATEST) -app2_1
+
+test_gen:
+        @echo "Generate and verify a certificate request"
+        @$(SET_SO_PATHS); sh ./testgen
+
+test_ss keyU.ss certU.ss certCA.ss: testss
+        @echo "Generate and certify a test certificate"
+        @$(SET_SO_PATHS); sh ./testss
+
+test_engine: 
+        @echo "Manipulate the ENGINE structures"
+        $(SET_SO_PATHS); ./$(ENGINETEST)
+
+test_ssl: keyU.ss certU.ss certCA.ss
+        @echo "test SSL protocol"
+        @$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss
+
+test_ca:
+        @$(SET_SO_PATHS); if ../apps/openssl no-rsa; then \
+          echo "skipping CA.sh test -- requires RSA"; \
+        else \
+          echo "Generate and certify a test certificate via the 'ca' program"; \
+          sh ./testca; \
+        fi
+
+test_aes: #$(AESTEST)
+#       @echo "test Rijndael"
+#       $(SET_SO_PATHS); ./$(AESTEST)
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log
+
+$(DLIBSSL):
+        (cd ..; $(MAKE) DIRS=ssl all)
+
+$(DLIBCRYPTO):
+        (cd ..; $(MAKE) DIRS=crypto all)
+
+$(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(ECTEST): $(ECTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+        
+#$(AESTEST).o: $(AESTEST).c
+#       $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+
+#$(AESTEST): $(AESTEST).o $(DLIBCRYPTO)
+#       if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+#         $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+#       else \
+#         LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+#         $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+#       fi
+
+dummytest: dummytest.o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
+bftest.o: ../include/openssl/opensslconf.h bftest.c
+bntest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+bntest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+bntest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+bntest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+bntest.o: ../include/openssl/des.h ../include/openssl/des_old.h
+bntest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+bntest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+bntest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+bntest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+bntest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+bntest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+bntest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bntest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+bntest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+bntest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+bntest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+bntest.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+bntest.o: ../include/openssl/x509_vfy.h bntest.c
+casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
+casttest.o: ../include/openssl/opensslconf.h casttest.c
+destest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+destest.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+destest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+destest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+destest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+destest.o: ../include/openssl/ui_compat.h destest.c
+dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c
+dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+dsatest.o: ../include/openssl/symhacks.h dsatest.c
+ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+ectest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ectest.o: ../include/openssl/engine.h ../include/openssl/err.h
+ectest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ectest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ectest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+ectest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h ectest.c
+enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
+enginetest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enginetest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+enginetest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+enginetest.o: enginetest.c
+evp_test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+evp_test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+evp_test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+evp_test.o: ../include/openssl/des.h ../include/openssl/des_old.h
+evp_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+evp_test.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h
+evp_test.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+evp_test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+evp_test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+evp_test.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+evp_test.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+evp_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h
+evp_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+evp_test.o: ../include/openssl/ui_compat.h evp_test.c
+exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+exptest.o: ../include/openssl/symhacks.h exptest.c
+hmactest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+hmactest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+hmactest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+hmactest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+hmactest.o: ../include/openssl/idea.h ../include/openssl/md2.h
+hmactest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+hmactest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+hmactest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+hmactest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+hmactest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+hmactest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+hmactest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+hmactest.o: ../include/openssl/ui_compat.h hmactest.c
+ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
+ideatest.o: ../include/openssl/opensslconf.h ideatest.c
+md2test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md2test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md2test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md2test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md2test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md2test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md2test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md2test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md2test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md2test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md2test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md2test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md2test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md2test.c
+md4test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md4test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md4test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md4test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md4test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md4test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md4test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md4test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md4test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md4test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md4test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md4test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md4test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md4test.c
+md5test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md5test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md5test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md5test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md5test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md5test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md5test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md5test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md5test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md5test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md5test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md5test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md5test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md5test.c
+mdc2test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+mdc2test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+mdc2test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+mdc2test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+mdc2test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+mdc2test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+mdc2test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+mdc2test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+mdc2test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mdc2test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+mdc2test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+mdc2test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+mdc2test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+mdc2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+mdc2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h mdc2test.c
+randtest.o: ../e_os.h ../include/openssl/e_os2.h
+randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
+randtest.o: ../include/openssl/rand.h randtest.c
+rc2test.o: ../e_os.h ../include/openssl/e_os2.h
+rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h rc2test.c
+rc4test.o: ../e_os.h ../include/openssl/e_os2.h
+rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h rc4test.c
+rc5test.o: ../e_os.h ../include/openssl/e_os2.h
+rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h rc5test.c
+rmdtest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rmdtest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rmdtest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+rmdtest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rmdtest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rmdtest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rmdtest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rmdtest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rmdtest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rmdtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rmdtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+rmdtest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rmdtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rmdtest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h rmdtest.c
+rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsa_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+rsa_test.o: ../include/openssl/symhacks.h rsa_test.c
+sha1test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+sha1test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+sha1test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+sha1test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+sha1test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+sha1test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+sha1test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+sha1test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+sha1test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+sha1test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sha1test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+sha1test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+sha1test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+sha1test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h sha1test.c
+shatest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+shatest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+shatest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+shatest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+shatest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+shatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+shatest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+shatest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+shatest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+shatest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+shatest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+shatest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h shatest.c
+ssltest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssltest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssltest.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssltest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssltest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssltest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h
+ssltest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssltest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssltest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssltest.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ssltest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssltest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssltest.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssltest.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssltest.o: ../include/openssl/x509_vfy.h ssltest.c
diff --git a/src/lib/libssl/src/test/enginetest.c b/src/lib/libssl/src/test/enginetest.c
new file mode 100644
index 0000000000..87fa8c57b7
--- /dev/null
+++ b/src/lib/libssl/src/test/enginetest.c
@@ -0,0 +1,274 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <stdio.h>
+#include <string.h>
+#include <openssl/buffer.h>
+#include <openssl/crypto.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static void display_engine_list()
+        {
+        ENGINE *h;
+        int loop;
+
+        h = ENGINE_get_first();
+        loop = 0;
+        printf("listing available engine types\n");
+        while(h)
+                {
+                printf("engine %i, id = \"%s\", name = \"%s\"\n",
+                        loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+                h = ENGINE_get_next(h);
+                }
+        printf("end of list\n");
+        /* ENGINE_get_first() increases the struct_ref counter, so we 
+           must call ENGINE_free() to decrease it again */
+        ENGINE_free(h);
+        }
+
+int main(int argc, char *argv[])
+        {
+        ENGINE *block[512];
+        char buf[256];
+        const char *id, *name;
+        ENGINE *ptr;
+        int loop;
+        int to_return = 1;
+        ENGINE *new_h1 = NULL;
+        ENGINE *new_h2 = NULL;
+        ENGINE *new_h3 = NULL;
+        ENGINE *new_h4 = NULL;
+
+        /* enable memory leak checking unless explicitly disabled */
+        if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+                {
+                CRYPTO_malloc_debug_init();
+                CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+                }
+        else
+                {
+                /* OPENSSL_DEBUG_MEMORY=off */
+                CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+                }
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        ERR_load_crypto_strings();
+
+        memset(block, 0, 512 * sizeof(ENGINE *));
+        if(((new_h1 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h1, "test_id0") ||
+                        !ENGINE_set_name(new_h1, "First test item") ||
+                        ((new_h2 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h2, "test_id1") ||
+                        !ENGINE_set_name(new_h2, "Second test item") ||
+                        ((new_h3 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h3, "test_id2") ||
+                        !ENGINE_set_name(new_h3, "Third test item") ||
+                        ((new_h4 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h4, "test_id3") ||
+                        !ENGINE_set_name(new_h4, "Fourth test item"))
+                {
+                printf("Couldn't set up test ENGINE structures\n");
+                goto end;
+                }
+        printf("\nenginetest beginning\n\n");
+        display_engine_list();
+        if(!ENGINE_add(new_h1))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        ptr = ENGINE_get_first();
+        if(!ENGINE_remove(ptr))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        if (ptr)
+                ENGINE_free(ptr);
+        display_engine_list();
+        if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h2))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_add(new_h4))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(ENGINE_add(new_h3))
+                {
+                printf("Add *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Add that should fail did.\n");
+        ERR_clear_error();
+        if(ENGINE_remove(new_h2))
+                {
+                printf("Remove *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Remove that should fail did.\n");
+        ERR_clear_error();
+        if(!ENGINE_remove(new_h3))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h4))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        /* Depending on whether there's any hardware support compiled
+         * in, this remove may be destined to fail. */
+        ptr = ENGINE_get_first();
+        if(ptr)
+                if(!ENGINE_remove(ptr))
+                        printf("Remove failed!i - probably no hardware "
+                                "support present.\n");
+        if (ptr)
+                ENGINE_free(ptr);
+        display_engine_list();
+        if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+                {
+                printf("Couldn't add and remove to an empty list!\n");
+                goto end;
+                }
+        else
+                printf("Successfully added and removed to an empty list!\n");
+        printf("About to beef up the engine-type list\n");
+        for(loop = 0; loop < 512; loop++)
+                {
+                sprintf(buf, "id%i", loop);
+                id = BUF_strdup(buf);
+                sprintf(buf, "Fake engine type %i", loop);
+                name = BUF_strdup(buf);
+                if(((block[loop] = ENGINE_new()) == NULL) ||
+                                !ENGINE_set_id(block[loop], id) ||
+                                !ENGINE_set_name(block[loop], name))
+                        {
+                        printf("Couldn't create block of ENGINE structures.\n"
+                                "I'll probably also core-dump now, damn.\n");
+                        goto end;
+                        }
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                if(!ENGINE_add(block[loop]))
+                        {
+                        printf("\nAdding stopped at %i, (%s,%s)\n",
+                                loop, ENGINE_get_id(block[loop]),
+                                ENGINE_get_name(block[loop]));
+                        goto cleanup_loop;
+                        }
+                else
+                        printf("."); fflush(stdout);
+                }
+cleanup_loop:
+        printf("\nAbout to empty the engine-type list\n");
+        while((ptr = ENGINE_get_first()) != NULL)
+                {
+                if(!ENGINE_remove(ptr))
+                        {
+                        printf("\nRemove failed!\n");
+                        goto end;
+                        }
+                ENGINE_free(ptr);
+                printf("."); fflush(stdout);
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                OPENSSL_free((void *)ENGINE_get_id(block[loop]));
+                OPENSSL_free((void *)ENGINE_get_name(block[loop]));
+                }
+        printf("\nTests completed happily\n");
+        to_return = 0;
+end:
+        if(to_return)
+                ERR_print_errors_fp(stderr);
+        if(new_h1) ENGINE_free(new_h1);
+        if(new_h2) ENGINE_free(new_h2);
+        if(new_h3) ENGINE_free(new_h3);
+        if(new_h4) ENGINE_free(new_h4);
+        for(loop = 0; loop < 512; loop++)
+                if(block[loop])
+                        ENGINE_free(block[loop]);
+        ENGINE_cleanup();
+        CRYPTO_cleanup_all_ex_data();
+        ERR_free_strings();
+        ERR_remove_state(0);
+        CRYPTO_mem_leaks_fp(stderr);
+        return to_return;
+        }
diff --git a/src/lib/libssl/src/test/md4test.c b/src/lib/libssl/src/test/md4test.c
new file mode 100644
index 0000000000..e0fdc42282
--- /dev/null
+++ b/src/lib/libssl/src/test/md4test.c
@@ -0,0 +1,134 @@
+/* crypto/md4/md4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef OPENSSL_NO_MD4
+int main(int argc, char *argv[])
+{
+    printf("No MD4 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/md4.h>
+
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+
+static char *ret[]={
+"31d6cfe0d16ae931b73c59d7e0c089c0",
+"bde52cb31de33e46245e05fbdbd6fb24",
+"a448017aaf21d8525fc10ae87aa6729d",
+"d9130a8164549fe818874806e1c7014b",
+"d79e1c308aa5bbcdeea8ed63df412da9",
+"043f8582f241db351ce627e153e7f0e4",
+"e33b4ddc9c38f2199c3e7b164fcc0536",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+        unsigned char md[MD4_DIGEST_LENGTH];
+
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4(), NULL);
+                p=pt(md);
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating MD4 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        exit(err);
+        return(0);
+        }
+
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libssl/src/test/rsa_test.c b/src/lib/libssl/src/test/rsa_test.c
new file mode 100644
index 0000000000..b8b462d33b
--- /dev/null
+++ b/src/lib/libssl/src/test/rsa_test.c
@@ -0,0 +1,318 @@
+/* test vectors from p1ovect1.txt */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifdef OPENSSL_NO_RSA
+int main(int argc, char *argv[])
+{
+    printf("No RSA support\n");
+    return(0);
+}
+#else
+#include <openssl/rsa.h>
+#include <openssl/engine.h>
+
+#define SetKey \
+  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
+  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
+  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
+  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
+  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
+  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
+  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
+  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+  return (sizeof(ctext_ex) - 1);
+
+static int key1(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+"\xF5";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+
+    static unsigned char p[] =
+"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+"\x0D";
+    
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x89";
+
+    static unsigned char dmp1[] =
+"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+
+    static unsigned char dmq1[] =
+"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+"\x51";
+
+    static unsigned char iqmp[] =
+"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+
+    static unsigned char ctext_ex[] =
+"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
+"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
+"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
+"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
+
+    SetKey;
+    }
+
+static int key2(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
+"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
+"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
+"\x34\x77\xCF";
+
+    static unsigned char e[] = "\x3";
+
+    static unsigned char d[] =
+"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
+"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
+"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
+"\xE5\xEB";
+
+    static unsigned char p[] =
+"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
+"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
+
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
+    
+    static unsigned char dmp1[] =
+"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
+"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
+
+    static unsigned char dmq1[] =
+"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
+"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
+
+    static unsigned char iqmp[] =
+"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
+"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
+
+    static unsigned char ctext_ex[] =
+"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
+"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
+"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
+"\x62\x51";
+
+    SetKey;
+    }
+
+static int key3(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+"\xCB";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+"\xC1";
+
+    static unsigned char p[] =
+"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+"\x99";
+
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+"\x03";
+
+    static unsigned char dmp1[] =
+"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+
+    static unsigned char dmq1[] =
+"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+    
+    static unsigned char iqmp[] =
+"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+"\xF7";
+
+    static unsigned char ctext_ex[] =
+"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
+"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
+"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
+"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
+"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
+"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
+"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
+"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
+
+    SetKey;
+    }
+
+static int pad_unknown(void)
+{
+    unsigned long l;
+    while ((l = ERR_get_error()) != 0)
+      if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
+        return(1);
+    return(0);
+}
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+    {
+    int err=0;
+    int v;
+    RSA *key;
+    unsigned char ptext[256];
+    unsigned char ctext[256];
+    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+    unsigned char ctext_ex[256];
+    int plen;
+    int clen = 0;
+    int num;
+
+    CRYPTO_malloc_debug_init();
+    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
+
+    plen = sizeof(ptext_ex) - 1;
+
+    for (v = 0; v < 3; v++)
+        {
+        key = RSA_new();
+        switch (v) {
+    case 0:
+        clen = key1(key, ctext_ex);
+        break;
+    case 1:
+        clen = key2(key, ctext_ex);
+        break;
+    case 2:
+        clen = key3(key, ctext_ex);
+        break;
+        }
+
+        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+                                 RSA_PKCS1_PADDING);
+        if (num != clen)
+            {
+            printf("PKCS#1 v1.5 encryption failed!\n");
+            err=1;
+            goto oaep;
+            }
+  
+        num = RSA_private_decrypt(num, ctext, ptext, key,
+                                  RSA_PKCS1_PADDING);
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("PKCS#1 v1.5 decryption failed!\n");
+            err=1;
+            }
+        else
+            printf("PKCS #1 v1.5 encryption/decryption ok\n");
+
+    oaep:
+        ERR_clear_error();
+        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+                                 RSA_PKCS1_OAEP_PADDING);
+        if (num == -1 && pad_unknown())
+            {
+            printf("No OAEP support\n");
+            goto next;
+            }
+        if (num != clen)
+            {
+            printf("OAEP encryption failed!\n");
+            err=1;
+            goto next;
+            }
+  
+        num = RSA_private_decrypt(num, ctext, ptext, key,
+                                  RSA_PKCS1_OAEP_PADDING);
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("OAEP decryption (encrypted data) failed!\n");
+            err=1;
+            }
+        else if (memcmp(ctext, ctext_ex, num) == 0)
+            {
+            printf("OAEP test vector %d passed!\n", v);
+            goto next;
+            }
+    
+        /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
+           Try decrypting ctext_ex */
+
+        num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
+                                  RSA_PKCS1_OAEP_PADDING);
+
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("OAEP decryption (test vector data) failed!\n");
+            err=1;
+            }
+        else
+            printf("OAEP encryption/decryption ok\n");
+    next:
+        RSA_free(key);
+        }
+
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_state(0);
+
+    CRYPTO_mem_leaks_fp(stderr);
+
+    return err;
+    }
+#endif
diff --git a/src/lib/libssl/src/tools/Makefile.ssl b/src/lib/libssl/src/tools/Makefile.ssl
new file mode 100644
index 0000000000..cb33d4a41e
--- /dev/null
+++ b/src/lib/libssl/src/tools/Makefile.ssl
@@ -0,0 +1,64 @@
+#
+# SSLeay/tools/Makefile
+#
+
+DIR=    tools
+TOP=    ..
+CC=     cc
+INCLUDES= -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile.ssl
+TEST=
+APPS= c_rehash
+MISC_APPS= c_hash c_info c_issuer c_name
+
+all:
+
+install:
+        @for i in $(APPS) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+        chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+        done;
+        @for i in $(MISC_APPS) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+        chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+        mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+        done;
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+
+lint:
+
+tags:
+
+errors:
+
+depend:
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/tools/c_rehash b/src/lib/libssl/src/tools/c_rehash
deleted file mode 100644
index e614fb5466..0000000000
--- a/src/lib/libssl/src/tools/c_rehash
+++ /dev/null
@@ -1,160 +0,0 @@
-#!/usr/bin/perl
-
-
-# Perl c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-
-my $openssl;
-
-my $dir = "/usr/local/ssl";
-
-if(defined $ENV{OPENSSL}) {
-        $openssl = $ENV{OPENSSL};
-} else {
-        $openssl = "openssl";
-        $ENV{OPENSSL} = $openssl;
-}
-
-$ENV{PATH} .= ":$dir/bin";
-
-if(! -x $openssl) {
-        my $found = 0;
-        foreach (split /:/, $ENV{PATH}) {
-                if(-x "$_/$openssl") {
-                        $found = 1;
-                        last;
-                }       
-        }
-        if($found == 0) {
-                print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
-                exit 0;
-        }
-}
-
-if(@ARGV) {
-        @dirlist = @ARGV;
-} elsif($ENV{SSL_CERT_DIR}) {
-        @dirlist = split /:/, $ENV{SSL_CERT_DIR};
-} else {
-        $dirlist[0] = "$dir/certs";
-}
-
-
-foreach (@dirlist) {
-        if(-d $_ and -w $_) {
-                hash_dir($_);
-        }
-}
-
-sub hash_dir {
-        my %hashlist;
-        print "Doing $_[0]\n";
-        chdir $_[0];
-        opendir(DIR, ".");
-        my @flist = readdir(DIR);
-        # Delete any existing symbolic links
-        foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
-                if(-l $_) {
-                        unlink $_;
-                }
-        }
-        closedir DIR;
-        FILE: foreach $fname (grep {/\.pem$/} @flist) {
-                # Check to see if certificates and/or CRLs present.
-                my ($cert, $crl) = check_file($fname);
-                if(!$cert && !$crl) {
-                        print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
-                        next;
-                }
-                link_hash_cert($fname) if($cert);
-                link_hash_crl($fname) if($crl);
-        }
-}
-
-sub check_file {
-        my ($is_cert, $is_crl) = (0,0);
-        my $fname = $_[0];
-        open IN, $fname;
-        while(<IN>) {
-                if(/^-----BEGIN (.*)-----/) {
-                        my $hdr = $1;
-                        if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
-                                $is_cert = 1;
-                                last if($is_crl);
-                        } elsif($hdr eq "X509 CRL") {
-                                $is_crl = 1;
-                                last if($is_cert);
-                        }
-                }
-        }
-        close IN;
-        return ($is_cert, $is_crl);
-}
-
-
-# Link a certificate to its subject name hash value, each hash is of
-# the form <hash>.<n> where n is an integer. If the hash value already exists
-# then we need to up the value of n, unless its a duplicate in which
-# case we skip the link. We check for duplicates by comparing the
-# certificate fingerprints
-
-sub link_hash_cert {
-                my $fname = $_[0];
-                $fname =~ s/'/'\\''/g;
-                my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
-                chomp $hash;
-                chomp $fprint;
-                $fprint =~ s/^.*=//;
-                $fprint =~ tr/://d;
-                my $suffix = 0;
-                # Search for an unused hash filename
-                while(exists $hashlist{"$hash.$suffix"}) {
-                        # Hash matches: if fingerprint matches its a duplicate cert
-                        if($hashlist{"$hash.$suffix"} eq $fprint) {
-                                print STDERR "WARNING: Skipping duplicate certificate $fname\n";
-                                return;
-                        }
-                        $suffix++;
-                }
-                $hash .= ".$suffix";
-                print "$fname => $hash\n";
-                $symlink_exists=eval {symlink("",""); 1};
-                if ($symlink_exists) {
-                        symlink $fname, $hash;
-                } else {
-                        system ("cp", $fname, $hash);
-                }
-                $hashlist{$hash} = $fprint;
-}
-
-# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
-
-sub link_hash_crl {
-                my $fname = $_[0];
-                $fname =~ s/'/'\\''/g;
-                my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
-                chomp $hash;
-                chomp $fprint;
-                $fprint =~ s/^.*=//;
-                $fprint =~ tr/://d;
-                my $suffix = 0;
-                # Search for an unused hash filename
-                while(exists $hashlist{"$hash.r$suffix"}) {
-                        # Hash matches: if fingerprint matches its a duplicate cert
-                        if($hashlist{"$hash.r$suffix"} eq $fprint) {
-                                print STDERR "WARNING: Skipping duplicate CRL $fname\n";
-                                return;
-                        }
-                        $suffix++;
-                }
-                $hash .= ".r$suffix";
-                print "$fname => $hash\n";
-                $symlink_exists=eval {symlink("",""); 1};
-                if ($symlink_exists) {
-                        symlink $fname, $hash;
-                } else {
-                        system ("cp", $fname, $hash);
-                }
-                $hashlist{$hash} = $fprint;
-}
-
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
index 203c7713e7..f5c8c0be8a 100644
--- a/src/lib/libssl/src/util/libeay.num
+++ b/src/lib/libssl/src/util/libeay.num
@@ -2801,5 +2801,3 @@ BIO_indent                              3242	EXIST::FUNCTION:
 BUF_strlcpy                             3243    EXIST::FUNCTION:
 OpenSSLDie                              3244    EXIST::FUNCTION:
 OPENSSL_cleanse                         3245    EXIST::FUNCTION:
-ENGINE_setup_bsd_cryptodev              3246    EXIST:__FreeBSD__:FUNCTION:ENGINE
-ERR_release_err_state_table             3247    EXIST::FUNCTION:LHASH
diff --git a/src/lib/libssl/src/util/pl/Mingw32.pl b/src/lib/libssl/src/util/pl/Mingw32.pl
index 4bee638c4a..043a3a53ee 100644
--- a/src/lib/libssl/src/util/pl/Mingw32.pl
+++ b/src/lib/libssl/src/util/pl/Mingw32.pl
@@ -85,7 +85,7 @@ sub do_lib_rule
         ($Name=$name) =~ tr/a-z/A-Z/;
 
         $ret.="$target: \$(${Name}OBJ)\n";
-        $ret.="\tif exist $target \$(RM) $target\n";
+        $ret.="\t\$(RM) $target\n";
         $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
         $ret.="\t\$(RANLIB) $target\n\n";
         }
diff --git a/src/lib/libssl/src/util/pl/Mingw32f.pl b/src/lib/libssl/src/util/pl/Mingw32f.pl
new file mode 100644
index 0000000000..44f5673d7a
--- /dev/null
+++ b/src/lib/libssl/src/util/pl/Mingw32f.pl
@@ -0,0 +1,73 @@
+#!/usr/local/bin/perl
+#
+# Mingw32f.pl -- copy files; Mingw32.pl is needed to do the compiling. 
+#
+
+$o='\\';
+$cp='copy';
+$rm='del';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+        { $cflags="-g2 -ggdb -DDSO_WIN32"; }
+else
+        { $cflags="-O3 -fomit-frame-pointer -DDSO_WIN32"; }
+
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="-lwsock32 -lgdi32";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='ranlib';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+sub do_lib_rule
+        {
+        local($obj,$target,$name,$shlib)=@_;
+        local($ret,$_,$Name);
+
+        $target =~ s/\//$o/g if $o ne '/';
+        $target="$target";
+        ($Name=$name) =~ tr/a-z/A-Z/;
+
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) $target\n";
+        $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+        $ret.="\t\$(RANLIB) $target\n\n";
+        }
+
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+        return($ret);
+        }
+1;
+
diff --git a/src/lib/libssl/src/util/point.sh b/src/lib/libssl/src/util/point.sh
index 4790e08f8a..ce7dcc56df 100644
--- a/src/lib/libssl/src/util/point.sh
+++ b/src/lib/libssl/src/util/point.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
 
-rm -f "$2"
+rm -f $2
 if test "$OSTYPE" = msdosdjgpp; then
-    cp "$1" "$2"
+    cp $1 $2
 else
-    ln -s "$1" "$2"
+    ln -s $1 $2
 fi
 echo "$2 => $1"
 
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
new file mode 100644
index 0000000000..4ae8458259
--- /dev/null
+++ b/src/lib/libssl/ssl.h
@@ -0,0 +1,1854 @@
+/* ssl/ssl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SSL_H 
+#define HEADER_SSL_H 
+
+#include <openssl/e_os2.h>
+
+#ifndef OPENSSL_NO_COMP
+#include <openssl/comp.h>
+#endif
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef OPENSSL_NO_X509
+#include <openssl/x509.h>
+#endif
+#include <openssl/kssl.h>
+#include <openssl/safestack.h>
+#include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* SSLeay version number for ASN.1 encoding of the session information */
+/* Version 0 - initial version
+ * Version 1 - added the optional peer certificate
+ */
+#define SSL_SESSION_ASN1_VERSION 0x0001
+
+/* text strings for the ciphers */
+#define SSL_TXT_NULL_WITH_MD5           SSL2_TXT_NULL_WITH_MD5                  
+#define SSL_TXT_RC4_128_WITH_MD5        SSL2_TXT_RC4_128_WITH_MD5               
+#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5    
+#define SSL_TXT_RC2_128_CBC_WITH_MD5    SSL2_TXT_RC2_128_CBC_WITH_MD5           
+#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5    
+#define SSL_TXT_IDEA_128_CBC_WITH_MD5   SSL2_TXT_IDEA_128_CBC_WITH_MD5          
+#define SSL_TXT_DES_64_CBC_WITH_MD5     SSL2_TXT_DES_64_CBC_WITH_MD5            
+#define SSL_TXT_DES_64_CBC_WITH_SHA     SSL2_TXT_DES_64_CBC_WITH_SHA            
+#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5    
+#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA    
+
+/*    VRS Additional Kerberos5 entries
+ */
+#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
+#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
+#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
+#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5       
+#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5       
+#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
+#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 
+
+#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA 
+#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA 
+#define SSL_TXT_KRB5_RC4_40_SHA       SSL3_TXT_KRB5_RC4_40_SHA
+#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5 
+#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5 
+#define SSL_TXT_KRB5_RC4_40_MD5       SSL3_TXT_KRB5_RC4_40_MD5
+
+#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
+#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
+#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
+#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
+#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
+#define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
+
+#define SSL_MAX_SSL_SESSION_ID_LENGTH           32
+#define SSL_MAX_SID_CTX_LENGTH                  32
+
+#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
+#define SSL_MAX_KEY_ARG_LENGTH                  8
+#define SSL_MAX_MASTER_KEY_LENGTH               48
+
+/* These are used to specify which ciphers to use and not to use */
+#define SSL_TXT_LOW             "LOW"
+#define SSL_TXT_MEDIUM          "MEDIUM"
+#define SSL_TXT_HIGH            "HIGH"
+#define SSL_TXT_kFZA            "kFZA"
+#define SSL_TXT_aFZA            "aFZA"
+#define SSL_TXT_eFZA            "eFZA"
+#define SSL_TXT_FZA             "FZA"
+
+#define SSL_TXT_aNULL           "aNULL"
+#define SSL_TXT_eNULL           "eNULL"
+#define SSL_TXT_NULL            "NULL"
+
+#define SSL_TXT_kKRB5           "kKRB5"
+#define SSL_TXT_aKRB5           "aKRB5"
+#define SSL_TXT_KRB5            "KRB5"
+
+#define SSL_TXT_kRSA            "kRSA"
+#define SSL_TXT_kDHr            "kDHr"
+#define SSL_TXT_kDHd            "kDHd"
+#define SSL_TXT_kEDH            "kEDH"
+#define SSL_TXT_aRSA            "aRSA"
+#define SSL_TXT_aDSS            "aDSS"
+#define SSL_TXT_aDH             "aDH"
+#define SSL_TXT_DSS             "DSS"
+#define SSL_TXT_DH              "DH"
+#define SSL_TXT_EDH             "EDH"
+#define SSL_TXT_ADH             "ADH"
+#define SSL_TXT_RSA             "RSA"
+#define SSL_TXT_DES             "DES"
+#define SSL_TXT_3DES            "3DES"
+#define SSL_TXT_RC4             "RC4"
+#define SSL_TXT_RC2             "RC2"
+#define SSL_TXT_IDEA            "IDEA"
+#define SSL_TXT_AES             "AES"
+#define SSL_TXT_MD5             "MD5"
+#define SSL_TXT_SHA1            "SHA1"
+#define SSL_TXT_SHA             "SHA"
+#define SSL_TXT_EXP             "EXP"
+#define SSL_TXT_EXPORT          "EXPORT"
+#define SSL_TXT_EXP40           "EXPORT40"
+#define SSL_TXT_EXP56           "EXPORT56"
+#define SSL_TXT_SSLV2           "SSLv2"
+#define SSL_TXT_SSLV3           "SSLv3"
+#define SSL_TXT_TLSV1           "TLSv1"
+#define SSL_TXT_ALL             "ALL"
+
+/*
+ * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
+ * ciphers normally not being used.
+ * Example: "RC4" will activate all ciphers using RC4 including ciphers
+ * without authentication, which would normally disabled by DEFAULT (due
+ * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
+ * will make sure that it is also disabled in the specific selection.
+ * COMPLEMENTOF* identifiers are portable between version, as adjustments
+ * to the default cipher setup will also be included here.
+ *
+ * COMPLEMENTOFDEFAULT does not experience the same special treatment that
+ * DEFAULT gets, as only selection is being done and no sorting as needed
+ * for DEFAULT.
+ */
+#define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
+#define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
+
+/* The following cipher list is used by default.
+ * It also is substituted when an application-defined cipher list string
+ * starts with 'DEFAULT'. */
+#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
+
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+#define SSL_SENT_SHUTDOWN       1
+#define SSL_RECEIVED_SHUTDOWN   2
+
+#ifdef __cplusplus
+}
+#endif
+
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/pem.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
+#define OPENSSL_NO_SSL2
+#endif
+
+#define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
+#define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
+
+/* This is needed to stop compilers complaining about the
+ * 'struct ssl_st *' function parameters used to prototype callbacks
+ * in SSL_CTX. */
+typedef struct ssl_st *ssl_crock_st;
+
+/* used to hold info on the particular ciphers used */
+typedef struct ssl_cipher_st
+        {
+        int valid;
+        const char *name;               /* text name */
+        unsigned long id;               /* id, 4 bytes, first is version */
+        unsigned long algorithms;       /* what ciphers are used */
+        unsigned long algo_strength;    /* strength and export flags */
+        unsigned long algorithm2;       /* Extra flags */
+        int strength_bits;              /* Number of bits really used */
+        int alg_bits;                   /* Number of bits for algorithm */
+        unsigned long mask;             /* used for matching */
+        unsigned long mask_strength;    /* also used for matching */
+        } SSL_CIPHER;
+
+DECLARE_STACK_OF(SSL_CIPHER)
+
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
+
+/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+typedef struct ssl_method_st
+        {
+        int version;
+        int (*ssl_new)(SSL *s);
+        void (*ssl_clear)(SSL *s);
+        void (*ssl_free)(SSL *s);
+        int (*ssl_accept)(SSL *s);
+        int (*ssl_connect)(SSL *s);
+        int (*ssl_read)(SSL *s,void *buf,int len);
+        int (*ssl_peek)(SSL *s,void *buf,int len);
+        int (*ssl_write)(SSL *s,const void *buf,int len);
+        int (*ssl_shutdown)(SSL *s);
+        int (*ssl_renegotiate)(SSL *s);
+        int (*ssl_renegotiate_check)(SSL *s);
+        long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
+        long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
+        SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
+        int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
+        int (*ssl_pending)(SSL *s);
+        int (*num_ciphers)(void);
+        SSL_CIPHER *(*get_cipher)(unsigned ncipher);
+        struct ssl_method_st *(*get_ssl_method)(int version);
+        long (*get_timeout)(void);
+        struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+        int (*ssl_version)();
+        long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)());
+        long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)());
+        } SSL_METHOD;
+
+/* Lets make this into an ASN.1 type structure as follows
+ * SSL_SESSION_ID ::= SEQUENCE {
+ *      version                 INTEGER,        -- structure version number
+ *      SSLversion              INTEGER,        -- SSL version number
+ *      Cipher                  OCTET_STRING,   -- the 3 byte cipher ID
+ *      Session_ID              OCTET_STRING,   -- the Session ID
+ *      Master_key              OCTET_STRING,   -- the master key
+ *      KRB5_principal          OCTET_STRING    -- optional Kerberos principal
+ *      Key_Arg [ 0 ] IMPLICIT  OCTET_STRING,   -- the optional Key argument
+ *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
+ *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
+ *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
+ *      Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context
+ *      Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer'
+ *      Compression [6] IMPLICIT ASN1_OBJECT    -- compression OID XXXXX
+ *      }
+ * Look in ssl/ssl_asn1.c for more details
+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
+ */
+typedef struct ssl_session_st
+        {
+        int ssl_version;        /* what ssl version session info is
+                                 * being kept in here? */
+
+        /* only really used in SSLv2 */
+        unsigned int key_arg_length;
+        unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
+        int master_key_length;
+        unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+        /* session_id - valid? */
+        unsigned int session_id_length;
+        unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+        /* this is used to determine whether the session is being reused in
+         * the appropriate context. It is up to the application to set this,
+         * via SSL_new */
+        unsigned int sid_ctx_length;
+        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+
+#ifndef OPENSSL_NO_KRB5
+        unsigned int krb5_client_princ_len;
+        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
+#endif /* OPENSSL_NO_KRB5 */
+
+        int not_resumable;
+
+        /* The cert is the certificate used to establish this connection */
+        struct sess_cert_st /* SESS_CERT */ *sess_cert;
+
+        /* This is the cert for the other end.
+         * On clients, it will be the same as sess_cert->peer_key->x509
+         * (the latter is not enough as sess_cert is not retained
+         * in the external representation of sessions, see ssl_asn1.c). */
+        X509 *peer;
+        /* when app_verify_callback accepts a session where the peer's certificate
+         * is not ok, we must remember the error for session reuse: */
+        long verify_result; /* only for servers */
+
+        int references;
+        long timeout;
+        long time;
+
+        int compress_meth;              /* Need to lookup the method */
+
+        SSL_CIPHER *cipher;
+        unsigned long cipher_id;        /* when ASN.1 loaded, this
+                                         * needs to be used to load
+                                         * the 'cipher' structure */
+
+        STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
+
+        CRYPTO_EX_DATA ex_data; /* application specific data */
+
+        /* These are used to make removal of session-ids more
+         * efficient and to implement a maximum cache size. */
+        struct ssl_session_st *prev,*next;
+        } SSL_SESSION;
+
+
+#define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x00000001L
+#define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x00000002L
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
+#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x00000010L
+#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x00000040L
+#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L
+#define SSL_OP_TLS_D5_BUG                               0x00000100L
+#define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L
+
+/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
+ * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
+ * the workaround is not needed.  Unfortunately some broken SSL/TLS
+ * implementations cannot handle it at all, which is why we include
+ * it in SSL_OP_ALL. */
+#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
+
+/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
+ *             This used to be 0x000FFFFFL before 0.9.7. */
+#define SSL_OP_ALL                                      0x00000FFFL
+
+/* As server, disallow session resumption on renegotiation */
+#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000L
+/* If set, always create a new key when using tmp_dh parameters */
+#define SSL_OP_SINGLE_DH_USE                            0x00100000L
+/* Set to always use the tmp_rsa key when doing RSA operations,
+ * even when this violates protocol specs */
+#define SSL_OP_EPHEMERAL_RSA                            0x00200000L
+/* Set on servers to choose the cipher according to the server's
+ * preferences */
+#define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000L
+/* If set, a server will allow a client to issue a SSLv3.0 version number
+ * as latest version supported in the premaster secret, even when TLSv1.0
+ * (version 3.1) was announced in the client hello. Normally this is
+ * forbidden to prevent version rollback attacks. */
+#define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000L
+
+#define SSL_OP_NO_SSLv2                                 0x01000000L
+#define SSL_OP_NO_SSLv3                                 0x02000000L
+#define SSL_OP_NO_TLSv1                                 0x04000000L
+
+/* The next flag deliberately changes the ciphertest, this is a check
+ * for the PKCS#1 attack */
+#define SSL_OP_PKCS1_CHECK_1                            0x08000000L
+#define SSL_OP_PKCS1_CHECK_2                            0x10000000L
+#define SSL_OP_NETSCAPE_CA_DN_BUG                       0x20000000L
+#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x40000000L
+
+
+/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ * when just a single record has been written): */
+#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
+/* Make it possible to retry SSL_write() with changed buffer location
+ * (buffer contents must stay the same!); this is not the default to avoid
+ * the misconception that non-blocking SSL_write() behaves like
+ * non-blocking write(): */
+#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
+/* Never bother the application with retries if the transport
+ * is blocking: */
+#define SSL_MODE_AUTO_RETRY 0x00000004L
+/* Don't attempt to automatically build certificate chain */
+#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
+
+
+/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
+ * they cannot be used to clear bits. */
+
+#define SSL_CTX_set_options(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_CTX_get_options(ctx) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
+#define SSL_set_options(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_get_options(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
+
+#define SSL_CTX_set_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+#define SSL_CTX_get_mode(ctx) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+#define SSL_set_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
+#define SSL_get_mode(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+
+
+
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
+#else
+#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
+#endif
+
+#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
+
+/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
+ * them. It is used to override the generation of SSL/TLS session IDs in a
+ * server. Return value should be zero on an error, non-zero to proceed. Also,
+ * callbacks should themselves check if the id they generate is unique otherwise
+ * the SSL handshake will fail with an error - callbacks can do this using the
+ * 'ssl' value they're passed by;
+ *      SSL_has_matching_session_id(ssl, id, *id_len)
+ * The length value passed in is set at the maximum size the session ID can be.
+ * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
+ * can alter this length to be less if desired, but under SSLv2 session IDs are
+ * supposed to be fixed at 16 bytes so the id will be padded after the callback
+ * returns in this case. It is also an error for the callback to set the size to
+ * zero. */
+typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
+                                unsigned int *id_len);
+
+typedef struct ssl_comp_st
+        {
+        int id;
+        char *name;
+#ifndef OPENSSL_NO_COMP
+        COMP_METHOD *method;
+#else
+        char *method;
+#endif
+        } SSL_COMP;
+
+DECLARE_STACK_OF(SSL_COMP)
+
+struct ssl_ctx_st
+        {
+        SSL_METHOD *method;
+
+        STACK_OF(SSL_CIPHER) *cipher_list;
+        /* same as above but sorted for lookup */
+        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+
+        struct x509_store_st /* X509_STORE */ *cert_store;
+        struct lhash_st /* LHASH */ *sessions;  /* a set of SSL_SESSIONs */
+        /* Most session-ids that will be cached, default is
+         * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
+        unsigned long session_cache_size;
+        struct ssl_session_st *session_cache_head;
+        struct ssl_session_st *session_cache_tail;
+
+        /* This can have one of 2 values, ored together,
+         * SSL_SESS_CACHE_CLIENT,
+         * SSL_SESS_CACHE_SERVER,
+         * Default is SSL_SESSION_CACHE_SERVER, which means only
+         * SSL_accept which cache SSL_SESSIONS. */
+        int session_cache_mode;
+
+        /* If timeout is not 0, it is the default timeout value set
+         * when SSL_new() is called.  This has been put in to make
+         * life easier to set things up */
+        long session_timeout;
+
+        /* If this callback is not null, it will be called each
+         * time a session id is added to the cache.  If this function
+         * returns 1, it means that the callback will do a
+         * SSL_SESSION_free() when it has finished using it.  Otherwise,
+         * on 0, it means the callback has finished with it.
+         * If remove_session_cb is not null, it will be called when
+         * a session-id is removed from the cache.  After the call,
+         * OpenSSL will SSL_SESSION_free() it. */
+        int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
+        void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
+        SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
+                unsigned char *data,int len,int *copy);
+
+        struct
+                {
+                int sess_connect;       /* SSL new conn - started */
+                int sess_connect_renegotiate;/* SSL reneg - requested */
+                int sess_connect_good;  /* SSL new conne/reneg - finished */
+                int sess_accept;        /* SSL new accept - started */
+                int sess_accept_renegotiate;/* SSL reneg - requested */
+                int sess_accept_good;   /* SSL accept/reneg - finished */
+                int sess_miss;          /* session lookup misses  */
+                int sess_timeout;       /* reuse attempt on timeouted session */
+                int sess_cache_full;    /* session removed due to full cache */
+                int sess_hit;           /* session reuse actually done */
+                int sess_cb_hit;        /* session-id that was not
+                                         * in the cache was
+                                         * passed back via the callback.  This
+                                         * indicates that the application is
+                                         * supplying session-id's from other
+                                         * processes - spooky :-) */
+                } stats;
+
+        int references;
+
+        /* if defined, these override the X509_verify_cert() calls */
+        int (*app_verify_callback)(X509_STORE_CTX *, void *);
+        void *app_verify_arg;
+        /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+         * ('app_verify_callback' was called with just one argument) */
+
+        /* Default password callback. */
+        pem_password_cb *default_passwd_callback;
+
+        /* Default password callback user data. */
+        void *default_passwd_callback_userdata;
+
+        /* get client cert callback */
+        int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+        CRYPTO_EX_DATA ex_data;
+
+        const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
+        const EVP_MD *md5;      /* For SSLv3/TLSv1 'ssl3-md5' */
+        const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
+
+        STACK_OF(X509) *extra_certs;
+        STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+
+
+        /* Default values used when no per-SSL value is defined follow */
+
+        void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
+
+        /* what we put in client cert requests */
+        STACK_OF(X509_NAME) *client_CA;
+
+
+        /* Default values to use in SSL structures follow (these are copied by SSL_new) */
+
+        unsigned long options;
+        unsigned long mode;
+        long max_cert_list;
+
+        struct cert_st /* CERT */ *cert;
+        int read_ahead;
+
+        /* callback that allows applications to peek at protocol messages */
+        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+        void *msg_callback_arg;
+
+        int verify_mode;
+        int verify_depth;
+        unsigned int sid_ctx_length;
+        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+        int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
+
+        /* Default generate session ID callback. */
+        GEN_SESSION_CB generate_session_id;
+
+        int purpose;            /* Purpose setting */
+        int trust;              /* Trust setting */
+
+        int quiet_shutdown;
+        };
+
+#define SSL_SESS_CACHE_OFF                      0x0000
+#define SSL_SESS_CACHE_CLIENT                   0x0001
+#define SSL_SESS_CACHE_SERVER                   0x0002
+#define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+#define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
+#define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
+#define SSL_SESS_CACHE_NO_INTERNAL \
+        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+
+  struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+#define SSL_CTX_sess_number(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
+#define SSL_CTX_sess_connect(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
+#define SSL_CTX_sess_connect_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
+#define SSL_CTX_sess_connect_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
+#define SSL_CTX_sess_accept(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
+#define SSL_CTX_sess_accept_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
+#define SSL_CTX_sess_accept_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
+#define SSL_CTX_sess_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
+#define SSL_CTX_sess_cb_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
+#define SSL_CTX_sess_misses(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
+#define SSL_CTX_sess_timeouts(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
+#define SSL_CTX_sess_cache_full(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
+
+#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
+#define SSL_CTX_sess_get_new_cb(ctx)    ((ctx)->new_session_cb)
+#define SSL_CTX_sess_set_remove_cb(ctx,cb)      ((ctx)->remove_session_cb=(cb))
+#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
+#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
+#define SSL_CTX_sess_get_get_cb(ctx)    ((ctx)->get_session_cb)
+#define SSL_CTX_set_info_callback(ctx,cb)       ((ctx)->info_callback=(cb))
+#define SSL_CTX_get_info_callback(ctx)          ((ctx)->info_callback)
+#define SSL_CTX_set_client_cert_cb(ctx,cb)      ((ctx)->client_cert_cb=(cb))
+#define SSL_CTX_get_client_cert_cb(ctx)         ((ctx)->client_cert_cb)
+
+#define SSL_NOTHING     1
+#define SSL_WRITING     2
+#define SSL_READING     3
+#define SSL_X509_LOOKUP 4
+
+/* These will only be used when doing non-blocking IO */
+#define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
+#define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
+#define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
+#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
+
+struct ssl_st
+        {
+        /* protocol version
+         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
+         */
+        int version;
+        int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
+
+        SSL_METHOD *method; /* SSLv3 */
+
+        /* There are 2 BIO's even though they are normally both the
+         * same.  This is so data can be read and written to different
+         * handlers */
+
+#ifndef OPENSSL_NO_BIO
+        BIO *rbio; /* used by SSL_read */
+        BIO *wbio; /* used by SSL_write */
+        BIO *bbio; /* used during session-id reuse to concatenate
+                    * messages */
+#else
+        char *rbio; /* used by SSL_read */
+        char *wbio; /* used by SSL_write */
+        char *bbio;
+#endif
+        /* This holds a variable that indicates what we were doing
+         * when a 0 or -1 is returned.  This is needed for
+         * non-blocking IO so we know what request needs re-doing when
+         * in SSL_accept or SSL_connect */
+        int rwstate;
+
+        /* true when we are actually in SSL_accept() or SSL_connect() */
+        int in_handshake;
+        int (*handshake_func)();
+
+        /* Imagine that here's a boolean member "init" that is
+         * switched as soon as SSL_set_{accept/connect}_state
+         * is called for the first time, so that "state" and
+         * "handshake_func" are properly initialized.  But as
+         * handshake_func is == 0 until then, we use this
+         * test instead of an "init" member.
+         */
+
+        int server;     /* are we the server side? - mostly used by SSL_clear*/
+
+        int new_session;/* 1 if we are to use a new session.
+                         * 2 if we are a server and are inside a handshake
+                         *   (i.e. not just sending a HelloRequest)
+                         * NB: For servers, the 'new' session may actually be a previously
+                         * cached session or even the previous session unless
+                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+        int quiet_shutdown;/* don't send shutdown packets */
+        int shutdown;   /* we have shut things down, 0x01 sent, 0x02
+                         * for received */
+        int state;      /* where we are */
+        int rstate;     /* where we are when reading */
+
+        BUF_MEM *init_buf;      /* buffer used during init */
+        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
+        int init_num;           /* amount read/written */
+        int init_off;           /* amount read/written */
+
+        /* used internally to point at a raw packet */
+        unsigned char *packet;
+        unsigned int packet_length;
+
+        struct ssl2_state_st *s2; /* SSLv2 variables */
+        struct ssl3_state_st *s3; /* SSLv3 variables */
+
+        int read_ahead;         /* Read as many input bytes as possible
+                                 * (for non-blocking reads) */
+
+        /* callback that allows applications to peek at protocol messages */
+        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+        void *msg_callback_arg;
+
+        int hit;                /* reusing a previous session */
+
+        int purpose;            /* Purpose setting */
+        int trust;              /* Trust setting */
+
+        /* crypto */
+        STACK_OF(SSL_CIPHER) *cipher_list;
+        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+
+        /* These are the ones being used, the ones in SSL_SESSION are
+         * the ones to be 'copied' into these ones */
+
+        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
+        const EVP_MD *read_hash;                /* used for mac generation */
+#ifndef OPENSSL_NO_COMP
+        COMP_CTX *expand;                       /* uncompress */
+#else
+        char *expand;
+#endif
+
+        EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
+        const EVP_MD *write_hash;               /* used for mac generation */
+#ifndef OPENSSL_NO_COMP
+        COMP_CTX *compress;                     /* compression */
+#else
+        char *compress; 
+#endif
+
+        /* session info */
+
+        /* client cert? */
+        /* This is used to hold the server certificate used */
+        struct cert_st /* CERT */ *cert;
+
+        /* the session_id_context is used to ensure sessions are only reused
+         * in the appropriate context */
+        unsigned int sid_ctx_length;
+        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+
+        /* This can also be in the session once a session is established */
+        SSL_SESSION *session;
+
+        /* Default generate session ID callback. */
+        GEN_SESSION_CB generate_session_id;
+
+        /* Used in SSL2 and SSL3 */
+        int verify_mode;        /* 0 don't care about verify failure.
+                                 * 1 fail if verify fails */
+        int verify_depth;
+        int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
+
+        void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
+
+        int error;              /* error bytes to be written */
+        int error_code;         /* actual code */
+
+#ifndef OPENSSL_NO_KRB5
+        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
+#endif  /* OPENSSL_NO_KRB5 */
+
+        SSL_CTX *ctx;
+        /* set this flag to 1 and a sleep(1) is put into all SSL_read()
+         * and SSL_write() calls, good for nbio debuging :-) */
+        int debug;      
+
+        /* extra application data */
+        long verify_result;
+        CRYPTO_EX_DATA ex_data;
+
+        /* for server side, keep the list of CA_dn we can use */
+        STACK_OF(X509_NAME) *client_CA;
+
+        int references;
+        unsigned long options; /* protocol behaviour */
+        unsigned long mode; /* API behaviour */
+        long max_cert_list;
+        int first_packet;
+        int client_version;     /* what was passed, used for
+                                 * SSLv3/TLS rollback check */
+        };
+
+#ifdef __cplusplus
+}
+#endif
+
+#include <openssl/ssl2.h>
+#include <openssl/ssl3.h>
+#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
+#include <openssl/ssl23.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* compatibility */
+#define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
+#define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
+#define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
+#define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
+#define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
+#define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
+
+/* The following are the possible values for ssl->state are are
+ * used to indicate where we are up to in the SSL connection establishment.
+ * The macros that follow are about the only things you should need to use
+ * and even then, only when using non-blocking IO.
+ * It can also be useful to work out where you were when the connection
+ * failed */
+
+#define SSL_ST_CONNECT                  0x1000
+#define SSL_ST_ACCEPT                   0x2000
+#define SSL_ST_MASK                     0x0FFF
+#define SSL_ST_INIT                     (SSL_ST_CONNECT|SSL_ST_ACCEPT)
+#define SSL_ST_BEFORE                   0x4000
+#define SSL_ST_OK                       0x03
+#define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
+
+#define SSL_CB_LOOP                     0x01
+#define SSL_CB_EXIT                     0x02
+#define SSL_CB_READ                     0x04
+#define SSL_CB_WRITE                    0x08
+#define SSL_CB_ALERT                    0x4000 /* used in callback */
+#define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
+#define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
+#define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
+#define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
+#define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
+#define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
+#define SSL_CB_HANDSHAKE_START          0x10
+#define SSL_CB_HANDSHAKE_DONE           0x20
+
+/* Is the SSL_connection established? */
+#define SSL_get_state(a)                SSL_state(a)
+#define SSL_is_init_finished(a)         (SSL_state(a) == SSL_ST_OK)
+#define SSL_in_init(a)                  (SSL_state(a)&SSL_ST_INIT)
+#define SSL_in_before(a)                (SSL_state(a)&SSL_ST_BEFORE)
+#define SSL_in_connect_init(a)          (SSL_state(a)&SSL_ST_CONNECT)
+#define SSL_in_accept_init(a)           (SSL_state(a)&SSL_ST_ACCEPT)
+
+/* The following 2 states are kept in ssl->rstate when reads fail,
+ * you should not need these */
+#define SSL_ST_READ_HEADER                      0xF0
+#define SSL_ST_READ_BODY                        0xF1
+#define SSL_ST_READ_DONE                        0xF2
+
+/* Obtain latest Finished message
+ *   -- that we sent (SSL_get_finished)
+ *   -- that we expected from peer (SSL_get_peer_finished).
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
+size_t SSL_get_finished(SSL *s, void *buf, size_t count);
+size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
+
+/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
+ * are 'ored' with SSL_VERIFY_PEER if they are desired */
+#define SSL_VERIFY_NONE                 0x00
+#define SSL_VERIFY_PEER                 0x01
+#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
+#define SSL_VERIFY_CLIENT_ONCE          0x04
+
+#define OpenSSL_add_ssl_algorithms()    SSL_library_init()
+#define SSLeay_add_ssl_algorithms()     SSL_library_init()
+
+/* this is for backward compatibility */
+#if 0 /* NEW_SSLEAY */
+#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
+#define SSL_set_pref_cipher(c,n)        SSL_set_cipher_list(c,n)
+#define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
+#define SSL_remove_session(a,b)         SSL_CTX_remove_session((a),(b))
+#define SSL_flush_sessions(a,b)         SSL_CTX_flush_sessions((a),(b))
+#endif
+/* More backward compatibility */
+#define SSL_get_cipher(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+#define SSL_get_cipher_bits(s,np) \
+                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+#define SSL_get_cipher_version(s) \
+                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+#define SSL_get_cipher_name(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+#define SSL_get_time(a)         SSL_SESSION_get_time(a)
+#define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
+#define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
+#define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
+
+#if 1 /*SSLEAY_MACROS*/
+#define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
+        (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
+        (bp),(unsigned char **)(s_id))
+#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
+        bp,(unsigned char *)s_id)
+#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
+#define PEM_write_SSL_SESSION(fp,x) \
+        PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
+                PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_SSL_SESSION(bp,x) \
+        PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
+                PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
+#endif
+
+#define SSL_AD_REASON_OFFSET            1000
+/* These alert types are for SSLv3 and TLSv1 */
+#define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
+#define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
+#define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC     /* fatal */
+#define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
+#define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
+#define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
+#define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE/* fatal */
+#define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE /* Not for TLS */
+#define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
+#define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
+#define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
+#define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
+#define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
+#define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
+#define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA      /* fatal */
+#define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED   /* fatal */
+#define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR    /* fatal */
+#define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
+#define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION/* fatal */
+#define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION /* fatal */
+#define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
+#define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR  /* fatal */
+#define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
+#define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
+
+#define SSL_ERROR_NONE                  0
+#define SSL_ERROR_SSL                   1
+#define SSL_ERROR_WANT_READ             2
+#define SSL_ERROR_WANT_WRITE            3
+#define SSL_ERROR_WANT_X509_LOOKUP      4
+#define SSL_ERROR_SYSCALL               5 /* look at error stack/return value/errno */
+#define SSL_ERROR_ZERO_RETURN           6
+#define SSL_ERROR_WANT_CONNECT          7
+#define SSL_ERROR_WANT_ACCEPT           8
+
+#define SSL_CTRL_NEED_TMP_RSA                   1
+#define SSL_CTRL_SET_TMP_RSA                    2
+#define SSL_CTRL_SET_TMP_DH                     3
+#define SSL_CTRL_SET_TMP_RSA_CB                 4
+#define SSL_CTRL_SET_TMP_DH_CB                  5
+
+#define SSL_CTRL_GET_SESSION_REUSED             6
+#define SSL_CTRL_GET_CLIENT_CERT_REQUEST        7
+#define SSL_CTRL_GET_NUM_RENEGOTIATIONS         8
+#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       9
+#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       10
+#define SSL_CTRL_GET_FLAGS                      11
+#define SSL_CTRL_EXTRA_CHAIN_CERT               12
+
+#define SSL_CTRL_SET_MSG_CALLBACK               13
+#define SSL_CTRL_SET_MSG_CALLBACK_ARG           14
+
+/* Stats */
+#define SSL_CTRL_SESS_NUMBER                    20
+#define SSL_CTRL_SESS_CONNECT                   21
+#define SSL_CTRL_SESS_CONNECT_GOOD              22
+#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
+#define SSL_CTRL_SESS_ACCEPT                    24
+#define SSL_CTRL_SESS_ACCEPT_GOOD               25
+#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
+#define SSL_CTRL_SESS_HIT                       27
+#define SSL_CTRL_SESS_CB_HIT                    28
+#define SSL_CTRL_SESS_MISSES                    29
+#define SSL_CTRL_SESS_TIMEOUTS                  30
+#define SSL_CTRL_SESS_CACHE_FULL                31
+#define SSL_CTRL_OPTIONS                        32
+#define SSL_CTRL_MODE                           33
+
+#define SSL_CTRL_GET_READ_AHEAD                 40
+#define SSL_CTRL_SET_READ_AHEAD                 41
+#define SSL_CTRL_SET_SESS_CACHE_SIZE            42
+#define SSL_CTRL_GET_SESS_CACHE_SIZE            43
+#define SSL_CTRL_SET_SESS_CACHE_MODE            44
+#define SSL_CTRL_GET_SESS_CACHE_MODE            45
+
+#define SSL_CTRL_GET_MAX_CERT_LIST              50
+#define SSL_CTRL_SET_MAX_CERT_LIST              51
+
+#define SSL_session_reused(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
+#define SSL_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
+#define SSL_clear_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
+#define SSL_total_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
+
+#define SSL_CTX_need_tmp_RSA(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
+#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
+#define SSL_CTX_set_tmp_dh(ctx,dh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+
+#define SSL_need_tmp_RSA(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
+#define SSL_set_tmp_rsa(ssl,rsa) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
+#define SSL_set_tmp_dh(ssl,dh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+
+#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+
+#ifndef OPENSSL_NO_BIO
+BIO_METHOD *BIO_f_ssl(void);
+BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+int BIO_ssl_copy_session_id(BIO *to,BIO *from);
+void BIO_ssl_shutdown(BIO *ssl_bio);
+
+#endif
+
+int     SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
+SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
+void    SSL_CTX_free(SSL_CTX *);
+long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
+long SSL_CTX_get_timeout(SSL_CTX *ctx);
+X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *);
+void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
+int SSL_want(SSL *s);
+int     SSL_clear(SSL *s);
+
+void    SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
+
+SSL_CIPHER *SSL_get_current_cipher(SSL *s);
+int     SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits);
+char *  SSL_CIPHER_get_version(SSL_CIPHER *c);
+const char *    SSL_CIPHER_get_name(SSL_CIPHER *c);
+
+int     SSL_get_fd(SSL *s);
+int     SSL_get_rfd(SSL *s);
+int     SSL_get_wfd(SSL *s);
+const char  * SSL_get_cipher_list(SSL *s,int n);
+char *  SSL_get_shared_ciphers(SSL *s, char *buf, int len);
+int     SSL_get_read_ahead(SSL * s);
+int     SSL_pending(SSL *s);
+#ifndef OPENSSL_NO_SOCK
+int     SSL_set_fd(SSL *s, int fd);
+int     SSL_set_rfd(SSL *s, int fd);
+int     SSL_set_wfd(SSL *s, int fd);
+#endif
+#ifndef OPENSSL_NO_BIO
+void    SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
+BIO *   SSL_get_rbio(SSL *s);
+BIO *   SSL_get_wbio(SSL *s);
+#endif
+int     SSL_set_cipher_list(SSL *s, const char *str);
+void    SSL_set_read_ahead(SSL *s, int yes);
+int     SSL_get_verify_mode(SSL *s);
+int     SSL_get_verify_depth(SSL *s);
+int     (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *);
+void    SSL_set_verify(SSL *s, int mode,
+                       int (*callback)(int ok,X509_STORE_CTX *ctx));
+void    SSL_set_verify_depth(SSL *s, int depth);
+#ifndef OPENSSL_NO_RSA
+int     SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+#endif
+int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+int     SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+int     SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
+int     SSL_use_certificate(SSL *ssl, X509 *x);
+int     SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+
+#ifndef OPENSSL_NO_STDIO
+int     SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+int     SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+int     SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+int     SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int     SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int     SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+int     SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+int     SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                            const char *file);
+#ifndef OPENSSL_SYS_VMS
+#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
+int     SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                           const char *dir);
+#endif
+#endif
+
+#endif
+
+void    SSL_load_error_strings(void );
+const char *SSL_state_string(const SSL *s);
+const char *SSL_rstate_string(const SSL *s);
+const char *SSL_state_string_long(const SSL *s);
+const char *SSL_rstate_string_long(const SSL *s);
+long    SSL_SESSION_get_time(SSL_SESSION *s);
+long    SSL_SESSION_set_time(SSL_SESSION *s, long t);
+long    SSL_SESSION_get_timeout(SSL_SESSION *s);
+long    SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+void    SSL_copy_session_id(SSL *to,SSL *from);
+
+SSL_SESSION *SSL_SESSION_new(void);
+unsigned long SSL_SESSION_hash(SSL_SESSION *a);
+int     SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b);
+#ifndef OPENSSL_NO_FP_API
+int     SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
+#endif
+#ifndef OPENSSL_NO_BIO
+int     SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
+#endif
+void    SSL_SESSION_free(SSL_SESSION *ses);
+int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
+int     SSL_set_session(SSL *to, SSL_SESSION *session);
+int     SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+int     SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+int     SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
+int     SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
+int     SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                        unsigned int id_len);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
+
+#ifdef HEADER_X509_H
+X509 *  SSL_get_peer_certificate(SSL *s);
+#endif
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
+
+int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
+int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
+int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
+                        int (*callback)(int, X509_STORE_CTX *));
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
+#ifndef OPENSSL_NO_RSA
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+#endif
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
+        unsigned char *d, long len);
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+
+int SSL_CTX_check_private_key(SSL_CTX *ctx);
+int SSL_check_private_key(SSL *ctx);
+
+int     SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+                                       unsigned int sid_ctx_len);
+
+SSL *   SSL_new(SSL_CTX *ctx);
+int     SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+                                   unsigned int sid_ctx_len);
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
+int SSL_set_purpose(SSL *s, int purpose);
+int SSL_CTX_set_trust(SSL_CTX *s, int trust);
+int SSL_set_trust(SSL *s, int trust);
+
+void    SSL_free(SSL *ssl);
+int     SSL_accept(SSL *ssl);
+int     SSL_connect(SSL *ssl);
+int     SSL_read(SSL *ssl,void *buf,int num);
+int     SSL_peek(SSL *ssl,void *buf,int num);
+int     SSL_write(SSL *ssl,const void *buf,int num);
+long    SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
+long    SSL_callback_ctrl(SSL *, int, void (*)());
+long    SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
+long    SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)());
+
+int     SSL_get_error(SSL *s,int ret_code);
+const char *SSL_get_version(SSL *s);
+
+/* This sets the 'default' SSL version that SSL_new() will create */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
+
+SSL_METHOD *SSLv2_method(void);         /* SSLv2 */
+SSL_METHOD *SSLv2_server_method(void);  /* SSLv2 */
+SSL_METHOD *SSLv2_client_method(void);  /* SSLv2 */
+
+SSL_METHOD *SSLv3_method(void);         /* SSLv3 */
+SSL_METHOD *SSLv3_server_method(void);  /* SSLv3 */
+SSL_METHOD *SSLv3_client_method(void);  /* SSLv3 */
+
+SSL_METHOD *SSLv23_method(void);        /* SSLv3 but can rollback to v2 */
+SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
+SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+
+SSL_METHOD *TLSv1_method(void);         /* TLSv1.0 */
+SSL_METHOD *TLSv1_server_method(void);  /* TLSv1.0 */
+SSL_METHOD *TLSv1_client_method(void);  /* TLSv1.0 */
+
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s);
+
+int SSL_do_handshake(SSL *s);
+int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_pending(SSL *s);
+int SSL_shutdown(SSL *s);
+
+SSL_METHOD *SSL_get_ssl_method(SSL *s);
+int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
+const char *SSL_alert_type_string_long(int value);
+const char *SSL_alert_type_string(int value);
+const char *SSL_alert_desc_string_long(int value);
+const char *SSL_alert_desc_string(int value);
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
+int SSL_add_client_CA(SSL *ssl,X509 *x);
+int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
+
+void SSL_set_connect_state(SSL *s);
+void SSL_set_accept_state(SSL *s);
+
+long SSL_get_default_timeout(SSL *s);
+
+int SSL_library_init(void );
+
+char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
+
+SSL *SSL_dup(SSL *ssl);
+
+X509 *SSL_get_certificate(SSL *ssl);
+/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
+int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
+void SSL_set_quiet_shutdown(SSL *ssl,int mode);
+int SSL_get_quiet_shutdown(SSL *ssl);
+void SSL_set_shutdown(SSL *ssl,int mode);
+int SSL_get_shutdown(SSL *ssl);
+int SSL_version(SSL *ssl);
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+        const char *CApath);
+#define SSL_get0_session SSL_get_session /* just peek at pointer */
+SSL_SESSION *SSL_get_session(SSL *ssl);
+SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
+SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
+void SSL_set_info_callback(SSL *ssl,
+                           void (*cb)(const SSL *ssl,int type,int val));
+void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val);
+int SSL_state(SSL *ssl);
+
+void SSL_set_verify_result(SSL *ssl,long v);
+long SSL_get_verify_result(SSL *ssl);
+
+int SSL_set_ex_data(SSL *ssl,int idx,void *data);
+void *SSL_get_ex_data(SSL *ssl,int idx);
+int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
+void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
+int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+
+int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
+void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
+int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+
+int SSL_get_ex_data_X509_STORE_CTX_idx(void );
+
+#define SSL_CTX_sess_set_cache_size(ctx,t) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+#define SSL_CTX_sess_get_cache_size(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+#define SSL_CTX_set_session_cache_mode(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+#define SSL_CTX_get_session_cache_mode(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+#define SSL_CTX_get_read_ahead(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+#define SSL_CTX_set_read_ahead(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
+#define SSL_CTX_get_max_cert_list(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+#define SSL_CTX_set_max_cert_list(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+#define SSL_get_max_cert_list(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+#define SSL_set_max_cert_list(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+
+     /* NB: the keylength is only applicable when is_export is true */
+#ifndef OPENSSL_NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
+                                  RSA *(*cb)(SSL *ssl,int is_export,
+                                             int keylength));
+
+void SSL_set_tmp_rsa_callback(SSL *ssl,
+                                  RSA *(*cb)(SSL *ssl,int is_export,
+                                             int keylength));
+#endif
+#ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*dh)(SSL *ssl,int is_export,
+                                           int keylength));
+void SSL_set_tmp_dh_callback(SSL *ssl,
+                                 DH *(*dh)(SSL *ssl,int is_export,
+                                           int keylength));
+#endif
+
+#ifndef OPENSSL_NO_COMP
+int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
+#else
+int SSL_COMP_add_compression_method(int id,char *cm);
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_SSL_strings(void);
+
+/* Error codes for the SSL functions. */
+
+/* Function codes. */
+#define SSL_F_CLIENT_CERTIFICATE                         100
+#define SSL_F_CLIENT_FINISHED                            238
+#define SSL_F_CLIENT_HELLO                               101
+#define SSL_F_CLIENT_MASTER_KEY                          102
+#define SSL_F_D2I_SSL_SESSION                            103
+#define SSL_F_DO_SSL3_WRITE                              104
+#define SSL_F_GET_CLIENT_FINISHED                        105
+#define SSL_F_GET_CLIENT_HELLO                           106
+#define SSL_F_GET_CLIENT_MASTER_KEY                      107
+#define SSL_F_GET_SERVER_FINISHED                        108
+#define SSL_F_GET_SERVER_HELLO                           109
+#define SSL_F_GET_SERVER_VERIFY                          110
+#define SSL_F_I2D_SSL_SESSION                            111
+#define SSL_F_READ_N                                     112
+#define SSL_F_REQUEST_CERTIFICATE                        113
+#define SSL_F_SERVER_FINISH                              239
+#define SSL_F_SERVER_HELLO                               114
+#define SSL_F_SERVER_VERIFY                              240
+#define SSL_F_SSL23_ACCEPT                               115
+#define SSL_F_SSL23_CLIENT_HELLO                         116
+#define SSL_F_SSL23_CONNECT                              117
+#define SSL_F_SSL23_GET_CLIENT_HELLO                     118
+#define SSL_F_SSL23_GET_SERVER_HELLO                     119
+#define SSL_F_SSL23_PEEK                                 237
+#define SSL_F_SSL23_READ                                 120
+#define SSL_F_SSL23_WRITE                                121
+#define SSL_F_SSL2_ACCEPT                                122
+#define SSL_F_SSL2_CONNECT                               123
+#define SSL_F_SSL2_ENC_INIT                              124
+#define SSL_F_SSL2_GENERATE_KEY_MATERIAL                 241
+#define SSL_F_SSL2_PEEK                                  234
+#define SSL_F_SSL2_READ                                  125
+#define SSL_F_SSL2_READ_INTERNAL                         236
+#define SSL_F_SSL2_SET_CERTIFICATE                       126
+#define SSL_F_SSL2_WRITE                                 127
+#define SSL_F_SSL3_ACCEPT                                128
+#define SSL_F_SSL3_CALLBACK_CTRL                         233
+#define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
+#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
+#define SSL_F_SSL3_CLIENT_HELLO                          131
+#define SSL_F_SSL3_CONNECT                               132
+#define SSL_F_SSL3_CTRL                                  213
+#define SSL_F_SSL3_CTX_CTRL                              133
+#define SSL_F_SSL3_ENC                                   134
+#define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
+#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135
+#define SSL_F_SSL3_GET_CERT_VERIFY                       136
+#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE                137
+#define SSL_F_SSL3_GET_CLIENT_HELLO                      138
+#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE               139
+#define SSL_F_SSL3_GET_FINISHED                          140
+#define SSL_F_SSL3_GET_KEY_EXCHANGE                      141
+#define SSL_F_SSL3_GET_MESSAGE                           142
+#define SSL_F_SSL3_GET_RECORD                            143
+#define SSL_F_SSL3_GET_SERVER_CERTIFICATE                144
+#define SSL_F_SSL3_GET_SERVER_DONE                       145
+#define SSL_F_SSL3_GET_SERVER_HELLO                      146
+#define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
+#define SSL_F_SSL3_PEEK                                  235
+#define SSL_F_SSL3_READ_BYTES                            148
+#define SSL_F_SSL3_READ_N                                149
+#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST              150
+#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE               151
+#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
+#define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
+#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
+#define SSL_F_SSL3_SEND_SERVER_HELLO                     242
+#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
+#define SSL_F_SSL3_SETUP_BUFFERS                         156
+#define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
+#define SSL_F_SSL3_WRITE_BYTES                           158
+#define SSL_F_SSL3_WRITE_PENDING                         159
+#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
+#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
+#define SSL_F_SSL_BAD_METHOD                             160
+#define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
+#define SSL_F_SSL_CERT_DUP                               221
+#define SSL_F_SSL_CERT_INST                              222
+#define SSL_F_SSL_CERT_INSTANTIATE                       214
+#define SSL_F_SSL_CERT_NEW                               162
+#define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
+#define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
+#define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
+#define SSL_F_SSL_CLEAR                                  164
+#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
+#define SSL_F_SSL_CREATE_CIPHER_LIST                     166
+#define SSL_F_SSL_CTRL                                   232
+#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
+#define SSL_F_SSL_CTX_NEW                                169
+#define SSL_F_SSL_CTX_SET_PURPOSE                        226
+#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
+#define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
+#define SSL_F_SSL_CTX_SET_TRUST                          229
+#define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE         220
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
+#define SSL_F_SSL_DO_HANDSHAKE                           180
+#define SSL_F_SSL_GET_NEW_SESSION                        181
+#define SSL_F_SSL_GET_PREV_SESSION                       217
+#define SSL_F_SSL_GET_SERVER_SEND_CERT                   182
+#define SSL_F_SSL_GET_SIGN_PKEY                          183
+#define SSL_F_SSL_INIT_WBIO_BUFFER                       184
+#define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
+#define SSL_F_SSL_NEW                                    186
+#define SSL_F_SSL_READ                                   223
+#define SSL_F_SSL_RSA_PRIVATE_DECRYPT                    187
+#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     188
+#define SSL_F_SSL_SESSION_NEW                            189
+#define SSL_F_SSL_SESSION_PRINT_FP                       190
+#define SSL_F_SSL_SESS_CERT_NEW                          225
+#define SSL_F_SSL_SET_CERT                               191
+#define SSL_F_SSL_SET_FD                                 192
+#define SSL_F_SSL_SET_PKEY                               193
+#define SSL_F_SSL_SET_PURPOSE                            227
+#define SSL_F_SSL_SET_RFD                                194
+#define SSL_F_SSL_SET_SESSION                            195
+#define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
+#define SSL_F_SSL_SET_TRUST                              228
+#define SSL_F_SSL_SET_WFD                                196
+#define SSL_F_SSL_SHUTDOWN                               224
+#define SSL_F_SSL_UNDEFINED_FUNCTION                     197
+#define SSL_F_SSL_USE_CERTIFICATE                        198
+#define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
+#define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
+#define SSL_F_SSL_USE_PRIVATEKEY                         201
+#define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
+#define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
+#define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
+#define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
+#define SSL_F_SSL_WRITE                                  208
+#define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
+#define SSL_F_TLS1_ENC                                   210
+#define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
+#define SSL_F_WRITE_PENDING                              212
+
+/* Reason codes. */
+#define SSL_R_APP_DATA_IN_HANDSHAKE                      100
+#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
+#define SSL_R_BAD_ALERT_RECORD                           101
+#define SSL_R_BAD_AUTHENTICATION_TYPE                    102
+#define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
+#define SSL_R_BAD_CHECKSUM                               104
+#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
+#define SSL_R_BAD_DECOMPRESSION                          107
+#define SSL_R_BAD_DH_G_LENGTH                            108
+#define SSL_R_BAD_DH_PUB_KEY_LENGTH                      109
+#define SSL_R_BAD_DH_P_LENGTH                            110
+#define SSL_R_BAD_DIGEST_LENGTH                          111
+#define SSL_R_BAD_DSA_SIGNATURE                          112
+#define SSL_R_BAD_HELLO_REQUEST                          105
+#define SSL_R_BAD_LENGTH                                 271
+#define SSL_R_BAD_MAC_DECODE                             113
+#define SSL_R_BAD_MESSAGE_TYPE                           114
+#define SSL_R_BAD_PACKET_LENGTH                          115
+#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
+#define SSL_R_BAD_RESPONSE_ARGUMENT                      117
+#define SSL_R_BAD_RSA_DECRYPT                            118
+#define SSL_R_BAD_RSA_ENCRYPT                            119
+#define SSL_R_BAD_RSA_E_LENGTH                           120
+#define SSL_R_BAD_RSA_MODULUS_LENGTH                     121
+#define SSL_R_BAD_RSA_SIGNATURE                          122
+#define SSL_R_BAD_SIGNATURE                              123
+#define SSL_R_BAD_SSL_FILETYPE                           124
+#define SSL_R_BAD_SSL_SESSION_ID_LENGTH                  125
+#define SSL_R_BAD_STATE                                  126
+#define SSL_R_BAD_WRITE_RETRY                            127
+#define SSL_R_BIO_NOT_SET                                128
+#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
+#define SSL_R_BN_LIB                                     130
+#define SSL_R_CA_DN_LENGTH_MISMATCH                      131
+#define SSL_R_CA_DN_TOO_LONG                             132
+#define SSL_R_CCS_RECEIVED_EARLY                         133
+#define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
+#define SSL_R_CERT_LENGTH_MISMATCH                       135
+#define SSL_R_CHALLENGE_IS_DIFFERENT                     136
+#define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
+#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
+#define SSL_R_CIPHER_TABLE_SRC_ERROR                     139
+#define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
+#define SSL_R_COMPRESSION_FAILURE                        141
+#define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
+#define SSL_R_CONNECTION_ID_IS_DIFFERENT                 143
+#define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
+#define SSL_R_DATA_LENGTH_TOO_LONG                       146
+#define SSL_R_DECRYPTION_FAILED                          147
+#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        1109
+#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
+#define SSL_R_DIGEST_CHECK_FAILED                        149
+#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
+#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY               1092
+#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
+#define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
+#define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
+#define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
+#define SSL_R_HTTPS_PROXY_REQUEST                        155
+#define SSL_R_HTTP_REQUEST                               156
+#define SSL_R_ILLEGAL_PADDING                            1110
+#define SSL_R_INVALID_CHALLENGE_LENGTH                   158
+#define SSL_R_INVALID_COMMAND                            280
+#define SSL_R_INVALID_PURPOSE                            278
+#define SSL_R_INVALID_TRUST                              279
+#define SSL_R_KEY_ARG_TOO_LONG                           1112
+#define SSL_R_KRB5                                       1104
+#define SSL_R_KRB5_C_CC_PRINC                            1094
+#define SSL_R_KRB5_C_GET_CRED                            1095
+#define SSL_R_KRB5_C_INIT                                1096
+#define SSL_R_KRB5_C_MK_REQ                              1097
+#define SSL_R_KRB5_S_BAD_TICKET                          1098
+#define SSL_R_KRB5_S_INIT                                1099
+#define SSL_R_KRB5_S_RD_REQ                              1108
+#define SSL_R_KRB5_S_TKT_EXPIRED                         1105
+#define SSL_R_KRB5_S_TKT_NYV                             1106
+#define SSL_R_KRB5_S_TKT_SKEW                            1107
+#define SSL_R_LENGTH_MISMATCH                            159
+#define SSL_R_LENGTH_TOO_SHORT                           160
+#define SSL_R_LIBRARY_BUG                                274
+#define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+#define SSL_R_MASTER_KEY_TOO_LONG                        1112
+#define SSL_R_MESSAGE_TOO_LONG                           1111
+#define SSL_R_MISSING_DH_DSA_CERT                        162
+#define SSL_R_MISSING_DH_KEY                             163
+#define SSL_R_MISSING_DH_RSA_CERT                        164
+#define SSL_R_MISSING_DSA_SIGNING_CERT                   165
+#define SSL_R_MISSING_EXPORT_TMP_DH_KEY                  166
+#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY                 167
+#define SSL_R_MISSING_RSA_CERTIFICATE                    168
+#define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
+#define SSL_R_MISSING_RSA_SIGNING_CERT                   170
+#define SSL_R_MISSING_TMP_DH_KEY                         171
+#define SSL_R_MISSING_TMP_RSA_KEY                        172
+#define SSL_R_MISSING_TMP_RSA_PKEY                       173
+#define SSL_R_MISSING_VERIFY_MESSAGE                     174
+#define SSL_R_NON_SSLV2_INITIAL_PACKET                   175
+#define SSL_R_NO_CERTIFICATES_RETURNED                   176
+#define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
+#define SSL_R_NO_CERTIFICATE_RETURNED                    178
+#define SSL_R_NO_CERTIFICATE_SET                         179
+#define SSL_R_NO_CERTIFICATE_SPECIFIED                   180
+#define SSL_R_NO_CIPHERS_AVAILABLE                       181
+#define SSL_R_NO_CIPHERS_PASSED                          182
+#define SSL_R_NO_CIPHERS_SPECIFIED                       183
+#define SSL_R_NO_CIPHER_LIST                             184
+#define SSL_R_NO_CIPHER_MATCH                            185
+#define SSL_R_NO_CLIENT_CERT_RECEIVED                    186
+#define SSL_R_NO_COMPRESSION_SPECIFIED                   187
+#define SSL_R_NO_METHOD_SPECIFIED                        188
+#define SSL_R_NO_PRIVATEKEY                              189
+#define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
+#define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
+#define SSL_R_NO_PUBLICKEY                               192
+#define SSL_R_NO_SHARED_CIPHER                           193
+#define SSL_R_NO_VERIFY_CALLBACK                         194
+#define SSL_R_NULL_SSL_CTX                               195
+#define SSL_R_NULL_SSL_METHOD_PASSED                     196
+#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
+#define SSL_R_PACKET_LENGTH_TOO_LONG                     198
+#define SSL_R_PATH_TOO_LONG                              270
+#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
+#define SSL_R_PEER_ERROR                                 200
+#define SSL_R_PEER_ERROR_CERTIFICATE                     201
+#define SSL_R_PEER_ERROR_NO_CERTIFICATE                  202
+#define SSL_R_PEER_ERROR_NO_CIPHER                       203
+#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE    204
+#define SSL_R_PRE_MAC_LENGTH_TOO_LONG                    205
+#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS          206
+#define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
+#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR                   208
+#define SSL_R_PUBLIC_KEY_IS_NOT_RSA                      209
+#define SSL_R_PUBLIC_KEY_NOT_RSA                         210
+#define SSL_R_READ_BIO_NOT_SET                           211
+#define SSL_R_READ_WRONG_PACKET_TYPE                     212
+#define SSL_R_RECORD_LENGTH_MISMATCH                     213
+#define SSL_R_RECORD_TOO_LARGE                           214
+#define SSL_R_RECORD_TOO_SMALL                           1093
+#define SSL_R_REQUIRED_CIPHER_MISSING                    215
+#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
+#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
+#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                 218
+#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
+#define SSL_R_SHORT_READ                                 219
+#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
+#define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
+#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                1114
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG                   1113
+#define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
+#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
+#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
+#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
+#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
+#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
+#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE         223
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE      224
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER           225
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
+#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
+#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE      227
+#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
+#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
+#define SSL_R_SSL_HANDSHAKE_FAILURE                      229
+#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
+#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             1102
+#define SSL_R_SSL_SESSION_ID_CONFLICT                    1103
+#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
+#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              1101
+#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT                231
+#define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
+#define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
+#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
+#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
+#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
+#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
+#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
+#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
+#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
+#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
+#define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
+#define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
+#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
+#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
+#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
+#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
+#define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
+#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY               237
+#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238
+#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
+#define SSL_R_UNABLE_TO_FIND_SSL_METHOD                  240
+#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES           241
+#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
+#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
+#define SSL_R_UNEXPECTED_MESSAGE                         244
+#define SSL_R_UNEXPECTED_RECORD                          245
+#define SSL_R_UNINITIALIZED                              276
+#define SSL_R_UNKNOWN_ALERT_TYPE                         246
+#define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
+#define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
+#define SSL_R_UNKNOWN_CIPHER_TYPE                        249
+#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+#define SSL_R_UNKNOWN_PKEY_TYPE                          251
+#define SSL_R_UNKNOWN_PROTOCOL                           252
+#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE                  253
+#define SSL_R_UNKNOWN_SSL_VERSION                        254
+#define SSL_R_UNKNOWN_STATE                              255
+#define SSL_R_UNSUPPORTED_CIPHER                         256
+#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
+#define SSL_R_UNSUPPORTED_OPTION                         1091
+#define SSL_R_UNSUPPORTED_PROTOCOL                       258
+#define SSL_R_UNSUPPORTED_SSL_VERSION                    259
+#define SSL_R_WRITE_BIO_NOT_SET                          260
+#define SSL_R_WRONG_CIPHER_RETURNED                      261
+#define SSL_R_WRONG_MESSAGE_TYPE                         262
+#define SSL_R_WRONG_NUMBER_OF_KEY_BITS                   263
+#define SSL_R_WRONG_SIGNATURE_LENGTH                     264
+#define SSL_R_WRONG_SIGNATURE_SIZE                       265
+#define SSL_R_WRONG_SSL_VERSION                          266
+#define SSL_R_WRONG_VERSION_NUMBER                       267
+#define SSL_R_X509_LIB                                   268
+#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/ssl/Makefile b/src/lib/libssl/ssl/Makefile
new file mode 100644
index 0000000000..ae911d6fcc
--- /dev/null
+++ b/src/lib/libssl/ssl/Makefile
@@ -0,0 +1,55 @@
+# $OpenBSD: Makefile,v 1.17 2003/06/02 08:45:58 markus Exp $
+
+LIB=    ssl
+
+SSLEAYDIST= src
+
+LSSL_SRC= ${.CURDIR}/../${SSLEAYDIST}/ssl
+
+.if ${MACHINE_ARCH} == "i386"
+CFLAGS+= -DL_ENDIAN -DBN_ASM
+.else
+.if ${MACHINE_ARCH} == "mips"
+CFLAGS+= -DL_ENDIAN
+.else
+.if ${MACHINE_ARCH} == "vax"
+CFLAGS+= -DL_ENDIAN
+.else
+.if ${MACHINE_ARCH} == "alpha"
+# no ENDIAN stuff defined for alpha
+.else
+CFLAGS+= -DB_ENDIAN
+.endif
+.endif
+.endif 
+.endif
+
+CFLAGS+= -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR 
+CFLAGS+= -DOPENSSL_NO_MDC2
+CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DSO_DLFCN -DHAVE_DLFCN_H 
+CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST}
+
+SRCS=   bio_ssl.c s2_clnt.c s3_both.c s3_srvr.c ssl_err2.c ssl_txt.c    \
+        t1_srvr.c s23_clnt.c s2_enc.c s3_clnt.c ssl_algs.c ssl_lib.c    \
+        ssltest.c s23_lib.c s2_lib.c s3_enc.c ssl_asn1.c ssl_rsa.c      \
+        t1_clnt.c s23_meth.c s2_meth.c s3_lib.c ssl_cert.c ssl_sess.c   \
+        t1_enc.c s23_pkt.c s2_pkt.c s3_meth.c ssl_ciph.c ssl_stat.c     \
+        t1_lib.c s23_srvr.c s2_srvr.c s3_pkt.c ssl_err.c \
+        t1_meth.c 
+
+HDRS=   ssl.h ssl2.h ssl3.h ssl23.h tls1.h kssl.h 
+
+.PATH:  ${LSSL_SRC}
+
+includes:
+        @test -d ${DESTDIR}/usr/include/openssl || \
+            mkdir ${DESTDIR}/usr/include/openssl
+        @cd ${LSSL_SRC}; for i in $(HDRS); do \
+            j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \
+            ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\
+                ${DESTDIR}/usr/include/openssl"; \
+            echo $$j; \
+            eval "$$j"; \
+        done;
+
+.include <bsd.lib.mk>
diff --git a/src/lib/libssl/ssl/shlib_version b/src/lib/libssl/ssl/shlib_version
new file mode 100644
index 0000000000..d0f0988b41
--- /dev/null
+++ b/src/lib/libssl/ssl/shlib_version
@@ -0,0 +1,2 @@
+major=8
+minor=0
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
new file mode 100644
index 0000000000..99a52ea0dd
--- /dev/null
+++ b/src/lib/libssl/ssl2.h
@@ -0,0 +1,268 @@
+/* ssl/ssl2.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SSL2_H 
+#define HEADER_SSL2_H 
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Protocol Version Codes */
+#define SSL2_VERSION            0x0002
+#define SSL2_VERSION_MAJOR      0x00
+#define SSL2_VERSION_MINOR      0x02
+/* #define SSL2_CLIENT_VERSION  0x0002 */
+/* #define SSL2_SERVER_VERSION  0x0002 */
+
+/* Protocol Message Codes */
+#define SSL2_MT_ERROR                   0
+#define SSL2_MT_CLIENT_HELLO            1
+#define SSL2_MT_CLIENT_MASTER_KEY       2
+#define SSL2_MT_CLIENT_FINISHED         3
+#define SSL2_MT_SERVER_HELLO            4
+#define SSL2_MT_SERVER_VERIFY           5
+#define SSL2_MT_SERVER_FINISHED         6
+#define SSL2_MT_REQUEST_CERTIFICATE     7
+#define SSL2_MT_CLIENT_CERTIFICATE      8
+
+/* Error Message Codes */
+#define SSL2_PE_UNDEFINED_ERROR         0x0000
+#define SSL2_PE_NO_CIPHER               0x0001
+#define SSL2_PE_NO_CERTIFICATE          0x0002
+#define SSL2_PE_BAD_CERTIFICATE         0x0004
+#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
+
+/* Cipher Kind Values */
+#define SSL2_CK_NULL_WITH_MD5                   0x02000000 /* v3 */
+#define SSL2_CK_RC4_128_WITH_MD5                0x02010080
+#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5       0x02020080
+#define SSL2_CK_RC2_128_CBC_WITH_MD5            0x02030080
+#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5   0x02040080
+#define SSL2_CK_IDEA_128_CBC_WITH_MD5           0x02050080
+#define SSL2_CK_DES_64_CBC_WITH_MD5             0x02060040
+#define SSL2_CK_DES_64_CBC_WITH_SHA             0x02060140 /* v3 */
+#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5       0x020700c0
+#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA       0x020701c0 /* v3 */
+#define SSL2_CK_RC4_64_WITH_MD5                 0x02080080 /* MS hack */
+ 
+#define SSL2_CK_DES_64_CFB64_WITH_MD5_1         0x02ff0800 /* SSLeay */
+#define SSL2_CK_NULL                            0x02ff0810 /* SSLeay */
+
+#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1        "DES-CFB-M1"
+#define SSL2_TXT_NULL_WITH_MD5                  "NULL-MD5"
+#define SSL2_TXT_RC4_128_WITH_MD5               "RC4-MD5"
+#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5      "EXP-RC4-MD5"
+#define SSL2_TXT_RC2_128_CBC_WITH_MD5           "RC2-CBC-MD5"
+#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5  "EXP-RC2-CBC-MD5"
+#define SSL2_TXT_IDEA_128_CBC_WITH_MD5          "IDEA-CBC-MD5"
+#define SSL2_TXT_DES_64_CBC_WITH_MD5            "DES-CBC-MD5"
+#define SSL2_TXT_DES_64_CBC_WITH_SHA            "DES-CBC-SHA"
+#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5      "DES-CBC3-MD5"
+#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA      "DES-CBC3-SHA"
+#define SSL2_TXT_RC4_64_WITH_MD5                "RC4-64-MD5"
+
+#define SSL2_TXT_NULL                           "NULL"
+
+/* Flags for the SSL_CIPHER.algorithm2 field */
+#define SSL2_CF_5_BYTE_ENC                      0x01
+#define SSL2_CF_8_BYTE_ENC                      0x02
+
+/* Certificate Type Codes */
+#define SSL2_CT_X509_CERTIFICATE                0x01
+
+/* Authentication Type Code */
+#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION         0x01
+
+#define SSL2_MAX_SSL_SESSION_ID_LENGTH          32
+
+/* Upper/Lower Bounds */
+#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS      256
+#ifdef OPENSSL_SYS_MPE
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    29998u
+#else
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u  /* 2^15-1 */
+#endif
+#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383 /* 2^14-1 */
+
+#define SSL2_CHALLENGE_LENGTH   16
+/*#define SSL2_CHALLENGE_LENGTH 32 */
+#define SSL2_MIN_CHALLENGE_LENGTH       16
+#define SSL2_MAX_CHALLENGE_LENGTH       32
+#define SSL2_CONNECTION_ID_LENGTH       16
+#define SSL2_MAX_CONNECTION_ID_LENGTH   16
+#define SSL2_SSL_SESSION_ID_LENGTH      16
+#define SSL2_MAX_CERT_CHALLENGE_LENGTH  32
+#define SSL2_MIN_CERT_CHALLENGE_LENGTH  16
+#define SSL2_MAX_KEY_MATERIAL_LENGTH    24
+
+#ifndef HEADER_SSL_LOCL_H
+#define  CERT           char
+#endif
+
+typedef struct ssl2_state_st
+        {
+        int three_byte_header;
+        int clear_text;         /* clear text */
+        int escape;             /* not used in SSLv2 */
+        int ssl2_rollback;      /* used if SSLv23 rolled back to SSLv2 */
+
+        /* non-blocking io info, used to make sure the same
+         * args were passwd */
+        unsigned int wnum;      /* number of bytes sent so far */
+        int wpend_tot;
+        const unsigned char *wpend_buf;
+
+        int wpend_off;  /* offset to data to write */
+        int wpend_len;  /* number of bytes passwd to write */
+        int wpend_ret;  /* number of bytes to return to caller */
+
+        /* buffer raw data */
+        int rbuf_left;
+        int rbuf_offs;
+        unsigned char *rbuf;
+        unsigned char *wbuf;
+
+        unsigned char *write_ptr;/* used to point to the start due to
+                                  * 2/3 byte header. */
+
+        unsigned int padding;
+        unsigned int rlength; /* passed to ssl2_enc */
+        int ract_data_length; /* Set when things are encrypted. */
+        unsigned int wlength; /* passed to ssl2_enc */
+        int wact_data_length; /* Set when things are decrypted. */
+        unsigned char *ract_data;
+        unsigned char *wact_data;
+        unsigned char *mac_data;
+
+        unsigned char *read_key;
+        unsigned char *write_key;
+
+                /* Stuff specifically to do with this SSL session */
+        unsigned int challenge_length;
+        unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
+        unsigned int conn_id_length;
+        unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
+        unsigned int key_material_length;
+        unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
+
+        unsigned long read_sequence;
+        unsigned long write_sequence;
+
+        struct  {
+                unsigned int conn_id_length;
+                unsigned int cert_type; 
+                unsigned int cert_length;
+                unsigned int csl; 
+                unsigned int clear;
+                unsigned int enc; 
+                unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
+                unsigned int cipher_spec_length;
+                unsigned int session_id_length;
+                unsigned int clen;
+                unsigned int rlen;
+                } tmp;
+        } SSL2_STATE;
+
+/* SSLv2 */
+/* client */
+#define SSL2_ST_SEND_CLIENT_HELLO_A             (0x10|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_HELLO_B             (0x11|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_HELLO_A              (0x20|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_HELLO_B              (0x21|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A        (0x30|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B        (0x31|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_FINISHED_A          (0x40|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_FINISHED_B          (0x41|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A       (0x50|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B       (0x51|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C       (0x52|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D       (0x53|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_VERIFY_A             (0x60|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_VERIFY_B             (0x61|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_FINISHED_A           (0x70|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_FINISHED_B           (0x71|SSL_ST_CONNECT)
+#define SSL2_ST_CLIENT_START_ENCRYPTION         (0x80|SSL_ST_CONNECT)
+#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE     (0x90|SSL_ST_CONNECT)
+/* server */
+#define SSL2_ST_GET_CLIENT_HELLO_A              (0x10|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_HELLO_B              (0x11|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_HELLO_C              (0x12|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_HELLO_A             (0x20|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_HELLO_B             (0x21|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_MASTER_KEY_A         (0x30|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_MASTER_KEY_B         (0x31|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_VERIFY_A            (0x40|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_VERIFY_B            (0x41|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_VERIFY_C            (0x42|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_FINISHED_A           (0x50|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_FINISHED_B           (0x51|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_FINISHED_A          (0x60|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_FINISHED_B          (0x61|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A      (0x70|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B      (0x71|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C      (0x72|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D      (0x73|SSL_ST_ACCEPT)
+#define SSL2_ST_SERVER_START_ENCRYPTION         (0x80|SSL_ST_ACCEPT)
+#define SSL2_ST_X509_GET_SERVER_CERTIFICATE     (0x90|SSL_ST_ACCEPT)
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
new file mode 100644
index 0000000000..d3228983c7
--- /dev/null
+++ b/src/lib/libssl/ssl23.h
@@ -0,0 +1,83 @@
+/* ssl/ssl23.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SSL23_H 
+#define HEADER_SSL23_H 
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*client */
+/* write to server */
+#define SSL23_ST_CW_CLNT_HELLO_A        (0x210|SSL_ST_CONNECT)
+#define SSL23_ST_CW_CLNT_HELLO_B        (0x211|SSL_ST_CONNECT)
+/* read from server */
+#define SSL23_ST_CR_SRVR_HELLO_A        (0x220|SSL_ST_CONNECT)
+#define SSL23_ST_CR_SRVR_HELLO_B        (0x221|SSL_ST_CONNECT)
+
+/* server */
+/* read from client */
+#define SSL23_ST_SR_CLNT_HELLO_A        (0x210|SSL_ST_ACCEPT)
+#define SSL23_ST_SR_CLNT_HELLO_B        (0x211|SSL_ST_ACCEPT)
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
new file mode 100644
index 0000000000..1153aeda74
--- /dev/null
+++ b/src/lib/libssl/ssl3.h
@@ -0,0 +1,526 @@
+/* ssl/ssl3.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SSL3_H 
+#define HEADER_SSL3_H 
+
+#ifndef OPENSSL_NO_COMP
+#include <openssl/comp.h>
+#endif
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define SSL3_CK_RSA_NULL_MD5                    0x03000001
+#define SSL3_CK_RSA_NULL_SHA                    0x03000002
+#define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
+#define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
+#define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
+#define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
+#define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
+#define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
+#define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
+#define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A
+
+#define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
+#define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
+#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
+#define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
+#define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
+#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
+
+#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          0x03000011
+#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          0x03000012
+#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        0x03000013
+#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          0x03000014
+#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          0x03000015
+#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        0x03000016
+
+#define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
+#define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
+#define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
+#define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
+#define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
+
+#define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
+#define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
+#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+         to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+         of the ietf-tls list */
+#define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+#endif
+
+/*    VRS Additional Kerberos5 entries
+ */
+#define SSL3_CK_KRB5_DES_64_CBC_SHA             0x0300001E
+#define SSL3_CK_KRB5_DES_192_CBC3_SHA           0x0300001F
+#define SSL3_CK_KRB5_RC4_128_SHA                0x03000020
+#define SSL3_CK_KRB5_IDEA_128_CBC_SHA           0x03000021
+#define SSL3_CK_KRB5_DES_64_CBC_MD5             0x03000022
+#define SSL3_CK_KRB5_DES_192_CBC3_MD5           0x03000023
+#define SSL3_CK_KRB5_RC4_128_MD5                0x03000024
+#define SSL3_CK_KRB5_IDEA_128_CBC_MD5           0x03000025
+
+#define SSL3_CK_KRB5_DES_40_CBC_SHA             0x03000026
+#define SSL3_CK_KRB5_RC2_40_CBC_SHA             0x03000027
+#define SSL3_CK_KRB5_RC4_40_SHA                 0x03000028
+#define SSL3_CK_KRB5_DES_40_CBC_MD5             0x03000029
+#define SSL3_CK_KRB5_RC2_40_CBC_MD5             0x0300002A
+#define SSL3_CK_KRB5_RC4_40_MD5                 0x0300002B
+
+#define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
+#define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
+#define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
+#define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
+#define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
+#define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
+#define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
+#define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
+#define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
+#define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"
+
+#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
+#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
+
+#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
+#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
+
+#define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
+#define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
+#define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
+#define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
+#define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
+
+#define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
+#define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
+#define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+
+#define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
+#define SSL3_TXT_KRB5_RC4_128_SHA               "KRB5-RC4-SHA"
+#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA          "KRB5-IDEA-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_64_CBC_MD5            "KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_192_CBC3_MD5          "KRB5-DES-CBC3-MD5"
+#define SSL3_TXT_KRB5_RC4_128_MD5               "KRB5-RC4-MD5"
+#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5          "KRB5-IDEA-CBC-MD5"
+
+#define SSL3_TXT_KRB5_DES_40_CBC_SHA            "EXP-KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_RC2_40_CBC_SHA            "EXP-KRB5-RC2-CBC-SHA"
+#define SSL3_TXT_KRB5_RC4_40_SHA                "EXP-KRB5-RC4-SHA"
+#define SSL3_TXT_KRB5_DES_40_CBC_MD5            "EXP-KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_RC2_40_CBC_MD5            "EXP-KRB5-RC2-CBC-MD5"
+#define SSL3_TXT_KRB5_RC4_40_MD5                "EXP-KRB5-RC4-MD5"
+
+#define SSL3_SSL_SESSION_ID_LENGTH              32
+#define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
+
+#define SSL3_MASTER_SECRET_SIZE                 48
+#define SSL3_RANDOM_SIZE                        32
+#define SSL3_SESSION_ID_SIZE                    32
+#define SSL3_RT_HEADER_LENGTH                   5
+
+/* Due to MS stuffing up, this can change.... */
+#if defined(OPENSSL_SYS_WIN16) || \
+        (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
+#define SSL3_RT_MAX_EXTRA                       (14000)
+#else
+#define SSL3_RT_MAX_EXTRA                       (16384)
+#endif
+
+#define SSL3_RT_MAX_PLAIN_LENGTH                16384
+#define SSL3_RT_MAX_COMPRESSED_LENGTH   (1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#define SSL3_RT_MAX_ENCRYPTED_LENGTH    (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
+#define SSL3_RT_MAX_PACKET_SIZE         (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+#define SSL3_RT_MAX_DATA_SIZE                   (1024*1024)
+
+#define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
+#define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
+
+#define SSL3_VERSION                    0x0300
+#define SSL3_VERSION_MAJOR              0x03
+#define SSL3_VERSION_MINOR              0x00
+
+#define SSL3_RT_CHANGE_CIPHER_SPEC      20
+#define SSL3_RT_ALERT                   21
+#define SSL3_RT_HANDSHAKE               22
+#define SSL3_RT_APPLICATION_DATA        23
+
+#define SSL3_AL_WARNING                 1
+#define SSL3_AL_FATAL                   2
+
+#define SSL3_AD_CLOSE_NOTIFY             0
+#define SSL3_AD_UNEXPECTED_MESSAGE      10      /* fatal */
+#define SSL3_AD_BAD_RECORD_MAC          20      /* fatal */
+#define SSL3_AD_DECOMPRESSION_FAILURE   30      /* fatal */
+#define SSL3_AD_HANDSHAKE_FAILURE       40      /* fatal */
+#define SSL3_AD_NO_CERTIFICATE          41
+#define SSL3_AD_BAD_CERTIFICATE         42
+#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
+#define SSL3_AD_CERTIFICATE_REVOKED     44
+#define SSL3_AD_CERTIFICATE_EXPIRED     45
+#define SSL3_AD_CERTIFICATE_UNKNOWN     46
+#define SSL3_AD_ILLEGAL_PARAMETER       47      /* fatal */
+
+typedef struct ssl3_record_st
+        {
+/*r */  int type;               /* type of record */
+/*rw*/  unsigned int length;    /* How many bytes available */
+/*r */  unsigned int off;       /* read/write offset into 'buf' */
+/*rw*/  unsigned char *data;    /* pointer to the record data */
+/*rw*/  unsigned char *input;   /* where the decode bytes are */
+/*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
+        } SSL3_RECORD;
+
+typedef struct ssl3_buffer_st
+        {
+        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
+                                 * see ssl3_setup_buffers() */
+        size_t len;             /* buffer size */
+        int offset;             /* where to 'copy from' */
+        int left;               /* how many bytes left */
+        } SSL3_BUFFER;
+
+#define SSL3_CT_RSA_SIGN                        1
+#define SSL3_CT_DSS_SIGN                        2
+#define SSL3_CT_RSA_FIXED_DH                    3
+#define SSL3_CT_DSS_FIXED_DH                    4
+#define SSL3_CT_RSA_EPHEMERAL_DH                5
+#define SSL3_CT_DSS_EPHEMERAL_DH                6
+#define SSL3_CT_FORTEZZA_DMS                    20
+#define SSL3_CT_NUMBER                          7
+
+#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
+#define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002
+#define SSL3_FLAGS_POP_BUFFER                   0x0004
+#define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
+
+typedef struct ssl3_state_st
+        {
+        long flags;
+        int delay_buf_pop_ret;
+
+        unsigned char read_sequence[8];
+        unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
+        unsigned char write_sequence[8];
+        unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+
+        unsigned char server_random[SSL3_RANDOM_SIZE];
+        unsigned char client_random[SSL3_RANDOM_SIZE];
+
+        /* flags for countermeasure against known-IV weakness */
+        int need_empty_fragments;
+        int empty_fragment_done;
+
+        SSL3_BUFFER rbuf;       /* read IO goes into here */
+        SSL3_BUFFER wbuf;       /* write IO goes into here */
+
+        SSL3_RECORD rrec;       /* each decoded record goes in here */
+        SSL3_RECORD wrec;       /* goes out from here */
+
+        /* storage for Alert/Handshake protocol data received but not
+         * yet processed by ssl3_read_bytes: */
+        unsigned char alert_fragment[2];
+        unsigned int alert_fragment_len;
+        unsigned char handshake_fragment[4];
+        unsigned int handshake_fragment_len;
+
+        /* partial write - check the numbers match */
+        unsigned int wnum;      /* number of bytes sent so far */
+        int wpend_tot;          /* number bytes written */
+        int wpend_type;
+        int wpend_ret;          /* number of bytes submitted */
+        const unsigned char *wpend_buf;
+
+        /* used during startup, digest all incoming/outgoing packets */
+        EVP_MD_CTX finish_dgst1;
+        EVP_MD_CTX finish_dgst2;
+
+        /* this is set whenerver we see a change_cipher_spec message
+         * come in when we are not looking for one */
+        int change_cipher_spec;
+
+        int warn_alert;
+        int fatal_alert;
+        /* we allow one fatal and one warning alert to be outstanding,
+         * send close alert via the warning alert */
+        int alert_dispatch;
+        unsigned char send_alert[2];
+
+        /* This flag is set when we should renegotiate ASAP, basically when
+         * there is no more data in the read or write buffers */
+        int renegotiate;
+        int total_renegotiations;
+        int num_renegotiations;
+
+        int in_read_app_data;
+
+        struct  {
+                /* actually only needs to be 16+20 */
+                unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
+
+                /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+                unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+                int finish_md_len;
+                unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
+                int peer_finish_md_len;
+                
+                unsigned long message_size;
+                int message_type;
+
+                /* used to hold the new cipher we are going to use */
+                SSL_CIPHER *new_cipher;
+#ifndef OPENSSL_NO_DH
+                DH *dh;
+#endif
+                /* used when SSL_ST_FLUSH_DATA is entered */
+                int next_state;                 
+
+                int reuse_message;
+
+                /* used for certificate requests */
+                int cert_req;
+                int ctype_num;
+                char ctype[SSL3_CT_NUMBER];
+                STACK_OF(X509_NAME) *ca_names;
+
+                int use_rsa_tmp;
+
+                int key_block_length;
+                unsigned char *key_block;
+
+                const EVP_CIPHER *new_sym_enc;
+                const EVP_MD *new_hash;
+#ifndef OPENSSL_NO_COMP
+                const SSL_COMP *new_compression;
+#else
+                char *new_compression;
+#endif
+                int cert_request;
+                } tmp;
+
+        } SSL3_STATE;
+
+/* SSLv3 */
+/*client */
+/* extra state */
+#define SSL3_ST_CW_FLUSH                (0x100|SSL_ST_CONNECT)
+/* write to server */
+#define SSL3_ST_CW_CLNT_HELLO_A         (0x110|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CLNT_HELLO_B         (0x111|SSL_ST_CONNECT)
+/* read from server */
+#define SSL3_ST_CR_SRVR_HELLO_A         (0x120|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_HELLO_B         (0x121|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_A               (0x130|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_B               (0x131|SSL_ST_CONNECT)
+#define SSL3_ST_CR_KEY_EXCH_A           (0x140|SSL_ST_CONNECT)
+#define SSL3_ST_CR_KEY_EXCH_B           (0x141|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_REQ_A           (0x150|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_REQ_B           (0x151|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_DONE_A          (0x160|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_DONE_B          (0x161|SSL_ST_CONNECT)
+/* write to server */
+#define SSL3_ST_CW_CERT_A               (0x170|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_B               (0x171|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_C               (0x172|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_D               (0x173|SSL_ST_CONNECT)
+#define SSL3_ST_CW_KEY_EXCH_A           (0x180|SSL_ST_CONNECT)
+#define SSL3_ST_CW_KEY_EXCH_B           (0x181|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_VRFY_A          (0x190|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_VRFY_B          (0x191|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CHANGE_A             (0x1A0|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CHANGE_B             (0x1A1|SSL_ST_CONNECT)
+#define SSL3_ST_CW_FINISHED_A           (0x1B0|SSL_ST_CONNECT)
+#define SSL3_ST_CW_FINISHED_B           (0x1B1|SSL_ST_CONNECT)
+/* read from server */
+#define SSL3_ST_CR_CHANGE_A             (0x1C0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CHANGE_B             (0x1C1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_FINISHED_A           (0x1D0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_FINISHED_B           (0x1D1|SSL_ST_CONNECT)
+
+/* server */
+/* extra state */
+#define SSL3_ST_SW_FLUSH                (0x100|SSL_ST_ACCEPT)
+/* read from client */
+/* Do not change the number values, they do matter */
+#define SSL3_ST_SR_CLNT_HELLO_A         (0x110|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CLNT_HELLO_B         (0x111|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CLNT_HELLO_C         (0x112|SSL_ST_ACCEPT)
+/* write to client */
+#define SSL3_ST_SW_HELLO_REQ_A          (0x120|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_HELLO_REQ_B          (0x121|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_HELLO_REQ_C          (0x122|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_HELLO_A         (0x130|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_HELLO_B         (0x131|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_A               (0x140|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_B               (0x141|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_KEY_EXCH_A           (0x150|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_KEY_EXCH_B           (0x151|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_REQ_A           (0x160|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_REQ_B           (0x161|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_DONE_A          (0x170|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_DONE_B          (0x171|SSL_ST_ACCEPT)
+/* read from client */
+#define SSL3_ST_SR_CERT_A               (0x180|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_B               (0x181|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_KEY_EXCH_A           (0x190|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_KEY_EXCH_B           (0x191|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_VRFY_A          (0x1A0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_VRFY_B          (0x1A1|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANGE_A             (0x1B0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANGE_B             (0x1B1|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_FINISHED_A           (0x1C0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_FINISHED_B           (0x1C1|SSL_ST_ACCEPT)
+/* write to client */
+#define SSL3_ST_SW_CHANGE_A             (0x1D0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CHANGE_B             (0x1D1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_FINISHED_A           (0x1E0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_FINISHED_B           (0x1E1|SSL_ST_ACCEPT)
+
+#define SSL3_MT_HELLO_REQUEST                   0
+#define SSL3_MT_CLIENT_HELLO                    1
+#define SSL3_MT_SERVER_HELLO                    2
+#define SSL3_MT_CERTIFICATE                     11
+#define SSL3_MT_SERVER_KEY_EXCHANGE             12
+#define SSL3_MT_CERTIFICATE_REQUEST             13
+#define SSL3_MT_SERVER_DONE                     14
+#define SSL3_MT_CERTIFICATE_VERIFY              15
+#define SSL3_MT_CLIENT_KEY_EXCHANGE             16
+#define SSL3_MT_FINISHED                        20
+
+#define SSL3_MT_CCS                             1
+
+/* These are used when changing over to a new cipher */
+#define SSL3_CC_READ            0x01
+#define SSL3_CC_WRITE           0x02
+#define SSL3_CC_CLIENT          0x10
+#define SSL3_CC_SERVER          0x20
+#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)  
+#define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
+#define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
+#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
new file mode 100644
index 0000000000..3d1299ee7b
--- /dev/null
+++ b/src/lib/libssl/ssl_algs.c
@@ -0,0 +1,111 @@
+/* ssl/ssl_algs.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include <openssl/lhash.h>
+#include "ssl_locl.h"
+
+int SSL_library_init(void)
+        {
+
+#ifndef OPENSSL_NO_DES
+        EVP_add_cipher(EVP_des_cbc());
+        EVP_add_cipher(EVP_des_ede3_cbc());
+#endif
+#ifndef OPENSSL_NO_IDEA
+        EVP_add_cipher(EVP_idea_cbc());
+#endif
+#ifndef OPENSSL_NO_RC4
+        EVP_add_cipher(EVP_rc4());
+#endif  
+#ifndef OPENSSL_NO_RC2
+        EVP_add_cipher(EVP_rc2_cbc());
+#endif
+#ifndef OPENSSL_NO_AES
+        EVP_add_cipher(EVP_aes_128_cbc());
+        EVP_add_cipher(EVP_aes_192_cbc());
+        EVP_add_cipher(EVP_aes_256_cbc());
+#endif
+#ifndef OPENSSL_NO_MD2
+        EVP_add_digest(EVP_md2());
+#endif
+#ifndef OPENSSL_NO_MD5
+        EVP_add_digest(EVP_md5());
+        EVP_add_digest_alias(SN_md5,"ssl2-md5");
+        EVP_add_digest_alias(SN_md5,"ssl3-md5");
+#endif
+#ifndef OPENSSL_NO_SHA
+        EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+        EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+        EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+#endif
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
+        EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
+        EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+        EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+        EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
+#endif
+        /* If you want support for phased out ciphers, add the following */
+#if 0
+        EVP_add_digest(EVP_sha());
+        EVP_add_digest(EVP_dss());
+#endif
+        return(1);
+        }
+
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
new file mode 100644
index 0000000000..d8ff8fc4a3
--- /dev/null
+++ b/src/lib/libssl/ssl_asn1.c
@@ -0,0 +1,398 @@
+/* ssl/ssl_asn1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "ssl_locl.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+typedef struct ssl_session_asn1_st
+        {
+        ASN1_INTEGER version;
+        ASN1_INTEGER ssl_version;
+        ASN1_OCTET_STRING cipher;
+        ASN1_OCTET_STRING master_key;
+        ASN1_OCTET_STRING session_id;
+        ASN1_OCTET_STRING session_id_context;
+        ASN1_OCTET_STRING key_arg;
+#ifndef OPENSSL_NO_KRB5
+        ASN1_OCTET_STRING krb5_princ;
+#endif /* OPENSSL_NO_KRB5 */
+        ASN1_INTEGER time;
+        ASN1_INTEGER timeout;
+        ASN1_INTEGER verify_result;
+        } SSL_SESSION_ASN1;
+
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
+        {
+#define LSIZE2 (sizeof(long)*2)
+        int v1=0,v2=0,v3=0,v4=0,v5=0;
+        unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
+        unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
+        long l;
+        SSL_SESSION_ASN1 a;
+        M_ASN1_I2D_vars(in);
+
+        if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
+                return(0);
+
+        /* Note that I cheat in the following 2 assignments.  I know
+         * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
+         * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
+         * This is a bit evil but makes things simple, no dynamic allocation
+         * to clean up :-) */
+        a.version.length=LSIZE2;
+        a.version.type=V_ASN1_INTEGER;
+        a.version.data=ibuf1;
+        ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
+
+        a.ssl_version.length=LSIZE2;
+        a.ssl_version.type=V_ASN1_INTEGER;
+        a.ssl_version.data=ibuf2;
+        ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
+
+        a.cipher.type=V_ASN1_OCTET_STRING;
+        a.cipher.data=buf;
+
+        if (in->cipher == NULL)
+                l=in->cipher_id;
+        else
+                l=in->cipher->id;
+        if (in->ssl_version == SSL2_VERSION)
+                {
+                a.cipher.length=3;
+                buf[0]=((unsigned char)(l>>16L))&0xff;
+                buf[1]=((unsigned char)(l>> 8L))&0xff;
+                buf[2]=((unsigned char)(l     ))&0xff;
+                }
+        else
+                {
+                a.cipher.length=2;
+                buf[0]=((unsigned char)(l>>8L))&0xff;
+                buf[1]=((unsigned char)(l    ))&0xff;
+                }
+
+        a.master_key.length=in->master_key_length;
+        a.master_key.type=V_ASN1_OCTET_STRING;
+        a.master_key.data=in->master_key;
+
+        a.session_id.length=in->session_id_length;
+        a.session_id.type=V_ASN1_OCTET_STRING;
+        a.session_id.data=in->session_id;
+
+        a.session_id_context.length=in->sid_ctx_length;
+        a.session_id_context.type=V_ASN1_OCTET_STRING;
+        a.session_id_context.data=in->sid_ctx;
+
+        a.key_arg.length=in->key_arg_length;
+        a.key_arg.type=V_ASN1_OCTET_STRING;
+        a.key_arg.data=in->key_arg;
+
+#ifndef OPENSSL_NO_KRB5
+        if (in->krb5_client_princ_len)
+                {
+                a.krb5_princ.length=in->krb5_client_princ_len;
+                a.krb5_princ.type=V_ASN1_OCTET_STRING;
+                a.krb5_princ.data=in->krb5_client_princ;
+                }
+#endif /* OPENSSL_NO_KRB5 */
+ 
+        if (in->time != 0L)
+                {
+                a.time.length=LSIZE2;
+                a.time.type=V_ASN1_INTEGER;
+                a.time.data=ibuf3;
+                ASN1_INTEGER_set(&(a.time),in->time);
+                }
+
+        if (in->timeout != 0L)
+                {
+                a.timeout.length=LSIZE2;
+                a.timeout.type=V_ASN1_INTEGER;
+                a.timeout.data=ibuf4;
+                ASN1_INTEGER_set(&(a.timeout),in->timeout);
+                }
+
+        if (in->verify_result != X509_V_OK)
+                {
+                a.verify_result.length=LSIZE2;
+                a.verify_result.type=V_ASN1_INTEGER;
+                a.verify_result.data=ibuf5;
+                ASN1_INTEGER_set(&a.verify_result,in->verify_result);
+                }
+
+
+        M_ASN1_I2D_len(&(a.version),            i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(&(a.ssl_version),        i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(&(a.cipher),             i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(&(a.session_id),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+        if (in->krb5_client_princ_len)
+                M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
+        if (in->key_arg_length > 0)
+                M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
+        if (in->time != 0L)
+                M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
+        if (in->timeout != 0L)
+                M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
+        if (in->peer != NULL)
+                M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
+        M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
+        if (in->verify_result != X509_V_OK)
+                M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
+
+        M_ASN1_I2D_seq_total();
+
+        M_ASN1_I2D_put(&(a.version),            i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(&(a.ssl_version),        i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(&(a.cipher),             i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(&(a.session_id),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+        if (in->krb5_client_princ_len)
+                M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
+        if (in->key_arg_length > 0)
+                M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
+        if (in->time != 0L)
+                M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
+        if (in->timeout != 0L)
+                M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
+        if (in->peer != NULL)
+                M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
+        M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
+                               v4);
+        if (in->verify_result != X509_V_OK)
+                M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
+        M_ASN1_I2D_finish();
+        }
+
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
+             long length)
+        {
+        int version,ssl_version=0,i;
+        long id;
+        ASN1_INTEGER ai,*aip;
+        ASN1_OCTET_STRING os,*osp;
+        M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
+
+        aip= &ai;
+        osp= &os;
+
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+
+        ai.data=NULL; ai.length=0;
+        M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
+        version=(int)ASN1_INTEGER_get(aip);
+        if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
+
+        /* we don't care about the version right now :-) */
+        M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
+        ssl_version=(int)ASN1_INTEGER_get(aip);
+        ret->ssl_version=ssl_version;
+        if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
+
+        os.data=NULL; os.length=0;
+        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+        if (ssl_version == SSL2_VERSION)
+                {
+                if (os.length != 3)
+                        {
+                        c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
+                        goto err;
+                        }
+                id=0x02000000L|
+                        ((unsigned long)os.data[0]<<16L)|
+                        ((unsigned long)os.data[1]<< 8L)|
+                         (unsigned long)os.data[2];
+                }
+        else if ((ssl_version>>8) == 3)
+                {
+                if (os.length != 2)
+                        {
+                        c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
+                        goto err;
+                        }
+                id=0x03000000L|
+                        ((unsigned long)os.data[0]<<8L)|
+                         (unsigned long)os.data[1];
+                }
+        else
+                {
+                SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
+                return(NULL);
+                }
+        
+        ret->cipher=NULL;
+        ret->cipher_id=id;
+
+        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+        if ((ssl_version>>8) == SSL3_VERSION)
+                i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
+        else /* if (ssl_version == SSL2_VERSION) */
+                i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
+
+        if (os.length > i)
+                os.length = i;
+        if (os.length > sizeof ret->session_id) /* can't happen */
+                os.length = sizeof ret->session_id;
+
+        ret->session_id_length=os.length;
+        OPENSSL_assert(os.length <= sizeof ret->session_id);
+        memcpy(ret->session_id,os.data,os.length);
+
+        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+        if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
+                ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
+        else
+                ret->master_key_length=os.length;
+        memcpy(ret->master_key,os.data,ret->master_key_length);
+
+        os.length=0;
+
+#ifndef OPENSSL_NO_KRB5
+        os.length=0;
+        M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
+        if (os.data)
+                {
+                if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
+                        ret->krb5_client_princ_len=0;
+                else
+                        ret->krb5_client_princ_len=os.length;
+                memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
+                OPENSSL_free(os.data);
+                os.data = NULL;
+                os.length = 0;
+                }
+        else
+                ret->krb5_client_princ_len=0;
+#endif /* OPENSSL_NO_KRB5 */
+
+        M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
+        if (os.length > SSL_MAX_KEY_ARG_LENGTH)
+                ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
+        else
+                ret->key_arg_length=os.length;
+        memcpy(ret->key_arg,os.data,ret->key_arg_length);
+        if (os.data != NULL) OPENSSL_free(os.data);
+
+        ai.length=0;
+        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
+        if (ai.data != NULL)
+                {
+                ret->time=ASN1_INTEGER_get(aip);
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
+                }
+        else
+                ret->time=time(NULL);
+
+        ai.length=0;
+        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
+        if (ai.data != NULL)
+                {
+                ret->timeout=ASN1_INTEGER_get(aip);
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
+                }
+        else
+                ret->timeout=3;
+
+        if (ret->peer != NULL)
+                {
+                X509_free(ret->peer);
+                ret->peer=NULL;
+                }
+        M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
+
+        os.length=0;
+        os.data=NULL;
+        M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
+
+        if(os.data != NULL)
+            {
+            if (os.length > SSL_MAX_SID_CTX_LENGTH)
+                {
+                ret->sid_ctx_length=os.length;
+                SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
+                }
+            else
+                {
+                ret->sid_ctx_length=os.length;
+                memcpy(ret->sid_ctx,os.data,os.length);
+                }
+            OPENSSL_free(os.data); os.data=NULL; os.length=0;
+            }
+        else
+            ret->sid_ctx_length=0;
+
+        ai.length=0;
+        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
+        if (ai.data != NULL)
+                {
+                ret->verify_result=ASN1_INTEGER_get(aip);
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
+                }
+        else
+                ret->verify_result=X509_V_OK;
+
+        M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
+        }
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
new file mode 100644
index 0000000000..da90078a37
--- /dev/null
+++ b/src/lib/libssl/ssl_cert.c
@@ -0,0 +1,860 @@
+/*! \file ssl/ssl_cert.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+
+#include "e_os.h"
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) && !defined(NeXT) && !defined(MAC_OS_pre_X)
+#include <dirent.h>
+#endif
+
+#if defined(WIN32)
+#include <windows.h>
+#endif
+
+#ifdef NeXT
+#include <sys/dir.h>
+#define dirent direct
+#endif
+
+#include <openssl/objects.h>
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include "ssl_locl.h"
+
+int SSL_get_ex_data_X509_STORE_CTX_idx(void)
+        {
+        static volatile int ssl_x509_store_ctx_idx= -1;
+
+        if (ssl_x509_store_ctx_idx < 0)
+                {
+                /* any write lock will do; usually this branch
+                 * will only be taken once anyway */
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+                
+                if (ssl_x509_store_ctx_idx < 0)
+                        {
+                        ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
+                                0,"SSL for verify callback",NULL,NULL,NULL);
+                        }
+                
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+                }
+        return ssl_x509_store_ctx_idx;
+        }
+
+CERT *ssl_cert_new(void)
+        {
+        CERT *ret;
+
+        ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
+        if (ret == NULL)
+                {
+                SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        memset(ret,0,sizeof(CERT));
+
+        ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
+        ret->references=1;
+
+        return(ret);
+        }
+
+CERT *ssl_cert_dup(CERT *cert)
+        {
+        CERT *ret;
+        int i;
+
+        ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
+        if (ret == NULL)
+                {
+                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+
+        memset(ret, 0, sizeof(CERT));
+
+        ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
+        /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
+         * if you find that more readable */
+
+        ret->valid = cert->valid;
+        ret->mask = cert->mask;
+        ret->export_mask = cert->export_mask;
+
+#ifndef OPENSSL_NO_RSA
+        if (cert->rsa_tmp != NULL)
+                {
+                RSA_up_ref(cert->rsa_tmp);
+                ret->rsa_tmp = cert->rsa_tmp;
+                }
+        ret->rsa_tmp_cb = cert->rsa_tmp_cb;
+#endif
+
+#ifndef OPENSSL_NO_DH
+        if (cert->dh_tmp != NULL)
+                {
+                /* DH parameters don't have a reference count */
+                ret->dh_tmp = DHparams_dup(cert->dh_tmp);
+                if (ret->dh_tmp == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
+                        goto err;
+                        }
+                if (cert->dh_tmp->priv_key)
+                        {
+                        BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
+                        if (!b)
+                                {
+                                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
+                                goto err;
+                                }
+                        ret->dh_tmp->priv_key = b;
+                        }
+                if (cert->dh_tmp->pub_key)
+                        {
+                        BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
+                        if (!b)
+                                {
+                                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
+                                goto err;
+                                }
+                        ret->dh_tmp->pub_key = b;
+                        }
+                }
+        ret->dh_tmp_cb = cert->dh_tmp_cb;
+#endif
+
+        for (i = 0; i < SSL_PKEY_NUM; i++)
+                {
+                if (cert->pkeys[i].x509 != NULL)
+                        {
+                        ret->pkeys[i].x509 = cert->pkeys[i].x509;
+                        CRYPTO_add(&ret->pkeys[i].x509->references, 1,
+                                CRYPTO_LOCK_X509);
+                        }
+                
+                if (cert->pkeys[i].privatekey != NULL)
+                        {
+                        ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
+                        CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
+                                CRYPTO_LOCK_EVP_PKEY);
+
+                        switch(i) 
+                                {
+                                /* If there was anything special to do for
+                                 * certain types of keys, we'd do it here.
+                                 * (Nothing at the moment, I think.) */
+
+                        case SSL_PKEY_RSA_ENC:
+                        case SSL_PKEY_RSA_SIGN:
+                                /* We have an RSA key. */
+                                break;
+                                
+                        case SSL_PKEY_DSA_SIGN:
+                                /* We have a DSA key. */
+                                break;
+                                
+                        case SSL_PKEY_DH_RSA:
+                        case SSL_PKEY_DH_DSA:
+                                /* We have a DH key. */
+                                break;
+                                
+                        default:
+                                /* Can't happen. */
+                                SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
+                                }
+                        }
+                }
+        
+        /* ret->extra_certs *should* exist, but currently the own certificate
+         * chain is held inside SSL_CTX */
+
+        ret->references=1;
+
+        return(ret);
+        
+#ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */
+err:
+#endif
+#ifndef OPENSSL_NO_RSA
+        if (ret->rsa_tmp != NULL)
+                RSA_free(ret->rsa_tmp);
+#endif
+#ifndef OPENSSL_NO_DH
+        if (ret->dh_tmp != NULL)
+                DH_free(ret->dh_tmp);
+#endif
+
+        for (i = 0; i < SSL_PKEY_NUM; i++)
+                {
+                if (ret->pkeys[i].x509 != NULL)
+                        X509_free(ret->pkeys[i].x509);
+                if (ret->pkeys[i].privatekey != NULL)
+                        EVP_PKEY_free(ret->pkeys[i].privatekey);
+                }
+
+        return NULL;
+        }
+
+
+void ssl_cert_free(CERT *c)
+        {
+        int i;
+
+        if(c == NULL)
+            return;
+
+        i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
+#ifdef REF_PRINT
+        REF_PRINT("CERT",c);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"ssl_cert_free, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+
+#ifndef OPENSSL_NO_RSA
+        if (c->rsa_tmp) RSA_free(c->rsa_tmp);
+#endif
+#ifndef OPENSSL_NO_DH
+        if (c->dh_tmp) DH_free(c->dh_tmp);
+#endif
+
+        for (i=0; i<SSL_PKEY_NUM; i++)
+                {
+                if (c->pkeys[i].x509 != NULL)
+                        X509_free(c->pkeys[i].x509);
+                if (c->pkeys[i].privatekey != NULL)
+                        EVP_PKEY_free(c->pkeys[i].privatekey);
+#if 0
+                if (c->pkeys[i].publickey != NULL)
+                        EVP_PKEY_free(c->pkeys[i].publickey);
+#endif
+                }
+        OPENSSL_free(c);
+        }
+
+int ssl_cert_inst(CERT **o)
+        {
+        /* Create a CERT if there isn't already one
+         * (which cannot really happen, as it is initially created in
+         * SSL_CTX_new; but the earlier code usually allows for that one
+         * being non-existant, so we follow that behaviour, as it might
+         * turn out that there actually is a reason for it -- but I'm
+         * not sure that *all* of the existing code could cope with
+         * s->cert being NULL, otherwise we could do without the
+         * initialization in SSL_CTX_new).
+         */
+        
+        if (o == NULL) 
+                {
+                SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (*o == NULL)
+                {
+                if ((*o = ssl_cert_new()) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                }
+        return(1);
+        }
+
+
+SESS_CERT *ssl_sess_cert_new(void)
+        {
+        SESS_CERT *ret;
+
+        ret = OPENSSL_malloc(sizeof *ret);
+        if (ret == NULL)
+                {
+                SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+
+        memset(ret, 0 ,sizeof *ret);
+        ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
+        ret->references = 1;
+
+        return ret;
+        }
+
+void ssl_sess_cert_free(SESS_CERT *sc)
+        {
+        int i;
+
+        if (sc == NULL)
+                return;
+
+        i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
+#ifdef REF_PRINT
+        REF_PRINT("SESS_CERT", sc);
+#endif
+        if (i > 0)
+                return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+
+        /* i == 0 */
+        if (sc->cert_chain != NULL)
+                sk_X509_pop_free(sc->cert_chain, X509_free);
+        for (i = 0; i < SSL_PKEY_NUM; i++)
+                {
+                if (sc->peer_pkeys[i].x509 != NULL)
+                        X509_free(sc->peer_pkeys[i].x509);
+#if 0 /* We don't have the peer's private key.  These lines are just
+           * here as a reminder that we're still using a not-quite-appropriate
+           * data structure. */
+                if (sc->peer_pkeys[i].privatekey != NULL)
+                        EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
+#endif
+                }
+
+#ifndef OPENSSL_NO_RSA
+        if (sc->peer_rsa_tmp != NULL)
+                RSA_free(sc->peer_rsa_tmp);
+#endif
+#ifndef OPENSSL_NO_DH
+        if (sc->peer_dh_tmp != NULL)
+                DH_free(sc->peer_dh_tmp);
+#endif
+
+        OPENSSL_free(sc);
+        }
+
+int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
+        {
+        sc->peer_cert_type = type;
+        return(1);
+        }
+
+int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
+        {
+        X509 *x;
+        int i;
+        X509_STORE_CTX ctx;
+
+        if ((sk == NULL) || (sk_X509_num(sk) == 0))
+                return(0);
+
+        x=sk_X509_value(sk,0);
+        if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
+                {
+                SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
+                return(0);
+                }
+        if (SSL_get_verify_depth(s) >= 0)
+                X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
+        X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
+
+        /* We need to set the verify purpose. The purpose can be determined by
+         * the context: if its a server it will verify SSL client certificates
+         * or vice versa.
+         */
+        if (s->server)
+                i = X509_PURPOSE_SSL_CLIENT;
+        else
+                i = X509_PURPOSE_SSL_SERVER;
+
+        X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
+
+        if (s->verify_callback)
+                X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
+
+        if (s->ctx->app_verify_callback != NULL)
+#if 1 /* new with OpenSSL 0.9.7 */
+                i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); 
+#else
+                i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
+#endif
+        else
+                {
+#ifndef OPENSSL_NO_X509_VERIFY
+                i=X509_verify_cert(&ctx);
+#else
+                i=0;
+                ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
+                SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
+#endif
+                }
+
+        s->verify_result=ctx.error;
+        X509_STORE_CTX_cleanup(&ctx);
+
+        return(i);
+        }
+
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
+        {
+        if (*ca_list != NULL)
+                sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
+
+        *ca_list=list;
+        }
+
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
+        {
+        int i;
+        STACK_OF(X509_NAME) *ret;
+        X509_NAME *name;
+
+        ret=sk_X509_NAME_new_null();
+        for (i=0; i<sk_X509_NAME_num(sk); i++)
+                {
+                name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
+                if ((name == NULL) || !sk_X509_NAME_push(ret,name))
+                        {
+                        sk_X509_NAME_pop_free(ret,X509_NAME_free);
+                        return(NULL);
+                        }
+                }
+        return(ret);
+        }
+
+void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
+        {
+        set_client_CA_list(&(s->client_CA),list);
+        }
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
+        {
+        set_client_CA_list(&(ctx->client_CA),list);
+        }
+
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
+        {
+        return(ctx->client_CA);
+        }
+
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s)
+        {
+        if (s->type == SSL_ST_CONNECT)
+                { /* we are in the client */
+                if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
+                        (s->s3 != NULL))
+                        return(s->s3->tmp.ca_names);
+                else
+                        return(NULL);
+                }
+        else
+                {
+                if (s->client_CA != NULL)
+                        return(s->client_CA);
+                else
+                        return(s->ctx->client_CA);
+                }
+        }
+
+static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
+        {
+        X509_NAME *name;
+
+        if (x == NULL) return(0);
+        if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
+                return(0);
+                
+        if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
+                return(0);
+
+        if (!sk_X509_NAME_push(*sk,name))
+                {
+                X509_NAME_free(name);
+                return(0);
+                }
+        return(1);
+        }
+
+int SSL_add_client_CA(SSL *ssl,X509 *x)
+        {
+        return(add_client_CA(&(ssl->client_CA),x));
+        }
+
+int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
+        {
+        return(add_client_CA(&(ctx->client_CA),x));
+        }
+
+static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
+        {
+        return(X509_NAME_cmp(*a,*b));
+        }
+
+#ifndef OPENSSL_NO_STDIO
+/*!
+ * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
+ * it doesn't really have anything to do with clients (except that a common use
+ * for a stack of CAs is to send it to the client). Actually, it doesn't have
+ * much to do with CAs, either, since it will load any old cert.
+ * \param file the file containing one or more certs.
+ * \return a ::STACK containing the certs.
+ */
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
+        {
+        BIO *in;
+        X509 *x=NULL;
+        X509_NAME *xn=NULL;
+        STACK_OF(X509_NAME) *ret,*sk;
+
+        ret=sk_X509_NAME_new_null();
+        sk=sk_X509_NAME_new(xname_cmp);
+
+        in=BIO_new(BIO_s_file_internal());
+
+        if ((ret == NULL) || (sk == NULL) || (in == NULL))
+                {
+                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        
+        if (!BIO_read_filename(in,file))
+                goto err;
+
+        for (;;)
+                {
+                if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
+                        break;
+                if ((xn=X509_get_subject_name(x)) == NULL) goto err;
+                /* check for duplicates */
+                xn=X509_NAME_dup(xn);
+                if (xn == NULL) goto err;
+                if (sk_X509_NAME_find(sk,xn) >= 0)
+                        X509_NAME_free(xn);
+                else
+                        {
+                        sk_X509_NAME_push(sk,xn);
+                        sk_X509_NAME_push(ret,xn);
+                        }
+                }
+
+        if (0)
+                {
+err:
+                if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
+                ret=NULL;
+                }
+        if (sk != NULL) sk_X509_NAME_free(sk);
+        if (in != NULL) BIO_free(in);
+        if (x != NULL) X509_free(x);
+        return(ret);
+        }
+#endif
+
+/*!
+ * Add a file of certs to a stack.
+ * \param stack the stack to add to.
+ * \param file the file to add from. All certs in this file that are not
+ * already in the stack will be added.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                        const char *file)
+        {
+        BIO *in;
+        X509 *x=NULL;
+        X509_NAME *xn=NULL;
+        int ret=1;
+        int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
+        
+        oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
+        
+        in=BIO_new(BIO_s_file_internal());
+        
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        
+        if (!BIO_read_filename(in,file))
+                goto err;
+        
+        for (;;)
+                {
+                if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
+                        break;
+                if ((xn=X509_get_subject_name(x)) == NULL) goto err;
+                xn=X509_NAME_dup(xn);
+                if (xn == NULL) goto err;
+                if (sk_X509_NAME_find(stack,xn) >= 0)
+                        X509_NAME_free(xn);
+                else
+                        sk_X509_NAME_push(stack,xn);
+                }
+
+        if (0)
+                {
+err:
+                ret=0;
+                }
+        if(in != NULL)
+                BIO_free(in);
+        if(x != NULL)
+                X509_free(x);
+        
+        sk_X509_NAME_set_cmp_func(stack,oldcmp);
+
+        return ret;
+        }
+
+/*!
+ * Add a directory of certs to a stack.
+ * \param stack the stack to append to.
+ * \param dir the directory to append from. All files in this directory will be
+ * examined as potential certs. Any that are acceptable to
+ * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
+ * included.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+#ifndef OPENSSL_SYS_WIN32
+#ifndef OPENSSL_SYS_VMS         /* XXXX This may be fixed in the future */
+#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! */
+
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                       const char *dir)
+        {
+        DIR *d;
+        struct dirent *dstruct;
+        int ret = 0;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+        d = opendir(dir);
+
+        /* Note that a side effect is that the CAs will be sorted by name */
+        if(!d)
+                {
+                SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+                ERR_add_error_data(3, "opendir('", dir, "')");
+                SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+                goto err;
+                }
+        
+        while((dstruct=readdir(d)))
+                {
+                char buf[1024];
+                int r;
+                
+                if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
+                        {
+                        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+                        goto err;
+                        }
+                
+                r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name);
+                if (r <= 0 || r >= sizeof buf)
+                        goto err;
+                if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
+                        goto err;
+                }
+        ret = 1;
+
+err:    
+        if (d) closedir(d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+        return ret;
+        }
+
+#endif
+#endif
+
+#else /* OPENSSL_SYS_WIN32 */
+
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                       const char *dir)
+        {
+        WIN32_FIND_DATA FindFileData;
+        HANDLE hFind;
+        int ret = 0;
+#ifdef OPENSSL_SYS_WINCE
+        WCHAR* wdir = NULL;
+#endif
+
+        CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+        
+#ifdef OPENSSL_SYS_WINCE
+        /* convert strings to UNICODE */
+        {
+                BOOL result = FALSE;
+                int i;
+                wdir = malloc((strlen(dir)+1)*2);
+                if (wdir == NULL)
+                        goto err_noclose;
+                for (i=0; i<(int)strlen(dir)+1; i++)
+                        wdir[i] = (short)dir[i];
+        }
+#endif
+
+#ifdef OPENSSL_SYS_WINCE
+        hFind = FindFirstFile(wdir, &FindFileData);
+#else
+        hFind = FindFirstFile(dir, &FindFileData);
+#endif
+        /* Note that a side effect is that the CAs will be sorted by name */
+        if(hFind == INVALID_HANDLE_VALUE)
+                {
+                SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+                ERR_add_error_data(3, "opendir('", dir, "')");
+                SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+                goto err_noclose;
+                }
+        
+        do 
+                {
+                char buf[1024];
+                int r;
+                
+#ifdef OPENSSL_SYS_WINCE
+                if(strlen(dir)+_tcslen(FindFileData.cFileName)+2 > sizeof buf)
+#else
+                if(strlen(dir)+strlen(FindFileData.cFileName)+2 > sizeof buf)
+#endif
+                        {
+                        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+                        goto err;
+                        }
+                
+                r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,FindFileData.cFileName);
+                if (r <= 0 || r >= sizeof buf)
+                        goto err;
+                if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
+                        goto err;
+                }
+        while (FindNextFile(hFind, &FindFileData) != FALSE);
+        ret = 1;
+
+err:    
+        FindClose(hFind);
+err_noclose:
+#ifdef OPENSSL_SYS_WINCE
+        if (wdir != NULL)
+                free(wdir);
+#endif
+        CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+        return ret;
+        }
+
+#endif
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
new file mode 100644
index 0000000000..532fb4e80d
--- /dev/null
+++ b/src/lib/libssl/ssl_ciph.c
@@ -0,0 +1,1145 @@
+/* ssl/ssl_ciph.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+#include "ssl_locl.h"
+
+#define SSL_ENC_DES_IDX         0
+#define SSL_ENC_3DES_IDX        1
+#define SSL_ENC_RC4_IDX         2
+#define SSL_ENC_RC2_IDX         3
+#define SSL_ENC_IDEA_IDX        4
+#define SSL_ENC_eFZA_IDX        5
+#define SSL_ENC_NULL_IDX        6
+#define SSL_ENC_AES128_IDX      7
+#define SSL_ENC_AES256_IDX      8
+#define SSL_ENC_NUM_IDX         9
+
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
+        NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
+        };
+
+static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
+
+#define SSL_MD_MD5_IDX  0
+#define SSL_MD_SHA1_IDX 1
+#define SSL_MD_NUM_IDX  2
+static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
+        NULL,NULL,
+        };
+
+#define CIPHER_ADD      1
+#define CIPHER_KILL     2
+#define CIPHER_DEL      3
+#define CIPHER_ORD      4
+#define CIPHER_SPECIAL  5
+
+typedef struct cipher_order_st
+        {
+        SSL_CIPHER *cipher;
+        int active;
+        int dead;
+        struct cipher_order_st *next,*prev;
+        } CIPHER_ORDER;
+
+static const SSL_CIPHER cipher_aliases[]={
+        /* Don't include eNULL unless specifically enabled. */
+        {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+        {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */
+        {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
+        {0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
+        {0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
+        {0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},
+        {0,SSL_TXT_kEDH,0,SSL_kEDH,  0,0,0,0,SSL_MKEY_MASK,0},
+        {0,SSL_TXT_kFZA,0,SSL_kFZA,  0,0,0,0,SSL_MKEY_MASK,0},
+        {0,SSL_TXT_DH,  0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},
+        {0,SSL_TXT_EDH, 0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
+
+        {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */
+        {0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_aFZA,0,SSL_aFZA,  0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_aDH, 0,SSL_aDH,   0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_DSS, 0,SSL_DSS,   0,0,0,0,SSL_AUTH_MASK,0},
+
+        {0,SSL_TXT_DES, 0,SSL_DES,   0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_3DES,0,SSL_3DES,  0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_RC4, 0,SSL_RC4,   0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_RC2, 0,SSL_RC2,   0,0,0,0,SSL_ENC_MASK,0},
+#ifndef OPENSSL_NO_IDEA
+        {0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
+#endif
+        {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_AES, 0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},
+
+        {0,SSL_TXT_MD5, 0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
+        {0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
+        {0,SSL_TXT_SHA, 0,SSL_SHA,   0,0,0,0,SSL_MAC_MASK,0},
+
+        {0,SSL_TXT_NULL,0,SSL_NULL,  0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_KRB5,0,SSL_KRB5,  0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
+        {0,SSL_TXT_RSA, 0,SSL_RSA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
+        {0,SSL_TXT_ADH, 0,SSL_ADH,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
+        {0,SSL_TXT_FZA, 0,SSL_FZA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
+
+        {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
+        {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
+        {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
+
+        {0,SSL_TXT_EXP   ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
+        {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
+        {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
+        {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
+        {0,SSL_TXT_LOW,   0, 0,   SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
+        {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
+        {0,SSL_TXT_HIGH,  0, 0,  SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
+        };
+
+static int init_ciphers=1;
+
+static void load_ciphers(void)
+        {
+        init_ciphers=0;
+        ssl_cipher_methods[SSL_ENC_DES_IDX]= 
+                EVP_get_cipherbyname(SN_des_cbc);
+        ssl_cipher_methods[SSL_ENC_3DES_IDX]=
+                EVP_get_cipherbyname(SN_des_ede3_cbc);
+        ssl_cipher_methods[SSL_ENC_RC4_IDX]=
+                EVP_get_cipherbyname(SN_rc4);
+        ssl_cipher_methods[SSL_ENC_RC2_IDX]= 
+                EVP_get_cipherbyname(SN_rc2_cbc);
+#ifndef OPENSSL_NO_IDEA
+        ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
+                EVP_get_cipherbyname(SN_idea_cbc);
+#else
+        ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
+#endif
+        ssl_cipher_methods[SSL_ENC_AES128_IDX]=
+          EVP_get_cipherbyname(SN_aes_128_cbc);
+        ssl_cipher_methods[SSL_ENC_AES256_IDX]=
+          EVP_get_cipherbyname(SN_aes_256_cbc);
+
+        ssl_digest_methods[SSL_MD_MD5_IDX]=
+                EVP_get_digestbyname(SN_md5);
+        ssl_digest_methods[SSL_MD_SHA1_IDX]=
+                EVP_get_digestbyname(SN_sha1);
+        }
+
+int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
+             const EVP_MD **md, SSL_COMP **comp)
+        {
+        int i;
+        SSL_CIPHER *c;
+
+        c=s->cipher;
+        if (c == NULL) return(0);
+        if (comp != NULL)
+                {
+                SSL_COMP ctmp;
+
+                if (s->compress_meth == 0)
+                        *comp=NULL;
+                else if (ssl_comp_methods == NULL)
+                        {
+                        /* bad */
+                        *comp=NULL;
+                        }
+                else
+                        {
+
+                        ctmp.id=s->compress_meth;
+                        i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
+                        if (i >= 0)
+                                *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
+                        else
+                                *comp=NULL;
+                        }
+                }
+
+        if ((enc == NULL) || (md == NULL)) return(0);
+
+        switch (c->algorithms & SSL_ENC_MASK)
+                {
+        case SSL_DES:
+                i=SSL_ENC_DES_IDX;
+                break;
+        case SSL_3DES:
+                i=SSL_ENC_3DES_IDX;
+                break;
+        case SSL_RC4:
+                i=SSL_ENC_RC4_IDX;
+                break;
+        case SSL_RC2:
+                i=SSL_ENC_RC2_IDX;
+                break;
+        case SSL_IDEA:
+                i=SSL_ENC_IDEA_IDX;
+                break;
+        case SSL_eNULL:
+                i=SSL_ENC_NULL_IDX;
+                break;
+        case SSL_AES:
+                switch(c->alg_bits)
+                        {
+                case 128: i=SSL_ENC_AES128_IDX; break;
+                case 256: i=SSL_ENC_AES256_IDX; break;
+                default: i=-1; break;
+                        }
+                break;
+        default:
+                i= -1;
+                break;
+                }
+
+        if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
+                *enc=NULL;
+        else
+                {
+                if (i == SSL_ENC_NULL_IDX)
+                        *enc=EVP_enc_null();
+                else
+                        *enc=ssl_cipher_methods[i];
+                }
+
+        switch (c->algorithms & SSL_MAC_MASK)
+                {
+        case SSL_MD5:
+                i=SSL_MD_MD5_IDX;
+                break;
+        case SSL_SHA1:
+                i=SSL_MD_SHA1_IDX;
+                break;
+        default:
+                i= -1;
+                break;
+                }
+        if ((i < 0) || (i >= SSL_MD_NUM_IDX))
+                *md=NULL;
+        else
+                *md=ssl_digest_methods[i];
+
+        if ((*enc != NULL) && (*md != NULL))
+                return(1);
+        else
+                return(0);
+        }
+
+#define ITEM_SEP(a) \
+        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
+
+static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+             CIPHER_ORDER **tail)
+        {
+        if (curr == *tail) return;
+        if (curr == *head)
+                *head=curr->next;
+        if (curr->prev != NULL)
+                curr->prev->next=curr->next;
+        if (curr->next != NULL) /* should always be true */
+                curr->next->prev=curr->prev;
+        (*tail)->next=curr;
+        curr->prev= *tail;
+        curr->next=NULL;
+        *tail=curr;
+        }
+
+static unsigned long ssl_cipher_get_disabled(void)
+        {
+        unsigned long mask;
+
+        mask = SSL_kFZA;
+#ifdef OPENSSL_NO_RSA
+        mask |= SSL_aRSA|SSL_kRSA;
+#endif
+#ifdef OPENSSL_NO_DSA
+        mask |= SSL_aDSS;
+#endif
+#ifdef OPENSSL_NO_DH
+        mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
+#endif
+#ifdef OPENSSL_NO_KRB5
+        mask |= SSL_kKRB5|SSL_aKRB5;
+#endif
+
+#ifdef SSL_FORBID_ENULL
+        mask |= SSL_eNULL;
+#endif
+
+        mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
+        mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
+        mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
+        mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
+        mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
+        mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
+        mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
+
+        mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
+        mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
+
+        return(mask);
+        }
+
+static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
+                int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
+                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
+        {
+        int i, list_num;
+        SSL_CIPHER *c;
+
+        /*
+         * We have num_of_ciphers descriptions compiled in, depending on the
+         * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
+         * These will later be sorted in a linked list with at most num
+         * entries.
+         */
+
+        /* Get the initial list of ciphers */
+        list_num = 0;   /* actual count of ciphers */
+        for (i = 0; i < num_of_ciphers; i++)
+                {
+                c = ssl_method->get_cipher(i);
+                /* drop those that use any of that is not available */
+                if ((c != NULL) && c->valid && !(c->algorithms & mask))
+                        {
+                        list[list_num].cipher = c;
+                        list[list_num].next = NULL;
+                        list[list_num].prev = NULL;
+                        list[list_num].active = 0;
+                        list_num++;
+#ifdef KSSL_DEBUG
+                        printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
+#endif  /* KSSL_DEBUG */
+                        /*
+                        if (!sk_push(ca_list,(char *)c)) goto err;
+                        */
+                        }
+                }
+
+        /*
+         * Prepare linked list from list entries
+         */     
+        for (i = 1; i < list_num - 1; i++)
+                {
+                list[i].prev = &(list[i-1]);
+                list[i].next = &(list[i+1]);
+                }
+        if (list_num > 0)
+                {
+                (*head_p) = &(list[0]);
+                (*head_p)->prev = NULL;
+                (*head_p)->next = &(list[1]);
+                (*tail_p) = &(list[list_num - 1]);
+                (*tail_p)->prev = &(list[list_num - 2]);
+                (*tail_p)->next = NULL;
+                }
+        }
+
+static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
+                        int num_of_group_aliases, unsigned long mask,
+                        CIPHER_ORDER *head)
+        {
+        CIPHER_ORDER *ciph_curr;
+        SSL_CIPHER **ca_curr;
+        int i;
+
+        /*
+         * First, add the real ciphers as already collected
+         */
+        ciph_curr = head;
+        ca_curr = ca_list;
+        while (ciph_curr != NULL)
+                {
+                *ca_curr = ciph_curr->cipher;
+                ca_curr++;
+                ciph_curr = ciph_curr->next;
+                }
+
+        /*
+         * Now we add the available ones from the cipher_aliases[] table.
+         * They represent either an algorithm, that must be fully
+         * supported (not match any bit in mask) or represent a cipher
+         * strength value (will be added in any case because algorithms=0).
+         */
+        for (i = 0; i < num_of_group_aliases; i++)
+                {
+                if ((i == 0) ||         /* always fetch "ALL" */
+                    !(cipher_aliases[i].algorithms & mask))
+                        {
+                        *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
+                        ca_curr++;
+                        }
+                }
+
+        *ca_curr = NULL;        /* end of list */
+        }
+
+static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
+                unsigned long algo_strength, unsigned long mask_strength,
+                int rule, int strength_bits, CIPHER_ORDER *list,
+                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
+        {
+        CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
+        SSL_CIPHER *cp;
+        unsigned long ma, ma_s;
+
+#ifdef CIPHER_DEBUG
+        printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
+                rule, algorithms, mask, algo_strength, mask_strength,
+                strength_bits);
+#endif
+
+        curr = head = *head_p;
+        curr2 = head;
+        tail2 = tail = *tail_p;
+        for (;;)
+                {
+                if ((curr == NULL) || (curr == tail2)) break;
+                curr = curr2;
+                curr2 = curr->next;
+
+                cp = curr->cipher;
+
+                /*
+                 * Selection criteria is either the number of strength_bits
+                 * or the algorithm used.
+                 */
+                if (strength_bits == -1)
+                        {
+                        ma = mask & cp->algorithms;
+                        ma_s = mask_strength & cp->algo_strength;
+
+#ifdef CIPHER_DEBUG
+                        printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
+                        printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
+#endif
+                        /*
+                         * Select: if none of the mask bit was met from the
+                         * cipher or not all of the bits were met, the
+                         * selection does not apply.
+                         */
+                        if (((ma == 0) && (ma_s == 0)) ||
+                            ((ma & algorithms) != ma) ||
+                            ((ma_s & algo_strength) != ma_s))
+                                continue; /* does not apply */
+                        }
+                else if (strength_bits != cp->strength_bits)
+                        continue;       /* does not apply */
+
+#ifdef CIPHER_DEBUG
+                printf("Action = %d\n", rule);
+#endif
+
+                /* add the cipher if it has not been added yet. */
+                if (rule == CIPHER_ADD)
+                        {
+                        if (!curr->active)
+                                {
+                                ll_append_tail(&head, curr, &tail);
+                                curr->active = 1;
+                                }
+                        }
+                /* Move the added cipher to this location */
+                else if (rule == CIPHER_ORD)
+                        {
+                        if (curr->active)
+                                {
+                                ll_append_tail(&head, curr, &tail);
+                                }
+                        }
+                else if (rule == CIPHER_DEL)
+                        curr->active = 0;
+                else if (rule == CIPHER_KILL)
+                        {
+                        if (head == curr)
+                                head = curr->next;
+                        else
+                                curr->prev->next = curr->next;
+                        if (tail == curr)
+                                tail = curr->prev;
+                        curr->active = 0;
+                        if (curr->next != NULL)
+                                curr->next->prev = curr->prev;
+                        if (curr->prev != NULL)
+                                curr->prev->next = curr->next;
+                        curr->next = NULL;
+                        curr->prev = NULL;
+                        }
+                }
+
+        *head_p = head;
+        *tail_p = tail;
+        }
+
+static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+                                     CIPHER_ORDER **tail_p)
+        {
+        int max_strength_bits, i, *number_uses;
+        CIPHER_ORDER *curr;
+
+        /*
+         * This routine sorts the ciphers with descending strength. The sorting
+         * must keep the pre-sorted sequence, so we apply the normal sorting
+         * routine as '+' movement to the end of the list.
+         */
+        max_strength_bits = 0;
+        curr = *head_p;
+        while (curr != NULL)
+                {
+                if (curr->active &&
+                    (curr->cipher->strength_bits > max_strength_bits))
+                    max_strength_bits = curr->cipher->strength_bits;
+                curr = curr->next;
+                }
+
+        number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
+        if (!number_uses)
+        {
+                SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
+                return(0);
+        }
+        memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
+
+        /*
+         * Now find the strength_bits values actually used
+         */
+        curr = *head_p;
+        while (curr != NULL)
+                {
+                if (curr->active)
+                        number_uses[curr->cipher->strength_bits]++;
+                curr = curr->next;
+                }
+        /*
+         * Go through the list of used strength_bits values in descending
+         * order.
+         */
+        for (i = max_strength_bits; i >= 0; i--)
+                if (number_uses[i] > 0)
+                        ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
+                                        list, head_p, tail_p);
+
+        OPENSSL_free(number_uses);
+        return(1);
+        }
+
+static int ssl_cipher_process_rulestr(const char *rule_str,
+                CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+                CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
+        {
+        unsigned long algorithms, mask, algo_strength, mask_strength;
+        const char *l, *start, *buf;
+        int j, multi, found, rule, retval, ok, buflen;
+        char ch;
+
+        retval = 1;
+        l = rule_str;
+        for (;;)
+                {
+                ch = *l;
+
+                if (ch == '\0')
+                        break;          /* done */
+                if (ch == '-')
+                        { rule = CIPHER_DEL; l++; }
+                else if (ch == '+')
+                        { rule = CIPHER_ORD; l++; }
+                else if (ch == '!')
+                        { rule = CIPHER_KILL; l++; }
+                else if (ch == '@')
+                        { rule = CIPHER_SPECIAL; l++; }
+                else
+                        { rule = CIPHER_ADD; }
+
+                if (ITEM_SEP(ch))
+                        {
+                        l++;
+                        continue;
+                        }
+
+                algorithms = mask = algo_strength = mask_strength = 0;
+
+                start=l;
+                for (;;)
+                        {
+                        ch = *l;
+                        buf = l;
+                        buflen = 0;
+#ifndef CHARSET_EBCDIC
+                        while ( ((ch >= 'A') && (ch <= 'Z')) ||
+                                ((ch >= '0') && (ch <= '9')) ||
+                                ((ch >= 'a') && (ch <= 'z')) ||
+                                 (ch == '-'))
+#else
+                        while ( isalnum(ch) || (ch == '-'))
+#endif
+                                 {
+                                 ch = *(++l);
+                                 buflen++;
+                                 }
+
+                        if (buflen == 0)
+                                {
+                                /*
+                                 * We hit something we cannot deal with,
+                                 * it is no command or separator nor
+                                 * alphanumeric, so we call this an error.
+                                 */
+                                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+                                       SSL_R_INVALID_COMMAND);
+                                retval = found = 0;
+                                l++;
+                                break;
+                                }
+
+                        if (rule == CIPHER_SPECIAL)
+                                {
+                                found = 0; /* unused -- avoid compiler warning */
+                                break;  /* special treatment */
+                                }
+
+                        /* check for multi-part specification */
+                        if (ch == '+')
+                                {
+                                multi=1;
+                                l++;
+                                }
+                        else
+                                multi=0;
+
+                        /*
+                         * Now search for the cipher alias in the ca_list. Be careful
+                         * with the strncmp, because the "buflen" limitation
+                         * will make the rule "ADH:SOME" and the cipher
+                         * "ADH-MY-CIPHER" look like a match for buflen=3.
+                         * So additionally check whether the cipher name found
+                         * has the correct length. We can save a strlen() call:
+                         * just checking for the '\0' at the right place is
+                         * sufficient, we have to strncmp() anyway. (We cannot
+                         * use strcmp(), because buf is not '\0' terminated.)
+                         */
+                         j = found = 0;
+                         while (ca_list[j])
+                                {
+                                if (!strncmp(buf, ca_list[j]->name, buflen) &&
+                                    (ca_list[j]->name[buflen] == '\0'))
+                                        {
+                                        found = 1;
+                                        break;
+                                        }
+                                else
+                                        j++;
+                                }
+                        if (!found)
+                                break;  /* ignore this entry */
+
+                        algorithms |= ca_list[j]->algorithms;
+                        mask |= ca_list[j]->mask;
+                        algo_strength |= ca_list[j]->algo_strength;
+                        mask_strength |= ca_list[j]->mask_strength;
+
+                        if (!multi) break;
+                        }
+
+                /*
+                 * Ok, we have the rule, now apply it
+                 */
+                if (rule == CIPHER_SPECIAL)
+                        {       /* special command */
+                        ok = 0;
+                        if ((buflen == 8) &&
+                                !strncmp(buf, "STRENGTH", 8))
+                                ok = ssl_cipher_strength_sort(list,
+                                        head_p, tail_p);
+                        else
+                                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+                                        SSL_R_INVALID_COMMAND);
+                        if (ok == 0)
+                                retval = 0;
+                        /*
+                         * We do not support any "multi" options
+                         * together with "@", so throw away the
+                         * rest of the command, if any left, until
+                         * end or ':' is found.
+                         */
+                        while ((*l != '\0') && ITEM_SEP(*l))
+                                l++;
+                        }
+                else if (found)
+                        {
+                        ssl_cipher_apply_rule(algorithms, mask,
+                                algo_strength, mask_strength, rule, -1,
+                                list, head_p, tail_p);
+                        }
+                else
+                        {
+                        while ((*l != '\0') && ITEM_SEP(*l))
+                                l++;
+                        }
+                if (*l == '\0') break; /* done */
+                }
+
+        return(retval);
+        }
+
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+                STACK_OF(SSL_CIPHER) **cipher_list,
+                STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                const char *rule_str)
+        {
+        int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
+        unsigned long disabled_mask;
+        STACK_OF(SSL_CIPHER) *cipherstack;
+        const char *rule_p;
+        CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
+        SSL_CIPHER **ca_list = NULL;
+
+        /*
+         * Return with error if nothing to do.
+         */
+        if (rule_str == NULL) return(NULL);
+
+        if (init_ciphers)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+                if (init_ciphers) load_ciphers();
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+                }
+
+        /*
+         * To reduce the work to do we only want to process the compiled
+         * in algorithms, so we first get the mask of disabled ciphers.
+         */
+        disabled_mask = ssl_cipher_get_disabled();
+
+        /*
+         * Now we have to collect the available ciphers from the compiled
+         * in ciphers. We cannot get more than the number compiled in, so
+         * it is used for allocation.
+         */
+        num_of_ciphers = ssl_method->num_ciphers();
+#ifdef KSSL_DEBUG
+        printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
+#endif    /* KSSL_DEBUG */
+        list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+        if (list == NULL)
+                {
+                SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
+                return(NULL);   /* Failure */
+                }
+
+        ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
+                                   list, &head, &tail);
+
+        /*
+         * We also need cipher aliases for selecting based on the rule_str.
+         * There might be two types of entries in the rule_str: 1) names
+         * of ciphers themselves 2) aliases for groups of ciphers.
+         * For 1) we need the available ciphers and for 2) the cipher
+         * groups of cipher_aliases added together in one list (otherwise
+         * we would be happy with just the cipher_aliases table).
+         */
+        num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
+        num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
+        ca_list =
+                (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+        if (ca_list == NULL)
+                {
+                OPENSSL_free(list);
+                SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
+                return(NULL);   /* Failure */
+                }
+        ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask,
+                                   head);
+
+        /*
+         * If the rule_string begins with DEFAULT, apply the default rule
+         * before using the (possibly available) additional rules.
+         */
+        ok = 1;
+        rule_p = rule_str;
+        if (strncmp(rule_str,"DEFAULT",7) == 0)
+                {
+                ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
+                        list, &head, &tail, ca_list);
+                rule_p += 7;
+                if (*rule_p == ':')
+                        rule_p++;
+                }
+
+        if (ok && (strlen(rule_p) > 0))
+                ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
+                                                ca_list);
+
+        OPENSSL_free(ca_list);  /* Not needed anymore */
+
+        if (!ok)
+                {       /* Rule processing failure */
+                OPENSSL_free(list);
+                return(NULL);
+                }
+        /*
+         * Allocate new "cipherstack" for the result, return with error
+         * if we cannot get one.
+         */
+        if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
+                {
+                OPENSSL_free(list);
+                return(NULL);
+                }
+
+        /*
+         * The cipher selection for the list is done. The ciphers are added
+         * to the resulting precedence to the STACK_OF(SSL_CIPHER).
+         */
+        for (curr = head; curr != NULL; curr = curr->next)
+                {
+                if (curr->active)
+                        {
+                        sk_SSL_CIPHER_push(cipherstack, curr->cipher);
+#ifdef CIPHER_DEBUG
+                        printf("<%s>\n",curr->cipher->name);
+#endif
+                        }
+                }
+        OPENSSL_free(list);     /* Not needed any longer */
+
+        /*
+         * The following passage is a little bit odd. If pointer variables
+         * were supplied to hold STACK_OF(SSL_CIPHER) return information,
+         * the old memory pointed to is free()ed. Then, however, the
+         * cipher_list entry will be assigned just a copy of the returned
+         * cipher stack. For cipher_list_by_id a copy of the cipher stack
+         * will be created. See next comment...
+         */
+        if (cipher_list != NULL)
+                {
+                if (*cipher_list != NULL)
+                        sk_SSL_CIPHER_free(*cipher_list);
+                *cipher_list = cipherstack;
+                }
+
+        if (cipher_list_by_id != NULL)
+                {
+                if (*cipher_list_by_id != NULL)
+                        sk_SSL_CIPHER_free(*cipher_list_by_id);
+                *cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack);
+                }
+
+        /*
+         * Now it is getting really strange. If something failed during
+         * the previous pointer assignment or if one of the pointers was
+         * not requested, the error condition is met. That might be
+         * discussable. The strange thing is however that in this case
+         * the memory "ret" pointed to is "free()ed" and hence the pointer
+         * cipher_list becomes wild. The memory reserved for
+         * cipher_list_by_id however is not "free()ed" and stays intact.
+         */
+        if (    (cipher_list_by_id == NULL) ||
+                (*cipher_list_by_id == NULL) ||
+                (cipher_list == NULL) ||
+                (*cipher_list == NULL))
+                {
+                sk_SSL_CIPHER_free(cipherstack);
+                return(NULL);
+                }
+
+        sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
+
+        return(cipherstack);
+        }
+
+char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
+        {
+        int is_export,pkl,kl;
+        char *ver,*exp;
+        char *kx,*au,*enc,*mac;
+        unsigned long alg,alg2,alg_s;
+#ifdef KSSL_DEBUG
+        static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
+#else
+        static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
+#endif /* KSSL_DEBUG */
+
+        alg=cipher->algorithms;
+        alg_s=cipher->algo_strength;
+        alg2=cipher->algorithm2;
+
+        is_export=SSL_C_IS_EXPORT(cipher);
+        pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
+        kl=SSL_C_EXPORT_KEYLENGTH(cipher);
+        exp=is_export?" export":"";
+
+        if (alg & SSL_SSLV2)
+                ver="SSLv2";
+        else if (alg & SSL_SSLV3)
+                ver="SSLv3";
+        else
+                ver="unknown";
+
+        switch (alg&SSL_MKEY_MASK)
+                {
+        case SSL_kRSA:
+                kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
+                break;
+        case SSL_kDHr:
+                kx="DH/RSA";
+                break;
+        case SSL_kDHd:
+                kx="DH/DSS";
+                break;
+        case SSL_kKRB5:         /* VRS */
+        case SSL_KRB5:          /* VRS */
+            kx="KRB5";
+            break;
+        case SSL_kFZA:
+                kx="Fortezza";
+                break;
+        case SSL_kEDH:
+                kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
+                break;
+        default:
+                kx="unknown";
+                }
+
+        switch (alg&SSL_AUTH_MASK)
+                {
+        case SSL_aRSA:
+                au="RSA";
+                break;
+        case SSL_aDSS:
+                au="DSS";
+                break;
+        case SSL_aDH:
+                au="DH";
+                break;
+        case SSL_aKRB5:         /* VRS */
+        case SSL_KRB5:          /* VRS */
+            au="KRB5";
+            break;
+        case SSL_aFZA:
+        case SSL_aNULL:
+                au="None";
+                break;
+        default:
+                au="unknown";
+                break;
+                }
+
+        switch (alg&SSL_ENC_MASK)
+                {
+        case SSL_DES:
+                enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
+                break;
+        case SSL_3DES:
+                enc="3DES(168)";
+                break;
+        case SSL_RC4:
+                enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
+                  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
+                break;
+        case SSL_RC2:
+                enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
+                break;
+        case SSL_IDEA:
+                enc="IDEA(128)";
+                break;
+        case SSL_eFZA:
+                enc="Fortezza";
+                break;
+        case SSL_eNULL:
+                enc="None";
+                break;
+        case SSL_AES:
+                switch(cipher->strength_bits)
+                        {
+                case 128: enc="AES(128)"; break;
+                case 192: enc="AES(192)"; break;
+                case 256: enc="AES(256)"; break;
+                default: enc="AES(?""?""?)"; break;
+                        }
+                break;
+        default:
+                enc="unknown";
+                break;
+                }
+
+        switch (alg&SSL_MAC_MASK)
+                {
+        case SSL_MD5:
+                mac="MD5";
+                break;
+        case SSL_SHA1:
+                mac="SHA1";
+                break;
+        default:
+                mac="unknown";
+                break;
+                }
+
+        if (buf == NULL)
+                {
+                len=128;
+                buf=OPENSSL_malloc(len);
+                if (buf == NULL) return("OPENSSL_malloc Error");
+                }
+        else if (len < 128)
+                return("Buffer too small");
+
+#ifdef KSSL_DEBUG
+        BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg);
+#else
+        BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
+#endif /* KSSL_DEBUG */
+        return(buf);
+        }
+
+char *SSL_CIPHER_get_version(SSL_CIPHER *c)
+        {
+        int i;
+
+        if (c == NULL) return("(NONE)");
+        i=(int)(c->id>>24L);
+        if (i == 3)
+                return("TLSv1/SSLv3");
+        else if (i == 2)
+                return("SSLv2");
+        else
+                return("unknown");
+        }
+
+/* return the actual cipher being used */
+const char *SSL_CIPHER_get_name(SSL_CIPHER *c)
+        {
+        if (c != NULL)
+                return(c->name);
+        return("(NONE)");
+        }
+
+/* number of bits for symmetric cipher */
+int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits)
+        {
+        int ret=0;
+
+        if (c != NULL)
+                {
+                if (alg_bits != NULL) *alg_bits = c->alg_bits;
+                ret = c->strength_bits;
+                }
+        return(ret);
+        }
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
+        {
+        SSL_COMP *ctmp;
+        int i,nn;
+
+        if ((n == 0) || (sk == NULL)) return(NULL);
+        nn=sk_SSL_COMP_num(sk);
+        for (i=0; i<nn; i++)
+                {
+                ctmp=sk_SSL_COMP_value(sk,i);
+                if (ctmp->id == n)
+                        return(ctmp);
+                }
+        return(NULL);
+        }
+
+static int sk_comp_cmp(const SSL_COMP * const *a,
+                        const SSL_COMP * const *b)
+        {
+        return((*a)->id-(*b)->id);
+        }
+
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+        {
+        return(ssl_comp_methods);
+        }
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+        {
+        SSL_COMP *comp;
+        STACK_OF(SSL_COMP) *sk;
+
+        if (cm == NULL || cm->type == NID_undef)
+                return 1;
+
+        MemCheck_off();
+        comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+        comp->id=id;
+        comp->method=cm;
+        if (ssl_comp_methods == NULL)
+                sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
+        else
+                sk=ssl_comp_methods;
+        if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
+                {
+                MemCheck_on();
+                SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        else
+                {
+                MemCheck_on();
+                return(1);
+                }
+        }
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
new file mode 100644
index 0000000000..d2cb181503
--- /dev/null
+++ b/src/lib/libssl/ssl_err.c
@@ -0,0 +1,461 @@
+/* ssl/ssl_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA SSL_str_functs[]=
+        {
+{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),        "CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0),   "CLIENT_FINISHED"},
+{ERR_PACK(0,SSL_F_CLIENT_HELLO,0),      "CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
+{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0),   "d2i_SSL_SESSION"},
+{ERR_PACK(0,SSL_F_DO_SSL3_WRITE,0),     "DO_SSL3_WRITE"},
+{ERR_PACK(0,SSL_F_GET_CLIENT_FINISHED,0),       "GET_CLIENT_FINISHED"},
+{ERR_PACK(0,SSL_F_GET_CLIENT_HELLO,0),  "GET_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_GET_CLIENT_MASTER_KEY,0),     "GET_CLIENT_MASTER_KEY"},
+{ERR_PACK(0,SSL_F_GET_SERVER_FINISHED,0),       "GET_SERVER_FINISHED"},
+{ERR_PACK(0,SSL_F_GET_SERVER_HELLO,0),  "GET_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_GET_SERVER_VERIFY,0), "GET_SERVER_VERIFY"},
+{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0),   "i2d_SSL_SESSION"},
+{ERR_PACK(0,SSL_F_READ_N,0),    "READ_N"},
+{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0),       "REQUEST_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SERVER_FINISH,0),     "SERVER_FINISH"},
+{ERR_PACK(0,SSL_F_SERVER_HELLO,0),      "SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SERVER_VERIFY,0),     "SERVER_VERIFY"},
+{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0),      "SSL23_ACCEPT"},
+{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0),        "SSL23_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_CONNECT,0),     "SSL23_CONNECT"},
+{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0),    "SSL23_GET_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0),    "SSL23_GET_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_PEEK,0),        "SSL23_PEEK"},
+{ERR_PACK(0,SSL_F_SSL23_READ,0),        "SSL23_READ"},
+{ERR_PACK(0,SSL_F_SSL23_WRITE,0),       "SSL23_WRITE"},
+{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0),       "SSL2_ACCEPT"},
+{ERR_PACK(0,SSL_F_SSL2_CONNECT,0),      "SSL2_CONNECT"},
+{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0),     "SSL2_ENC_INIT"},
+{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0),        "SSL2_GENERATE_KEY_MATERIAL"},
+{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
+{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
+{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0),        "SSL2_READ_INTERNAL"},
+{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0),      "SSL2_SET_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL2_WRITE,0),        "SSL2_WRITE"},
+{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0),       "SSL3_ACCEPT"},
+{ERR_PACK(0,SSL_F_SSL3_CALLBACK_CTRL,0),        "SSL3_CALLBACK_CTRL"},
+{ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0),  "SSL3_CHANGE_CIPHER_STATE"},
+{ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0),     "SSL3_CHECK_CERT_AND_ALGORITHM"},
+{ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL3_CONNECT,0),      "SSL3_CONNECT"},
+{ERR_PACK(0,SSL_F_SSL3_CTRL,0), "SSL3_CTRL"},
+{ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0),     "SSL3_CTX_CTRL"},
+{ERR_PACK(0,SSL_F_SSL3_ENC,0),  "SSL3_ENC"},
+{ERR_PACK(0,SSL_F_SSL3_GENERATE_KEY_BLOCK,0),   "SSL3_GENERATE_KEY_BLOCK"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0),      "SSL3_GET_CERTIFICATE_REQUEST"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0),      "SSL3_GET_CERT_VERIFY"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0),       "SSL3_GET_CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_HELLO,0),     "SSL3_GET_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,0),      "SSL3_GET_CLIENT_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_FINISHED,0), "SSL3_GET_FINISHED"},
+{ERR_PACK(0,SSL_F_SSL3_GET_KEY_EXCHANGE,0),     "SSL3_GET_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_MESSAGE,0),  "SSL3_GET_MESSAGE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_RECORD,0),   "SSL3_GET_RECORD"},
+{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_CERTIFICATE,0),       "SSL3_GET_SERVER_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0),      "SSL3_GET_SERVER_DONE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0),     "SSL3_GET_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0),    "SSL3_OUTPUT_CERT_CHAIN"},
+{ERR_PACK(0,SSL_F_SSL3_PEEK,0), "SSL3_PEEK"},
+{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0),   "SSL3_READ_BYTES"},
+{ERR_PACK(0,SSL_F_SSL3_READ_N,0),       "SSL3_READ_N"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0),     "SSL3_SEND_CERTIFICATE_REQUEST"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,0),      "SSL3_SEND_CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0),     "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0),   "SSL3_SEND_CLIENT_VERIFY"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0),      "SSL3_SEND_SERVER_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0),    "SSL3_SEND_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0),     "SSL3_SEND_SERVER_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0),        "SSL3_SETUP_BUFFERS"},
+{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0),      "SSL3_SETUP_KEY_BLOCK"},
+{ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0),  "SSL3_WRITE_BYTES"},
+{ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0),        "SSL3_WRITE_PENDING"},
+{ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0),        "SSL_add_dir_cert_subjects_to_stack"},
+{ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0),       "SSL_add_file_cert_subjects_to_stack"},
+{ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0),    "SSL_BAD_METHOD"},
+{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0),  "SSL_BYTES_TO_CIPHER_LIST"},
+{ERR_PACK(0,SSL_F_SSL_CERT_DUP,0),      "SSL_CERT_DUP"},
+{ERR_PACK(0,SSL_F_SSL_CERT_INST,0),     "SSL_CERT_INST"},
+{ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0),      "SSL_CERT_INSTANTIATE"},
+{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0),      "SSL_CERT_NEW"},
+{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0),     "SSL_check_private_key"},
+{ERR_PACK(0,SSL_F_SSL_CIPHER_PROCESS_RULESTR,0),        "SSL_CIPHER_PROCESS_RULESTR"},
+{ERR_PACK(0,SSL_F_SSL_CIPHER_STRENGTH_SORT,0),  "SSL_CIPHER_STRENGTH_SORT"},
+{ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"},
+{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0),   "SSL_COMP_add_compression_method"},
+{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0),    "SSL_CREATE_CIPHER_LIST"},
+{ERR_PACK(0,SSL_F_SSL_CTRL,0),  "SSL_ctrl"},
+{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"},
+{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0),       "SSL_CTX_new"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_PURPOSE,0),       "SSL_CTX_set_purpose"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0),    "SSL_CTX_set_session_id_context"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0),   "SSL_CTX_set_ssl_version"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_TRUST,0), "SSL_CTX_set_trust"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0),   "SSL_CTX_use_certificate"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0),      "SSL_CTX_use_certificate_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0),        "SSL_CTX_use_certificate_chain_file"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0),      "SSL_CTX_use_certificate_file"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0),    "SSL_CTX_use_PrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0),       "SSL_CTX_use_PrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,0),       "SSL_CTX_use_PrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,0), "SSL_CTX_use_RSAPrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,0),    "SSL_CTX_use_RSAPrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0),    "SSL_CTX_use_RSAPrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0),  "SSL_do_handshake"},
+{ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0),       "SSL_GET_NEW_SESSION"},
+{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0),      "SSL_GET_PREV_SESSION"},
+{ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0),  "SSL_GET_SERVER_SEND_CERT"},
+{ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"},
+{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0),      "SSL_INIT_WBIO_BUFFER"},
+{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0),   "SSL_load_client_CA_file"},
+{ERR_PACK(0,SSL_F_SSL_NEW,0),   "SSL_new"},
+{ERR_PACK(0,SSL_F_SSL_READ,0),  "SSL_read"},
+{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0),   "SSL_RSA_PRIVATE_DECRYPT"},
+{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0),    "SSL_RSA_PUBLIC_ENCRYPT"},
+{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0),   "SSL_SESSION_new"},
+{ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0),      "SSL_SESSION_print_fp"},
+{ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0), "SSL_SESS_CERT_NEW"},
+{ERR_PACK(0,SSL_F_SSL_SET_CERT,0),      "SSL_SET_CERT"},
+{ERR_PACK(0,SSL_F_SSL_SET_FD,0),        "SSL_set_fd"},
+{ERR_PACK(0,SSL_F_SSL_SET_PKEY,0),      "SSL_SET_PKEY"},
+{ERR_PACK(0,SSL_F_SSL_SET_PURPOSE,0),   "SSL_set_purpose"},
+{ERR_PACK(0,SSL_F_SSL_SET_RFD,0),       "SSL_set_rfd"},
+{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0),   "SSL_set_session"},
+{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0),        "SSL_set_session_id_context"},
+{ERR_PACK(0,SSL_F_SSL_SET_TRUST,0),     "SSL_set_trust"},
+{ERR_PACK(0,SSL_F_SSL_SET_WFD,0),       "SSL_set_wfd"},
+{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0),      "SSL_shutdown"},
+{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0),    "SSL_UNDEFINED_FUNCTION"},
+{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0),       "SSL_use_certificate"},
+{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0),  "SSL_use_certificate_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_FILE,0),  "SSL_use_certificate_file"},
+{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY,0),        "SSL_use_PrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_ASN1,0),   "SSL_use_PrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_FILE,0),   "SSL_use_PrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0),     "SSL_use_RSAPrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0),        "SSL_use_RSAPrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0),        "SSL_use_RSAPrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0),     "SSL_VERIFY_CERT_CHAIN"},
+{ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"},
+{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0),  "TLS1_CHANGE_CIPHER_STATE"},
+{ERR_PACK(0,SSL_F_TLS1_ENC,0),  "TLS1_ENC"},
+{ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0),      "TLS1_SETUP_KEY_BLOCK"},
+{ERR_PACK(0,SSL_F_WRITE_PENDING,0),     "WRITE_PENDING"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA SSL_str_reasons[]=
+        {
+{SSL_R_APP_DATA_IN_HANDSHAKE             ,"app data in handshake"},
+{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"},
+{SSL_R_BAD_ALERT_RECORD                  ,"bad alert record"},
+{SSL_R_BAD_AUTHENTICATION_TYPE           ,"bad authentication type"},
+{SSL_R_BAD_CHANGE_CIPHER_SPEC            ,"bad change cipher spec"},
+{SSL_R_BAD_CHECKSUM                      ,"bad checksum"},
+{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK     ,"bad data returned by callback"},
+{SSL_R_BAD_DECOMPRESSION                 ,"bad decompression"},
+{SSL_R_BAD_DH_G_LENGTH                   ,"bad dh g length"},
+{SSL_R_BAD_DH_PUB_KEY_LENGTH             ,"bad dh pub key length"},
+{SSL_R_BAD_DH_P_LENGTH                   ,"bad dh p length"},
+{SSL_R_BAD_DIGEST_LENGTH                 ,"bad digest length"},
+{SSL_R_BAD_DSA_SIGNATURE                 ,"bad dsa signature"},
+{SSL_R_BAD_HELLO_REQUEST                 ,"bad hello request"},
+{SSL_R_BAD_LENGTH                        ,"bad length"},
+{SSL_R_BAD_MAC_DECODE                    ,"bad mac decode"},
+{SSL_R_BAD_MESSAGE_TYPE                  ,"bad message type"},
+{SSL_R_BAD_PACKET_LENGTH                 ,"bad packet length"},
+{SSL_R_BAD_PROTOCOL_VERSION_NUMBER       ,"bad protocol version number"},
+{SSL_R_BAD_RESPONSE_ARGUMENT             ,"bad response argument"},
+{SSL_R_BAD_RSA_DECRYPT                   ,"bad rsa decrypt"},
+{SSL_R_BAD_RSA_ENCRYPT                   ,"bad rsa encrypt"},
+{SSL_R_BAD_RSA_E_LENGTH                  ,"bad rsa e length"},
+{SSL_R_BAD_RSA_MODULUS_LENGTH            ,"bad rsa modulus length"},
+{SSL_R_BAD_RSA_SIGNATURE                 ,"bad rsa signature"},
+{SSL_R_BAD_SIGNATURE                     ,"bad signature"},
+{SSL_R_BAD_SSL_FILETYPE                  ,"bad ssl filetype"},
+{SSL_R_BAD_SSL_SESSION_ID_LENGTH         ,"bad ssl session id length"},
+{SSL_R_BAD_STATE                         ,"bad state"},
+{SSL_R_BAD_WRITE_RETRY                   ,"bad write retry"},
+{SSL_R_BIO_NOT_SET                       ,"bio not set"},
+{SSL_R_BLOCK_CIPHER_PAD_IS_WRONG         ,"block cipher pad is wrong"},
+{SSL_R_BN_LIB                            ,"bn lib"},
+{SSL_R_CA_DN_LENGTH_MISMATCH             ,"ca dn length mismatch"},
+{SSL_R_CA_DN_TOO_LONG                    ,"ca dn too long"},
+{SSL_R_CCS_RECEIVED_EARLY                ,"ccs received early"},
+{SSL_R_CERTIFICATE_VERIFY_FAILED         ,"certificate verify failed"},
+{SSL_R_CERT_LENGTH_MISMATCH              ,"cert length mismatch"},
+{SSL_R_CHALLENGE_IS_DIFFERENT            ,"challenge is different"},
+{SSL_R_CIPHER_CODE_WRONG_LENGTH          ,"cipher code wrong length"},
+{SSL_R_CIPHER_OR_HASH_UNAVAILABLE        ,"cipher or hash unavailable"},
+{SSL_R_CIPHER_TABLE_SRC_ERROR            ,"cipher table src error"},
+{SSL_R_COMPRESSED_LENGTH_TOO_LONG        ,"compressed length too long"},
+{SSL_R_COMPRESSION_FAILURE               ,"compression failure"},
+{SSL_R_COMPRESSION_LIBRARY_ERROR         ,"compression library error"},
+{SSL_R_CONNECTION_ID_IS_DIFFERENT        ,"connection id is different"},
+{SSL_R_CONNECTION_TYPE_NOT_SET           ,"connection type not set"},
+{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED     ,"data between ccs and finished"},
+{SSL_R_DATA_LENGTH_TOO_LONG              ,"data length too long"},
+{SSL_R_DECRYPTION_FAILED                 ,"decryption failed"},
+{SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"},
+{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
+{SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
+{SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
+{SSL_R_ERROR_GENERATING_TMP_RSA_KEY      ,"error generating tmp rsa key"},
+{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST     ,"error in received cipher list"},
+{SSL_R_EXCESSIVE_MESSAGE_SIZE            ,"excessive message size"},
+{SSL_R_EXTRA_DATA_IN_MESSAGE             ,"extra data in message"},
+{SSL_R_GOT_A_FIN_BEFORE_A_CCS            ,"got a fin before a ccs"},
+{SSL_R_HTTPS_PROXY_REQUEST               ,"https proxy request"},
+{SSL_R_HTTP_REQUEST                      ,"http request"},
+{SSL_R_ILLEGAL_PADDING                   ,"illegal padding"},
+{SSL_R_INVALID_CHALLENGE_LENGTH          ,"invalid challenge length"},
+{SSL_R_INVALID_COMMAND                   ,"invalid command"},
+{SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},
+{SSL_R_INVALID_TRUST                     ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},
+{SSL_R_KRB5                              ,"krb5"},
+{SSL_R_KRB5_C_CC_PRINC                   ,"krb5 client cc principal (no tkt?)"},
+{SSL_R_KRB5_C_GET_CRED                   ,"krb5 client get cred"},
+{SSL_R_KRB5_C_INIT                       ,"krb5 client init"},
+{SSL_R_KRB5_C_MK_REQ                     ,"krb5 client mk_req (expired tkt?)"},
+{SSL_R_KRB5_S_BAD_TICKET                 ,"krb5 server bad ticket"},
+{SSL_R_KRB5_S_INIT                       ,"krb5 server init"},
+{SSL_R_KRB5_S_RD_REQ                     ,"krb5 server rd_req (keytab perms?)"},
+{SSL_R_KRB5_S_TKT_EXPIRED                ,"krb5 server tkt expired"},
+{SSL_R_KRB5_S_TKT_NYV                    ,"krb5 server tkt not yet valid"},
+{SSL_R_KRB5_S_TKT_SKEW                   ,"krb5 server tkt skew"},
+{SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
+{SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
+{SSL_R_LIBRARY_BUG                       ,"library bug"},
+{SSL_R_LIBRARY_HAS_NO_CIPHERS            ,"library has no ciphers"},
+{SSL_R_MASTER_KEY_TOO_LONG               ,"master key too long"},
+{SSL_R_MESSAGE_TOO_LONG                  ,"message too long"},
+{SSL_R_MISSING_DH_DSA_CERT               ,"missing dh dsa cert"},
+{SSL_R_MISSING_DH_KEY                    ,"missing dh key"},
+{SSL_R_MISSING_DH_RSA_CERT               ,"missing dh rsa cert"},
+{SSL_R_MISSING_DSA_SIGNING_CERT          ,"missing dsa signing cert"},
+{SSL_R_MISSING_EXPORT_TMP_DH_KEY         ,"missing export tmp dh key"},
+{SSL_R_MISSING_EXPORT_TMP_RSA_KEY        ,"missing export tmp rsa key"},
+{SSL_R_MISSING_RSA_CERTIFICATE           ,"missing rsa certificate"},
+{SSL_R_MISSING_RSA_ENCRYPTING_CERT       ,"missing rsa encrypting cert"},
+{SSL_R_MISSING_RSA_SIGNING_CERT          ,"missing rsa signing cert"},
+{SSL_R_MISSING_TMP_DH_KEY                ,"missing tmp dh key"},
+{SSL_R_MISSING_TMP_RSA_KEY               ,"missing tmp rsa key"},
+{SSL_R_MISSING_TMP_RSA_PKEY              ,"missing tmp rsa pkey"},
+{SSL_R_MISSING_VERIFY_MESSAGE            ,"missing verify message"},
+{SSL_R_NON_SSLV2_INITIAL_PACKET          ,"non sslv2 initial packet"},
+{SSL_R_NO_CERTIFICATES_RETURNED          ,"no certificates returned"},
+{SSL_R_NO_CERTIFICATE_ASSIGNED           ,"no certificate assigned"},
+{SSL_R_NO_CERTIFICATE_RETURNED           ,"no certificate returned"},
+{SSL_R_NO_CERTIFICATE_SET                ,"no certificate set"},
+{SSL_R_NO_CERTIFICATE_SPECIFIED          ,"no certificate specified"},
+{SSL_R_NO_CIPHERS_AVAILABLE              ,"no ciphers available"},
+{SSL_R_NO_CIPHERS_PASSED                 ,"no ciphers passed"},
+{SSL_R_NO_CIPHERS_SPECIFIED              ,"no ciphers specified"},
+{SSL_R_NO_CIPHER_LIST                    ,"no cipher list"},
+{SSL_R_NO_CIPHER_MATCH                   ,"no cipher match"},
+{SSL_R_NO_CLIENT_CERT_RECEIVED           ,"no client cert received"},
+{SSL_R_NO_COMPRESSION_SPECIFIED          ,"no compression specified"},
+{SSL_R_NO_METHOD_SPECIFIED               ,"no method specified"},
+{SSL_R_NO_PRIVATEKEY                     ,"no privatekey"},
+{SSL_R_NO_PRIVATE_KEY_ASSIGNED           ,"no private key assigned"},
+{SSL_R_NO_PROTOCOLS_AVAILABLE            ,"no protocols available"},
+{SSL_R_NO_PUBLICKEY                      ,"no publickey"},
+{SSL_R_NO_SHARED_CIPHER                  ,"no shared cipher"},
+{SSL_R_NO_VERIFY_CALLBACK                ,"no verify callback"},
+{SSL_R_NULL_SSL_CTX                      ,"null ssl ctx"},
+{SSL_R_NULL_SSL_METHOD_PASSED            ,"null ssl method passed"},
+{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED   ,"old session cipher not returned"},
+{SSL_R_PACKET_LENGTH_TOO_LONG            ,"packet length too long"},
+{SSL_R_PATH_TOO_LONG                     ,"path too long"},
+{SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"},
+{SSL_R_PEER_ERROR                        ,"peer error"},
+{SSL_R_PEER_ERROR_CERTIFICATE            ,"peer error certificate"},
+{SSL_R_PEER_ERROR_NO_CERTIFICATE         ,"peer error no certificate"},
+{SSL_R_PEER_ERROR_NO_CIPHER              ,"peer error no cipher"},
+{SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"peer error unsupported certificate type"},
+{SSL_R_PRE_MAC_LENGTH_TOO_LONG           ,"pre mac length too long"},
+{SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS ,"problems mapping cipher functions"},
+{SSL_R_PROTOCOL_IS_SHUTDOWN              ,"protocol is shutdown"},
+{SSL_R_PUBLIC_KEY_ENCRYPT_ERROR          ,"public key encrypt error"},
+{SSL_R_PUBLIC_KEY_IS_NOT_RSA             ,"public key is not rsa"},
+{SSL_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
+{SSL_R_READ_BIO_NOT_SET                  ,"read bio not set"},
+{SSL_R_READ_WRONG_PACKET_TYPE            ,"read wrong packet type"},
+{SSL_R_RECORD_LENGTH_MISMATCH            ,"record length mismatch"},
+{SSL_R_RECORD_TOO_LARGE                  ,"record too large"},
+{SSL_R_RECORD_TOO_SMALL                  ,"record too small"},
+{SSL_R_REQUIRED_CIPHER_MISSING           ,"required cipher missing"},
+{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO        ,"reuse cert length not zero"},
+{SSL_R_REUSE_CERT_TYPE_NOT_ZERO          ,"reuse cert type not zero"},
+{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO        ,"reuse cipher list not zero"},
+{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED  ,"session id context uninitialized"},
+{SSL_R_SHORT_READ                        ,"short read"},
+{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
+{SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
+{SSL_R_SSL2_CONNECTION_ID_TOO_LONG       ,"ssl2 connection id too long"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
+{SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
+{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
+{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
+{SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED   ,"sslv3 alert certificate expired"},
+{SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED   ,"sslv3 alert certificate revoked"},
+{SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN   ,"sslv3 alert certificate unknown"},
+{SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ,"sslv3 alert decompression failure"},
+{SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE     ,"sslv3 alert handshake failure"},
+{SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER     ,"sslv3 alert illegal parameter"},
+{SSL_R_SSLV3_ALERT_NO_CERTIFICATE        ,"sslv3 alert no certificate"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE,"sslv3 alert peer error certificate"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE,"sslv3 alert peer error no certificate"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER  ,"sslv3 alert peer error no cipher"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"sslv3 alert peer error unsupported certificate type"},
+{SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE    ,"sslv3 alert unexpected message"},
+{SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE,"sslv3 alert unknown remote error type"},
+{SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE,"sslv3 alert unsupported certificate"},
+{SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"},
+{SSL_R_SSL_HANDSHAKE_FAILURE             ,"ssl handshake failure"},
+{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS        ,"ssl library has no ciphers"},
+{SSL_R_SSL_SESSION_ID_CALLBACK_FAILED    ,"ssl session id callback failed"},
+{SSL_R_SSL_SESSION_ID_CONFLICT           ,"ssl session id conflict"},
+{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG   ,"ssl session id context too long"},
+{SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH     ,"ssl session id has bad length"},
+{SSL_R_SSL_SESSION_ID_IS_DIFFERENT       ,"ssl session id is different"},
+{SSL_R_TLSV1_ALERT_ACCESS_DENIED         ,"tlsv1 alert access denied"},
+{SSL_R_TLSV1_ALERT_DECODE_ERROR          ,"tlsv1 alert decode error"},
+{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED     ,"tlsv1 alert decryption failed"},
+{SSL_R_TLSV1_ALERT_DECRYPT_ERROR         ,"tlsv1 alert decrypt error"},
+{SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION    ,"tlsv1 alert export restriction"},
+{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"},
+{SSL_R_TLSV1_ALERT_INTERNAL_ERROR        ,"tlsv1 alert internal error"},
+{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION      ,"tlsv1 alert no renegotiation"},
+{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION      ,"tlsv1 alert protocol version"},
+{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW       ,"tlsv1 alert record overflow"},
+{SSL_R_TLSV1_ALERT_UNKNOWN_CA            ,"tlsv1 alert unknown ca"},
+{SSL_R_TLSV1_ALERT_USER_CANCELLED        ,"tlsv1 alert user cancelled"},
+{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
+{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
+{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
+{SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER   ,"tried to use unsupported cipher"},
+{SSL_R_UNABLE_TO_DECODE_DH_CERTS         ,"unable to decode dh certs"},
+{SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY      ,"unable to extract public key"},
+{SSL_R_UNABLE_TO_FIND_DH_PARAMETERS      ,"unable to find dh parameters"},
+{SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"},
+{SSL_R_UNABLE_TO_FIND_SSL_METHOD         ,"unable to find ssl method"},
+{SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES  ,"unable to load ssl2 md5 routines"},
+{SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES  ,"unable to load ssl3 md5 routines"},
+{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},
+{SSL_R_UNEXPECTED_MESSAGE                ,"unexpected message"},
+{SSL_R_UNEXPECTED_RECORD                 ,"unexpected record"},
+{SSL_R_UNINITIALIZED                     ,"uninitialized"},
+{SSL_R_UNKNOWN_ALERT_TYPE                ,"unknown alert type"},
+{SSL_R_UNKNOWN_CERTIFICATE_TYPE          ,"unknown certificate type"},
+{SSL_R_UNKNOWN_CIPHER_RETURNED           ,"unknown cipher returned"},
+{SSL_R_UNKNOWN_CIPHER_TYPE               ,"unknown cipher type"},
+{SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE         ,"unknown key exchange type"},
+{SSL_R_UNKNOWN_PKEY_TYPE                 ,"unknown pkey type"},
+{SSL_R_UNKNOWN_PROTOCOL                  ,"unknown protocol"},
+{SSL_R_UNKNOWN_REMOTE_ERROR_TYPE         ,"unknown remote error type"},
+{SSL_R_UNKNOWN_SSL_VERSION               ,"unknown ssl version"},
+{SSL_R_UNKNOWN_STATE                     ,"unknown state"},
+{SSL_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
+{SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"},
+{SSL_R_UNSUPPORTED_OPTION                ,"unsupported option"},
+{SSL_R_UNSUPPORTED_PROTOCOL              ,"unsupported protocol"},
+{SSL_R_UNSUPPORTED_SSL_VERSION           ,"unsupported ssl version"},
+{SSL_R_WRITE_BIO_NOT_SET                 ,"write bio not set"},
+{SSL_R_WRONG_CIPHER_RETURNED             ,"wrong cipher returned"},
+{SSL_R_WRONG_MESSAGE_TYPE                ,"wrong message type"},
+{SSL_R_WRONG_NUMBER_OF_KEY_BITS          ,"wrong number of key bits"},
+{SSL_R_WRONG_SIGNATURE_LENGTH            ,"wrong signature length"},
+{SSL_R_WRONG_SIGNATURE_SIZE              ,"wrong signature size"},
+{SSL_R_WRONG_SSL_VERSION                 ,"wrong ssl version"},
+{SSL_R_WRONG_VERSION_NUMBER              ,"wrong version number"},
+{SSL_R_X509_LIB                          ,"x509 lib"},
+{SSL_R_X509_VERIFICATION_SETUP_PROBLEMS  ,"x509 verification setup problems"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_SSL_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
+                ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c
new file mode 100644
index 0000000000..ea95a5f983
--- /dev/null
+++ b/src/lib/libssl/ssl_err2.c
@@ -0,0 +1,70 @@
+/* ssl/ssl_err2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+void SSL_load_error_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+        ERR_load_crypto_strings();
+        ERR_load_SSL_strings();
+#endif
+        }
+
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
new file mode 100644
index 0000000000..8701fb33ca
--- /dev/null
+++ b/src/lib/libssl/ssl_lib.c
@@ -0,0 +1,2314 @@
+/*! \file ssl/ssl_lib.c
+ *  \brief Version independent SSL functions.
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#ifdef REF_CHECK
+#  include <assert.h>
+#endif
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/objects.h>
+#include <openssl/lhash.h>
+#include <openssl/x509v3.h>
+
+const char *SSL_version_str=OPENSSL_VERSION_TEXT;
+
+OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
+        /* evil casts, but these functions are only called if there's a library bug */
+        (int (*)(SSL *,int))ssl_undefined_function,
+        (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
+        ssl_undefined_function,
+        (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
+        (int (*)(SSL*, int))ssl_undefined_function,
+        (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function
+        };
+
+int SSL_clear(SSL *s)
+        {
+
+        if (s->method == NULL)
+                {
+                SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
+                return(0);
+                }
+
+        if (ssl_clear_bad_session(s))
+                {
+                SSL_SESSION_free(s->session);
+                s->session=NULL;
+                }
+
+        s->error=0;
+        s->hit=0;
+        s->shutdown=0;
+
+#if 0 /* Disabled since version 1.10 of this file (early return not
+       * needed because SSL_clear is not called when doing renegotiation) */
+        /* This is set if we are doing dynamic renegotiation so keep
+         * the old cipher.  It is sort of a SSL_clear_lite :-) */
+        if (s->new_session) return(1);
+#else
+        if (s->new_session)
+                {
+                SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
+                return 0;
+                }
+#endif
+
+        s->type=0;
+
+        s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
+
+        s->version=s->method->version;
+        s->client_version=s->version;
+        s->rwstate=SSL_NOTHING;
+        s->rstate=SSL_ST_READ_HEADER;
+#if 0
+        s->read_ahead=s->ctx->read_ahead;
+#endif
+
+        if (s->init_buf != NULL)
+                {
+                BUF_MEM_free(s->init_buf);
+                s->init_buf=NULL;
+                }
+
+        ssl_clear_cipher_ctx(s);
+
+        s->first_packet=0;
+
+#if 1
+        /* Check to see if we were changed into a different method, if
+         * so, revert back if we are not doing session-id reuse. */
+        if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
+                {
+                s->method->ssl_free(s);
+                s->method=s->ctx->method;
+                if (!s->method->ssl_new(s))
+                        return(0);
+                }
+        else
+#endif
+                s->method->ssl_clear(s);
+        return(1);
+        }
+
+/** Used to change an SSL_CTXs default SSL method type */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
+        {
+        STACK_OF(SSL_CIPHER) *sk;
+
+        ctx->method=meth;
+
+        sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
+                &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
+        if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
+                {
+                SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+                return(0);
+                }
+        return(1);
+        }
+
+SSL *SSL_new(SSL_CTX *ctx)
+        {
+        SSL *s;
+
+        if (ctx == NULL)
+                {
+                SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
+                return(NULL);
+                }
+        if (ctx->method == NULL)
+                {
+                SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
+                return(NULL);
+                }
+
+        s=(SSL *)OPENSSL_malloc(sizeof(SSL));
+        if (s == NULL) goto err;
+        memset(s,0,sizeof(SSL));
+
+#ifndef OPENSSL_NO_KRB5
+        s->kssl_ctx = kssl_ctx_new();
+#endif  /* OPENSSL_NO_KRB5 */
+
+        s->options=ctx->options;
+        s->mode=ctx->mode;
+        s->max_cert_list=ctx->max_cert_list;
+
+        if (ctx->cert != NULL)
+                {
+                /* Earlier library versions used to copy the pointer to
+                 * the CERT, not its contents; only when setting new
+                 * parameters for the per-SSL copy, ssl_cert_new would be
+                 * called (and the direct reference to the per-SSL_CTX
+                 * settings would be lost, but those still were indirectly
+                 * accessed for various purposes, and for that reason they
+                 * used to be known as s->ctx->default_cert).
+                 * Now we don't look at the SSL_CTX's CERT after having
+                 * duplicated it once. */
+
+                s->cert = ssl_cert_dup(ctx->cert);
+                if (s->cert == NULL)
+                        goto err;
+                }
+        else
+                s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
+
+        s->read_ahead=ctx->read_ahead;
+        s->msg_callback=ctx->msg_callback;
+        s->msg_callback_arg=ctx->msg_callback_arg;
+        s->verify_mode=ctx->verify_mode;
+        s->verify_depth=ctx->verify_depth;
+        s->sid_ctx_length=ctx->sid_ctx_length;
+        OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
+        memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
+        s->verify_callback=ctx->default_verify_callback;
+        s->generate_session_id=ctx->generate_session_id;
+        s->purpose = ctx->purpose;
+        s->trust = ctx->trust;
+        s->quiet_shutdown=ctx->quiet_shutdown;
+
+        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+        s->ctx=ctx;
+
+        s->verify_result=X509_V_OK;
+
+        s->method=ctx->method;
+
+        if (!s->method->ssl_new(s))
+                goto err;
+
+        s->references=1;
+        s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
+
+        SSL_clear(s);
+
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+
+        return(s);
+err:
+        if (s != NULL)
+                {
+                if (s->cert != NULL)
+                        ssl_cert_free(s->cert);
+                if (s->ctx != NULL)
+                        SSL_CTX_free(s->ctx); /* decrement reference count */
+                OPENSSL_free(s);
+                }
+        SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
+        return(NULL);
+        }
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+                                   unsigned int sid_ctx_len)
+    {
+    if(sid_ctx_len > sizeof ctx->sid_ctx)
+        {
+        SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+        }
+    ctx->sid_ctx_length=sid_ctx_len;
+    memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
+
+    return 1;
+    }
+
+int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+                               unsigned int sid_ctx_len)
+    {
+    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+        {
+        SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+        }
+    ssl->sid_ctx_length=sid_ctx_len;
+    memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
+
+    return 1;
+    }
+
+int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+        ctx->generate_session_id = cb;
+        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+        return 1;
+        }
+
+int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+        ssl->generate_session_id = cb;
+        CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+        return 1;
+        }
+
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                unsigned int id_len)
+        {
+        /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
+         * we can "construct" a session to give us the desired check - ie. to
+         * find if there's a session in the hash table that would conflict with
+         * any new session built out of this id/id_len and the ssl_version in
+         * use by this SSL. */
+        SSL_SESSION r, *p;
+
+        if(id_len > sizeof r.session_id)
+                return 0;
+
+        r.ssl_version = ssl->version;
+        r.session_id_length = id_len;
+        memcpy(r.session_id, id, id_len);
+        /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
+         * callback is calling us to check the uniqueness of a shorter ID, it
+         * must be compared as a padded-out ID because that is what it will be
+         * converted to when the callback has finished choosing it. */
+        if((r.ssl_version == SSL2_VERSION) &&
+                        (id_len < SSL2_SSL_SESSION_ID_LENGTH))
+                {
+                memset(r.session_id + id_len, 0,
+                        SSL2_SSL_SESSION_ID_LENGTH - id_len);
+                r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
+                }
+
+        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+        p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
+        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+        return (p != NULL);
+        }
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+        {
+        return X509_PURPOSE_set(&s->purpose, purpose);
+        }
+
+int SSL_set_purpose(SSL *s, int purpose)
+        {
+        return X509_PURPOSE_set(&s->purpose, purpose);
+        }
+
+int SSL_CTX_set_trust(SSL_CTX *s, int trust)
+        {
+        return X509_TRUST_set(&s->trust, trust);
+        }
+
+int SSL_set_trust(SSL *s, int trust)
+        {
+        return X509_TRUST_set(&s->trust, trust);
+        }
+
+void SSL_free(SSL *s)
+        {
+        int i;
+
+        if(s == NULL)
+            return;
+
+        i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
+#ifdef REF_PRINT
+        REF_PRINT("SSL",s);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"SSL_free, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+
+        if (s->bbio != NULL)
+                {
+                /* If the buffering BIO is in place, pop it off */
+                if (s->bbio == s->wbio)
+                        {
+                        s->wbio=BIO_pop(s->wbio);
+                        }
+                BIO_free(s->bbio);
+                s->bbio=NULL;
+                }
+        if (s->rbio != NULL)
+                BIO_free_all(s->rbio);
+        if ((s->wbio != NULL) && (s->wbio != s->rbio))
+                BIO_free_all(s->wbio);
+
+        if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
+
+        /* add extra stuff */
+        if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
+        if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
+
+        /* Make the next call work :-) */
+        if (s->session != NULL)
+                {
+                ssl_clear_bad_session(s);
+                SSL_SESSION_free(s->session);
+                }
+
+        ssl_clear_cipher_ctx(s);
+
+        if (s->cert != NULL) ssl_cert_free(s->cert);
+        /* Free up if allocated */
+
+        if (s->ctx) SSL_CTX_free(s->ctx);
+
+        if (s->client_CA != NULL)
+                sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
+
+        if (s->method != NULL) s->method->ssl_free(s);
+
+        OPENSSL_free(s);
+        }
+
+void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
+        {
+        /* If the output buffering BIO is still in place, remove it
+         */
+        if (s->bbio != NULL)
+                {
+                if (s->wbio == s->bbio)
+                        {
+                        s->wbio=s->wbio->next_bio;
+                        s->bbio->next_bio=NULL;
+                        }
+                }
+        if ((s->rbio != NULL) && (s->rbio != rbio))
+                BIO_free_all(s->rbio);
+        if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
+                BIO_free_all(s->wbio);
+        s->rbio=rbio;
+        s->wbio=wbio;
+        }
+
+BIO *SSL_get_rbio(SSL *s)
+        { return(s->rbio); }
+
+BIO *SSL_get_wbio(SSL *s)
+        { return(s->wbio); }
+
+int SSL_get_fd(SSL *s)
+        {
+        return(SSL_get_rfd(s));
+        }
+
+int SSL_get_rfd(SSL *s)
+        {
+        int ret= -1;
+        BIO *b,*r;
+
+        b=SSL_get_rbio(s);
+        r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
+        if (r != NULL)
+                BIO_get_fd(r,&ret);
+        return(ret);
+        }
+
+int SSL_get_wfd(SSL *s)
+        {
+        int ret= -1;
+        BIO *b,*r;
+
+        b=SSL_get_wbio(s);
+        r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
+        if (r != NULL)
+                BIO_get_fd(r,&ret);
+        return(ret);
+        }
+
+#ifndef OPENSSL_NO_SOCK
+int SSL_set_fd(SSL *s,int fd)
+        {
+        int ret=0;
+        BIO *bio=NULL;
+
+        bio=BIO_new(BIO_s_socket());
+
+        if (bio == NULL)
+                {
+                SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
+                goto err;
+                }
+        BIO_set_fd(bio,fd,BIO_NOCLOSE);
+        SSL_set_bio(s,bio,bio);
+        ret=1;
+err:
+        return(ret);
+        }
+
+int SSL_set_wfd(SSL *s,int fd)
+        {
+        int ret=0;
+        BIO *bio=NULL;
+
+        if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
+                || ((int)BIO_get_fd(s->rbio,NULL) != fd))
+                {
+                bio=BIO_new(BIO_s_socket());
+
+                if (bio == NULL)
+                        { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
+                BIO_set_fd(bio,fd,BIO_NOCLOSE);
+                SSL_set_bio(s,SSL_get_rbio(s),bio);
+                }
+        else
+                SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
+        ret=1;
+err:
+        return(ret);
+        }
+
+int SSL_set_rfd(SSL *s,int fd)
+        {
+        int ret=0;
+        BIO *bio=NULL;
+
+        if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
+                || ((int)BIO_get_fd(s->wbio,NULL) != fd))
+                {
+                bio=BIO_new(BIO_s_socket());
+
+                if (bio == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
+                        goto err;
+                        }
+                BIO_set_fd(bio,fd,BIO_NOCLOSE);
+                SSL_set_bio(s,bio,SSL_get_wbio(s));
+                }
+        else
+                SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
+        ret=1;
+err:
+        return(ret);
+        }
+#endif
+
+
+/* return length of latest Finished message we sent, copy to 'buf' */
+size_t SSL_get_finished(SSL *s, void *buf, size_t count)
+        {
+        size_t ret = 0;
+        
+        if (s->s3 != NULL)
+                {
+                ret = s->s3->tmp.finish_md_len;
+                if (count > ret)
+                        count = ret;
+                memcpy(buf, s->s3->tmp.finish_md, count);
+                }
+        return ret;
+        }
+
+/* return length of latest Finished message we expected, copy to 'buf' */
+size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count)
+        {
+        size_t ret = 0;
+        
+        if (s->s3 != NULL)
+                {
+                ret = s->s3->tmp.peer_finish_md_len;
+                if (count > ret)
+                        count = ret;
+                memcpy(buf, s->s3->tmp.peer_finish_md, count);
+                }
+        return ret;
+        }
+
+
+int SSL_get_verify_mode(SSL *s)
+        {
+        return(s->verify_mode);
+        }
+
+int SSL_get_verify_depth(SSL *s)
+        {
+        return(s->verify_depth);
+        }
+
+int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *)
+        {
+        return(s->verify_callback);
+        }
+
+int SSL_CTX_get_verify_mode(SSL_CTX *ctx)
+        {
+        return(ctx->verify_mode);
+        }
+
+int SSL_CTX_get_verify_depth(SSL_CTX *ctx)
+        {
+        return(ctx->verify_depth);
+        }
+
+int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *)
+        {
+        return(ctx->default_verify_callback);
+        }
+
+void SSL_set_verify(SSL *s,int mode,
+                    int (*callback)(int ok,X509_STORE_CTX *ctx))
+        {
+        s->verify_mode=mode;
+        if (callback != NULL)
+                s->verify_callback=callback;
+        }
+
+void SSL_set_verify_depth(SSL *s,int depth)
+        {
+        s->verify_depth=depth;
+        }
+
+void SSL_set_read_ahead(SSL *s,int yes)
+        {
+        s->read_ahead=yes;
+        }
+
+int SSL_get_read_ahead(SSL *s)
+        {
+        return(s->read_ahead);
+        }
+
+int SSL_pending(SSL *s)
+        {
+        /* SSL_pending cannot work properly if read-ahead is enabled
+         * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
+         * and it is impossible to fix since SSL_pending cannot report
+         * errors that may be observed while scanning the new data.
+         * (Note that SSL_pending() is often used as a boolean value,
+         * so we'd better not return -1.)
+         */
+        return(s->method->ssl_pending(s));
+        }
+
+X509 *SSL_get_peer_certificate(SSL *s)
+        {
+        X509 *r;
+        
+        if ((s == NULL) || (s->session == NULL))
+                r=NULL;
+        else
+                r=s->session->peer;
+
+        if (r == NULL) return(r);
+
+        CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
+
+        return(r);
+        }
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s)
+        {
+        STACK_OF(X509) *r;
+        
+        if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
+                r=NULL;
+        else
+                r=s->session->sess_cert->cert_chain;
+
+        /* If we are a client, cert_chain includes the peer's own
+         * certificate; if we are a server, it does not. */
+        
+        return(r);
+        }
+
+/* Now in theory, since the calling process own 't' it should be safe to
+ * modify.  We need to be able to read f without being hassled */
+void SSL_copy_session_id(SSL *t,SSL *f)
+        {
+        CERT *tmp;
+
+        /* Do we need to to SSL locking? */
+        SSL_set_session(t,SSL_get_session(f));
+
+        /* what if we are setup as SSLv2 but want to talk SSLv3 or
+         * vice-versa */
+        if (t->method != f->method)
+                {
+                t->method->ssl_free(t); /* cleanup current */
+                t->method=f->method;    /* change method */
+                t->method->ssl_new(t);  /* setup new */
+                }
+
+        tmp=t->cert;
+        if (f->cert != NULL)
+                {
+                CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
+                t->cert=f->cert;
+                }
+        else
+                t->cert=NULL;
+        if (tmp != NULL) ssl_cert_free(tmp);
+        SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
+        }
+
+/* Fix this so it checks all the valid key/cert options */
+int SSL_CTX_check_private_key(SSL_CTX *ctx)
+        {
+        if (    (ctx == NULL) ||
+                (ctx->cert == NULL) ||
+                (ctx->cert->key->x509 == NULL))
+                {
+                SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+                return(0);
+                }
+        if      (ctx->cert->key->privatekey == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+                return(0);
+                }
+        return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
+        }
+
+/* Fix this function so that it takes an optional type parameter */
+int SSL_check_private_key(SSL *ssl)
+        {
+        if (ssl == NULL)
+                {
+                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (ssl->cert == NULL)
+                {
+                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+                return 0;
+                }
+        if (ssl->cert->key->x509 == NULL)
+                {
+                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+                return(0);
+                }
+        if (ssl->cert->key->privatekey == NULL)
+                {
+                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+                return(0);
+                }
+        return(X509_check_private_key(ssl->cert->key->x509,
+                ssl->cert->key->privatekey));
+        }
+
+int SSL_accept(SSL *s)
+        {
+        if (s->handshake_func == 0)
+                /* Not properly initialized yet */
+                SSL_set_accept_state(s);
+
+        return(s->method->ssl_accept(s));
+        }
+
+int SSL_connect(SSL *s)
+        {
+        if (s->handshake_func == 0)
+                /* Not properly initialized yet */
+                SSL_set_connect_state(s);
+
+        return(s->method->ssl_connect(s));
+        }
+
+long SSL_get_default_timeout(SSL *s)
+        {
+        return(s->method->get_timeout());
+        }
+
+int SSL_read(SSL *s,void *buf,int num)
+        {
+        if (s->handshake_func == 0)
+                {
+                SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+                return -1;
+                }
+
+        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+                {
+                s->rwstate=SSL_NOTHING;
+                return(0);
+                }
+        return(s->method->ssl_read(s,buf,num));
+        }
+
+int SSL_peek(SSL *s,void *buf,int num)
+        {
+        if (s->handshake_func == 0)
+                {
+                SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+                return -1;
+                }
+
+        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+                {
+                return(0);
+                }
+        return(s->method->ssl_peek(s,buf,num));
+        }
+
+int SSL_write(SSL *s,const void *buf,int num)
+        {
+        if (s->handshake_func == 0)
+                {
+                SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
+                return -1;
+                }
+
+        if (s->shutdown & SSL_SENT_SHUTDOWN)
+                {
+                s->rwstate=SSL_NOTHING;
+                SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
+                return(-1);
+                }
+        return(s->method->ssl_write(s,buf,num));
+        }
+
+int SSL_shutdown(SSL *s)
+        {
+        /* Note that this function behaves differently from what one might
+         * expect.  Return values are 0 for no success (yet),
+         * 1 for success; but calling it once is usually not enough,
+         * even if blocking I/O is used (see ssl3_shutdown).
+         */
+
+        if (s->handshake_func == 0)
+                {
+                SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
+                return -1;
+                }
+
+        if ((s != NULL) && !SSL_in_init(s))
+                return(s->method->ssl_shutdown(s));
+        else
+                return(1);
+        }
+
+int SSL_renegotiate(SSL *s)
+        {
+        if (s->new_session == 0)
+                {
+                s->new_session=1;
+                }
+        return(s->method->ssl_renegotiate(s));
+        }
+
+int SSL_renegotiate_pending(SSL *s)
+        {
+        /* becomes true when negotiation is requested;
+         * false again once a handshake has finished */
+        return (s->new_session != 0);
+        }
+
+long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
+        {
+        long l;
+
+        switch (cmd)
+                {
+        case SSL_CTRL_GET_READ_AHEAD:
+                return(s->read_ahead);
+        case SSL_CTRL_SET_READ_AHEAD:
+                l=s->read_ahead;
+                s->read_ahead=larg;
+                return(l);
+
+        case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+                s->msg_callback_arg = parg;
+                return 1;
+
+        case SSL_CTRL_OPTIONS:
+                return(s->options|=larg);
+        case SSL_CTRL_MODE:
+                return(s->mode|=larg);
+        case SSL_CTRL_GET_MAX_CERT_LIST:
+                return(s->max_cert_list);
+        case SSL_CTRL_SET_MAX_CERT_LIST:
+                l=s->max_cert_list;
+                s->max_cert_list=larg;
+                return(l);
+        default:
+                return(s->method->ssl_ctrl(s,cmd,larg,parg));
+                }
+        }
+
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)())
+        {
+        switch(cmd)
+                {
+        case SSL_CTRL_SET_MSG_CALLBACK:
+                s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
+                return 1;
+                
+        default:
+                return(s->method->ssl_callback_ctrl(s,cmd,fp));
+                }
+        }
+
+struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
+        {
+        return ctx->sessions;
+        }
+
+long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
+        {
+        long l;
+
+        switch (cmd)
+                {
+        case SSL_CTRL_GET_READ_AHEAD:
+                return(ctx->read_ahead);
+        case SSL_CTRL_SET_READ_AHEAD:
+                l=ctx->read_ahead;
+                ctx->read_ahead=larg;
+                return(l);
+                
+        case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+                ctx->msg_callback_arg = parg;
+                return 1;
+
+        case SSL_CTRL_GET_MAX_CERT_LIST:
+                return(ctx->max_cert_list);
+        case SSL_CTRL_SET_MAX_CERT_LIST:
+                l=ctx->max_cert_list;
+                ctx->max_cert_list=larg;
+                return(l);
+
+        case SSL_CTRL_SET_SESS_CACHE_SIZE:
+                l=ctx->session_cache_size;
+                ctx->session_cache_size=larg;
+                return(l);
+        case SSL_CTRL_GET_SESS_CACHE_SIZE:
+                return(ctx->session_cache_size);
+        case SSL_CTRL_SET_SESS_CACHE_MODE:
+                l=ctx->session_cache_mode;
+                ctx->session_cache_mode=larg;
+                return(l);
+        case SSL_CTRL_GET_SESS_CACHE_MODE:
+                return(ctx->session_cache_mode);
+
+        case SSL_CTRL_SESS_NUMBER:
+                return(ctx->sessions->num_items);
+        case SSL_CTRL_SESS_CONNECT:
+                return(ctx->stats.sess_connect);
+        case SSL_CTRL_SESS_CONNECT_GOOD:
+                return(ctx->stats.sess_connect_good);
+        case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
+                return(ctx->stats.sess_connect_renegotiate);
+        case SSL_CTRL_SESS_ACCEPT:
+                return(ctx->stats.sess_accept);
+        case SSL_CTRL_SESS_ACCEPT_GOOD:
+                return(ctx->stats.sess_accept_good);
+        case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
+                return(ctx->stats.sess_accept_renegotiate);
+        case SSL_CTRL_SESS_HIT:
+                return(ctx->stats.sess_hit);
+        case SSL_CTRL_SESS_CB_HIT:
+                return(ctx->stats.sess_cb_hit);
+        case SSL_CTRL_SESS_MISSES:
+                return(ctx->stats.sess_miss);
+        case SSL_CTRL_SESS_TIMEOUTS:
+                return(ctx->stats.sess_timeout);
+        case SSL_CTRL_SESS_CACHE_FULL:
+                return(ctx->stats.sess_cache_full);
+        case SSL_CTRL_OPTIONS:
+                return(ctx->options|=larg);
+        case SSL_CTRL_MODE:
+                return(ctx->mode|=larg);
+        default:
+                return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
+                }
+        }
+
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+        {
+        switch(cmd)
+                {
+        case SSL_CTRL_SET_MSG_CALLBACK:
+                ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
+                return 1;
+
+        default:
+                return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
+                }
+        }
+
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
+        {
+        long l;
+
+        l=a->id-b->id;
+        if (l == 0L)
+                return(0);
+        else
+                return((l > 0)?1:-1);
+        }
+
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+                        const SSL_CIPHER * const *bp)
+        {
+        long l;
+
+        l=(*ap)->id-(*bp)->id;
+        if (l == 0L)
+                return(0);
+        else
+                return((l > 0)?1:-1);
+        }
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
+        {
+        if (s != NULL)
+                {
+                if (s->cipher_list != NULL)
+                        {
+                        return(s->cipher_list);
+                        }
+                else if ((s->ctx != NULL) &&
+                        (s->ctx->cipher_list != NULL))
+                        {
+                        return(s->ctx->cipher_list);
+                        }
+                }
+        return(NULL);
+        }
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * algorithm id */
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+        {
+        if (s != NULL)
+                {
+                if (s->cipher_list_by_id != NULL)
+                        {
+                        return(s->cipher_list_by_id);
+                        }
+                else if ((s->ctx != NULL) &&
+                        (s->ctx->cipher_list_by_id != NULL))
+                        {
+                        return(s->ctx->cipher_list_by_id);
+                        }
+                }
+        return(NULL);
+        }
+
+/** The old interface to get the same thing as SSL_get_ciphers() */
+const char *SSL_get_cipher_list(SSL *s,int n)
+        {
+        SSL_CIPHER *c;
+        STACK_OF(SSL_CIPHER) *sk;
+
+        if (s == NULL) return(NULL);
+        sk=SSL_get_ciphers(s);
+        if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
+                return(NULL);
+        c=sk_SSL_CIPHER_value(sk,n);
+        if (c == NULL) return(NULL);
+        return(c->name);
+        }
+
+/** specify the ciphers to be used by default by the SSL_CTX */
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
+        {
+        STACK_OF(SSL_CIPHER) *sk;
+        
+        sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
+                &ctx->cipher_list_by_id,str);
+/* XXXX */
+        return((sk == NULL)?0:1);
+        }
+
+/** specify the ciphers to be used by the SSL */
+int SSL_set_cipher_list(SSL *s,const char *str)
+        {
+        STACK_OF(SSL_CIPHER) *sk;
+        
+        sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
+                &s->cipher_list_by_id,str);
+/* XXXX */
+        return((sk == NULL)?0:1);
+        }
+
+/* works well for SSLv2, not so good for SSLv3 */
+char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
+        {
+        char *p;
+        const char *cp;
+        STACK_OF(SSL_CIPHER) *sk;
+        SSL_CIPHER *c;
+        int i;
+
+        if ((s->session == NULL) || (s->session->ciphers == NULL) ||
+                (len < 2))
+                return(NULL);
+
+        p=buf;
+        sk=s->session->ciphers;
+        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+                {
+                /* Decrement for either the ':' or a '\0' */
+                len--;
+                c=sk_SSL_CIPHER_value(sk,i);
+                for (cp=c->name; *cp; )
+                        {
+                        if (len-- == 0)
+                                {
+                                *p='\0';
+                                return(buf);
+                                }
+                        else
+                                *(p++)= *(cp++);
+                        }
+                *(p++)=':';
+                }
+        p[-1]='\0';
+        return(buf);
+        }
+
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
+        {
+        int i,j=0;
+        SSL_CIPHER *c;
+        unsigned char *q;
+#ifndef OPENSSL_NO_KRB5
+        int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
+#endif /* OPENSSL_NO_KRB5 */
+
+        if (sk == NULL) return(0);
+        q=p;
+
+        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+                {
+                c=sk_SSL_CIPHER_value(sk,i);
+#ifndef OPENSSL_NO_KRB5
+                if ((c->algorithms & SSL_KRB5) && nokrb5)
+                    continue;
+#endif /* OPENSSL_NO_KRB5 */                    
+                j=ssl_put_cipher_by_char(s,c,p);
+                p+=j;
+                }
+        return(p-q);
+        }
+
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+                                               STACK_OF(SSL_CIPHER) **skp)
+        {
+        SSL_CIPHER *c;
+        STACK_OF(SSL_CIPHER) *sk;
+        int i,n;
+
+        n=ssl_put_cipher_by_char(s,NULL,NULL);
+        if ((num%n) != 0)
+                {
+                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+                return(NULL);
+                }
+        if ((skp == NULL) || (*skp == NULL))
+                sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
+        else
+                {
+                sk= *skp;
+                sk_SSL_CIPHER_zero(sk);
+                }
+
+        for (i=0; i<num; i+=n)
+                {
+                c=ssl_get_cipher_by_char(s,p);
+                p+=n;
+                if (c != NULL)
+                        {
+                        if (!sk_SSL_CIPHER_push(sk,c))
+                                {
+                                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        }
+                }
+
+        if (skp != NULL)
+                *skp=sk;
+        return(sk);
+err:
+        if ((skp == NULL) || (*skp == NULL))
+                sk_SSL_CIPHER_free(sk);
+        return(NULL);
+        }
+
+unsigned long SSL_SESSION_hash(SSL_SESSION *a)
+        {
+        unsigned long l;
+
+        l=(unsigned long)
+                ((unsigned int) a->session_id[0]     )|
+                ((unsigned int) a->session_id[1]<< 8L)|
+                ((unsigned long)a->session_id[2]<<16L)|
+                ((unsigned long)a->session_id[3]<<24L);
+        return(l);
+        }
+
+/* NB: If this function (or indeed the hash function which uses a sort of
+ * coarser function than this one) is changed, ensure
+ * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
+ * able to construct an SSL_SESSION that will collide with any existing session
+ * with a matching session ID. */
+int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
+        {
+        if (a->ssl_version != b->ssl_version)
+                return(1);
+        if (a->session_id_length != b->session_id_length)
+                return(1);
+        return(memcmp(a->session_id,b->session_id,a->session_id_length));
+        }
+
+/* These wrapper functions should remain rather than redeclaring
+ * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
+ * variable. The reason is that the functions aren't static, they're exposed via
+ * ssl.h. */
+static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)
+static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)
+
+SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
+        {
+        SSL_CTX *ret=NULL;
+        
+        if (meth == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
+                return(NULL);
+                }
+
+        if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
+                goto err;
+                }
+        ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
+        if (ret == NULL)
+                goto err;
+
+        memset(ret,0,sizeof(SSL_CTX));
+
+        ret->method=meth;
+
+        ret->cert_store=NULL;
+        ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
+        ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
+        ret->session_cache_head=NULL;
+        ret->session_cache_tail=NULL;
+
+        /* We take the system default */
+        ret->session_timeout=meth->get_timeout();
+
+        ret->new_session_cb=0;
+        ret->remove_session_cb=0;
+        ret->get_session_cb=0;
+        ret->generate_session_id=0;
+
+        memset((char *)&ret->stats,0,sizeof(ret->stats));
+
+        ret->references=1;
+        ret->quiet_shutdown=0;
+
+/*      ret->cipher=NULL;*/
+/*      ret->s2->challenge=NULL;
+        ret->master_key=NULL;
+        ret->key_arg=NULL;
+        ret->s2->conn_id=NULL; */
+
+        ret->info_callback=NULL;
+
+        ret->app_verify_callback=0;
+        ret->app_verify_arg=NULL;
+
+        ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
+        ret->read_ahead=0;
+        ret->msg_callback=0;
+        ret->msg_callback_arg=NULL;
+        ret->verify_mode=SSL_VERIFY_NONE;
+        ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
+        ret->sid_ctx_length=0;
+        ret->default_verify_callback=NULL;
+        if ((ret->cert=ssl_cert_new()) == NULL)
+                goto err;
+
+        ret->default_passwd_callback=0;
+        ret->default_passwd_callback_userdata=NULL;
+        ret->client_cert_cb=0;
+
+        ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
+                        LHASH_COMP_FN(SSL_SESSION_cmp));
+        if (ret->sessions == NULL) goto err;
+        ret->cert_store=X509_STORE_new();
+        if (ret->cert_store == NULL) goto err;
+
+        ssl_create_cipher_list(ret->method,
+                &ret->cipher_list,&ret->cipher_list_by_id,
+                SSL_DEFAULT_CIPHER_LIST);
+        if (ret->cipher_list == NULL
+            || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
+                goto err2;
+                }
+
+        if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
+                goto err2;
+                }
+        if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+                goto err2;
+                }
+        if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+                goto err2;
+                }
+
+        if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
+                goto err;
+
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
+
+        ret->extra_certs=NULL;
+        ret->comp_methods=SSL_COMP_get_compression_methods();
+
+        return(ret);
+err:
+        SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
+err2:
+        if (ret != NULL) SSL_CTX_free(ret);
+        return(NULL);
+        }
+
+#if 0
+static void SSL_COMP_free(SSL_COMP *comp)
+    { OPENSSL_free(comp); }
+#endif
+
+void SSL_CTX_free(SSL_CTX *a)
+        {
+        int i;
+
+        if (a == NULL) return;
+
+        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
+#ifdef REF_PRINT
+        REF_PRINT("SSL_CTX",a);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"SSL_CTX_free, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+
+        /*
+         * Free internal session cache. However: the remove_cb() may reference
+         * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+         * after the sessions were flushed.
+         * As the ex_data handling routines might also touch the session cache,
+         * the most secure solution seems to be: empty (flush) the cache, then
+         * free ex_data, then finally free the cache.
+         * (See ticket [openssl.org #212].)
+         */
+        if (a->sessions != NULL)
+                SSL_CTX_flush_sessions(a,0);
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+
+        if (a->sessions != NULL)
+                lh_free(a->sessions);
+
+        if (a->cert_store != NULL)
+                X509_STORE_free(a->cert_store);
+        if (a->cipher_list != NULL)
+                sk_SSL_CIPHER_free(a->cipher_list);
+        if (a->cipher_list_by_id != NULL)
+                sk_SSL_CIPHER_free(a->cipher_list_by_id);
+        if (a->cert != NULL)
+                ssl_cert_free(a->cert);
+        if (a->client_CA != NULL)
+                sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
+        if (a->extra_certs != NULL)
+                sk_X509_pop_free(a->extra_certs,X509_free);
+#if 0 /* This should never be done, since it removes a global database */
+        if (a->comp_methods != NULL)
+                sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
+#else
+        a->comp_methods = NULL;
+#endif
+        OPENSSL_free(a);
+        }
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
+        {
+        ctx->default_passwd_callback=cb;
+        }
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
+        {
+        ctx->default_passwd_callback_userdata=u;
+        }
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
+        {
+        ctx->app_verify_callback=cb;
+        ctx->app_verify_arg=arg;
+        }
+
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
+        {
+        ctx->verify_mode=mode;
+        ctx->default_verify_callback=cb;
+        }
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
+        {
+        ctx->verify_depth=depth;
+        }
+
+void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
+        {
+        CERT_PKEY *cpk;
+        int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
+        int rsa_enc_export,dh_rsa_export,dh_dsa_export;
+        int rsa_tmp_export,dh_tmp_export,kl;
+        unsigned long mask,emask;
+
+        if (c == NULL) return;
+
+        kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
+
+#ifndef OPENSSL_NO_RSA
+        rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
+        rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
+                (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
+#else
+        rsa_tmp=rsa_tmp_export=0;
+#endif
+#ifndef OPENSSL_NO_DH
+        dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
+        dh_tmp_export=(c->dh_tmp_cb != NULL ||
+                (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
+#else
+        dh_tmp=dh_tmp_export=0;
+#endif
+
+        cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
+        rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
+        rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
+        cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
+        rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
+        cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
+        dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
+        cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
+        dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+        dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
+        cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
+/* FIX THIS EAY EAY EAY */
+        dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+        dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
+
+        mask=0;
+        emask=0;
+
+#ifdef CIPHER_DEBUG
+        printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+                rsa_tmp,rsa_tmp_export,dh_tmp,
+                rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
+#endif
+
+        if (rsa_enc || (rsa_tmp && rsa_sign))
+                mask|=SSL_kRSA;
+        if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
+                emask|=SSL_kRSA;
+
+#if 0
+        /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+        if (    (dh_tmp || dh_rsa || dh_dsa) && 
+                (rsa_enc || rsa_sign || dsa_sign))
+                mask|=SSL_kEDH;
+        if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
+                (rsa_enc || rsa_sign || dsa_sign))
+                emask|=SSL_kEDH;
+#endif
+
+        if (dh_tmp_export) 
+                emask|=SSL_kEDH;
+
+        if (dh_tmp)
+                mask|=SSL_kEDH;
+
+        if (dh_rsa) mask|=SSL_kDHr;
+        if (dh_rsa_export) emask|=SSL_kDHr;
+
+        if (dh_dsa) mask|=SSL_kDHd;
+        if (dh_dsa_export) emask|=SSL_kDHd;
+
+        if (rsa_enc || rsa_sign)
+                {
+                mask|=SSL_aRSA;
+                emask|=SSL_aRSA;
+                }
+
+        if (dsa_sign)
+                {
+                mask|=SSL_aDSS;
+                emask|=SSL_aDSS;
+                }
+
+        mask|=SSL_aNULL;
+        emask|=SSL_aNULL;
+
+#ifndef OPENSSL_NO_KRB5
+        mask|=SSL_kKRB5|SSL_aKRB5;
+        emask|=SSL_kKRB5|SSL_aKRB5;
+#endif
+
+        c->mask=mask;
+        c->export_mask=emask;
+        c->valid=1;
+        }
+
+/* THIS NEEDS CLEANING UP */
+X509 *ssl_get_server_send_cert(SSL *s)
+        {
+        unsigned long alg,mask,kalg;
+        CERT *c;
+        int i,is_export;
+
+        c=s->cert;
+        ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
+        alg=s->s3->tmp.new_cipher->algorithms;
+        is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+        mask=is_export?c->export_mask:c->mask;
+        kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+
+        if      (kalg & SSL_kDHr)
+                i=SSL_PKEY_DH_RSA;
+        else if (kalg & SSL_kDHd)
+                i=SSL_PKEY_DH_DSA;
+        else if (kalg & SSL_aDSS)
+                i=SSL_PKEY_DSA_SIGN;
+        else if (kalg & SSL_aRSA)
+                {
+                if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
+                        i=SSL_PKEY_RSA_SIGN;
+                else
+                        i=SSL_PKEY_RSA_ENC;
+                }
+        else if (kalg & SSL_aKRB5)
+                {
+                /* VRS something else here? */
+                return(NULL);
+                }
+        else /* if (kalg & SSL_aNULL) */
+                {
+                SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
+                return(NULL);
+                }
+        if (c->pkeys[i].x509 == NULL) return(NULL);
+        return(c->pkeys[i].x509);
+        }
+
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+        {
+        unsigned long alg;
+        CERT *c;
+
+        alg=cipher->algorithms;
+        c=s->cert;
+
+        if ((alg & SSL_aDSS) &&
+                (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
+                return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
+        else if (alg & SSL_aRSA)
+                {
+                if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
+                        return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
+                else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
+                        return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
+                else
+                        return(NULL);
+                }
+        else /* if (alg & SSL_aNULL) */
+                {
+                SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
+                return(NULL);
+                }
+        }
+
+void ssl_update_cache(SSL *s,int mode)
+        {
+        int i;
+
+        /* If the session_id_length is 0, we are not supposed to cache it,
+         * and it would be rather hard to do anyway :-) */
+        if (s->session->session_id_length == 0) return;
+
+        i=s->ctx->session_cache_mode;
+        if ((i & mode) && (!s->hit)
+                && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+                    || SSL_CTX_add_session(s->ctx,s->session))
+                && (s->ctx->new_session_cb != NULL))
+                {
+                CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
+                if (!s->ctx->new_session_cb(s,s->session))
+                        SSL_SESSION_free(s->session);
+                }
+
+        /* auto flush every 255 connections */
+        if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
+                ((i & mode) == mode))
+                {
+                if (  (((mode & SSL_SESS_CACHE_CLIENT)
+                        ?s->ctx->stats.sess_connect_good
+                        :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
+                        {
+                        SSL_CTX_flush_sessions(s->ctx,time(NULL));
+                        }
+                }
+        }
+
+SSL_METHOD *SSL_get_ssl_method(SSL *s)
+        {
+        return(s->method);
+        }
+
+int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
+        {
+        int conn= -1;
+        int ret=1;
+
+        if (s->method != meth)
+                {
+                if (s->handshake_func != NULL)
+                        conn=(s->handshake_func == s->method->ssl_connect);
+
+                if (s->method->version == meth->version)
+                        s->method=meth;
+                else
+                        {
+                        s->method->ssl_free(s);
+                        s->method=meth;
+                        ret=s->method->ssl_new(s);
+                        }
+
+                if (conn == 1)
+                        s->handshake_func=meth->ssl_connect;
+                else if (conn == 0)
+                        s->handshake_func=meth->ssl_accept;
+                }
+        return(ret);
+        }
+
+int SSL_get_error(SSL *s,int i)
+        {
+        int reason;
+        unsigned long l;
+        BIO *bio;
+
+        if (i > 0) return(SSL_ERROR_NONE);
+
+        /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
+         * etc, where we do encode the error */
+        if ((l=ERR_peek_error()) != 0)
+                {
+                if (ERR_GET_LIB(l) == ERR_LIB_SYS)
+                        return(SSL_ERROR_SYSCALL);
+                else
+                        return(SSL_ERROR_SSL);
+                }
+
+        if ((i < 0) && SSL_want_read(s))
+                {
+                bio=SSL_get_rbio(s);
+                if (BIO_should_read(bio))
+                        return(SSL_ERROR_WANT_READ);
+                else if (BIO_should_write(bio))
+                        /* This one doesn't make too much sense ... We never try
+                         * to write to the rbio, and an application program where
+                         * rbio and wbio are separate couldn't even know what it
+                         * should wait for.
+                         * However if we ever set s->rwstate incorrectly
+                         * (so that we have SSL_want_read(s) instead of
+                         * SSL_want_write(s)) and rbio and wbio *are* the same,
+                         * this test works around that bug; so it might be safer
+                         * to keep it. */
+                        return(SSL_ERROR_WANT_WRITE);
+                else if (BIO_should_io_special(bio))
+                        {
+                        reason=BIO_get_retry_reason(bio);
+                        if (reason == BIO_RR_CONNECT)
+                                return(SSL_ERROR_WANT_CONNECT);
+                        else if (reason == BIO_RR_ACCEPT)
+                                return(SSL_ERROR_WANT_ACCEPT);
+                        else
+                                return(SSL_ERROR_SYSCALL); /* unknown */
+                        }
+                }
+
+        if ((i < 0) && SSL_want_write(s))
+                {
+                bio=SSL_get_wbio(s);
+                if (BIO_should_write(bio))
+                        return(SSL_ERROR_WANT_WRITE);
+                else if (BIO_should_read(bio))
+                        /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
+                        return(SSL_ERROR_WANT_READ);
+                else if (BIO_should_io_special(bio))
+                        {
+                        reason=BIO_get_retry_reason(bio);
+                        if (reason == BIO_RR_CONNECT)
+                                return(SSL_ERROR_WANT_CONNECT);
+                        else if (reason == BIO_RR_ACCEPT)
+                                return(SSL_ERROR_WANT_ACCEPT);
+                        else
+                                return(SSL_ERROR_SYSCALL);
+                        }
+                }
+        if ((i < 0) && SSL_want_x509_lookup(s))
+                {
+                return(SSL_ERROR_WANT_X509_LOOKUP);
+                }
+
+        if (i == 0)
+                {
+                if (s->version == SSL2_VERSION)
+                        {
+                        /* assume it is the socket being closed */
+                        return(SSL_ERROR_ZERO_RETURN);
+                        }
+                else
+                        {
+                        if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+                                (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+                                return(SSL_ERROR_ZERO_RETURN);
+                        }
+                }
+        return(SSL_ERROR_SYSCALL);
+        }
+
+int SSL_do_handshake(SSL *s)
+        {
+        int ret=1;
+
+        if (s->handshake_func == NULL)
+                {
+                SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
+                return(-1);
+                }
+
+        s->method->ssl_renegotiate_check(s);
+
+        if (SSL_in_init(s) || SSL_in_before(s))
+                {
+                ret=s->handshake_func(s);
+                }
+        return(ret);
+        }
+
+/* For the next 2 functions, SSL_clear() sets shutdown and so
+ * one of these calls will reset it */
+void SSL_set_accept_state(SSL *s)
+        {
+        s->server=1;
+        s->shutdown=0;
+        s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
+        s->handshake_func=s->method->ssl_accept;
+        /* clear the current cipher */
+        ssl_clear_cipher_ctx(s);
+        }
+
+void SSL_set_connect_state(SSL *s)
+        {
+        s->server=0;
+        s->shutdown=0;
+        s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
+        s->handshake_func=s->method->ssl_connect;
+        /* clear the current cipher */
+        ssl_clear_cipher_ctx(s);
+        }
+
+int ssl_undefined_function(SSL *s)
+        {
+        SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return(0);
+        }
+
+SSL_METHOD *ssl_bad_method(int ver)
+        {
+        SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return(NULL);
+        }
+
+const char *SSL_get_version(SSL *s)
+        {
+        if (s->version == TLS1_VERSION)
+                return("TLSv1");
+        else if (s->version == SSL3_VERSION)
+                return("SSLv3");
+        else if (s->version == SSL2_VERSION)
+                return("SSLv2");
+        else
+                return("unknown");
+        }
+
+SSL *SSL_dup(SSL *s)
+        {
+        STACK_OF(X509_NAME) *sk;
+        X509_NAME *xn;
+        SSL *ret;
+        int i;
+                 
+        if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+            return(NULL);
+
+        ret->version = s->version;
+        ret->type = s->type;
+        ret->method = s->method;
+
+        if (s->session != NULL)
+                {
+                /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
+                SSL_copy_session_id(ret,s);
+                }
+        else
+                {
+                /* No session has been established yet, so we have to expect
+                 * that s->cert or ret->cert will be changed later --
+                 * they should not both point to the same object,
+                 * and thus we can't use SSL_copy_session_id. */
+
+                ret->method->ssl_free(ret);
+                ret->method = s->method;
+                ret->method->ssl_new(ret);
+
+                if (s->cert != NULL)
+                        {
+                        if (ret->cert != NULL)
+                                {
+                                ssl_cert_free(ret->cert);
+                                }
+                        ret->cert = ssl_cert_dup(s->cert);
+                        if (ret->cert == NULL)
+                                goto err;
+                        }
+                                
+                SSL_set_session_id_context(ret,
+                        s->sid_ctx, s->sid_ctx_length);
+                }
+
+        ret->options=s->options;
+        ret->mode=s->mode;
+        SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
+        SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
+        ret->msg_callback = s->msg_callback;
+        ret->msg_callback_arg = s->msg_callback_arg;
+        SSL_set_verify(ret,SSL_get_verify_mode(s),
+                SSL_get_verify_callback(s));
+        SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
+        ret->generate_session_id = s->generate_session_id;
+
+        SSL_set_info_callback(ret,SSL_get_info_callback(s));
+        
+        ret->debug=s->debug;
+
+        /* copy app data, a little dangerous perhaps */
+        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
+                goto err;
+
+        /* setup rbio, and wbio */
+        if (s->rbio != NULL)
+                {
+                if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
+                        goto err;
+                }
+        if (s->wbio != NULL)
+                {
+                if (s->wbio != s->rbio)
+                        {
+                        if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
+                                goto err;
+                        }
+                else
+                        ret->wbio=ret->rbio;
+                }
+        ret->rwstate = s->rwstate;
+        ret->in_handshake = s->in_handshake;
+        ret->handshake_func = s->handshake_func;
+        ret->server = s->server;
+        ret->new_session = s->new_session;
+        ret->quiet_shutdown = s->quiet_shutdown;
+        ret->shutdown=s->shutdown;
+        ret->state=s->state; /* SSL_dup does not really work at any state, though */
+        ret->rstate=s->rstate;
+        ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
+        ret->hit=s->hit;
+        ret->purpose=s->purpose;
+        ret->trust=s->trust;
+
+        /* dup the cipher_list and cipher_list_by_id stacks */
+        if (s->cipher_list != NULL)
+                {
+                if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
+                        goto err;
+                }
+        if (s->cipher_list_by_id != NULL)
+                if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
+                        == NULL)
+                        goto err;
+
+        /* Dup the client_CA list */
+        if (s->client_CA != NULL)
+                {
+                if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
+                ret->client_CA=sk;
+                for (i=0; i<sk_X509_NAME_num(sk); i++)
+                        {
+                        xn=sk_X509_NAME_value(sk,i);
+                        if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
+                                {
+                                X509_NAME_free(xn);
+                                goto err;
+                                }
+                        }
+                }
+
+        if (0)
+                {
+err:
+                if (ret != NULL) SSL_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+
+void ssl_clear_cipher_ctx(SSL *s)
+        {
+        if (s->enc_read_ctx != NULL)
+                {
+                EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
+                OPENSSL_free(s->enc_read_ctx);
+                s->enc_read_ctx=NULL;
+                }
+        if (s->enc_write_ctx != NULL)
+                {
+                EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
+                OPENSSL_free(s->enc_write_ctx);
+                s->enc_write_ctx=NULL;
+                }
+        if (s->expand != NULL)
+                {
+                COMP_CTX_free(s->expand);
+                s->expand=NULL;
+                }
+        if (s->compress != NULL)
+                {
+                COMP_CTX_free(s->compress);
+                s->compress=NULL;
+                }
+        }
+
+/* Fix this function so that it takes an optional type parameter */
+X509 *SSL_get_certificate(SSL *s)
+        {
+        if (s->cert != NULL)
+                return(s->cert->key->x509);
+        else
+                return(NULL);
+        }
+
+/* Fix this function so that it takes an optional type parameter */
+EVP_PKEY *SSL_get_privatekey(SSL *s)
+        {
+        if (s->cert != NULL)
+                return(s->cert->key->privatekey);
+        else
+                return(NULL);
+        }
+
+SSL_CIPHER *SSL_get_current_cipher(SSL *s)
+        {
+        if ((s->session != NULL) && (s->session->cipher != NULL))
+                return(s->session->cipher);
+        return(NULL);
+        }
+
+int ssl_init_wbio_buffer(SSL *s,int push)
+        {
+        BIO *bbio;
+
+        if (s->bbio == NULL)
+                {
+                bbio=BIO_new(BIO_f_buffer());
+                if (bbio == NULL) return(0);
+                s->bbio=bbio;
+                }
+        else
+                {
+                bbio=s->bbio;
+                if (s->bbio == s->wbio)
+                        s->wbio=BIO_pop(s->wbio);
+                }
+        (void)BIO_reset(bbio);
+/*      if (!BIO_set_write_buffer_size(bbio,16*1024)) */
+        if (!BIO_set_read_buffer_size(bbio,1))
+                {
+                SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
+                return(0);
+                }
+        if (push)
+                {
+                if (s->wbio != bbio)
+                        s->wbio=BIO_push(bbio,s->wbio);
+                }
+        else
+                {
+                if (s->wbio == bbio)
+                        s->wbio=BIO_pop(bbio);
+                }
+        return(1);
+        }
+
+void ssl_free_wbio_buffer(SSL *s)
+        {
+        if (s->bbio == NULL) return;
+
+        if (s->bbio == s->wbio)
+                {
+                /* remove buffering */
+                s->wbio=BIO_pop(s->wbio);
+#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
+                assert(s->wbio != NULL);
+#endif  
+        }
+        BIO_free(s->bbio);
+        s->bbio=NULL;
+        }
+        
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
+        {
+        ctx->quiet_shutdown=mode;
+        }
+
+int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx)
+        {
+        return(ctx->quiet_shutdown);
+        }
+
+void SSL_set_quiet_shutdown(SSL *s,int mode)
+        {
+        s->quiet_shutdown=mode;
+        }
+
+int SSL_get_quiet_shutdown(SSL *s)
+        {
+        return(s->quiet_shutdown);
+        }
+
+void SSL_set_shutdown(SSL *s,int mode)
+        {
+        s->shutdown=mode;
+        }
+
+int SSL_get_shutdown(SSL *s)
+        {
+        return(s->shutdown);
+        }
+
+int SSL_version(SSL *s)
+        {
+        return(s->version);
+        }
+
+SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
+        {
+        return(ssl->ctx);
+        }
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+        {
+        return(X509_STORE_set_default_paths(ctx->cert_store));
+        }
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                const char *CApath)
+        {
+        return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
+        }
+#endif
+
+void SSL_set_info_callback(SSL *ssl,
+                           void (*cb)(const SSL *ssl,int type,int val))
+        {
+        ssl->info_callback=cb;
+        }
+
+void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val)
+        {
+        return ssl->info_callback;
+        }
+
+int SSL_state(SSL *ssl)
+        {
+        return(ssl->state);
+        }
+
+void SSL_set_verify_result(SSL *ssl,long arg)
+        {
+        ssl->verify_result=arg;
+        }
+
+long SSL_get_verify_result(SSL *ssl)
+        {
+        return(ssl->verify_result);
+        }
+
+int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
+                         CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int SSL_set_ex_data(SSL *s,int idx,void *arg)
+        {
+        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+        }
+
+void *SSL_get_ex_data(SSL *s,int idx)
+        {
+        return(CRYPTO_get_ex_data(&s->ex_data,idx));
+        }
+
+int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
+                             CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
+        {
+        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+        }
+
+void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx)
+        {
+        return(CRYPTO_get_ex_data(&s->ex_data,idx));
+        }
+
+int ssl_ok(SSL *s)
+        {
+        return(1);
+        }
+
+X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)
+        {
+        return(ctx->cert_store);
+        }
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
+        {
+        if (ctx->cert_store != NULL)
+                X509_STORE_free(ctx->cert_store);
+        ctx->cert_store=store;
+        }
+
+int SSL_want(SSL *s)
+        {
+        return(s->rwstate);
+        }
+
+/*!
+ * \brief Set the callback for generating temporary RSA keys.
+ * \param ctx the SSL context.
+ * \param cb the callback
+ */
+
+#ifndef OPENSSL_NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
+                                                          int is_export,
+                                                          int keylength))
+    {
+    SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+    }
+
+void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
+                                                  int is_export,
+                                                  int keylength))
+    {
+    SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+    }
+#endif
+
+#ifdef DOXYGEN
+/*!
+ * \brief The RSA temporary key callback function.
+ * \param ssl the SSL session.
+ * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
+ * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
+ * of the required key in bits.
+ * \return the temporary RSA key.
+ * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
+ */
+
+RSA *cb(SSL *ssl,int is_export,int keylength)
+    {}
+#endif
+
+/*!
+ * \brief Set the callback for generating temporary DH keys.
+ * \param ctx the SSL context.
+ * \param dh the callback
+ */
+
+#ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
+                                                        int keylength))
+        {
+        SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+        }
+
+void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
+                                                int keylength))
+        {
+        SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+        }
+#endif
+
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
+        {
+        SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
+        }
+void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
+        {
+        SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
+        }
+
+
+
+#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
+#include "../crypto/bio/bss_file.c"
+#endif
+
+IMPLEMENT_STACK_OF(SSL_CIPHER)
+IMPLEMENT_STACK_OF(SSL_COMP)
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
new file mode 100644
index 0000000000..dd6c7a7323
--- /dev/null
+++ b/src/lib/libssl/ssl_locl.h
@@ -0,0 +1,620 @@
+/* ssl/ssl_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SSL_LOCL_H
+#define HEADER_SSL_LOCL_H
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <errno.h>
+
+#include "e_os.h"
+
+#include <openssl/buffer.h>
+#include <openssl/comp.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/stack.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/symhacks.h>
+
+#ifdef OPENSSL_BUILD_SHLIBSSL
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+#define PKCS1_CHECK
+
+#define c2l(c,l)        (l = ((unsigned long)(*((c)++)))     , \
+                         l|=(((unsigned long)(*((c)++)))<< 8), \
+                         l|=(((unsigned long)(*((c)++)))<<16), \
+                         l|=(((unsigned long)(*((c)++)))<<24))
+
+/* NOTE - c is not incremented as per c2l */
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
+
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24, \
+                         l|=((unsigned long)(*((c)++)))<<16, \
+                         l|=((unsigned long)(*((c)++)))<< 8, \
+                         l|=((unsigned long)(*((c)++))))
+
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                                } \
+                        }
+
+#define n2s(c,s)        ((s=(((unsigned int)(c[0]))<< 8)| \
+                            (((unsigned int)(c[1]))    )),c+=2)
+#define s2n(s,c)        ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+                          c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
+
+#define n2l3(c,l)       ((l =(((unsigned long)(c[0]))<<16)| \
+                             (((unsigned long)(c[1]))<< 8)| \
+                             (((unsigned long)(c[2]))    )),c+=3)
+
+#define l2n3(l,c)       ((c[0]=(unsigned char)(((l)>>16)&0xff), \
+                          c[1]=(unsigned char)(((l)>> 8)&0xff), \
+                          c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
+
+/* LOCAL STUFF */
+
+#define SSL_DECRYPT     0
+#define SSL_ENCRYPT     1
+
+#define TWO_BYTE_BIT    0x80
+#define SEC_ESC_BIT     0x40
+#define TWO_BYTE_MASK   0x7fff
+#define THREE_BYTE_MASK 0x3fff
+
+#define INC32(a)        ((a)=((a)+1)&0xffffffffL)
+#define DEC32(a)        ((a)=((a)-1)&0xffffffffL)
+#define MAX_MAC_SIZE    20 /* up from 16 for SSLv3 */
+
+/*
+ * Define the Bitmasks for SSL_CIPHER.algorithms.
+ * This bits are used packed as dense as possible. If new methods/ciphers
+ * etc will be added, the bits a likely to change, so this information
+ * is for internal library use only, even though SSL_CIPHER.algorithms
+ * can be publicly accessed.
+ * Use the according functions for cipher management instead.
+ *
+ * The bit mask handling in the selection and sorting scheme in
+ * ssl_create_cipher_list() has only limited capabilities, reflecting
+ * that the different entities within are mutually exclusive:
+ * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
+ */
+#define SSL_MKEY_MASK           0x0000003FL
+#define SSL_kRSA                0x00000001L /* RSA key exchange */
+#define SSL_kDHr                0x00000002L /* DH cert RSA CA cert */
+#define SSL_kDHd                0x00000004L /* DH cert DSA CA cert */
+#define SSL_kFZA                0x00000008L
+#define SSL_kEDH                0x00000010L /* tmp DH key no DH cert */
+#define SSL_kKRB5               0x00000020L /* Kerberos5 key exchange */
+#define SSL_EDH                 (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
+
+#define SSL_AUTH_MASK           0x00000FC0L
+#define SSL_aRSA                0x00000040L /* Authenticate with RSA */
+#define SSL_aDSS                0x00000080L /* Authenticate with DSS */
+#define SSL_DSS                 SSL_aDSS
+#define SSL_aFZA                0x00000100L
+#define SSL_aNULL               0x00000200L /* no Authenticate, ADH */
+#define SSL_aDH                 0x00000400L /* no Authenticate, ADH */
+#define SSL_aKRB5               0x00000800L /* Authenticate with KRB5 */
+
+#define SSL_NULL                (SSL_eNULL)
+#define SSL_ADH                 (SSL_kEDH|SSL_aNULL)
+#define SSL_RSA                 (SSL_kRSA|SSL_aRSA)
+#define SSL_DH                  (SSL_kDHr|SSL_kDHd|SSL_kEDH)
+#define SSL_FZA                 (SSL_aFZA|SSL_kFZA|SSL_eFZA)
+#define SSL_KRB5                (SSL_kKRB5|SSL_aKRB5)
+
+#define SSL_ENC_MASK            0x0087F000L
+#define SSL_DES                 0x00001000L
+#define SSL_3DES                0x00002000L
+#define SSL_RC4                 0x00004000L
+#define SSL_RC2                 0x00008000L
+#define SSL_IDEA                0x00010000L
+#define SSL_eFZA                0x00020000L
+#define SSL_eNULL               0x00040000L
+#define SSL_AES                 0x00800000L
+
+#define SSL_MAC_MASK            0x00180000L
+#define SSL_MD5                 0x00080000L
+#define SSL_SHA1                0x00100000L
+#define SSL_SHA                 (SSL_SHA1)
+
+#define SSL_SSL_MASK            0x00600000L
+#define SSL_SSLV2               0x00200000L
+#define SSL_SSLV3               0x00400000L
+#define SSL_TLSV1               SSL_SSLV3       /* for now */
+
+/* we have used 007fffff - 9 bits left to go */
+
+/*
+ * Export and cipher strength information. For each cipher we have to decide
+ * whether it is exportable or not. This information is likely to change
+ * over time, since the export control rules are no static technical issue.
+ *
+ * Independent of the export flag the cipher strength is sorted into classes.
+ * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
+ * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
+ * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
+ * since SSL_EXP64 could be similar to SSL_LOW.
+ * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
+ * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
+ * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
+ * be possible.
+ */
+#define SSL_EXP_MASK            0x00000003L
+#define SSL_NOT_EXP             0x00000001L
+#define SSL_EXPORT              0x00000002L
+
+#define SSL_STRONG_MASK         0x000000fcL
+#define SSL_STRONG_NONE         0x00000004L
+#define SSL_EXP40               0x00000008L
+#define SSL_MICRO               (SSL_EXP40)
+#define SSL_EXP56               0x00000010L
+#define SSL_MINI                (SSL_EXP56)
+#define SSL_LOW                 0x00000020L
+#define SSL_MEDIUM              0x00000040L
+#define SSL_HIGH                0x00000080L
+
+/* we have used 000000ff - 24 bits left to go */
+
+/*
+ * Macros to check the export status and cipher strength for export ciphers.
+ * Even though the macros for EXPORT and EXPORT40/56 have similar names,
+ * their meaning is different:
+ * *_EXPORT macros check the 'exportable' status.
+ * *_EXPORT40/56 macros are used to check whether a certain cipher strength
+ *          is given.
+ * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
+ * algorithm structure element to be passed (algorithms, algo_strength) and no
+ * typechecking can be done as they are all of type unsigned long, their
+ * direct usage is discouraged.
+ * Use the SSL_C_* macros instead.
+ */
+#define SSL_IS_EXPORT(a)        ((a)&SSL_EXPORT)
+#define SSL_IS_EXPORT56(a)      ((a)&SSL_EXP56)
+#define SSL_IS_EXPORT40(a)      ((a)&SSL_EXP40)
+#define SSL_C_IS_EXPORT(c)      SSL_IS_EXPORT((c)->algo_strength)
+#define SSL_C_IS_EXPORT56(c)    SSL_IS_EXPORT56((c)->algo_strength)
+#define SSL_C_IS_EXPORT40(c)    SSL_IS_EXPORT40((c)->algo_strength)
+
+#define SSL_EXPORT_KEYLENGTH(a,s)       (SSL_IS_EXPORT40(s) ? 5 : \
+                                 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
+#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
+#define SSL_C_EXPORT_KEYLENGTH(c)       SSL_EXPORT_KEYLENGTH((c)->algorithms, \
+                                (c)->algo_strength)
+#define SSL_C_EXPORT_PKEYLENGTH(c)      SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
+
+
+#define SSL_ALL                 0xffffffffL
+#define SSL_ALL_CIPHERS         (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
+                                SSL_MAC_MASK)
+#define SSL_ALL_STRENGTHS       (SSL_EXP_MASK|SSL_STRONG_MASK)
+
+/* Mostly for SSLv3 */
+#define SSL_PKEY_RSA_ENC        0
+#define SSL_PKEY_RSA_SIGN       1
+#define SSL_PKEY_DSA_SIGN       2
+#define SSL_PKEY_DH_RSA         3
+#define SSL_PKEY_DH_DSA         4
+#define SSL_PKEY_NUM            5
+
+/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
+ *          <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
+ * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
+ * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_aRSA <- RSA_ENC | RSA_SIGN
+ * SSL_aDSS <- DSA_SIGN
+ */
+
+/*
+#define CERT_INVALID            0
+#define CERT_PUBLIC_KEY         1
+#define CERT_PRIVATE_KEY        2
+*/
+
+typedef struct cert_pkey_st
+        {
+        X509 *x509;
+        EVP_PKEY *privatekey;
+        } CERT_PKEY;
+
+typedef struct cert_st
+        {
+        /* Current active set */
+        CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
+                         * Probably it would make more sense to store
+                         * an index, not a pointer. */
+ 
+        /* The following masks are for the key and auth
+         * algorithms that are supported by the certs below */
+        int valid;
+        unsigned long mask;
+        unsigned long export_mask;
+#ifndef OPENSSL_NO_RSA
+        RSA *rsa_tmp;
+        RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
+#endif
+#ifndef OPENSSL_NO_DH
+        DH *dh_tmp;
+        DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+#endif
+
+        CERT_PKEY pkeys[SSL_PKEY_NUM];
+
+        int references; /* >1 only if SSL_copy_session_id is used */
+        } CERT;
+
+
+typedef struct sess_cert_st
+        {
+        STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
+
+        /* The 'peer_...' members are used only by clients. */
+        int peer_cert_type;
+
+        CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
+        CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
+        /* Obviously we don't have the private keys of these,
+         * so maybe we shouldn't even use the CERT_PKEY type here. */
+
+#ifndef OPENSSL_NO_RSA
+        RSA *peer_rsa_tmp; /* not used for SSL 2 */
+#endif
+#ifndef OPENSSL_NO_DH
+        DH *peer_dh_tmp; /* not used for SSL 2 */
+#endif
+
+        int references; /* actually always 1 at the moment */
+        } SESS_CERT;
+
+
+/*#define MAC_DEBUG     */
+
+/*#define ERR_DEBUG     */
+/*#define ABORT_DEBUG   */
+/*#define PKT_DEBUG 1   */
+/*#define DES_DEBUG     */
+/*#define DES_OFB_DEBUG */
+/*#define SSL_DEBUG     */
+/*#define RSA_DEBUG     */ 
+/*#define IDEA_DEBUG    */ 
+
+#define FP_ICC  (int (*)(const void *,const void *))
+#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
+                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
+#define ssl_get_cipher_by_char(ssl,ptr) \
+                ((ssl)->method->get_cipher_by_char(ptr))
+
+/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
+ * It is a bit of a mess of functions, but hell, think of it as
+ * an opaque structure :-) */
+typedef struct ssl3_enc_method
+        {
+        int (*enc)(SSL *, int);
+        int (*mac)(SSL *, unsigned char *, int);
+        int (*setup_key_block)(SSL *);
+        int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
+        int (*change_cipher_state)(SSL *, int);
+        int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
+        int finish_mac_length;
+        int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
+        const char *client_finished_label;
+        int client_finished_label_len;
+        const char *server_finished_label;
+        int server_finished_label_len;
+        int (*alert_value)(int);
+        } SSL3_ENC_METHOD;
+
+/* Used for holding the relevant compression methods loaded into SSL_CTX */
+typedef struct ssl3_comp_st
+        {
+        int comp_id;    /* The identifier byte for this compression type */
+        char *name;     /* Text name used for the compression type */
+        COMP_METHOD *method; /* The method :-) */
+        } SSL3_COMP;
+
+OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method;
+OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
+OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
+
+#ifdef OPENSSL_SYS_VMS
+#undef SSL_COMP_get_compression_methods
+#define SSL_COMP_get_compression_methods        SSL_COMP_get_compress_methods
+#endif
+
+
+SSL_METHOD *ssl_bad_method(int ver);
+SSL_METHOD *sslv2_base_method(void);
+SSL_METHOD *sslv23_base_method(void);
+SSL_METHOD *sslv3_base_method(void);
+
+void ssl_clear_cipher_ctx(SSL *s);
+int ssl_clear_bad_session(SSL *s);
+CERT *ssl_cert_new(void);
+CERT *ssl_cert_dup(CERT *cert);
+int ssl_cert_inst(CERT **o);
+void ssl_cert_free(CERT *c);
+SESS_CERT *ssl_sess_cert_new(void);
+void ssl_sess_cert_free(SESS_CERT *sc);
+int ssl_set_peer_cert_type(SESS_CERT *c, int type);
+int ssl_get_new_session(SSL *s, int session);
+int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
+int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+                        const SSL_CIPHER * const *bp);
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+                                               STACK_OF(SSL_CIPHER) **skp);
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
+                                             STACK_OF(SSL_CIPHER) **pref,
+                                             STACK_OF(SSL_CIPHER) **sorted,
+                                             const char *rule_str);
+void ssl_update_cache(SSL *s, int mode);
+int ssl_cipher_get_evp(SSL_SESSION *s,const EVP_CIPHER **enc,const EVP_MD **md,
+                       SSL_COMP **comp);
+int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
+int ssl_undefined_function(SSL *s);
+X509 *ssl_get_server_send_cert(SSL *);
+EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
+int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+int ssl_verify_alarm_type(long type);
+
+int ssl2_enc_init(SSL *s, int client);
+int ssl2_generate_key_material(SSL *s);
+void ssl2_enc(SSL *s,int send_data);
+void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
+SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+int ssl2_part_read(SSL *s, unsigned long f, int i);
+int ssl2_do_write(SSL *s);
+int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data);
+void ssl2_return_error(SSL *s,int reason);
+void ssl2_write_error(SSL *s);
+int ssl2_num_ciphers(void);
+SSL_CIPHER *ssl2_get_cipher(unsigned int u);
+int     ssl2_new(SSL *s);
+void    ssl2_free(SSL *s);
+int     ssl2_accept(SSL *s);
+int     ssl2_connect(SSL *s);
+int     ssl2_read(SSL *s, void *buf, int len);
+int     ssl2_peek(SSL *s, void *buf, int len);
+int     ssl2_write(SSL *s, const void *buf, int len);
+int     ssl2_shutdown(SSL *s);
+void    ssl2_clear(SSL *s);
+long    ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
+long    ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
+long    ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)());
+long    ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
+int     ssl2_pending(SSL *s);
+
+SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+void ssl3_init_finished_mac(SSL *s);
+int ssl3_send_server_certificate(SSL *s);
+int ssl3_get_finished(SSL *s,int state_a,int state_b);
+int ssl3_setup_key_block(SSL *s);
+int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
+int ssl3_change_cipher_state(SSL *s,int which);
+void ssl3_cleanup_key_block(SSL *s);
+int ssl3_do_write(SSL *s,int type);
+void ssl3_send_alert(SSL *s,int level, int desc);
+int ssl3_generate_master_secret(SSL *s, unsigned char *out,
+        unsigned char *p, int len);
+int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
+int ssl3_num_ciphers(void);
+SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+int ssl3_renegotiate(SSL *ssl); 
+int ssl3_renegotiate_check(SSL *ssl); 
+int ssl3_dispatch_alert(SSL *s);
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
+        const char *sender, int slen,unsigned char *p);
+int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
+int ssl3_enc(SSL *s, int send_data);
+int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
+                               STACK_OF(SSL_CIPHER) *srvr);
+int     ssl3_setup_buffers(SSL *s);
+int     ssl3_new(SSL *s);
+void    ssl3_free(SSL *s);
+int     ssl3_accept(SSL *s);
+int     ssl3_connect(SSL *s);
+int     ssl3_read(SSL *s, void *buf, int len);
+int     ssl3_peek(SSL *s, void *buf, int len);
+int     ssl3_write(SSL *s, const void *buf, int len);
+int     ssl3_shutdown(SSL *s);
+void    ssl3_clear(SSL *s);
+long    ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
+long    ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
+long    ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)());
+long    ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
+int     ssl3_pending(SSL *s);
+
+int ssl23_accept(SSL *s);
+int ssl23_connect(SSL *s);
+int ssl23_read_bytes(SSL *s, int n);
+int ssl23_write_bytes(SSL *s);
+
+int tls1_new(SSL *s);
+void tls1_free(SSL *s);
+void tls1_clear(SSL *s);
+long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
+long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)());
+SSL_METHOD *tlsv1_base_method(void );
+
+int ssl_init_wbio_buffer(SSL *s, int push);
+void ssl_free_wbio_buffer(SSL *s);
+
+int tls1_change_cipher_state(SSL *s, int which);
+int tls1_setup_key_block(SSL *s);
+int tls1_enc(SSL *s, int snd);
+int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+        const char *str, int slen, unsigned char *p);
+int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+int tls1_mac(SSL *ssl, unsigned char *md, int snd);
+int tls1_generate_master_secret(SSL *s, unsigned char *out,
+        unsigned char *p, int len);
+int tls1_alert_code(int code);
+int ssl3_alert_code(int code);
+int ssl_ok(SSL *s);
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+
+
+#endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
new file mode 100644
index 0000000000..03828b6632
--- /dev/null
+++ b/src/lib/libssl/ssl_rsa.c
@@ -0,0 +1,815 @@
+/* ssl/ssl_rsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/bio.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+static int ssl_set_cert(CERT *c, X509 *x509);
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
+int SSL_use_certificate(SSL *ssl, X509 *x)
+        {
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (!ssl_cert_inst(&ssl->cert))
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        return(ssl_set_cert(ssl->cert,x));
+        }
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
+        {
+        int j;
+        BIO *in;
+        int ret=0;
+        X509 *x=NULL;
+
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                x=d2i_X509_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
+                goto end;
+                }
+
+        ret=SSL_use_certificate(ssl,x);
+end:
+        if (x != NULL) X509_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+
+int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
+        {
+        X509 *x;
+        int ret;
+
+        x=d2i_X509(NULL,&d,(long)len);
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+
+        ret=SSL_use_certificate(ssl,x);
+        X509_free(x);
+        return(ret);
+        }
+
+#ifndef OPENSSL_NO_RSA
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
+        {
+        EVP_PKEY *pkey;
+        int ret;
+
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (!ssl_cert_inst(&ssl->cert))
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        if ((pkey=EVP_PKEY_new()) == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
+                return(0);
+                }
+
+        RSA_up_ref(rsa);
+        EVP_PKEY_assign_RSA(pkey,rsa);
+
+        ret=ssl_set_pkey(ssl->cert,pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
+#endif
+
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
+        {
+        int i,ok=0,bad=0;
+
+        i=ssl_cert_type(NULL,pkey);
+        if (i < 0)
+                {
+                SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+                return(0);
+                }
+
+        if (c->pkeys[i].x509 != NULL)
+                {
+                EVP_PKEY *pktmp;
+                pktmp = X509_get_pubkey(c->pkeys[i].x509);
+                EVP_PKEY_copy_parameters(pktmp,pkey);
+                EVP_PKEY_free(pktmp);
+                ERR_clear_error();
+
+#ifndef OPENSSL_NO_RSA
+                /* Don't check the public/private key, this is mostly
+                 * for smart cards. */
+                if ((pkey->type == EVP_PKEY_RSA) &&
+                        (RSA_flags(pkey->pkey.rsa) &
+                         RSA_METHOD_FLAG_NO_CHECK))
+                         ok=1;
+                else
+#endif
+                        if (!X509_check_private_key(c->pkeys[i].x509,pkey))
+                        {
+                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
+                                {
+                                i=(i == SSL_PKEY_DH_RSA)?
+                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
+
+                                if (c->pkeys[i].x509 == NULL)
+                                        ok=1;
+                                else
+                                        {
+                                        if (!X509_check_private_key(
+                                                c->pkeys[i].x509,pkey))
+                                                bad=1;
+                                        else
+                                                ok=1;
+                                        }
+                                }
+                        else
+                                bad=1;
+                        }
+                else
+                        ok=1;
+                }
+        else
+                ok=1;
+
+        if (bad)
+                {
+                X509_free(c->pkeys[i].x509);
+                c->pkeys[i].x509=NULL;
+                return(0);
+                }
+
+        if (c->pkeys[i].privatekey != NULL)
+                EVP_PKEY_free(c->pkeys[i].privatekey);
+        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        c->pkeys[i].privatekey=pkey;
+        c->key= &(c->pkeys[i]);
+
+        c->valid=0;
+        return(1);
+        }
+
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_STDIO
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
+        {
+        int j,ret=0;
+        BIO *in;
+        RSA *rsa=NULL;
+
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if      (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                rsa=d2i_RSAPrivateKey_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+                        ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_use_RSAPrivateKey(ssl,rsa);
+        RSA_free(rsa);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
+        {
+        int ret;
+        const unsigned char *p;
+        RSA *rsa;
+
+        p=d;
+        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+
+        ret=SSL_use_RSAPrivateKey(ssl,rsa);
+        RSA_free(rsa);
+        return(ret);
+        }
+#endif /* !OPENSSL_NO_RSA */
+
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
+        {
+        int ret;
+
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (!ssl_cert_inst(&ssl->cert))
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        ret=ssl_set_pkey(ssl->cert,pkey);
+        return(ret);
+        }
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
+        {
+        int j,ret=0;
+        BIO *in;
+        EVP_PKEY *pkey=NULL;
+
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                pkey=PEM_read_bio_PrivateKey(in,NULL,
+                        ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_use_PrivateKey(ssl,pkey);
+        EVP_PKEY_free(pkey);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
+        {
+        int ret;
+        unsigned char *p;
+        EVP_PKEY *pkey;
+
+        p=d;
+        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+
+        ret=SSL_use_PrivateKey(ssl,pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
+
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
+        {
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (!ssl_cert_inst(&ctx->cert))
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        return(ssl_set_cert(ctx->cert, x));
+        }
+
+static int ssl_set_cert(CERT *c, X509 *x)
+        {
+        EVP_PKEY *pkey;
+        int i,ok=0,bad=0;
+
+        pkey=X509_get_pubkey(x);
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
+                return(0);
+                }
+
+        i=ssl_cert_type(x,pkey);
+        if (i < 0)
+                {
+                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+                EVP_PKEY_free(pkey);
+                return(0);
+                }
+
+        if (c->pkeys[i].privatekey != NULL)
+                {
+                EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
+                ERR_clear_error();
+
+#ifndef OPENSSL_NO_RSA
+                /* Don't check the public/private key, this is mostly
+                 * for smart cards. */
+                if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
+                        (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
+                         RSA_METHOD_FLAG_NO_CHECK))
+                         ok=1;
+                else
+#endif
+                {
+                if (!X509_check_private_key(x,c->pkeys[i].privatekey))
+                        {
+                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
+                                {
+                                i=(i == SSL_PKEY_DH_RSA)?
+                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
+
+                                if (c->pkeys[i].privatekey == NULL)
+                                        ok=1;
+                                else
+                                        {
+                                        if (!X509_check_private_key(x,
+                                                c->pkeys[i].privatekey))
+                                                bad=1;
+                                        else
+                                                ok=1;
+                                        }
+                                }
+                        else
+                                bad=1;
+                        }
+                else
+                        ok=1;
+                } /* OPENSSL_NO_RSA */
+                }
+        else
+                ok=1;
+
+        EVP_PKEY_free(pkey);
+        if (bad)
+                {
+                EVP_PKEY_free(c->pkeys[i].privatekey);
+                c->pkeys[i].privatekey=NULL;
+                }
+
+        if (c->pkeys[i].x509 != NULL)
+                X509_free(c->pkeys[i].x509);
+        CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+        c->pkeys[i].x509=x;
+        c->key= &(c->pkeys[i]);
+
+        c->valid=0;
+        return(1);
+        }
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
+        {
+        int j;
+        BIO *in;
+        int ret=0;
+        X509 *x=NULL;
+
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                x=d2i_X509_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
+                goto end;
+                }
+
+        ret=SSL_CTX_use_certificate(ctx,x);
+end:
+        if (x != NULL) X509_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
+        {
+        X509 *x;
+        int ret;
+
+        x=d2i_X509(NULL,&d,(long)len);
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+
+        ret=SSL_CTX_use_certificate(ctx,x);
+        X509_free(x);
+        return(ret);
+        }
+
+#ifndef OPENSSL_NO_RSA
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
+        {
+        int ret;
+        EVP_PKEY *pkey;
+
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (!ssl_cert_inst(&ctx->cert))
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        if ((pkey=EVP_PKEY_new()) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
+                return(0);
+                }
+
+        RSA_up_ref(rsa);
+        EVP_PKEY_assign_RSA(pkey,rsa);
+
+        ret=ssl_set_pkey(ctx->cert, pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+        {
+        int j,ret=0;
+        BIO *in;
+        RSA *rsa=NULL;
+
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if      (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                rsa=d2i_RSAPrivateKey_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+                        ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
+        RSA_free(rsa);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
+        {
+        int ret;
+        const unsigned char *p;
+        RSA *rsa;
+
+        p=d;
+        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+
+        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
+        RSA_free(rsa);
+        return(ret);
+        }
+#endif /* !OPENSSL_NO_RSA */
+
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
+        {
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (!ssl_cert_inst(&ctx->cert))
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        return(ssl_set_pkey(ctx->cert,pkey));
+        }
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+        {
+        int j,ret=0;
+        BIO *in;
+        EVP_PKEY *pkey=NULL;
+
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                pkey=PEM_read_bio_PrivateKey(in,NULL,
+                        ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
+        EVP_PKEY_free(pkey);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
+             long len)
+        {
+        int ret;
+        unsigned char *p;
+        EVP_PKEY *pkey;
+
+        p=d;
+        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+
+        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
+
+
+#ifndef OPENSSL_NO_STDIO
+/* Read a file that contains our certificate in "PEM" format,
+ * possibly followed by a sequence of CA certificates that should be
+ * sent to the peer in the Certificate message.
+ */
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+        {
+        BIO *in;
+        int ret=0;
+        X509 *x=NULL;
+
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+
+        x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
+                goto end;
+                }
+
+        ret=SSL_CTX_use_certificate(ctx,x);
+        if (ERR_peek_error() != 0)
+                ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
+        if (ret)
+                {
+                /* If we could set up our certificate, now proceed to
+                 * the CA certificates.
+                 */
+                X509 *ca;
+                int r;
+                unsigned long err;
+                
+                if (ctx->extra_certs != NULL) 
+                        {
+                        sk_X509_pop_free(ctx->extra_certs, X509_free);
+                        ctx->extra_certs = NULL;
+                        }
+
+                while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
+                        != NULL)
+                        {
+                        r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+                        if (!r) 
+                                {
+                                X509_free(ca);
+                                ret = 0;
+                                goto end;
+                                }
+                        /* Note that we must not free r if it was successfully
+                         * added to the chain (while we must free the main
+                         * certificate, since its reference count is increased
+                         * by SSL_CTX_use_certificate). */
+                        }
+                /* When the while loop ends, it's usually just EOF. */
+                err = ERR_peek_last_error();
+                if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
+                        (void)ERR_get_error();
+                else 
+                        ret = 0; /* some real error */
+                }
+
+end:
+        if (x != NULL) X509_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
new file mode 100644
index 0000000000..a505e388fb
--- /dev/null
+++ b/src/lib/libssl/ssl_sess.c
@@ -0,0 +1,754 @@
+/* ssl/ssl_sess.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/lhash.h>
+#include <openssl/rand.h>
+#include "ssl_locl.h"
+
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
+
+SSL_SESSION *SSL_get_session(SSL *ssl)
+/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
+        {
+        return(ssl->session);
+        }
+
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+/* variant of SSL_get_session: caller really gets something */
+        {
+        SSL_SESSION *sess;
+        /* Need to lock this all up rather than just use CRYPTO_add so that
+         * somebody doesn't free ssl->session between when we check it's
+         * non-null and when we up the reference count. */
+        CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION);
+        sess = ssl->session;
+        if(sess)
+                sess->references++;
+        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION);
+        return(sess);
+        }
+
+int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
+                        new_func, dup_func, free_func);
+        }
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+        }
+
+void *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx)
+        {
+        return(CRYPTO_get_ex_data(&s->ex_data,idx));
+        }
+
+SSL_SESSION *SSL_SESSION_new(void)
+        {
+        SSL_SESSION *ss;
+
+        ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
+        if (ss == NULL)
+                {
+                SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        memset(ss,0,sizeof(SSL_SESSION));
+
+        ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
+        ss->references=1;
+        ss->timeout=60*5+4; /* 5 minute timeout by default */
+        ss->time=time(NULL);
+        ss->prev=NULL;
+        ss->next=NULL;
+        ss->compress_meth=0;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+        return(ss);
+        }
+
+/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
+ * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
+ * until we have no conflict is going to complete in one iteration pretty much
+ * "most" of the time (btw: understatement). So, if it takes us 10 iterations
+ * and we still can't avoid a conflict - well that's a reasonable point to call
+ * it quits. Either the RAND code is broken or someone is trying to open roughly
+ * very close to 2^128 (or 2^256) SSL sessions to our server. How you might
+ * store that many sessions is perhaps a more interesting question ... */
+
+#define MAX_SESS_ID_ATTEMPTS 10
+static int def_generate_session_id(const SSL *ssl, unsigned char *id,
+                                unsigned int *id_len)
+{
+        unsigned int retry = 0;
+        do
+                RAND_pseudo_bytes(id, *id_len);
+        while(SSL_has_matching_session_id(ssl, id, *id_len) &&
+                (++retry < MAX_SESS_ID_ATTEMPTS));
+        if(retry < MAX_SESS_ID_ATTEMPTS)
+                return 1;
+        /* else - woops a session_id match */
+        /* XXX We should also check the external cache --
+         * but the probability of a collision is negligible, and
+         * we could not prevent the concurrent creation of sessions
+         * with identical IDs since we currently don't have means
+         * to atomically check whether a session ID already exists
+         * and make a reservation for it if it does not
+         * (this problem applies to the internal cache as well).
+         */
+        return 0;
+}
+
+int ssl_get_new_session(SSL *s, int session)
+        {
+        /* This gets used by clients and servers. */
+
+        unsigned int tmp;
+        SSL_SESSION *ss=NULL;
+        GEN_SESSION_CB cb = def_generate_session_id;
+
+        if ((ss=SSL_SESSION_new()) == NULL) return(0);
+
+        /* If the context has a default timeout, use it */
+        if (s->ctx->session_timeout == 0)
+                ss->timeout=SSL_get_default_timeout(s);
+        else
+                ss->timeout=s->ctx->session_timeout;
+
+        if (s->session != NULL)
+                {
+                SSL_SESSION_free(s->session);
+                s->session=NULL;
+                }
+
+        if (session)
+                {
+                if (s->version == SSL2_VERSION)
+                        {
+                        ss->ssl_version=SSL2_VERSION;
+                        ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
+                        }
+                else if (s->version == SSL3_VERSION)
+                        {
+                        ss->ssl_version=SSL3_VERSION;
+                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+                        }
+                else if (s->version == TLS1_VERSION)
+                        {
+                        ss->ssl_version=TLS1_VERSION;
+                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
+                        SSL_SESSION_free(ss);
+                        return(0);
+                        }
+                /* Choose which callback will set the session ID */
+                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+                if(s->generate_session_id)
+                        cb = s->generate_session_id;
+                else if(s->ctx->generate_session_id)
+                        cb = s->ctx->generate_session_id;
+                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+                /* Choose a session ID */
+                tmp = ss->session_id_length;
+                if(!cb(s, ss->session_id, &tmp))
+                        {
+                        /* The callback failed */
+                        SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+                                SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
+                        SSL_SESSION_free(ss);
+                        return(0);
+                        }
+                /* Don't allow the callback to set the session length to zero.
+                 * nor set it higher than it was. */
+                if(!tmp || (tmp > ss->session_id_length))
+                        {
+                        /* The callback set an illegal length */
+                        SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+                                SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+                        SSL_SESSION_free(ss);
+                        return(0);
+                        }
+                /* If the session length was shrunk and we're SSLv2, pad it */
+                if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
+                        memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
+                else
+                        ss->session_id_length = tmp;
+                /* Finally, check for a conflict */
+                if(SSL_has_matching_session_id(s, ss->session_id,
+                                                ss->session_id_length))
+                        {
+                        SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+                                SSL_R_SSL_SESSION_ID_CONFLICT);
+                        SSL_SESSION_free(ss);
+                        return(0);
+                        }
+                }
+        else
+                {
+                ss->session_id_length=0;
+                }
+
+        if (s->sid_ctx_length > sizeof ss->sid_ctx)
+                {
+                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+                SSL_SESSION_free(ss);
+                return 0;
+                }
+        memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
+        ss->sid_ctx_length=s->sid_ctx_length;
+        s->session=ss;
+        ss->ssl_version=s->version;
+        ss->verify_result = X509_V_OK;
+
+        return(1);
+        }
+
+int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
+        {
+        /* This is used only by servers. */
+
+        SSL_SESSION *ret=NULL,data;
+        int fatal = 0;
+
+        data.ssl_version=s->version;
+        data.session_id_length=len;
+        if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+                goto err;
+        memcpy(data.session_id,session_id,len);
+
+        if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+                {
+                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+                ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
+                if (ret != NULL)
+                    /* don't allow other threads to steal it: */
+                    CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+                }
+
+        if (ret == NULL)
+                {
+                int copy=1;
+        
+                s->ctx->stats.sess_miss++;
+                ret=NULL;
+                if (s->ctx->get_session_cb != NULL
+                    && (ret=s->ctx->get_session_cb(s,session_id,len,&copy))
+                       != NULL)
+                        {
+                        s->ctx->stats.sess_cb_hit++;
+
+                        /* Increment reference count now if the session callback
+                         * asks us to do so (note that if the session structures
+                         * returned by the callback are shared between threads,
+                         * it must handle the reference count itself [i.e. copy == 0],
+                         * or things won't be thread-safe). */
+                        if (copy)
+                                CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+
+                        /* Add the externally cached session to the internal
+                         * cache as well if and only if we are supposed to. */
+                        if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+                                /* The following should not return 1, otherwise,
+                                 * things are very strange */
+                                SSL_CTX_add_session(s->ctx,ret);
+                        }
+                if (ret == NULL)
+                        goto err;
+                }
+
+        /* Now ret is non-NULL, and we own one of its reference counts. */
+
+        if((s->verify_mode&SSL_VERIFY_PEER)
+           && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
+               || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
+            {
+                /* We've found the session named by the client, but we don't
+                 * want to use it in this context. */
+                
+                if (s->sid_ctx_length == 0)
+                        {
+                        /* application should have used SSL[_CTX]_set_session_id_context
+                         * -- we could tolerate this and just pretend we never heard
+                         * of this session, but then applications could effectively
+                         * disable the session cache by accident without anyone noticing */
+
+                        SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+                        fatal = 1;
+                        goto err;
+                        }
+                else
+                        {
+#if 0 /* The client cannot always know when a session is not appropriate,
+           * so we shouldn't generate an error message. */
+
+                        SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+#endif
+                        goto err; /* treat like cache miss */
+                        }
+                }
+
+        if (ret->cipher == NULL)
+                {
+                unsigned char buf[5],*p;
+                unsigned long l;
+
+                p=buf;
+                l=ret->cipher_id;
+                l2n(l,p);
+                if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
+                        ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
+                else 
+                        ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
+                if (ret->cipher == NULL)
+                        goto err;
+                }
+
+
+#if 0 /* This is way too late. */
+
+        /* If a thread got the session, then 'swaped', and another got
+         * it and then due to a time-out decided to 'OPENSSL_free' it we could
+         * be in trouble.  So I'll increment it now, then double decrement
+         * later - am I speaking rubbish?. */
+        CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+#endif
+
+        if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
+                {
+                s->ctx->stats.sess_timeout++;
+                /* remove it from the cache */
+                SSL_CTX_remove_session(s->ctx,ret);
+                goto err;
+                }
+
+        s->ctx->stats.sess_hit++;
+
+        /* ret->time=time(NULL); */ /* rezero timeout? */
+        /* again, just leave the session 
+         * if it is the same session, we have just incremented and
+         * then decremented the reference count :-) */
+        if (s->session != NULL)
+                SSL_SESSION_free(s->session);
+        s->session=ret;
+        s->verify_result = s->session->verify_result;
+        return(1);
+
+ err:
+        if (ret != NULL)
+                SSL_SESSION_free(ret);
+        if (fatal)
+                return -1;
+        else
+                return 0;
+        }
+
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
+        {
+        int ret=0;
+        SSL_SESSION *s;
+
+        /* add just 1 reference count for the SSL_CTX's session cache
+         * even though it has two ways of access: each session is in a
+         * doubly linked list and an lhash */
+        CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
+        /* if session c is in already in cache, we take back the increment later */
+
+        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+        s=(SSL_SESSION *)lh_insert(ctx->sessions,c);
+        
+        /* s != NULL iff we already had a session with the given PID.
+         * In this case, s == c should hold (then we did not really modify
+         * ctx->sessions), or we're in trouble. */
+        if (s != NULL && s != c)
+                {
+                /* We *are* in trouble ... */
+                SSL_SESSION_list_remove(ctx,s);
+                SSL_SESSION_free(s);
+                /* ... so pretend the other session did not exist in cache
+                 * (we cannot handle two SSL_SESSION structures with identical
+                 * session ID in the same cache, which could happen e.g. when
+                 * two threads concurrently obtain the same session from an external
+                 * cache) */
+                s = NULL;
+                }
+
+        /* Put at the head of the queue unless it is already in the cache */
+        if (s == NULL)
+                SSL_SESSION_list_add(ctx,c);
+
+        if (s != NULL)
+                {
+                /* existing cache entry -- decrement previously incremented reference
+                 * count because it already takes into account the cache */
+
+                SSL_SESSION_free(s); /* s == c */
+                ret=0;
+                }
+        else
+                {
+                /* new cache entry -- remove old ones if cache has become too large */
+                
+                ret=1;
+
+                if (SSL_CTX_sess_get_cache_size(ctx) > 0)
+                        {
+                        while (SSL_CTX_sess_number(ctx) >
+                                SSL_CTX_sess_get_cache_size(ctx))
+                                {
+                                if (!remove_session_lock(ctx,
+                                        ctx->session_cache_tail, 0))
+                                        break;
+                                else
+                                        ctx->stats.sess_cache_full++;
+                                }
+                        }
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+        return(ret);
+        }
+
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+        return remove_session_lock(ctx, c, 1);
+}
+
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
+        {
+        SSL_SESSION *r;
+        int ret=0;
+
+        if ((c != NULL) && (c->session_id_length != 0))
+                {
+                if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+                if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
+                        {
+                        ret=1;
+                        r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
+                        SSL_SESSION_list_remove(ctx,c);
+                        }
+
+                if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+
+                if (ret)
+                        {
+                        r->not_resumable=1;
+                        if (ctx->remove_session_cb != NULL)
+                                ctx->remove_session_cb(ctx,r);
+                        SSL_SESSION_free(r);
+                        }
+                }
+        else
+                ret=0;
+        return(ret);
+        }
+
+void SSL_SESSION_free(SSL_SESSION *ss)
+        {
+        int i;
+
+        if(ss == NULL)
+            return;
+
+        i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
+#ifdef REF_PRINT
+        REF_PRINT("SSL_SESSION",ss);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+
+        OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
+        OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
+        OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
+        if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
+        if (ss->peer != NULL) X509_free(ss->peer);
+        if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+        OPENSSL_cleanse(ss,sizeof(*ss));
+        OPENSSL_free(ss);
+        }
+
+int SSL_set_session(SSL *s, SSL_SESSION *session)
+        {
+        int ret=0;
+        SSL_METHOD *meth;
+
+        if (session != NULL)
+                {
+                meth=s->ctx->method->get_ssl_method(session->ssl_version);
+                if (meth == NULL)
+                        meth=s->method->get_ssl_method(session->ssl_version);
+                if (meth == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
+                        return(0);
+                        }
+
+                if (meth != s->method)
+                        {
+                        if (!SSL_set_ssl_method(s,meth))
+                                return(0);
+                        if (s->ctx->session_timeout == 0)
+                                session->timeout=SSL_get_default_timeout(s);
+                        else
+                                session->timeout=s->ctx->session_timeout;
+                        }
+
+#ifndef OPENSSL_NO_KRB5
+                if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
+                    session->krb5_client_princ_len > 0)
+                {
+                    s->kssl_ctx->client_princ = (char *)malloc(session->krb5_client_princ_len + 1);
+                    memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
+                            session->krb5_client_princ_len);
+                    s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
+                }
+#endif /* OPENSSL_NO_KRB5 */
+
+                /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
+                CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
+                if (s->session != NULL)
+                        SSL_SESSION_free(s->session);
+                s->session=session;
+                s->verify_result = s->session->verify_result;
+                /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
+                ret=1;
+                }
+        else
+                {
+                if (s->session != NULL)
+                        {
+                        SSL_SESSION_free(s->session);
+                        s->session=NULL;
+                        }
+
+                meth=s->ctx->method;
+                if (meth != s->method)
+                        {
+                        if (!SSL_set_ssl_method(s,meth))
+                                return(0);
+                        }
+                ret=1;
+                }
+        return(ret);
+        }
+
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
+        {
+        if (s == NULL) return(0);
+        s->timeout=t;
+        return(1);
+        }
+
+long SSL_SESSION_get_timeout(SSL_SESSION *s)
+        {
+        if (s == NULL) return(0);
+        return(s->timeout);
+        }
+
+long SSL_SESSION_get_time(SSL_SESSION *s)
+        {
+        if (s == NULL) return(0);
+        return(s->time);
+        }
+
+long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+        {
+        if (s == NULL) return(0);
+        s->time=t;
+        return(t);
+        }
+
+long SSL_CTX_set_timeout(SSL_CTX *s, long t)
+        {
+        long l;
+        if (s == NULL) return(0);
+        l=s->session_timeout;
+        s->session_timeout=t;
+        return(l);
+        }
+
+long SSL_CTX_get_timeout(SSL_CTX *s)
+        {
+        if (s == NULL) return(0);
+        return(s->session_timeout);
+        }
+
+typedef struct timeout_param_st
+        {
+        SSL_CTX *ctx;
+        long time;
+        LHASH *cache;
+        } TIMEOUT_PARAM;
+
+static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
+        {
+        if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
+                {
+                /* The reason we don't call SSL_CTX_remove_session() is to
+                 * save on locking overhead */
+                lh_delete(p->cache,s);
+                SSL_SESSION_list_remove(p->ctx,s);
+                s->not_resumable=1;
+                if (p->ctx->remove_session_cb != NULL)
+                        p->ctx->remove_session_cb(p->ctx,s);
+                SSL_SESSION_free(s);
+                }
+        }
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *)
+
+void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
+        {
+        unsigned long i;
+        TIMEOUT_PARAM tp;
+
+        tp.ctx=s;
+        tp.cache=s->sessions;
+        if (tp.cache == NULL) return;
+        tp.time=t;
+        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+        i=tp.cache->down_load;
+        tp.cache->down_load=0;
+        lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp);
+        tp.cache->down_load=i;
+        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+        }
+
+int ssl_clear_bad_session(SSL *s)
+        {
+        if (    (s->session != NULL) &&
+                !(s->shutdown & SSL_SENT_SHUTDOWN) &&
+                !(SSL_in_init(s) || SSL_in_before(s)))
+                {
+                SSL_CTX_remove_session(s->ctx,s->session);
+                return(1);
+                }
+        else
+                return(0);
+        }
+
+/* locked by SSL_CTX in the calling function */
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
+        {
+        if ((s->next == NULL) || (s->prev == NULL)) return;
+
+        if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
+                { /* last element in list */
+                if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
+                        { /* only one element in list */
+                        ctx->session_cache_head=NULL;
+                        ctx->session_cache_tail=NULL;
+                        }
+                else
+                        {
+                        ctx->session_cache_tail=s->prev;
+                        s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
+                        }
+                }
+        else
+                {
+                if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
+                        { /* first element in list */
+                        ctx->session_cache_head=s->next;
+                        s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+                        }
+                else
+                        { /* middle of list */
+                        s->next->prev=s->prev;
+                        s->prev->next=s->next;
+                        }
+                }
+        s->prev=s->next=NULL;
+        }
+
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
+        {
+        if ((s->next != NULL) && (s->prev != NULL))
+                SSL_SESSION_list_remove(ctx,s);
+
+        if (ctx->session_cache_head == NULL)
+                {
+                ctx->session_cache_head=s;
+                ctx->session_cache_tail=s;
+                s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+                s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
+                }
+        else
+                {
+                s->next=ctx->session_cache_head;
+                s->next->prev=s;
+                s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+                ctx->session_cache_head=s;
+                }
+        }
+
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
new file mode 100644
index 0000000000..b16d253081
--- /dev/null
+++ b/src/lib/libssl/ssl_stat.c
@@ -0,0 +1,502 @@
+/* ssl/ssl_stat.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+
+const char *SSL_state_string_long(const SSL *s)
+        {
+        const char *str;
+
+        switch (s->state)
+                {
+case SSL_ST_BEFORE: str="before SSL initialization"; break;
+case SSL_ST_ACCEPT: str="before accept initialization"; break;
+case SSL_ST_CONNECT: str="before connect initialization"; break;
+case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
+case SSL_ST_RENEGOTIATE:        str="SSL renegotiate ciphers"; break;
+case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
+case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
+case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
+case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
+#ifndef OPENSSL_NO_SSL2
+case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
+case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
+case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
+case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
+case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
+case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
+case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
+case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
+case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
+case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
+case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
+case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
+case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
+#endif
+
+#ifndef OPENSSL_NO_SSL3
+/* SSLv3 additions */
+case SSL3_ST_CW_CLNT_HELLO_A:   str="SSLv3 write client hello A"; break;
+case SSL3_ST_CW_CLNT_HELLO_B:   str="SSLv3 write client hello B"; break;
+case SSL3_ST_CR_SRVR_HELLO_A:   str="SSLv3 read server hello A"; break;
+case SSL3_ST_CR_SRVR_HELLO_B:   str="SSLv3 read server hello B"; break;
+case SSL3_ST_CR_CERT_A:         str="SSLv3 read server certificate A"; break;
+case SSL3_ST_CR_CERT_B:         str="SSLv3 read server certificate B"; break;
+case SSL3_ST_CR_KEY_EXCH_A:     str="SSLv3 read server key exchange A"; break;
+case SSL3_ST_CR_KEY_EXCH_B:     str="SSLv3 read server key exchange B"; break;
+case SSL3_ST_CR_CERT_REQ_A:     str="SSLv3 read server certificate request A"; break;
+case SSL3_ST_CR_CERT_REQ_B:     str="SSLv3 read server certificate request B"; break;
+case SSL3_ST_CR_SRVR_DONE_A:    str="SSLv3 read server done A"; break;
+case SSL3_ST_CR_SRVR_DONE_B:    str="SSLv3 read server done B"; break;
+case SSL3_ST_CW_CERT_A:         str="SSLv3 write client certificate A"; break;
+case SSL3_ST_CW_CERT_B:         str="SSLv3 write client certificate B"; break;
+case SSL3_ST_CW_CERT_C:         str="SSLv3 write client certificate C"; break;
+case SSL3_ST_CW_CERT_D:         str="SSLv3 write client certificate D"; break;
+case SSL3_ST_CW_KEY_EXCH_A:     str="SSLv3 write client key exchange A"; break;
+case SSL3_ST_CW_KEY_EXCH_B:     str="SSLv3 write client key exchange B"; break;
+case SSL3_ST_CW_CERT_VRFY_A:    str="SSLv3 write certificate verify A"; break;
+case SSL3_ST_CW_CERT_VRFY_B:    str="SSLv3 write certificate verify B"; break;
+
+case SSL3_ST_CW_CHANGE_A:
+case SSL3_ST_SW_CHANGE_A:       str="SSLv3 write change cipher spec A"; break;
+case SSL3_ST_CW_CHANGE_B:       
+case SSL3_ST_SW_CHANGE_B:       str="SSLv3 write change cipher spec B"; break;
+case SSL3_ST_CW_FINISHED_A:     
+case SSL3_ST_SW_FINISHED_A:     str="SSLv3 write finished A"; break;
+case SSL3_ST_CW_FINISHED_B:     
+case SSL3_ST_SW_FINISHED_B:     str="SSLv3 write finished B"; break;
+case SSL3_ST_CR_CHANGE_A:       
+case SSL3_ST_SR_CHANGE_A:       str="SSLv3 read change cipher spec A"; break;
+case SSL3_ST_CR_CHANGE_B:       
+case SSL3_ST_SR_CHANGE_B:       str="SSLv3 read change cipher spec B"; break;
+case SSL3_ST_CR_FINISHED_A:     
+case SSL3_ST_SR_FINISHED_A:     str="SSLv3 read finished A"; break;
+case SSL3_ST_CR_FINISHED_B:     
+case SSL3_ST_SR_FINISHED_B:     str="SSLv3 read finished B"; break;
+
+case SSL3_ST_CW_FLUSH:
+case SSL3_ST_SW_FLUSH:          str="SSLv3 flush data"; break;
+
+case SSL3_ST_SR_CLNT_HELLO_A:   str="SSLv3 read client hello A"; break;
+case SSL3_ST_SR_CLNT_HELLO_B:   str="SSLv3 read client hello B"; break;
+case SSL3_ST_SR_CLNT_HELLO_C:   str="SSLv3 read client hello C"; break;
+case SSL3_ST_SW_HELLO_REQ_A:    str="SSLv3 write hello request A"; break;
+case SSL3_ST_SW_HELLO_REQ_B:    str="SSLv3 write hello request B"; break;
+case SSL3_ST_SW_HELLO_REQ_C:    str="SSLv3 write hello request C"; break;
+case SSL3_ST_SW_SRVR_HELLO_A:   str="SSLv3 write server hello A"; break;
+case SSL3_ST_SW_SRVR_HELLO_B:   str="SSLv3 write server hello B"; break;
+case SSL3_ST_SW_CERT_A:         str="SSLv3 write certificate A"; break;
+case SSL3_ST_SW_CERT_B:         str="SSLv3 write certificate B"; break;
+case SSL3_ST_SW_KEY_EXCH_A:     str="SSLv3 write key exchange A"; break;
+case SSL3_ST_SW_KEY_EXCH_B:     str="SSLv3 write key exchange B"; break;
+case SSL3_ST_SW_CERT_REQ_A:     str="SSLv3 write certificate request A"; break;
+case SSL3_ST_SW_CERT_REQ_B:     str="SSLv3 write certificate request B"; break;
+case SSL3_ST_SW_SRVR_DONE_A:    str="SSLv3 write server done A"; break;
+case SSL3_ST_SW_SRVR_DONE_B:    str="SSLv3 write server done B"; break;
+case SSL3_ST_SR_CERT_A:         str="SSLv3 read client certificate A"; break;
+case SSL3_ST_SR_CERT_B:         str="SSLv3 read client certificate B"; break;
+case SSL3_ST_SR_KEY_EXCH_A:     str="SSLv3 read client key exchange A"; break;
+case SSL3_ST_SR_KEY_EXCH_B:     str="SSLv3 read client key exchange B"; break;
+case SSL3_ST_SR_CERT_VRFY_A:    str="SSLv3 read certificate verify A"; break;
+case SSL3_ST_SR_CERT_VRFY_B:    str="SSLv3 read certificate verify B"; break;
+#endif
+
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+/* SSLv2/v3 compatibility states */
+/* client */
+case SSL23_ST_CW_CLNT_HELLO_A:  str="SSLv2/v3 write client hello A"; break;
+case SSL23_ST_CW_CLNT_HELLO_B:  str="SSLv2/v3 write client hello B"; break;
+case SSL23_ST_CR_SRVR_HELLO_A:  str="SSLv2/v3 read server hello A"; break;
+case SSL23_ST_CR_SRVR_HELLO_B:  str="SSLv2/v3 read server hello B"; break;
+/* server */
+case SSL23_ST_SR_CLNT_HELLO_A:  str="SSLv2/v3 read client hello A"; break;
+case SSL23_ST_SR_CLNT_HELLO_B:  str="SSLv2/v3 read client hello B"; break;
+#endif
+
+default:        str="unknown state"; break;
+                }
+        return(str);
+        }
+
+const char *SSL_rstate_string_long(const SSL *s)
+        {
+        const char *str;
+
+        switch (s->rstate)
+                {
+        case SSL_ST_READ_HEADER: str="read header"; break;
+        case SSL_ST_READ_BODY: str="read body"; break;
+        case SSL_ST_READ_DONE: str="read done"; break;
+        default: str="unknown"; break;
+                }
+        return(str);
+        }
+
+const char *SSL_state_string(const SSL *s)
+        {
+        const char *str;
+
+        switch (s->state)
+                {
+case SSL_ST_BEFORE:                             str="PINIT "; break;
+case SSL_ST_ACCEPT:                             str="AINIT "; break;
+case SSL_ST_CONNECT:                            str="CINIT "; break;
+case SSL_ST_OK:                                 str="SSLOK "; break;
+#ifndef OPENSSL_NO_SSL2
+case SSL2_ST_CLIENT_START_ENCRYPTION:           str="2CSENC"; break;
+case SSL2_ST_SERVER_START_ENCRYPTION:           str="2SSENC"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_A:               str="2SCH_A"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_B:               str="2SCH_B"; break;
+case SSL2_ST_GET_SERVER_HELLO_A:                str="2GSH_A"; break;
+case SSL2_ST_GET_SERVER_HELLO_B:                str="2GSH_B"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:          str="2SCMKA"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:          str="2SCMKB"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_A:            str="2SCF_A"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_B:            str="2SCF_B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:         str="2SCC_A"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:         str="2SCC_B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:         str="2SCC_C"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:         str="2SCC_D"; break;
+case SSL2_ST_GET_SERVER_VERIFY_A:               str="2GSV_A"; break;
+case SSL2_ST_GET_SERVER_VERIFY_B:               str="2GSV_B"; break;
+case SSL2_ST_GET_SERVER_FINISHED_A:             str="2GSF_A"; break;
+case SSL2_ST_GET_SERVER_FINISHED_B:             str="2GSF_B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_A:                str="2GCH_A"; break;
+case SSL2_ST_GET_CLIENT_HELLO_B:                str="2GCH_B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_C:                str="2GCH_C"; break;
+case SSL2_ST_SEND_SERVER_HELLO_A:               str="2SSH_A"; break;
+case SSL2_ST_SEND_SERVER_HELLO_B:               str="2SSH_B"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_A:           str="2GCMKA"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_B:           str="2GCMKA"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_A:              str="2SSV_A"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_B:              str="2SSV_B"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_C:              str="2SSV_C"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_A:             str="2GCF_A"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_B:             str="2GCF_B"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_A:            str="2SSF_A"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_B:            str="2SSF_B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:        str="2SRC_A"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:        str="2SRC_B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:        str="2SRC_C"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:        str="2SRC_D"; break;
+case SSL2_ST_X509_GET_SERVER_CERTIFICATE:       str="2X9GSC"; break;
+case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:       str="2X9GCC"; break;
+#endif
+
+#ifndef OPENSSL_NO_SSL3
+/* SSLv3 additions */
+case SSL3_ST_SW_FLUSH:
+case SSL3_ST_CW_FLUSH:                          str="3FLUSH"; break;
+case SSL3_ST_CW_CLNT_HELLO_A:                   str="3WCH_A"; break;
+case SSL3_ST_CW_CLNT_HELLO_B:                   str="3WCH_B"; break;
+case SSL3_ST_CR_SRVR_HELLO_A:                   str="3RSH_A"; break;
+case SSL3_ST_CR_SRVR_HELLO_B:                   str="3RSH_B"; break;
+case SSL3_ST_CR_CERT_A:                         str="3RSC_A"; break;
+case SSL3_ST_CR_CERT_B:                         str="3RSC_B"; break;
+case SSL3_ST_CR_KEY_EXCH_A:                     str="3RSKEA"; break;
+case SSL3_ST_CR_KEY_EXCH_B:                     str="3RSKEB"; break;
+case SSL3_ST_CR_CERT_REQ_A:                     str="3RCR_A"; break;
+case SSL3_ST_CR_CERT_REQ_B:                     str="3RCR_B"; break;
+case SSL3_ST_CR_SRVR_DONE_A:                    str="3RSD_A"; break;
+case SSL3_ST_CR_SRVR_DONE_B:                    str="3RSD_B"; break;
+case SSL3_ST_CW_CERT_A:                         str="3WCC_A"; break;
+case SSL3_ST_CW_CERT_B:                         str="3WCC_B"; break;
+case SSL3_ST_CW_CERT_C:                         str="3WCC_C"; break;
+case SSL3_ST_CW_CERT_D:                         str="3WCC_D"; break;
+case SSL3_ST_CW_KEY_EXCH_A:                     str="3WCKEA"; break;
+case SSL3_ST_CW_KEY_EXCH_B:                     str="3WCKEB"; break;
+case SSL3_ST_CW_CERT_VRFY_A:                    str="3WCV_A"; break;
+case SSL3_ST_CW_CERT_VRFY_B:                    str="3WCV_B"; break;
+
+case SSL3_ST_SW_CHANGE_A:
+case SSL3_ST_CW_CHANGE_A:                       str="3WCCSA"; break;
+case SSL3_ST_SW_CHANGE_B:
+case SSL3_ST_CW_CHANGE_B:                       str="3WCCSB"; break;
+case SSL3_ST_SW_FINISHED_A:
+case SSL3_ST_CW_FINISHED_A:                     str="3WFINA"; break;
+case SSL3_ST_SW_FINISHED_B:
+case SSL3_ST_CW_FINISHED_B:                     str="3WFINB"; break;
+case SSL3_ST_SR_CHANGE_A:
+case SSL3_ST_CR_CHANGE_A:                       str="3RCCSA"; break;
+case SSL3_ST_SR_CHANGE_B:
+case SSL3_ST_CR_CHANGE_B:                       str="3RCCSB"; break;
+case SSL3_ST_SR_FINISHED_A:
+case SSL3_ST_CR_FINISHED_A:                     str="3RFINA"; break;
+case SSL3_ST_SR_FINISHED_B:
+case SSL3_ST_CR_FINISHED_B:                     str="3RFINB"; break;
+
+case SSL3_ST_SW_HELLO_REQ_A:                    str="3WHR_A"; break;
+case SSL3_ST_SW_HELLO_REQ_B:                    str="3WHR_B"; break;
+case SSL3_ST_SW_HELLO_REQ_C:                    str="3WHR_C"; break;
+case SSL3_ST_SR_CLNT_HELLO_A:                   str="3RCH_A"; break;
+case SSL3_ST_SR_CLNT_HELLO_B:                   str="3RCH_B"; break;
+case SSL3_ST_SR_CLNT_HELLO_C:                   str="3RCH_C"; break;
+case SSL3_ST_SW_SRVR_HELLO_A:                   str="3WSH_A"; break;
+case SSL3_ST_SW_SRVR_HELLO_B:                   str="3WSH_B"; break;
+case SSL3_ST_SW_CERT_A:                         str="3WSC_A"; break;
+case SSL3_ST_SW_CERT_B:                         str="3WSC_B"; break;
+case SSL3_ST_SW_KEY_EXCH_A:                     str="3WSKEA"; break;
+case SSL3_ST_SW_KEY_EXCH_B:                     str="3WSKEB"; break;
+case SSL3_ST_SW_CERT_REQ_A:                     str="3WCR_A"; break;
+case SSL3_ST_SW_CERT_REQ_B:                     str="3WCR_B"; break;
+case SSL3_ST_SW_SRVR_DONE_A:                    str="3WSD_A"; break;
+case SSL3_ST_SW_SRVR_DONE_B:                    str="3WSD_B"; break;
+case SSL3_ST_SR_CERT_A:                         str="3RCC_A"; break;
+case SSL3_ST_SR_CERT_B:                         str="3RCC_B"; break;
+case SSL3_ST_SR_KEY_EXCH_A:                     str="3RCKEA"; break;
+case SSL3_ST_SR_KEY_EXCH_B:                     str="3RCKEB"; break;
+case SSL3_ST_SR_CERT_VRFY_A:                    str="3RCV_A"; break;
+case SSL3_ST_SR_CERT_VRFY_B:                    str="3RCV_B"; break;
+#endif
+
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+/* SSLv2/v3 compatibility states */
+/* client */
+case SSL23_ST_CW_CLNT_HELLO_A:                  str="23WCHA"; break;
+case SSL23_ST_CW_CLNT_HELLO_B:                  str="23WCHB"; break;
+case SSL23_ST_CR_SRVR_HELLO_A:                  str="23RSHA"; break;
+case SSL23_ST_CR_SRVR_HELLO_B:                  str="23RSHA"; break;
+/* server */
+case SSL23_ST_SR_CLNT_HELLO_A:                  str="23RCHA"; break;
+case SSL23_ST_SR_CLNT_HELLO_B:                  str="23RCHB"; break;
+#endif
+
+default:                                        str="UNKWN "; break;
+                }
+        return(str);
+        }
+
+const char *SSL_alert_type_string_long(int value)
+        {
+        value>>=8;
+        if (value == SSL3_AL_WARNING)
+                return("warning");
+        else if (value == SSL3_AL_FATAL)
+                return("fatal");
+        else
+                return("unknown");
+        }
+
+const char *SSL_alert_type_string(int value)
+        {
+        value>>=8;
+        if (value == SSL3_AL_WARNING)
+                return("W");
+        else if (value == SSL3_AL_FATAL)
+                return("F");
+        else
+                return("U");
+        }
+
+const char *SSL_alert_desc_string(int value)
+        {
+        const char *str;
+
+        switch (value & 0xff)
+                {
+        case SSL3_AD_CLOSE_NOTIFY:              str="CN"; break;
+        case SSL3_AD_UNEXPECTED_MESSAGE:        str="UM"; break;
+        case SSL3_AD_BAD_RECORD_MAC:            str="BM"; break;
+        case SSL3_AD_DECOMPRESSION_FAILURE:     str="DF"; break;
+        case SSL3_AD_HANDSHAKE_FAILURE:         str="HF"; break;
+        case SSL3_AD_NO_CERTIFICATE:            str="NC"; break;
+        case SSL3_AD_BAD_CERTIFICATE:           str="BC"; break;
+        case SSL3_AD_UNSUPPORTED_CERTIFICATE:   str="UC"; break;
+        case SSL3_AD_CERTIFICATE_REVOKED:       str="CR"; break;
+        case SSL3_AD_CERTIFICATE_EXPIRED:       str="CE"; break;
+        case SSL3_AD_CERTIFICATE_UNKNOWN:       str="CU"; break;
+        case SSL3_AD_ILLEGAL_PARAMETER:         str="IP"; break;
+        case TLS1_AD_DECRYPTION_FAILED:         str="DC"; break;
+        case TLS1_AD_RECORD_OVERFLOW:           str="RO"; break;
+        case TLS1_AD_UNKNOWN_CA:                str="CA"; break;
+        case TLS1_AD_ACCESS_DENIED:             str="AD"; break;
+        case TLS1_AD_DECODE_ERROR:              str="DE"; break;
+        case TLS1_AD_DECRYPT_ERROR:             str="CY"; break;
+        case TLS1_AD_EXPORT_RESTRICTION:        str="ER"; break;
+        case TLS1_AD_PROTOCOL_VERSION:          str="PV"; break;
+        case TLS1_AD_INSUFFICIENT_SECURITY:     str="IS"; break;
+        case TLS1_AD_INTERNAL_ERROR:            str="IE"; break;
+        case TLS1_AD_USER_CANCELLED:            str="US"; break;
+        case TLS1_AD_NO_RENEGOTIATION:          str="NR"; break;
+        default:                                str="UK"; break;
+                }
+        return(str);
+        }
+
+const char *SSL_alert_desc_string_long(int value)
+        {
+        const char *str;
+
+        switch (value & 0xff)
+                {
+        case SSL3_AD_CLOSE_NOTIFY:
+                str="close notify";
+                break;
+        case SSL3_AD_UNEXPECTED_MESSAGE:
+                str="unexpected_message";
+                break;
+        case SSL3_AD_BAD_RECORD_MAC:
+                str="bad record mac";
+                break;
+        case SSL3_AD_DECOMPRESSION_FAILURE:
+                str="decompression failure";
+                break;
+        case SSL3_AD_HANDSHAKE_FAILURE:
+                str="handshake failure";
+                break;
+        case SSL3_AD_NO_CERTIFICATE:
+                str="no certificate";
+                break;
+        case SSL3_AD_BAD_CERTIFICATE:
+                str="bad certificate";
+                break;
+        case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+                str="unsupported certificate";
+                break;
+        case SSL3_AD_CERTIFICATE_REVOKED:
+                str="certificate revoked";
+                break;
+        case SSL3_AD_CERTIFICATE_EXPIRED:
+                str="certificate expired";
+                break;
+        case SSL3_AD_CERTIFICATE_UNKNOWN:
+                str="certificate unknown";
+                break;
+        case SSL3_AD_ILLEGAL_PARAMETER:
+                str="illegal parameter";
+                break;
+        case TLS1_AD_DECRYPTION_FAILED:
+                str="decryption failed";
+                break;
+        case TLS1_AD_RECORD_OVERFLOW:
+                str="record overflow";
+                break;
+        case TLS1_AD_UNKNOWN_CA:
+                str="unknown CA";
+                break;
+        case TLS1_AD_ACCESS_DENIED:
+                str="access denied";
+                break;
+        case TLS1_AD_DECODE_ERROR:
+                str="decode error";
+                break;
+        case TLS1_AD_DECRYPT_ERROR:
+                str="decrypt error";
+                break;
+        case TLS1_AD_EXPORT_RESTRICTION:
+                str="export restriction";
+                break;
+        case TLS1_AD_PROTOCOL_VERSION:
+                str="protocol version";
+                break;
+        case TLS1_AD_INSUFFICIENT_SECURITY:
+                str="insufficient security";
+                break;
+        case TLS1_AD_INTERNAL_ERROR:
+                str="internal error";
+                break;
+        case TLS1_AD_USER_CANCELLED:
+                str="user canceled";
+                break;
+        case TLS1_AD_NO_RENEGOTIATION:
+                str="no renegotiation";
+                break;
+        default: str="unknown"; break;
+                }
+        return(str);
+        }
+
+const char *SSL_rstate_string(const SSL *s)
+        {
+        const char *str;
+
+        switch (s->rstate)
+                {
+        case SSL_ST_READ_HEADER:str="RH"; break;
+        case SSL_ST_READ_BODY:  str="RB"; break;
+        case SSL_ST_READ_DONE:  str="RD"; break;
+        default: str="unknown"; break;
+                }
+        return(str);
+        }
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
new file mode 100644
index 0000000000..40b76b1b26
--- /dev/null
+++ b/src/lib/libssl/ssl_txt.c
@@ -0,0 +1,186 @@
+/* ssl/ssl_txt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/buffer.h>
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_FP_API
+int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file_internal())) == NULL)
+                {
+                SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=SSL_SESSION_print(b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
+        {
+        unsigned int i;
+        char *s;
+
+        if (x == NULL) goto err;
+        if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
+        if (x->ssl_version == SSL2_VERSION)
+                s="SSLv2";
+        else if (x->ssl_version == SSL3_VERSION)
+                s="SSLv3";
+        else if (x->ssl_version == TLS1_VERSION)
+                s="TLSv1";
+        else
+                s="unknown";
+        if (BIO_printf(bp,"    Protocol  : %s\n",s) <= 0) goto err;
+
+        if (x->cipher == NULL)
+                {
+                if (((x->cipher_id) & 0xff000000) == 0x02000000)
+                        {
+                        if (BIO_printf(bp,"    Cipher    : %06lX\n",x->cipher_id&0xffffff) <= 0)
+                                goto err;
+                        }
+                else
+                        {
+                        if (BIO_printf(bp,"    Cipher    : %04lX\n",x->cipher_id&0xffff) <= 0)
+                                goto err;
+                        }
+                }
+        else
+                {
+                if (BIO_printf(bp,"    Cipher    : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
+                        goto err;
+                }
+        if (BIO_puts(bp,"    Session-ID: ") <= 0) goto err;
+        for (i=0; i<x->session_id_length; i++)
+                {
+                if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
+                }
+        if (BIO_puts(bp,"\n    Session-ID-ctx: ") <= 0) goto err;
+        for (i=0; i<x->sid_ctx_length; i++)
+                {
+                if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
+                        goto err;
+                }
+        if (BIO_puts(bp,"\n    Master-Key: ") <= 0) goto err;
+        for (i=0; i<(unsigned int)x->master_key_length; i++)
+                {
+                if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
+                }
+        if (BIO_puts(bp,"\n    Key-Arg   : ") <= 0) goto err;
+        if (x->key_arg_length == 0)
+                {
+                if (BIO_puts(bp,"None") <= 0) goto err;
+                }
+        else
+                for (i=0; i<x->key_arg_length; i++)
+                        {
+                        if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
+                        }
+#ifndef OPENSSL_NO_KRB5
+       if (BIO_puts(bp,"\n    Krb5 Principal: ") <= 0) goto err;
+            if (x->krb5_client_princ_len == 0)
+            {
+                if (BIO_puts(bp,"None") <= 0) goto err;
+                }
+        else
+                for (i=0; i<x->krb5_client_princ_len; i++)
+                        {
+                        if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
+                        }
+#endif /* OPENSSL_NO_KRB5 */
+        if (x->compress_meth != 0)
+                {
+                SSL_COMP *comp;
+
+                ssl_cipher_get_evp(x,NULL,NULL,&comp);
+                if (comp == NULL)
+                        {
+                        if (BIO_printf(bp,"\n   Compression: %d",x->compress_meth) <= 0) goto err;
+                        }
+                else
+                        {
+                        if (BIO_printf(bp,"\n   Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
+                        }
+                }       
+        if (x->time != 0L)
+                {
+                if (BIO_printf(bp, "\n    Start Time: %ld",x->time) <= 0) goto err;
+                }
+        if (x->timeout != 0L)
+                {
+                if (BIO_printf(bp, "\n    Timeout   : %ld (sec)",x->timeout) <= 0) goto err;
+                }
+        if (BIO_puts(bp,"\n") <= 0) goto err;
+
+        if (BIO_puts(bp, "    Verify return code: ") <= 0) goto err;
+        if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
+                X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
+                
+        return(1);
+err:
+        return(0);
+        }
+
diff --git a/src/lib/libssl/ssleay.cnf b/src/lib/libssl/ssleay.cnf
new file mode 100644
index 0000000000..c6480ee465
--- /dev/null
+++ b/src/lib/libssl/ssleay.cnf
@@ -0,0 +1,65 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE                = /dev/arandom
+
+####################################################################
+[ req ]
+default_bits            = 1024
+default_keyfile         = privkey.pem
+distinguished_name      = req_distinguished_name
+attributes              = req_attributes
+
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+#countryName_default            = AU
+countryName_min                 = 2
+countryName_max                 = 2
+
+stateOrProvinceName             = State or Province Name (full name)
+#stateOrProvinceName_default    = Some-State
+
+localityName                    = Locality Name (eg, city)
+
+0.organizationName              = Organization Name (eg, company)
+#0.organizationName_default     = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName             = Second Organization Name (eg, company)
+#1.organizationName_default     = CryptSoft Pty Ltd
+
+organizationalUnitName          = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName                      = Common Name (eg, fully qualified host name)
+commonName_max                  = 64
+
+emailAddress                    = Email Address
+emailAddress_max                = 64
+
+[ req_attributes ]
+challengePassword               = A challenge password
+challengePassword_min           = 4
+challengePassword_max           = 20
+
+unstructuredName                = An optional company name
+
+[ x509v3_extensions ]
+
+nsCaRevocationUrl               = http://www.cryptsoft.com/ca-crl.pem
+nsComment                       = "This is a comment"
+
+# under ASN.1, the 0 bit would be encoded as 80
+nsCertType                      = 0x40
+
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+#nsCertSequence
+#nsCertExt
+#nsDataType
+
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
new file mode 100644
index 0000000000..57205fb429
--- /dev/null
+++ b/src/lib/libssl/t1_clnt.c
@@ -0,0 +1,97 @@
+/* ssl/t1_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+
+static SSL_METHOD *tls1_get_client_method(int ver);
+static SSL_METHOD *tls1_get_client_method(int ver)
+        {
+        if (ver == TLS1_VERSION)
+                return(TLSv1_client_method());
+        else
+                return(NULL);
+        }
+
+SSL_METHOD *TLSv1_client_method(void)
+        {
+        static int init=1;
+        static SSL_METHOD TLSv1_client_data;
+
+        if (init)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+                                sizeof(SSL_METHOD));
+                        TLSv1_client_data.ssl_connect=ssl3_connect;
+                        TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+                        init=0;
+                        }
+                
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+                }
+        return(&TLSv1_client_data);
+        }
+
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
new file mode 100644
index 0000000000..271e247eea
--- /dev/null
+++ b/src/lib/libssl/t1_enc.c
@@ -0,0 +1,814 @@
+/* ssl/t1_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/comp.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/md5.h>
+
+static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+                        int sec_len, unsigned char *seed, int seed_len,
+                        unsigned char *out, int olen)
+        {
+        int chunk,n;
+        unsigned int j;
+        HMAC_CTX ctx;
+        HMAC_CTX ctx_tmp;
+        unsigned char A1[EVP_MAX_MD_SIZE];
+        unsigned int A1_len;
+        
+        chunk=EVP_MD_size(md);
+
+        HMAC_CTX_init(&ctx);
+        HMAC_CTX_init(&ctx_tmp);
+        HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
+        HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
+        HMAC_Update(&ctx,seed,seed_len);
+        HMAC_Final(&ctx,A1,&A1_len);
+
+        n=0;
+        for (;;)
+                {
+                HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
+                HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
+                HMAC_Update(&ctx,A1,A1_len);
+                HMAC_Update(&ctx_tmp,A1,A1_len);
+                HMAC_Update(&ctx,seed,seed_len);
+
+                if (olen > chunk)
+                        {
+                        HMAC_Final(&ctx,out,&j);
+                        out+=j;
+                        olen-=j;
+                        HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
+                        }
+                else    /* last one */
+                        {
+                        HMAC_Final(&ctx,A1,&A1_len);
+                        memcpy(out,A1,olen);
+                        break;
+                        }
+                }
+        HMAC_CTX_cleanup(&ctx);
+        HMAC_CTX_cleanup(&ctx_tmp);
+        OPENSSL_cleanse(A1,sizeof(A1));
+        }
+
+static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+                     unsigned char *label, int label_len,
+                     const unsigned char *sec, int slen, unsigned char *out1,
+                     unsigned char *out2, int olen)
+        {
+        int len,i;
+        const unsigned char *S1,*S2;
+
+        len=slen/2;
+        S1=sec;
+        S2= &(sec[len]);
+        len+=(slen&1); /* add for odd, make longer */
+
+        
+        tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
+        tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
+
+        for (i=0; i<olen; i++)
+                out1[i]^=out2[i];
+        }
+
+static void tls1_generate_key_block(SSL *s, unsigned char *km,
+             unsigned char *tmp, int num)
+        {
+        unsigned char *p;
+        unsigned char buf[SSL3_RANDOM_SIZE*2+
+                TLS_MD_MAX_CONST_SIZE];
+        p=buf;
+
+        memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
+                TLS_MD_KEY_EXPANSION_CONST_SIZE);
+        p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
+        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
+                 s->session->master_key,s->session->master_key_length,
+                 km,tmp,num);
+#ifdef KSSL_DEBUG
+        printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
+                s->session->master_key_length);
+        {
+        int i;
+        for (i=0; i < s->session->master_key_length; i++)
+                {
+                printf("%02X", s->session->master_key[i]);
+                }
+        printf("\n");  }
+#endif    /* KSSL_DEBUG */
+        }
+
+int tls1_change_cipher_state(SSL *s, int which)
+        {
+        static const unsigned char empty[]="";
+        unsigned char *p,*key_block,*mac_secret;
+        unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
+                SSL3_RANDOM_SIZE*2];
+        unsigned char tmp1[EVP_MAX_KEY_LENGTH];
+        unsigned char tmp2[EVP_MAX_KEY_LENGTH];
+        unsigned char iv1[EVP_MAX_IV_LENGTH*2];
+        unsigned char iv2[EVP_MAX_IV_LENGTH*2];
+        unsigned char *ms,*key,*iv,*er1,*er2;
+        int client_write;
+        EVP_CIPHER_CTX *dd;
+        const EVP_CIPHER *c;
+        const SSL_COMP *comp;
+        const EVP_MD *m;
+        int is_export,n,i,j,k,exp_label_len,cl;
+        int reuse_dd = 0;
+
+        is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+        c=s->s3->tmp.new_sym_enc;
+        m=s->s3->tmp.new_hash;
+        comp=s->s3->tmp.new_compression;
+        key_block=s->s3->tmp.key_block;
+
+#ifdef KSSL_DEBUG
+        printf("tls1_change_cipher_state(which= %d) w/\n", which);
+        printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
+                comp);
+        printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
+        printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
+                c->nid,c->block_size,c->key_len,c->iv_len);
+        printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
+        {
+        int i;
+        for (i=0; i<s->s3->tmp.key_block_length; i++)
+                printf("%02x", key_block[i]);  printf("\n");
+        }
+#endif  /* KSSL_DEBUG */
+
+        if (which & SSL3_CC_READ)
+                {
+                if (s->enc_read_ctx != NULL)
+                        reuse_dd = 1;
+                else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+                        goto err;
+                dd= s->enc_read_ctx;
+                s->read_hash=m;
+                if (s->expand != NULL)
+                        {
+                        COMP_CTX_free(s->expand);
+                        s->expand=NULL;
+                        }
+                if (comp != NULL)
+                        {
+                        s->expand=COMP_CTX_new(comp->method);
+                        if (s->expand == NULL)
+                                {
+                                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+                                goto err2;
+                                }
+                        if (s->s3->rrec.comp == NULL)
+                                s->s3->rrec.comp=(unsigned char *)
+                                        OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+                        if (s->s3->rrec.comp == NULL)
+                                goto err;
+                        }
+                memset(&(s->s3->read_sequence[0]),0,8);
+                mac_secret= &(s->s3->read_mac_secret[0]);
+                }
+        else
+                {
+                if (s->enc_write_ctx != NULL)
+                        reuse_dd = 1;
+                else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+                        goto err;
+                if ((s->enc_write_ctx == NULL) &&
+                        ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
+                        OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        goto err;
+                dd= s->enc_write_ctx;
+                s->write_hash=m;
+                if (s->compress != NULL)
+                        {
+                        COMP_CTX_free(s->compress);
+                        s->compress=NULL;
+                        }
+                if (comp != NULL)
+                        {
+                        s->compress=COMP_CTX_new(comp->method);
+                        if (s->compress == NULL)
+                                {
+                                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+                                goto err2;
+                                }
+                        }
+                memset(&(s->s3->write_sequence[0]),0,8);
+                mac_secret= &(s->s3->write_mac_secret[0]);
+                }
+
+        if (reuse_dd)
+                EVP_CIPHER_CTX_cleanup(dd);
+        EVP_CIPHER_CTX_init(dd);
+
+        p=s->s3->tmp.key_block;
+        i=EVP_MD_size(m);
+        cl=EVP_CIPHER_key_length(c);
+        j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+                       cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+        /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+        k=EVP_CIPHER_iv_length(c);
+        er1= &(s->s3->client_random[0]);
+        er2= &(s->s3->server_random[0]);
+        if (    (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+                (which == SSL3_CHANGE_CIPHER_SERVER_READ))
+                {
+                ms=  &(p[ 0]); n=i+i;
+                key= &(p[ n]); n+=j+j;
+                iv=  &(p[ n]); n+=k+k;
+                exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
+                exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
+                client_write=1;
+                }
+        else
+                {
+                n=i;
+                ms=  &(p[ n]); n+=i+j;
+                key= &(p[ n]); n+=j+k;
+                iv=  &(p[ n]); n+=k;
+                exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
+                exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
+                client_write=0;
+                }
+
+        if (n > s->s3->tmp.key_block_length)
+                {
+                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
+                goto err2;
+                }
+
+        memcpy(mac_secret,ms,i);
+#ifdef TLS_DEBUG
+printf("which = %04X\nmac key=",which);
+{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
+#endif
+        if (is_export)
+                {
+                /* In here I set both the read and write key/iv to the
+                 * same value since only the correct one will be used :-).
+                 */
+                p=buf;
+                memcpy(p,exp_label,exp_label_len);
+                p+=exp_label_len;
+                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+                tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
+                         tmp1,tmp2,EVP_CIPHER_key_length(c));
+                key=tmp1;
+
+                if (k > 0)
+                        {
+                        p=buf;
+                        memcpy(p,TLS_MD_IV_BLOCK_CONST,
+                                TLS_MD_IV_BLOCK_CONST_SIZE);
+                        p+=TLS_MD_IV_BLOCK_CONST_SIZE;
+                        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+                        p+=SSL3_RANDOM_SIZE;
+                        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                        p+=SSL3_RANDOM_SIZE;
+                        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
+                                 iv1,iv2,k*2);
+                        if (client_write)
+                                iv=iv1;
+                        else
+                                iv= &(iv1[k]);
+                        }
+                }
+
+        s->session->key_arg_length=0;
+#ifdef KSSL_DEBUG
+        {
+        int i;
+        printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
+        printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
+        printf("\n");
+        printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
+        printf("\n");
+        }
+#endif  /* KSSL_DEBUG */
+
+        EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
+#ifdef TLS_DEBUG
+printf("which = %04X\nkey=",which);
+{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
+printf("\niv=");
+{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
+printf("\n");
+#endif
+
+        OPENSSL_cleanse(tmp1,sizeof(tmp1));
+        OPENSSL_cleanse(tmp2,sizeof(tmp1));
+        OPENSSL_cleanse(iv1,sizeof(iv1));
+        OPENSSL_cleanse(iv2,sizeof(iv2));
+        return(1);
+err:
+        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+err2:
+        return(0);
+        }
+
+int tls1_setup_key_block(SSL *s)
+        {
+        unsigned char *p1,*p2;
+        const EVP_CIPHER *c;
+        const EVP_MD *hash;
+        int num;
+        SSL_COMP *comp;
+
+#ifdef KSSL_DEBUG
+        printf ("tls1_setup_key_block()\n");
+#endif  /* KSSL_DEBUG */
+
+        if (s->s3->tmp.key_block_length != 0)
+                return(1);
+
+        if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
+                {
+                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+                return(0);
+                }
+
+        s->s3->tmp.new_sym_enc=c;
+        s->s3->tmp.new_hash=hash;
+
+        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
+        num*=2;
+
+        ssl3_cleanup_key_block(s);
+
+        if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+                goto err;
+        if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+                goto err;
+
+        s->s3->tmp.key_block_length=num;
+        s->s3->tmp.key_block=p1;
+
+
+#ifdef TLS_DEBUG
+printf("client random\n");
+{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
+printf("server random\n");
+{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
+printf("pre-master\n");
+{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+#endif
+        tls1_generate_key_block(s,p1,p2,num);
+        OPENSSL_cleanse(p2,num);
+        OPENSSL_free(p2);
+#ifdef TLS_DEBUG
+printf("\nkey block\n");
+{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
+#endif
+
+        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+                {
+                /* enable vulnerability countermeasure for CBC ciphers with
+                 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+                 */
+                s->s3->need_empty_fragments = 1;
+
+                if (s->session->cipher != NULL)
+                        {
+                        if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+                                s->s3->need_empty_fragments = 0;
+                        
+#ifndef OPENSSL_NO_RC4
+                        if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+                                s->s3->need_empty_fragments = 0;
+#endif
+                        }
+                }
+
+        return(1);
+err:
+        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
+
+int tls1_enc(SSL *s, int send)
+        {
+        SSL3_RECORD *rec;
+        EVP_CIPHER_CTX *ds;
+        unsigned long l;
+        int bs,i,ii,j,k,n=0;
+        const EVP_CIPHER *enc;
+
+        if (send)
+                {
+                if (s->write_hash != NULL)
+                        n=EVP_MD_size(s->write_hash);
+                ds=s->enc_write_ctx;
+                rec= &(s->s3->wrec);
+                if (s->enc_write_ctx == NULL)
+                        enc=NULL;
+                else
+                        enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+                }
+        else
+                {
+                if (s->read_hash != NULL)
+                        n=EVP_MD_size(s->read_hash);
+                ds=s->enc_read_ctx;
+                rec= &(s->s3->rrec);
+                if (s->enc_read_ctx == NULL)
+                        enc=NULL;
+                else
+                        enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+                }
+
+#ifdef KSSL_DEBUG
+        printf("tls1_enc(%d)\n", send);
+#endif    /* KSSL_DEBUG */
+
+        if ((s->session == NULL) || (ds == NULL) ||
+                (enc == NULL))
+                {
+                memmove(rec->data,rec->input,rec->length);
+                rec->input=rec->data;
+                }
+        else
+                {
+                l=rec->length;
+                bs=EVP_CIPHER_block_size(ds->cipher);
+
+                if ((bs != 1) && send)
+                        {
+                        i=bs-((int)l%bs);
+
+                        /* Add weird padding of upto 256 bytes */
+
+                        /* we need to add 'i' padding bytes of value j */
+                        j=i-1;
+                        if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
+                                {
+                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+                                        j++;
+                                }
+                        for (k=(int)l; k<(int)(l+i); k++)
+                                rec->input[k]=j;
+                        l+=i;
+                        rec->length+=i;
+                        }
+
+#ifdef KSSL_DEBUG
+                {
+                unsigned long ui;
+                printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+                        ds,rec->data,rec->input,l);
+                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+                        ds->buf_len, ds->cipher->key_len,
+                        DES_KEY_SZ, DES_SCHEDULE_SZ,
+                        ds->cipher->iv_len);
+                printf("\t\tIV: ");
+                for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
+                printf("\n");
+                printf("\trec->input=");
+                for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
+                printf("\n");
+                }
+#endif  /* KSSL_DEBUG */
+
+                if (!send)
+                        {
+                        if (l == 0 || l%bs != 0)
+                                {
+                                SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+                                return 0;
+                                }
+                        }
+                
+                EVP_Cipher(ds,rec->data,rec->input,l);
+
+#ifdef KSSL_DEBUG
+                {
+                unsigned long i;
+                printf("\trec->data=");
+                for (i=0; i<l; i++)
+                        printf(" %02x", rec->data[i]);  printf("\n");
+                }
+#endif  /* KSSL_DEBUG */
+
+                if ((bs != 1) && !send)
+                        {
+                        ii=i=rec->data[l-1]; /* padding_length */
+                        i++;
+                        if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+                                {
+                                /* First packet is even in size, so check */
+                                if ((memcmp(s->s3->read_sequence,
+                                        "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+                                        s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+                                        i--;
+                                }
+                        /* TLS 1.0 does not bound the number of padding bytes by the block size.
+                         * All of them must have value 'padding_length'. */
+                        if (i > (int)rec->length)
+                                {
+                                /* Incorrect padding. SSLerr() and ssl3_alert are done
+                                 * by caller: we don't want to reveal whether this is
+                                 * a decryption error or a MAC verification failure
+                                 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+                                return -1;
+                                }
+                        for (j=(int)(l-i); j<(int)l; j++)
+                                {
+                                if (rec->data[j] != ii)
+                                        {
+                                        /* Incorrect padding */
+                                        return -1;
+                                        }
+                                }
+                        rec->length-=i;
+                        }
+                }
+        return(1);
+        }
+
+int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
+        {
+        unsigned int ret;
+        EVP_MD_CTX ctx;
+
+        EVP_MD_CTX_init(&ctx);
+        EVP_MD_CTX_copy_ex(&ctx,in_ctx);
+        EVP_DigestFinal_ex(&ctx,out,&ret);
+        EVP_MD_CTX_cleanup(&ctx);
+        return((int)ret);
+        }
+
+int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+             const char *str, int slen, unsigned char *out)
+        {
+        unsigned int i;
+        EVP_MD_CTX ctx;
+        unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+        unsigned char *q,buf2[12];
+
+        q=buf;
+        memcpy(q,str,slen);
+        q+=slen;
+
+        EVP_MD_CTX_init(&ctx);
+        EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
+        EVP_DigestFinal_ex(&ctx,q,&i);
+        q+=i;
+        EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
+        EVP_DigestFinal_ex(&ctx,q,&i);
+        q+=i;
+
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
+                s->session->master_key,s->session->master_key_length,
+                out,buf2,sizeof buf2);
+        EVP_MD_CTX_cleanup(&ctx);
+
+        return sizeof buf2;
+        }
+
+int tls1_mac(SSL *ssl, unsigned char *md, int send)
+        {
+        SSL3_RECORD *rec;
+        unsigned char *mac_sec,*seq;
+        const EVP_MD *hash;
+        unsigned int md_size;
+        int i;
+        HMAC_CTX hmac;
+        unsigned char buf[5]; 
+
+        if (send)
+                {
+                rec= &(ssl->s3->wrec);
+                mac_sec= &(ssl->s3->write_mac_secret[0]);
+                seq= &(ssl->s3->write_sequence[0]);
+                hash=ssl->write_hash;
+                }
+        else
+                {
+                rec= &(ssl->s3->rrec);
+                mac_sec= &(ssl->s3->read_mac_secret[0]);
+                seq= &(ssl->s3->read_sequence[0]);
+                hash=ssl->read_hash;
+                }
+
+        md_size=EVP_MD_size(hash);
+
+        buf[0]=rec->type;
+        buf[1]=TLS1_VERSION_MAJOR;
+        buf[2]=TLS1_VERSION_MINOR;
+        buf[3]=rec->length>>8;
+        buf[4]=rec->length&0xff;
+
+        /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+        HMAC_CTX_init(&hmac);
+        HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
+        HMAC_Update(&hmac,seq,8);
+        HMAC_Update(&hmac,buf,5);
+        HMAC_Update(&hmac,rec->input,rec->length);
+        HMAC_Final(&hmac,md,&md_size);
+        HMAC_CTX_cleanup(&hmac);
+
+#ifdef TLS_DEBUG
+printf("sec=");
+{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
+printf("seq=");
+{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
+printf("buf=");
+{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
+printf("rec=");
+{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
+#endif
+
+        for (i=7; i>=0; i--)
+                {
+                ++seq[i];
+                if (seq[i] != 0) break; 
+                }
+
+#ifdef TLS_DEBUG
+{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
+#endif
+        return(md_size);
+        }
+
+int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+             int len)
+        {
+        unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
+        unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
+
+#ifdef KSSL_DEBUG
+        printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
+#endif  /* KSSL_DEBUG */
+
+        /* Setup the stuff to munge */
+        memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
+                TLS_MD_MASTER_SECRET_CONST_SIZE);
+        memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
+                s->s3->client_random,SSL3_RANDOM_SIZE);
+        memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
+                s->s3->server_random,SSL3_RANDOM_SIZE);
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,
+                buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
+                s->session->master_key,buff,sizeof buff);
+#ifdef KSSL_DEBUG
+        printf ("tls1_generate_master_secret() complete\n");
+#endif  /* KSSL_DEBUG */
+        return(SSL3_MASTER_SECRET_SIZE);
+        }
+
+int tls1_alert_code(int code)
+        {
+        switch (code)
+                {
+        case SSL_AD_CLOSE_NOTIFY:       return(SSL3_AD_CLOSE_NOTIFY);
+        case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
+        case SSL_AD_BAD_RECORD_MAC:     return(SSL3_AD_BAD_RECORD_MAC);
+        case SSL_AD_DECRYPTION_FAILED:  return(TLS1_AD_DECRYPTION_FAILED);
+        case SSL_AD_RECORD_OVERFLOW:    return(TLS1_AD_RECORD_OVERFLOW);
+        case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
+        case SSL_AD_HANDSHAKE_FAILURE:  return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_NO_CERTIFICATE:     return(-1);
+        case SSL_AD_BAD_CERTIFICATE:    return(SSL3_AD_BAD_CERTIFICATE);
+        case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
+        case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
+        case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
+        case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
+        case SSL_AD_ILLEGAL_PARAMETER:  return(SSL3_AD_ILLEGAL_PARAMETER);
+        case SSL_AD_UNKNOWN_CA:         return(TLS1_AD_UNKNOWN_CA);
+        case SSL_AD_ACCESS_DENIED:      return(TLS1_AD_ACCESS_DENIED);
+        case SSL_AD_DECODE_ERROR:       return(TLS1_AD_DECODE_ERROR);
+        case SSL_AD_DECRYPT_ERROR:      return(TLS1_AD_DECRYPT_ERROR);
+        case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
+        case SSL_AD_PROTOCOL_VERSION:   return(TLS1_AD_PROTOCOL_VERSION);
+        case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
+        case SSL_AD_INTERNAL_ERROR:     return(TLS1_AD_INTERNAL_ERROR);
+        case SSL_AD_USER_CANCELLED:     return(TLS1_AD_USER_CANCELLED);
+        case SSL_AD_NO_RENEGOTIATION:   return(TLS1_AD_NO_RENEGOTIATION);
+        default:                        return(-1);
+                }
+        }
+
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
new file mode 100644
index 0000000000..ca6c03d5af
--- /dev/null
+++ b/src/lib/libssl/t1_lib.c
@@ -0,0 +1,149 @@
+/* ssl/t1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+const char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT;
+
+static long tls1_default_timeout(void);
+
+static SSL3_ENC_METHOD TLSv1_enc_data={
+        tls1_enc,
+        tls1_mac,
+        tls1_setup_key_block,
+        tls1_generate_master_secret,
+        tls1_change_cipher_state,
+        tls1_final_finish_mac,
+        TLS1_FINISH_MAC_LENGTH,
+        tls1_cert_verify_mac,
+        TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
+        TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
+        tls1_alert_code,
+        };
+
+static SSL_METHOD TLSv1_data= {
+        TLS1_VERSION,
+        tls1_new,
+        tls1_clear,
+        tls1_free,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl3_read,
+        ssl3_peek,
+        ssl3_write,
+        ssl3_shutdown,
+        ssl3_renegotiate,
+        ssl3_renegotiate_check,
+        ssl3_ctrl,
+        ssl3_ctx_ctrl,
+        ssl3_get_cipher_by_char,
+        ssl3_put_cipher_by_char,
+        ssl3_pending,
+        ssl3_num_ciphers,
+        ssl3_get_cipher,
+        ssl_bad_method,
+        tls1_default_timeout,
+        &TLSv1_enc_data,
+        ssl_undefined_function,
+        ssl3_callback_ctrl,
+        ssl3_ctx_callback_ctrl,
+        };
+
+static long tls1_default_timeout(void)
+        {
+        /* 2 hours, the 24 hours mentioned in the TLSv1 spec
+         * is way too long for http, the cache would over fill */
+        return(60*60*2);
+        }
+
+SSL_METHOD *tlsv1_base_method(void)
+        {
+        return(&TLSv1_data);
+        }
+
+int tls1_new(SSL *s)
+        {
+        if (!ssl3_new(s)) return(0);
+        s->method->ssl_clear(s);
+        return(1);
+        }
+
+void tls1_free(SSL *s)
+        {
+        ssl3_free(s);
+        }
+
+void tls1_clear(SSL *s)
+        {
+        ssl3_clear(s);
+        s->version=TLS1_VERSION;
+        }
+
+#if 0
+long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)
+        {
+        return(0);
+        }
+
+long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)())
+        {
+        return(0);
+        }
+#endif
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
new file mode 100644
index 0000000000..fcc243f782
--- /dev/null
+++ b/src/lib/libssl/t1_meth.c
@@ -0,0 +1,96 @@
+/* ssl/t1_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+static SSL_METHOD *tls1_get_method(int ver);
+static SSL_METHOD *tls1_get_method(int ver)
+        {
+        if (ver == TLS1_VERSION)
+                return(TLSv1_method());
+        else
+                return(NULL);
+        }
+
+SSL_METHOD *TLSv1_method(void)
+        {
+        static int init=1;
+        static SSL_METHOD TLSv1_data;
+
+        if (init)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+                
+                if (init)
+                        {
+                        memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+                                sizeof(SSL_METHOD));
+                        TLSv1_data.ssl_connect=ssl3_connect;
+                        TLSv1_data.ssl_accept=ssl3_accept;
+                        TLSv1_data.get_ssl_method=tls1_get_method;
+                        init=0;
+                        }
+
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+                }
+        
+        return(&TLSv1_data);
+        }
+
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
new file mode 100644
index 0000000000..1c1149e49f
--- /dev/null
+++ b/src/lib/libssl/t1_srvr.c
@@ -0,0 +1,98 @@
+/* ssl/t1_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+static SSL_METHOD *tls1_get_server_method(int ver);
+static SSL_METHOD *tls1_get_server_method(int ver)
+        {
+        if (ver == TLS1_VERSION)
+                return(TLSv1_server_method());
+        else
+                return(NULL);
+        }
+
+SSL_METHOD *TLSv1_server_method(void)
+        {
+        static int init=1;
+        static SSL_METHOD TLSv1_server_data;
+
+        if (init)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+                                sizeof(SSL_METHOD));
+                        TLSv1_server_data.ssl_accept=ssl3_accept;
+                        TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+                        init=0;
+                        }
+                        
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+                }
+        return(&TLSv1_server_data);
+        }
+
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
new file mode 100644
index 0000000000..b941b7ae15
--- /dev/null
+++ b/src/lib/libssl/test/CAss.cnf
@@ -0,0 +1,25 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE                = ./.rnd
+
+####################################################################
+[ req ]
+default_bits            = 512
+default_keyfile         = keySS.pem
+distinguished_name      = req_distinguished_name
+encrypt_rsa_key         = no
+default_md              = sha1
+
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+countryName_default             = AU
+countryName_value               = AU
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Dodgy Brothers
+
+commonName                      = Common Name (eg, YOUR name)
+commonName_value                = Dodgy CA
diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf
new file mode 100644
index 0000000000..4e0a908679
--- /dev/null
+++ b/src/lib/libssl/test/CAssdh.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DH certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = CU
+countryName_value             = CU
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = La Junta de la Revolucion
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Junta
+
diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf
new file mode 100644
index 0000000000..a6b4d1810c
--- /dev/null
+++ b/src/lib/libssl/test/CAssdsa.cnf
@@ -0,0 +1,23 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = Hermanos Locos
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Hermanos Locos CA
diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf
new file mode 100644
index 0000000000..eb24a6dfc0
--- /dev/null
+++ b/src/lib/libssl/test/CAssrsa.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_key           = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = Hermanos Locos
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Hermanos Locos CA
+
diff --git a/src/lib/libssl/test/Makefile.ssl b/src/lib/libssl/test/Makefile.ssl
new file mode 100644
index 0000000000..373f17a929
--- /dev/null
+++ b/src/lib/libssl/test/Makefile.ssl
@@ -0,0 +1,796 @@
+#
+# test/Makefile.ssl
+#
+
+DIR=            test
+TOP=            ..
+CC=             cc
+INCLUDES=       -I$(TOP) -I../include $(KRB5_INCLUDES)
+CFLAG=          -g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=     /usr/local/ssl
+MAKEFILE=       Makefile.ssl
+MAKE=           make -f $(MAKEFILE)
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+PERL=           perl
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+PEX_LIBS=
+EX_LIBS= #-lnsl -lsocket
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile.ssl maketests.com \
+        tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \
+        tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \
+        testca.com VMSca-response.1 VMSca-response.2
+
+DLIBCRYPTO= ../libcrypto.a
+DLIBSSL= ../libssl.a
+LIBCRYPTO= -L.. -lcrypto
+LIBSSL= -L.. -lssl
+
+BNTEST=         bntest
+ECTEST=         ectest
+EXPTEST=        exptest
+IDEATEST=       ideatest
+SHATEST=        shatest
+SHA1TEST=       sha1test
+MDC2TEST=       mdc2test
+RMDTEST=        rmdtest
+MD2TEST=        md2test
+MD4TEST=        md4test
+MD5TEST=        md5test
+HMACTEST=       hmactest
+RC2TEST=        rc2test
+RC4TEST=        rc4test
+RC5TEST=        rc5test
+BFTEST=         bftest
+CASTTEST=       casttest
+DESTEST=        destest
+RANDTEST=       randtest
+DHTEST=         dhtest
+DSATEST=        dsatest
+METHTEST=       methtest
+SSLTEST=        ssltest
+RSATEST=        rsa_test
+ENGINETEST=     enginetest
+EVPTEST=        evp_test
+
+TESTS=          alltests
+
+EXE=    $(BNTEST) $(ECTEST) $(IDEATEST) $(MD2TEST)  $(MD4TEST) $(MD5TEST) $(HMACTEST) \
+        $(RC2TEST) $(RC4TEST) $(RC5TEST) \
+        $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
+        $(RANDTEST) $(DHTEST) $(ENGINETEST) \
+        $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST) \
+        $(EVPTEST)
+
+# $(METHTEST)
+
+OBJ=    $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
+        $(HMACTEST).o \
+        $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+        $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+        $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
+        $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o \
+        $(EVPTEST).o
+SRC=    $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
+        $(HMACTEST).c \
+        $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+        $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+        $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
+        $(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c \
+        $(EVPTEST).c
+
+EXHEADER= 
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ..; $(MAKE) DIRS=$(DIR) TESTS=$(TESTS) all)
+
+all:    exe
+
+exe:    $(EXE) dummytest
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+
+generate: $(SRC)
+$(SRC):
+        @sh $(TOP)/util/point.sh dummytest.c $@
+
+errors:
+
+install:
+
+tags:
+        ctags $(SRC)
+
+tests:  exe apps $(TESTS)
+
+apps:
+        @(cd ..; $(MAKE) DIRS=apps all)
+
+SET_SO_PATHS=OSSL_LIBPATH="`cd ..; pwd`"; \
+                LD_LIBRARY_PATH="$$OSSL_LIBPATH:$$LD_LIBRARY_PATH"; \
+                DYLD_LIBRARY_PATH="$$OSSL_LIBPATH:$$DYLD_LIBRARY_PATH"; \
+                SHLIB_PATH="$$OSSL_LIBPATH:$$SHLIB_PATH"; \
+                LIBPATH="$$OSSL_LIBPATH:$$LIBPATH"; \
+                if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \
+                export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH
+
+alltests: \
+        test_des test_idea test_sha test_md4 test_md5 test_hmac \
+        test_md2 test_mdc2 \
+        test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+        test_rand test_bn test_ec test_enc test_x509 test_rsa test_crl test_sid \
+        test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
+        test_ss test_ca test_engine test_evp test_ssl
+
+test_evp:
+        $(SET_SO_PATHS); ./$(EVPTEST) evptests.txt
+
+test_des:
+        $(SET_SO_PATHS); ./$(DESTEST)
+
+test_idea:
+        $(SET_SO_PATHS); ./$(IDEATEST)
+
+test_sha:
+        $(SET_SO_PATHS); ./$(SHATEST)
+        $(SET_SO_PATHS); ./$(SHA1TEST)
+
+test_mdc2:
+        $(SET_SO_PATHS); ./$(MDC2TEST)
+
+test_md5:
+        $(SET_SO_PATHS); ./$(MD5TEST)
+
+test_md4:
+        $(SET_SO_PATHS); ./$(MD4TEST)
+
+test_hmac:
+        $(SET_SO_PATHS); ./$(HMACTEST)
+
+test_md2:
+        $(SET_SO_PATHS); ./$(MD2TEST)
+
+test_rmd:
+        $(SET_SO_PATHS); ./$(RMDTEST)
+
+test_bf:
+        $(SET_SO_PATHS); ./$(BFTEST)
+
+test_cast:
+        $(SET_SO_PATHS); ./$(CASTTEST)
+
+test_rc2:
+        $(SET_SO_PATHS); ./$(RC2TEST)
+
+test_rc4:
+        $(SET_SO_PATHS); ./$(RC4TEST)
+
+test_rc5:
+        $(SET_SO_PATHS); ./$(RC5TEST)
+
+test_rand:
+        $(SET_SO_PATHS); ./$(RANDTEST)
+
+test_enc:
+        @$(SET_SO_PATHS); sh ./testenc
+
+test_x509:
+        echo test normal x509v1 certificate
+        $(SET_SO_PATHS); sh ./tx509 2>/dev/null
+        echo test first x509v3 certificate
+        $(SET_SO_PATHS); sh ./tx509 v3-cert1.pem 2>/dev/null
+        echo test second x509v3 certificate
+        $(SET_SO_PATHS); sh ./tx509 v3-cert2.pem 2>/dev/null
+
+test_rsa:
+        @$(SET_SO_PATHS); sh ./trsa 2>/dev/null
+        $(SET_SO_PATHS); ./$(RSATEST)
+
+test_crl:
+        @$(SET_SO_PATHS); sh ./tcrl 2>/dev/null
+
+test_sid:
+        @$(SET_SO_PATHS); sh ./tsid 2>/dev/null
+
+test_req:
+        @$(SET_SO_PATHS); sh ./treq 2>/dev/null
+        @$(SET_SO_PATHS); sh ./treq testreq2.pem 2>/dev/null
+
+test_pkcs7:
+        @$(SET_SO_PATHS); sh ./tpkcs7 2>/dev/null
+        @$(SET_SO_PATHS); sh ./tpkcs7d 2>/dev/null
+
+test_bn:
+        @echo starting big number library test, could take a while...
+        @$(SET_SO_PATHS); ./$(BNTEST) >tmp.bntest
+        @echo quit >>tmp.bntest
+        @echo "running bc"
+        @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
+        @echo 'test a^b%c implementations'
+        $(SET_SO_PATHS); ./$(EXPTEST)
+
+test_ec:
+        @echo 'test elliptic curves'
+        $(SET_SO_PATHS); ./$(ECTEST)
+
+test_verify:
+        @echo "The following command should have some OK's and some failures"
+        @echo "There are definitly a few expired certificates"
+        -$(SET_SO_PATHS); ../apps/openssl verify -CApath ../certs ../certs/*.pem
+
+test_dh:
+        @echo "Generate a set of DH parameters"
+        $(SET_SO_PATHS); ./$(DHTEST)
+
+test_dsa:
+        @echo "Generate a set of DSA parameters"
+        $(SET_SO_PATHS); ./$(DSATEST)
+        $(SET_SO_PATHS); ./$(DSATEST) -app2_1
+
+test_gen:
+        @echo "Generate and verify a certificate request"
+        @$(SET_SO_PATHS); sh ./testgen
+
+test_ss keyU.ss certU.ss certCA.ss: testss
+        @echo "Generate and certify a test certificate"
+        @$(SET_SO_PATHS); sh ./testss
+
+test_engine: 
+        @echo "Manipulate the ENGINE structures"
+        $(SET_SO_PATHS); ./$(ENGINETEST)
+
+test_ssl: keyU.ss certU.ss certCA.ss
+        @echo "test SSL protocol"
+        @$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss
+
+test_ca:
+        @$(SET_SO_PATHS); if ../apps/openssl no-rsa; then \
+          echo "skipping CA.sh test -- requires RSA"; \
+        else \
+          echo "Generate and certify a test certificate via the 'ca' program"; \
+          sh ./testca; \
+        fi
+
+test_aes: #$(AESTEST)
+#       @echo "test Rijndael"
+#       $(SET_SO_PATHS); ./$(AESTEST)
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log
+
+$(DLIBSSL):
+        (cd ..; $(MAKE) DIRS=ssl all)
+
+$(DLIBCRYPTO):
+        (cd ..; $(MAKE) DIRS=crypto all)
+
+$(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(ECTEST): $(ECTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+$(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+        
+#$(AESTEST).o: $(AESTEST).c
+#       $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+
+#$(AESTEST): $(AESTEST).o $(DLIBCRYPTO)
+#       if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+#         $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+#       else \
+#         LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+#         $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+#       fi
+
+dummytest: dummytest.o $(DLIBCRYPTO)
+        if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+          $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+        else \
+          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+          $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+        fi
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
+bftest.o: ../include/openssl/opensslconf.h bftest.c
+bntest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+bntest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+bntest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+bntest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+bntest.o: ../include/openssl/des.h ../include/openssl/des_old.h
+bntest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+bntest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+bntest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+bntest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+bntest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+bntest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+bntest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bntest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+bntest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+bntest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+bntest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+bntest.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+bntest.o: ../include/openssl/x509_vfy.h bntest.c
+casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
+casttest.o: ../include/openssl/opensslconf.h casttest.c
+destest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+destest.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+destest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+destest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+destest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+destest.o: ../include/openssl/ui_compat.h destest.c
+dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c
+dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+dsatest.o: ../include/openssl/symhacks.h dsatest.c
+ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+ectest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ectest.o: ../include/openssl/engine.h ../include/openssl/err.h
+ectest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ectest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ectest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+ectest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h ectest.c
+enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
+enginetest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enginetest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+enginetest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+enginetest.o: enginetest.c
+evp_test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+evp_test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+evp_test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+evp_test.o: ../include/openssl/des.h ../include/openssl/des_old.h
+evp_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+evp_test.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h
+evp_test.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+evp_test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+evp_test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+evp_test.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+evp_test.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+evp_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h
+evp_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+evp_test.o: ../include/openssl/ui_compat.h evp_test.c
+exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+exptest.o: ../include/openssl/symhacks.h exptest.c
+hmactest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+hmactest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+hmactest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+hmactest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+hmactest.o: ../include/openssl/idea.h ../include/openssl/md2.h
+hmactest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+hmactest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+hmactest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+hmactest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+hmactest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+hmactest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+hmactest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+hmactest.o: ../include/openssl/ui_compat.h hmactest.c
+ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
+ideatest.o: ../include/openssl/opensslconf.h ideatest.c
+md2test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md2test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md2test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md2test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md2test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md2test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md2test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md2test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md2test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md2test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md2test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md2test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md2test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md2test.c
+md4test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md4test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md4test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md4test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md4test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md4test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md4test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md4test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md4test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md4test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md4test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md4test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md4test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md4test.c
+md5test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md5test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md5test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md5test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md5test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md5test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md5test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md5test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md5test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md5test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md5test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md5test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md5test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md5test.c
+mdc2test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+mdc2test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+mdc2test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+mdc2test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+mdc2test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+mdc2test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+mdc2test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+mdc2test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+mdc2test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mdc2test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+mdc2test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+mdc2test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+mdc2test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+mdc2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+mdc2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h mdc2test.c
+randtest.o: ../e_os.h ../include/openssl/e_os2.h
+randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
+randtest.o: ../include/openssl/rand.h randtest.c
+rc2test.o: ../e_os.h ../include/openssl/e_os2.h
+rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h rc2test.c
+rc4test.o: ../e_os.h ../include/openssl/e_os2.h
+rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h rc4test.c
+rc5test.o: ../e_os.h ../include/openssl/e_os2.h
+rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h rc5test.c
+rmdtest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rmdtest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rmdtest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+rmdtest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rmdtest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rmdtest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rmdtest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rmdtest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rmdtest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rmdtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rmdtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+rmdtest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rmdtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rmdtest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h rmdtest.c
+rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsa_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+rsa_test.o: ../include/openssl/symhacks.h rsa_test.c
+sha1test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+sha1test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+sha1test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+sha1test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+sha1test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+sha1test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+sha1test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+sha1test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+sha1test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+sha1test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sha1test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+sha1test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+sha1test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+sha1test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h sha1test.c
+shatest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+shatest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+shatest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+shatest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+shatest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+shatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+shatest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+shatest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+shatest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+shatest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+shatest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+shatest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h shatest.c
+ssltest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssltest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssltest.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssltest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssltest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssltest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h
+ssltest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssltest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssltest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssltest.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ssltest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssltest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssltest.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssltest.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssltest.o: ../include/openssl/x509_vfy.h ssltest.c
diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf
new file mode 100644
index 0000000000..8e170a28ef
--- /dev/null
+++ b/src/lib/libssl/test/Sssdsa.cnf
@@ -0,0 +1,27 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - Server
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Tortilleras S.A.
+
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Torti
+
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Gordita
+
diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf
new file mode 100644
index 0000000000..8c79a03fca
--- /dev/null
+++ b/src/lib/libssl/test/Sssrsa.cnf
@@ -0,0 +1,26 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - Server
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_key           = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Tortilleras S.A.
+
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Torti
+
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Gordita
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
new file mode 100644
index 0000000000..c89692d519
--- /dev/null
+++ b/src/lib/libssl/test/Uss.cnf
@@ -0,0 +1,28 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE                = ./.rnd
+
+####################################################################
+[ req ]
+default_bits            = 512
+default_keyfile         = keySS.pem
+distinguished_name      = req_distinguished_name
+encrypt_rsa_key         = no
+default_md              = md2
+
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+countryName_default             = AU
+countryName_value               = AU
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Dodgy Brothers
+
+0.commonName                    = Common Name (eg, YOUR name)
+0.commonName_value              = Brother 1
+
+1.commonName                    = Common Name (eg, YOUR name)
+1.commonName_value              = Brother 2
diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/src/lib/libssl/test/VMSca-response.1
@@ -0,0 +1 @@
+
diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2
new file mode 100644
index 0000000000..9b48ee4cf9
--- /dev/null
+++ b/src/lib/libssl/test/VMSca-response.2
@@ -0,0 +1,2 @@
+y
+y
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
new file mode 100644
index 0000000000..bdb3218f7a
--- /dev/null
+++ b/src/lib/libssl/test/bctest
@@ -0,0 +1,111 @@
+#!/bin/sh
+
+# This script is used by test/Makefile.ssl to check whether a sane 'bc'
+# is installed.
+# ('make test_bn' should not try to run 'bc' if it does not exist or if
+# it is a broken 'bc' version that is known to cause trouble.)
+#
+# If 'bc' works, we also test if it knows the 'print' command.
+#
+# In any case, output an appropriate command line for running (or not
+# running) bc.
+
+
+IFS=:
+try_without_dir=true
+# First we try "bc", then "$dir/bc" for each item in $PATH.
+for dir in dummy:$PATH; do
+    if [ "$try_without_dir" = true ]; then
+      # first iteration
+      bc=bc
+      try_without_dir=false
+    else
+      # second and later iterations
+      bc="$dir/bc"
+      if [ ! -f "$bc" ]; then  # '-x' is not available on Ultrix
+        bc=''
+      fi
+    fi
+
+    if [ ! "$bc" = '' ]; then
+        failure=none
+
+
+        # Test for SunOS 5.[78] bc bug
+        "$bc" >tmp.bctest <<\EOF
+obase=16
+ibase=16
+a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
+CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
+10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
+C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
+3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
+4FC3CADF855448B24A9D7640BCF473E
+b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
+9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
+8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
+3ED0E2017D60A68775B75481449
+(a/b)*b + (a%b) - a
+EOF
+        if [ 0 != "`cat tmp.bctest`" ]; then
+            failure=SunOStest
+        fi
+
+
+        if [ "$failure" = none ]; then
+            # Test for SCO bc bug.
+            "$bc" >tmp.bctest <<\EOF
+obase=16
+ibase=16
+-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
+9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
+11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
+1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
+AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
+F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
+B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
+02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
+85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
+A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
+E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
+8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
+04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
+89C8D71
+AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
+928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
+8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
+37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
+E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
+F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
+9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
+D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
+5296964
+EOF
+            if [ "0
+0" != "`cat tmp.bctest`" ]; then
+                failure=SCOtest
+            fi
+        fi
+
+
+        if [ "$failure" = none ]; then
+            # bc works; now check if it knows the 'print' command.
+            if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
+            then
+                echo "$bc"
+            else
+                echo "sed 's/print.*//' | $bc"
+            fi
+            exit 0
+        fi
+
+        echo "$bc does not work properly ('$failure' failed).  Looking for another bc ..." >&2
+    fi
+done
+
+echo "No working bc found.  Consider installing GNU bc." >&2
+if [ "$1" = ignore ]; then
+  echo "cat >/dev/null"
+  exit 0
+fi
+exit 1
diff --git a/src/lib/libssl/test/enginetest.c b/src/lib/libssl/test/enginetest.c
new file mode 100644
index 0000000000..87fa8c57b7
--- /dev/null
+++ b/src/lib/libssl/test/enginetest.c
@@ -0,0 +1,274 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <stdio.h>
+#include <string.h>
+#include <openssl/buffer.h>
+#include <openssl/crypto.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static void display_engine_list()
+        {
+        ENGINE *h;
+        int loop;
+
+        h = ENGINE_get_first();
+        loop = 0;
+        printf("listing available engine types\n");
+        while(h)
+                {
+                printf("engine %i, id = \"%s\", name = \"%s\"\n",
+                        loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+                h = ENGINE_get_next(h);
+                }
+        printf("end of list\n");
+        /* ENGINE_get_first() increases the struct_ref counter, so we 
+           must call ENGINE_free() to decrease it again */
+        ENGINE_free(h);
+        }
+
+int main(int argc, char *argv[])
+        {
+        ENGINE *block[512];
+        char buf[256];
+        const char *id, *name;
+        ENGINE *ptr;
+        int loop;
+        int to_return = 1;
+        ENGINE *new_h1 = NULL;
+        ENGINE *new_h2 = NULL;
+        ENGINE *new_h3 = NULL;
+        ENGINE *new_h4 = NULL;
+
+        /* enable memory leak checking unless explicitly disabled */
+        if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+                {
+                CRYPTO_malloc_debug_init();
+                CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+                }
+        else
+                {
+                /* OPENSSL_DEBUG_MEMORY=off */
+                CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+                }
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        ERR_load_crypto_strings();
+
+        memset(block, 0, 512 * sizeof(ENGINE *));
+        if(((new_h1 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h1, "test_id0") ||
+                        !ENGINE_set_name(new_h1, "First test item") ||
+                        ((new_h2 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h2, "test_id1") ||
+                        !ENGINE_set_name(new_h2, "Second test item") ||
+                        ((new_h3 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h3, "test_id2") ||
+                        !ENGINE_set_name(new_h3, "Third test item") ||
+                        ((new_h4 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h4, "test_id3") ||
+                        !ENGINE_set_name(new_h4, "Fourth test item"))
+                {
+                printf("Couldn't set up test ENGINE structures\n");
+                goto end;
+                }
+        printf("\nenginetest beginning\n\n");
+        display_engine_list();
+        if(!ENGINE_add(new_h1))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        ptr = ENGINE_get_first();
+        if(!ENGINE_remove(ptr))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        if (ptr)
+                ENGINE_free(ptr);
+        display_engine_list();
+        if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h2))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_add(new_h4))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(ENGINE_add(new_h3))
+                {
+                printf("Add *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Add that should fail did.\n");
+        ERR_clear_error();
+        if(ENGINE_remove(new_h2))
+                {
+                printf("Remove *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Remove that should fail did.\n");
+        ERR_clear_error();
+        if(!ENGINE_remove(new_h3))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h4))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        /* Depending on whether there's any hardware support compiled
+         * in, this remove may be destined to fail. */
+        ptr = ENGINE_get_first();
+        if(ptr)
+                if(!ENGINE_remove(ptr))
+                        printf("Remove failed!i - probably no hardware "
+                                "support present.\n");
+        if (ptr)
+                ENGINE_free(ptr);
+        display_engine_list();
+        if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+                {
+                printf("Couldn't add and remove to an empty list!\n");
+                goto end;
+                }
+        else
+                printf("Successfully added and removed to an empty list!\n");
+        printf("About to beef up the engine-type list\n");
+        for(loop = 0; loop < 512; loop++)
+                {
+                sprintf(buf, "id%i", loop);
+                id = BUF_strdup(buf);
+                sprintf(buf, "Fake engine type %i", loop);
+                name = BUF_strdup(buf);
+                if(((block[loop] = ENGINE_new()) == NULL) ||
+                                !ENGINE_set_id(block[loop], id) ||
+                                !ENGINE_set_name(block[loop], name))
+                        {
+                        printf("Couldn't create block of ENGINE structures.\n"
+                                "I'll probably also core-dump now, damn.\n");
+                        goto end;
+                        }
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                if(!ENGINE_add(block[loop]))
+                        {
+                        printf("\nAdding stopped at %i, (%s,%s)\n",
+                                loop, ENGINE_get_id(block[loop]),
+                                ENGINE_get_name(block[loop]));
+                        goto cleanup_loop;
+                        }
+                else
+                        printf("."); fflush(stdout);
+                }
+cleanup_loop:
+        printf("\nAbout to empty the engine-type list\n");
+        while((ptr = ENGINE_get_first()) != NULL)
+                {
+                if(!ENGINE_remove(ptr))
+                        {
+                        printf("\nRemove failed!\n");
+                        goto end;
+                        }
+                ENGINE_free(ptr);
+                printf("."); fflush(stdout);
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                OPENSSL_free((void *)ENGINE_get_id(block[loop]));
+                OPENSSL_free((void *)ENGINE_get_name(block[loop]));
+                }
+        printf("\nTests completed happily\n");
+        to_return = 0;
+end:
+        if(to_return)
+                ERR_print_errors_fp(stderr);
+        if(new_h1) ENGINE_free(new_h1);
+        if(new_h2) ENGINE_free(new_h2);
+        if(new_h3) ENGINE_free(new_h3);
+        if(new_h4) ENGINE_free(new_h4);
+        for(loop = 0; loop < 512; loop++)
+                if(block[loop])
+                        ENGINE_free(block[loop]);
+        ENGINE_cleanup();
+        CRYPTO_cleanup_all_ex_data();
+        ERR_free_strings();
+        ERR_remove_state(0);
+        CRYPTO_mem_leaks_fp(stderr);
+        return to_return;
+        }
diff --git a/src/lib/libssl/test/md4test.c b/src/lib/libssl/test/md4test.c
new file mode 100644
index 0000000000..e0fdc42282
--- /dev/null
+++ b/src/lib/libssl/test/md4test.c
@@ -0,0 +1,134 @@
+/* crypto/md4/md4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef OPENSSL_NO_MD4
+int main(int argc, char *argv[])
+{
+    printf("No MD4 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/md4.h>
+
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+
+static char *ret[]={
+"31d6cfe0d16ae931b73c59d7e0c089c0",
+"bde52cb31de33e46245e05fbdbd6fb24",
+"a448017aaf21d8525fc10ae87aa6729d",
+"d9130a8164549fe818874806e1c7014b",
+"d79e1c308aa5bbcdeea8ed63df412da9",
+"043f8582f241db351ce627e153e7f0e4",
+"e33b4ddc9c38f2199c3e7b164fcc0536",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+        unsigned char md[MD4_DIGEST_LENGTH];
+
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4(), NULL);
+                p=pt(md);
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating MD4 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        exit(err);
+        return(0);
+        }
+
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c
new file mode 100644
index 0000000000..005c2f4822
--- /dev/null
+++ b/src/lib/libssl/test/methtest.c
@@ -0,0 +1,105 @@
+/* test/methtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
+#include "meth.h"
+#include <openssl/err.h>
+
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        METHOD_CTX *top,*tmp1,*tmp2;
+
+        top=METH_new(x509_lookup()); /* get a top level context */
+        if (top == NULL) goto err;
+
+        tmp1=METH_new(x509_by_file());
+        if (top == NULL) goto err;
+        METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
+        METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
+        METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
+
+        tmp2=METH_new(x509_by_dir());
+        METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
+        METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
+        METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
+        METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
+
+/*      tmp=METH_new(x509_by_issuer_dir);
+        METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
+        METH_push(top,METH_X509_BY_ISSUER,tmp);
+
+        tmp=METH_new(x509_by_issuer_primary);
+        METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
+        METH_push(top,METH_X509_BY_ISSUER,tmp);
+*/
+
+        METH_init(top);
+        METH_control(tmp1,METH_CONTROL_DUMP,stdout);
+        METH_control(tmp2,METH_CONTROL_DUMP,stdout);
+        EXIT(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        EXIT(1);
+        return(0);
+        }
diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem
new file mode 100644
index 0000000000..c47b27af88
--- /dev/null
+++ b/src/lib/libssl/test/pkcs7-1.pem
@@ -0,0 +1,15 @@
+-----BEGIN PKCS7-----
+MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
+SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
+AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
+eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
+MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
+bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
+ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
+FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
+9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
+BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
+bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
+BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
+j7Kie1x339mxW/w9VZNTUDQQweHh
+-----END PKCS7-----
diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem
new file mode 100644
index 0000000000..d55c60b94e
--- /dev/null
+++ b/src/lib/libssl/test/pkcs7.pem
@@ -0,0 +1,54 @@
+     MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
+     AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
+     EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
+     cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
+     ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
+     MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+     c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
+     bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
+     CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
+     Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
+     CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
+     ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
+     l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
+     HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
+     Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
+     c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
+     YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
+     dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
+     dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
+     LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
+     ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
+     biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
+     IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
+     AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
+     L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
+     HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
+     slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
+     ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
+     /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
+     aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
+     ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
+     OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
+     MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
+     Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
+     qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
+     sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
+     P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
+     A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
+     KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
+     Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
+     Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
+     hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
+     Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
+     dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
+     KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
+     dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
+     I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
+     ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
+     ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
+     ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
+     MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
+     /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
+     DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
+     b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/src/lib/libssl/test/r160test.c b/src/lib/libssl/test/r160test.c
new file mode 100644
index 0000000000..a172e393ca
--- /dev/null
+++ b/src/lib/libssl/test/r160test.c
@@ -0,0 +1,57 @@
+/* test/r160test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
diff --git a/src/lib/libssl/test/rsa_test.c b/src/lib/libssl/test/rsa_test.c
new file mode 100644
index 0000000000..b8b462d33b
--- /dev/null
+++ b/src/lib/libssl/test/rsa_test.c
@@ -0,0 +1,318 @@
+/* test vectors from p1ovect1.txt */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifdef OPENSSL_NO_RSA
+int main(int argc, char *argv[])
+{
+    printf("No RSA support\n");
+    return(0);
+}
+#else
+#include <openssl/rsa.h>
+#include <openssl/engine.h>
+
+#define SetKey \
+  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
+  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
+  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
+  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
+  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
+  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
+  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
+  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+  return (sizeof(ctext_ex) - 1);
+
+static int key1(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+"\xF5";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+
+    static unsigned char p[] =
+"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+"\x0D";
+    
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x89";
+
+    static unsigned char dmp1[] =
+"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+
+    static unsigned char dmq1[] =
+"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+"\x51";
+
+    static unsigned char iqmp[] =
+"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+
+    static unsigned char ctext_ex[] =
+"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
+"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
+"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
+"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
+
+    SetKey;
+    }
+
+static int key2(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
+"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
+"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
+"\x34\x77\xCF";
+
+    static unsigned char e[] = "\x3";
+
+    static unsigned char d[] =
+"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
+"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
+"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
+"\xE5\xEB";
+
+    static unsigned char p[] =
+"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
+"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
+
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
+    
+    static unsigned char dmp1[] =
+"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
+"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
+
+    static unsigned char dmq1[] =
+"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
+"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
+
+    static unsigned char iqmp[] =
+"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
+"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
+
+    static unsigned char ctext_ex[] =
+"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
+"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
+"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
+"\x62\x51";
+
+    SetKey;
+    }
+
+static int key3(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+"\xCB";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+"\xC1";
+
+    static unsigned char p[] =
+"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+"\x99";
+
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+"\x03";
+
+    static unsigned char dmp1[] =
+"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+
+    static unsigned char dmq1[] =
+"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+    
+    static unsigned char iqmp[] =
+"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+"\xF7";
+
+    static unsigned char ctext_ex[] =
+"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
+"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
+"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
+"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
+"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
+"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
+"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
+"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
+
+    SetKey;
+    }
+
+static int pad_unknown(void)
+{
+    unsigned long l;
+    while ((l = ERR_get_error()) != 0)
+      if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
+        return(1);
+    return(0);
+}
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+    {
+    int err=0;
+    int v;
+    RSA *key;
+    unsigned char ptext[256];
+    unsigned char ctext[256];
+    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+    unsigned char ctext_ex[256];
+    int plen;
+    int clen = 0;
+    int num;
+
+    CRYPTO_malloc_debug_init();
+    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
+
+    plen = sizeof(ptext_ex) - 1;
+
+    for (v = 0; v < 3; v++)
+        {
+        key = RSA_new();
+        switch (v) {
+    case 0:
+        clen = key1(key, ctext_ex);
+        break;
+    case 1:
+        clen = key2(key, ctext_ex);
+        break;
+    case 2:
+        clen = key3(key, ctext_ex);
+        break;
+        }
+
+        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+                                 RSA_PKCS1_PADDING);
+        if (num != clen)
+            {
+            printf("PKCS#1 v1.5 encryption failed!\n");
+            err=1;
+            goto oaep;
+            }
+  
+        num = RSA_private_decrypt(num, ctext, ptext, key,
+                                  RSA_PKCS1_PADDING);
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("PKCS#1 v1.5 decryption failed!\n");
+            err=1;
+            }
+        else
+            printf("PKCS #1 v1.5 encryption/decryption ok\n");
+
+    oaep:
+        ERR_clear_error();
+        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+                                 RSA_PKCS1_OAEP_PADDING);
+        if (num == -1 && pad_unknown())
+            {
+            printf("No OAEP support\n");
+            goto next;
+            }
+        if (num != clen)
+            {
+            printf("OAEP encryption failed!\n");
+            err=1;
+            goto next;
+            }
+  
+        num = RSA_private_decrypt(num, ctext, ptext, key,
+                                  RSA_PKCS1_OAEP_PADDING);
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("OAEP decryption (encrypted data) failed!\n");
+            err=1;
+            }
+        else if (memcmp(ctext, ctext_ex, num) == 0)
+            {
+            printf("OAEP test vector %d passed!\n", v);
+            goto next;
+            }
+    
+        /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
+           Try decrypting ctext_ex */
+
+        num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
+                                  RSA_PKCS1_OAEP_PADDING);
+
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("OAEP decryption (test vector data) failed!\n");
+            err=1;
+            }
+        else
+            printf("OAEP encryption/decryption ok\n");
+    next:
+        RSA_free(key);
+        }
+
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_state(0);
+
+    CRYPTO_mem_leaks_fp(stderr);
+
+    return err;
+    }
+#endif
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl
new file mode 100644
index 0000000000..f71ef7a863
--- /dev/null
+++ b/src/lib/libssl/test/tcrl
@@ -0,0 +1,85 @@
+#!/bin/sh
+
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
+export PATH
+
+cmd='../apps/openssl crl'
+
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testcrl.pem
+fi
+
+echo testing crl conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf
new file mode 100644
index 0000000000..faad3914a8
--- /dev/null
+++ b/src/lib/libssl/test/test.cnf
@@ -0,0 +1,88 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE                = ./.rnd
+
+####################################################################
+[ ca ]
+default_ca      = CA_default            # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir             = ./demoCA              # Where everything is kept
+certs           = $dir/certs            # Where the issued certs are kept
+crl_dir         = $dir/crl              # Where the issued crl are kept
+database        = $dir/index.txt        # database index file.
+new_certs_dir   = $dir/new_certs        # default place for new certs.
+
+certificate     = $dir/CAcert.pem       # The CA certificate
+serial          = $dir/serial           # The current serial number
+crl             = $dir/crl.pem          # The current CRL
+private_key     = $dir/private/CAkey.pem# The private key
+RANDFILE        = $dir/private/.rand    # private random number file
+
+default_days    = 365                   # how long to certify for
+default_crl_days= 30                    # how long before next CRL
+default_md      = md5                   # which md to use.
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy          = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+####################################################################
+[ req ]
+default_bits            = 512
+default_keyfile         = testkey.pem
+distinguished_name      = req_distinguished_name
+encrypt_rsa_key         = no
+
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+countryName_default             = AU
+countryName_value               = AU
+
+stateOrProvinceName             = State or Province Name (full name)
+stateOrProvinceName_default     = Queensland
+stateOrProvinceName_value       =
+
+localityName                    = Locality Name (eg, city)
+localityName_value              = Brisbane
+
+organizationName                = Organization Name (eg, company)
+organizationName_default        = 
+organizationName_value          = CryptSoft Pty Ltd
+
+organizationalUnitName          = Organizational Unit Name (eg, section)
+organizationalUnitName_default  =
+organizationalUnitName_value    = .
+
+commonName                      = Common Name (eg, YOUR name)
+commonName_value                = Eric Young
+
+emailAddress                    = Email Address
+emailAddress_value              = eay@mincom.oz.au
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca
new file mode 100644
index 0000000000..8215ebb5d1
--- /dev/null
+++ b/src/lib/libssl/test/testca
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+SH="/bin/sh"
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=./apps\;../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
+export SH PATH
+
+SSLEAY_CONFIG="-config CAss.cnf"
+export SSLEAY_CONFIG
+
+/bin/rm -fr demoCA
+$SH ../apps/CA.sh -newca <<EOF
+EOF
+
+if [ $? != 0 ]; then
+        exit 1;
+fi
+
+SSLEAY_CONFIG="-config Uss.cnf"
+export SSLEAY_CONFIG
+$SH ../apps/CA.sh -newreq
+if [ $? != 0 ]; then
+        exit 1;
+fi
+
+
+SSLEAY_CONFIG="-config ../apps/openssl.cnf"
+export SSLEAY_CONFIG
+$SH ../apps/CA.sh -sign  <<EOF
+y
+y
+EOF
+if [ $? != 0 ]; then
+        exit 1;
+fi
+
+
+$SH ../apps/CA.sh -verify newcert.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+
+/bin/rm -fr demoCA newcert.pem newreq.pem
+#usage: CA -newcert|-newreq|-newca|-sign|-verify
+
diff --git a/src/lib/libssl/test/testcrl.pem b/src/lib/libssl/test/testcrl.pem
new file mode 100644
index 0000000000..0989788354
--- /dev/null
+++ b/src/lib/libssl/test/testcrl.pem
@@ -0,0 +1,16 @@
+-----BEGIN X509 CRL-----
+MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
+F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
+MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
+MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
+MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
+MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
+MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
+MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
+NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
+NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
+AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
+wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
+JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
+-----END X509 CRL-----
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc
new file mode 100644
index 0000000000..0656c7f525
--- /dev/null
+++ b/src/lib/libssl/test/testenc
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+testsrc=Makefile.ssl
+test=./p
+cmd=../apps/openssl
+
+cat $testsrc >$test;
+
+echo cat
+$cmd enc < $test > $test.cipher
+$cmd enc < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+        exit 1
+else
+        /bin/rm $test.cipher $test.clear
+fi
+echo base64
+$cmd enc -a -e < $test > $test.cipher
+$cmd enc -a -d < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+        exit 1
+else
+        /bin/rm $test.cipher $test.clear
+fi
+
+for i in `$cmd list-cipher-commands`
+do
+        echo $i
+        $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
+        $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
+        cmp $test $test.$i.clear
+        if [ $? != 0 ]
+        then
+                exit 1
+        else
+                /bin/rm $test.$i.cipher $test.$i.clear
+        fi
+
+        echo $i base64
+        $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
+        $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
+        cmp $test $test.$i.clear
+        if [ $? != 0 ]
+        then
+                exit 1
+        else
+                /bin/rm $test.$i.cipher $test.$i.clear
+        fi
+done
+rm -f $test
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen
new file mode 100644
index 0000000000..3798543e04
--- /dev/null
+++ b/src/lib/libssl/test/testgen
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+T=testcert
+KEY=512
+CA=../certs/testca.pem
+
+/bin/rm -f $T.1 $T.2 $T.key
+
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH;
+else
+    PATH=../apps:$PATH;
+fi
+export PATH
+
+echo "generating certificate request"
+
+echo "string to make the random number generator think it has entropy" >> ./.rnd
+
+if ../apps/openssl no-rsa; then
+  req_new='-newkey dsa:../apps/dsa512.pem'
+else
+  req_new='-new'
+  echo "There should be a 2 sequences of .'s and some +'s."
+  echo "There should not be more that at most 80 per line"
+fi
+
+echo "This could take some time."
+
+rm -f testkey.pem testreq.pem
+
+../apps/openssl req -config test.cnf $req_new -out testreq.pem
+if [ $? != 0 ]; then
+echo problems creating request
+exit 1
+fi
+
+../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
+if [ $? != 0 ]; then
+echo signature on req is wrong
+exit 1
+fi
+
+exit 0
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem
new file mode 100644
index 0000000000..e5b7866c31
--- /dev/null
+++ b/src/lib/libssl/test/testp7.pem
@@ -0,0 +1,46 @@
+-----BEGIN PKCS7-----
+MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
+cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
+DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
+BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
+HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
+ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
+biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
+aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
+aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
+VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
+UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
+AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
+BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
+ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
+IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
+bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
+L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
+OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
+IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
+ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
+cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
+QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
+MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
+AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
+cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
+AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
+QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
+dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
+Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
+TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
+AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
+2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
+47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
+QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
+AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
+ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
+BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
+ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
+MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
+sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
+XfZsaiiIgotQHjEA
+-----END PKCS7-----
diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem
new file mode 100644
index 0000000000..c3cdcffcbc
--- /dev/null
+++ b/src/lib/libssl/test/testreq2.pem
@@ -0,0 +1,7 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
+QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
+DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
+hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
+gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
+-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem
new file mode 100644
index 0000000000..aad21067a8
--- /dev/null
+++ b/src/lib/libssl/test/testrsa.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
+Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
+rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
+oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
+mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
+rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
+mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem
new file mode 100644
index 0000000000..7ffd008f66
--- /dev/null
+++ b/src/lib/libssl/test/testsid.pem
@@ -0,0 +1,12 @@
+-----BEGIN SSL SESSION PARAMETERS-----
+MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
+bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
+ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
+YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
+A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
+LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
+CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
+TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
+hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
+CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
+-----END SSL SESSION PARAMETERS-----
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss
new file mode 100644
index 0000000000..8d3557f356
--- /dev/null
+++ b/src/lib/libssl/test/testss
@@ -0,0 +1,99 @@
+#!/bin/sh
+
+digest='-md5'
+reqcmd="../apps/openssl req"
+x509cmd="../apps/openssl x509 $digest"
+verifycmd="../apps/openssl verify"
+dummycnf="../apps/openssl.cnf"
+
+CAkey="keyCA.ss"
+CAcert="certCA.ss"
+CAreq="reqCA.ss"
+CAconf="CAss.cnf"
+CAreq2="req2CA.ss"      # temp
+
+Uconf="Uss.cnf"
+Ukey="keyU.ss"
+Ureq="reqU.ss"
+Ucert="certU.ss"
+
+echo
+echo "make a certificate request using 'req'"
+
+echo "string to make the random number generator think it has entropy" >> ./.rnd
+
+if ../apps/openssl no-rsa; then
+  req_new='-newkey dsa:../apps/dsa512.pem'
+else
+  req_new='-new'
+fi
+
+$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
+if [ $? != 0 ]; then
+        echo "error using 'req' to generate a certificate request"
+        exit 1
+fi
+echo
+echo "convert the certificate request into a self signed certificate using 'x509'"
+$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'x509' to self sign a certificate request"
+        exit 1
+fi
+
+echo
+echo "convert a certificate into a certificate request using 'x509'"
+$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'x509' convert a certificate to a certificate request"
+        exit 1
+fi
+
+$reqcmd -config $dummycnf -verify -in $CAreq -noout
+if [ $? != 0 ]; then
+        echo first generated request is invalid
+        exit 1
+fi
+
+$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
+if [ $? != 0 ]; then
+        echo second generated request is invalid
+        exit 1
+fi
+
+$verifycmd -CAfile $CAcert $CAcert
+if [ $? != 0 ]; then
+        echo first generated cert is invalid
+        exit 1
+fi
+
+echo
+echo "make another certificate request using 'req'"
+$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'req' to generate a certificate request"
+        exit 1
+fi
+
+echo
+echo "sign certificate request with the just created CA via 'x509'"
+$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'x509' to sign a certificate request"
+        exit 1
+fi
+
+$verifycmd -CAfile $CAcert $Ucert
+echo
+echo "Certificate details"
+$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
+
+echo
+echo The generated CA certificate is $CAcert
+echo The generated CA private key is $CAkey
+
+echo The generated user certificate is $Ucert
+echo The generated user private key is $Ukey
+
+/bin/rm err.ss
+exit 0
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
new file mode 100644
index 0000000000..ca8e718022
--- /dev/null
+++ b/src/lib/libssl/test/testssl
@@ -0,0 +1,145 @@
+#!/bin/sh
+
+if [ "$1" = "" ]; then
+  key=../apps/server.pem
+else
+  key="$1"
+fi
+if [ "$2" = "" ]; then
+  cert=../apps/server.pem
+else
+  cert="$2"
+fi
+ssltest="./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
+
+if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
+  dsa_cert=YES
+else
+  dsa_cert=NO
+fi
+
+if [ "$3" = "" ]; then
+  CA="-CApath ../certs"
+else
+  CA="-CAfile $3"
+fi
+
+if [ "$4" = "" ]; then
+  extra=""
+else
+  extra="$4"
+fi
+
+#############################################################################
+
+echo test sslv2
+$ssltest -ssl2 $extra || exit 1
+
+echo test sslv2 with server authentication
+$ssltest -ssl2 -server_auth $CA $extra || exit 1
+
+if [ $dsa_cert = NO ]; then
+  echo test sslv2 with client authentication
+  $ssltest -ssl2 -client_auth $CA $extra || exit 1
+
+  echo test sslv2 with both client and server authentication
+  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
+fi
+
+echo test sslv3
+$ssltest -ssl3 $extra || exit 1
+
+echo test sslv3 with server authentication
+$ssltest -ssl3 -server_auth $CA $extra || exit 1
+
+echo test sslv3 with client authentication
+$ssltest -ssl3 -client_auth $CA $extra || exit 1
+
+echo test sslv3 with both client and server authentication
+$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3
+$ssltest $extra || exit 1
+
+echo test sslv2/sslv3 with server authentication
+$ssltest -server_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with client authentication
+$ssltest -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication
+$ssltest -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2 via BIO pair
+$ssltest -bio_pair -ssl2 $extra || exit 1
+
+echo test sslv2 with server authentication via BIO pair
+$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
+
+if [ $dsa_cert = NO ]; then
+  echo test sslv2 with client authentication via BIO pair
+  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
+
+  echo test sslv2 with both client and server authentication via BIO pair
+  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
+fi
+
+echo test sslv3 via BIO pair
+$ssltest -bio_pair -ssl3 $extra || exit 1
+
+echo test sslv3 with server authentication via BIO pair
+$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
+
+echo test sslv3 with client authentication via BIO pair
+$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
+
+echo test sslv3 with both client and server authentication via BIO pair
+$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 via BIO pair
+$ssltest $extra || exit 1
+
+if [ $dsa_cert = NO ]; then
+  echo test sslv2/sslv3 w/o DHE via BIO pair
+  $ssltest -bio_pair -no_dhe $extra || exit 1
+fi
+
+echo test sslv2/sslv3 with 1024bit DHE via BIO pair
+$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
+
+echo test sslv2/sslv3 with server authentication
+$ssltest -bio_pair -server_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with client authentication via BIO pair
+$ssltest -bio_pair -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
+$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
+
+#############################################################################
+
+if ../apps/openssl no-dh; then
+  echo skipping anonymous DH tests
+else
+  echo test tls1 with 1024bit anonymous DH, multiple handshakes
+  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
+fi
+
+if ../apps/openssl no-rsa; then
+  echo skipping RSA tests
+else
+  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
+
+  if ../apps/openssl no-dh; then
+    echo skipping RSA+DHE tests
+  else
+    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+  fi
+fi
+
+exit 0
diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem
new file mode 100644
index 0000000000..8a85d14964
--- /dev/null
+++ b/src/lib/libssl/test/testx509.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
+MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
+AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
+/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
+Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
+zl9HYIMxATFyqSiD9jsx
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times
new file mode 100644
index 0000000000..49aeebf216
--- /dev/null
+++ b/src/lib/libssl/test/times
@@ -0,0 +1,113 @@
+
+More number for the questions about SSL overheads....
+
+The following numbers were generated on a pentium pro 200, running linux.
+They give an indication of the SSL protocol and encryption overheads.
+
+The program that generated them is an unreleased version of ssl/ssltest.c
+which is the SSLeay ssl protocol testing program.  It is a single process that
+talks both sides of the SSL protocol via a non-blocking memory buffer
+interface.
+
+How do I read this?  The protocol and cipher are reasonable obvious.
+The next number is the number of connections being made.  The next is the
+number of bytes exchanged bewteen the client and server side of the protocol.
+This is the number of bytes that the client sends to the server, and then
+the server sends back.  Because this is all happening in one process,
+the data is being encrypted, decrypted, encrypted and then decrypted again.
+It is a round trip of that many bytes.  Because the one process performs
+both the client and server sides of the protocol and it sends this many bytes
+each direction, multiply this number by 4 to generate the number
+of bytes encrypted/decrypted/MACed.  The first time value is how many seconds
+elapsed doing a full SSL handshake, the second is the cost of one
+full handshake and the rest being session-id reuse.
+
+SSLv2 RC4-MD5      1000 x      1   12.83s   0.70s
+SSLv3 NULL-MD5     1000 x      1   14.35s   1.47s
+SSLv3 RC4-MD5      1000 x      1   14.46s   1.56s
+SSLv3 RC4-MD5      1000 x      1   51.93s   1.62s 1024bit RSA
+SSLv3 RC4-SHA      1000 x      1   14.61s   1.83s
+SSLv3 DES-CBC-SHA  1000 x      1   14.70s   1.89s
+SSLv3 DES-CBC3-SHA 1000 x      1   15.16s   2.16s
+
+SSLv2 RC4-MD5      1000 x   1024   13.72s   1.27s
+SSLv3 NULL-MD5     1000 x   1024   14.79s   1.92s
+SSLv3 RC4-MD5      1000 x   1024   52.58s   2.29s 1024bit RSA
+SSLv3 RC4-SHA      1000 x   1024   15.39s   2.67s
+SSLv3 DES-CBC-SHA  1000 x   1024   16.45s   3.55s
+SSLv3 DES-CBC3-SHA 1000 x   1024   18.21s   5.38s
+
+SSLv2 RC4-MD5      1000 x  10240   18.97s   6.52s
+SSLv3 NULL-MD5     1000 x  10240   17.79s   5.11s
+SSLv3 RC4-MD5      1000 x  10240   20.25s   7.90s
+SSLv3 RC4-MD5      1000 x  10240   58.26s   8.08s 1024bit RSA
+SSLv3 RC4-SHA      1000 x  10240   22.96s  11.44s
+SSLv3 DES-CBC-SHA  1000 x  10240   30.65s  18.41s
+SSLv3 DES-CBC3-SHA 1000 x  10240   47.04s  34.53s
+
+SSLv2 RC4-MD5      1000 x 102400   70.22s  57.74s
+SSLv3 NULL-MD5     1000 x 102400   43.73s  31.03s
+SSLv3 RC4-MD5      1000 x 102400   71.32s  58.83s
+SSLv3 RC4-MD5      1000 x 102400  109.66s  59.20s 1024bit RSA
+SSLv3 RC4-SHA      1000 x 102400   95.88s  82.21s
+SSLv3 DES-CBC-SHA  1000 x 102400  173.22s 160.55s
+SSLv3 DES-CBC3-SHA 1000 x 102400  336.61s 323.82s
+
+What does this all mean?  Well for a server, with no session-id reuse, with
+a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
+a pentium pro 200 running linux can handle the SSLv3 protocol overheads of
+about 49 connections a second.  Reality will be quite different :-).
+
+Remeber the first number is 1000 full ssl handshakes, the second is
+1 full and 999 with session-id reuse.  The RSA overheads for each exchange
+would be one public and one private operation, but the protocol/MAC/cipher
+cost would be quite similar in both the client and server.
+
+eric (adding numbers to speculation)
+
+--- Appendix ---
+- The time measured is user time but these number a very rough.
+- Remember this is the cost of both client and server sides of the protocol.
+- The TCP/kernal overhead of connection establishment is normally the
+  killer in SSL.  Often delays in the TCP protocol will make session-id
+  reuse look slower that new sessions, but this would not be the case on
+  a loaded server.
+- The TCP round trip latencies, while slowing indervidual connections,
+  would have minimal impact on throughput.
+- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
+- the required number of bytes are processed.
+- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers.
+- A 512bit server key was being used except where noted.
+- No server key verification was being performed on the client side of the
+  protocol.  This would slow things down very little.
+- The library being used is SSLeay 0.8.x.
+- The normal mesauring system was commands of the form
+  time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
+  This modified version of ssltest should be in the next public release of
+  SSLeay.
+
+The general cipher performace number for this platform are
+
+SSLeay 0.8.2a 04-Sep-1997
+built on Fri Sep  5 17:37:05 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized 
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               131.02k      368.41k      500.57k      549.21k      566.09k
+mdc2              535.60k      589.10k      595.88k      595.97k      594.54k
+md5              1801.53k     9674.77k    17484.03k    21849.43k    23592.96k
+sha              1261.63k     5533.25k     9285.63k    11187.88k    11913.90k
+sha1             1103.13k     4782.53k     7933.78k     9472.34k    10070.70k
+rc4             10722.53k    14443.93k    15215.79k    15299.24k    15219.59k
+des cbc          3286.57k     3827.73k     3913.39k     3931.82k     3926.70k
+des ede3         1443.50k     1549.08k     1561.17k     1566.38k     1564.67k
+idea cbc         2203.64k     2508.16k     2538.33k     2543.62k     2547.71k
+rc2 cbc          1430.94k     1511.59k     1524.82k     1527.13k     1523.33k
+blowfish cbc     4716.07k     5965.82k     6190.17k     6243.67k     6234.11k
+                  sign    verify
+rsa  512 bits   0.0100s   0.0011s
+rsa 1024 bits   0.0451s   0.0012s
+rsa 2048 bits   0.2605s   0.0086s
+rsa 4096 bits   1.6883s   0.0302s
+
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7
new file mode 100644
index 0000000000..cf3bd9fadb
--- /dev/null
+++ b/src/lib/libssl/test/tpkcs7
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
+export PATH
+
+cmd='../apps/openssl pkcs7'
+
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testp7.pem
+fi
+
+echo testing pkcs7 conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d
new file mode 100644
index 0000000000..18f9311b06
--- /dev/null
+++ b/src/lib/libssl/test/tpkcs7d
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
+export PATH
+
+cmd='../apps/openssl pkcs7'
+
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=pkcs7-1.pem
+fi
+
+echo "testing pkcs7 conversions (2)"
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq
new file mode 100644
index 0000000000..47a8273cde
--- /dev/null
+++ b/src/lib/libssl/test/treq
@@ -0,0 +1,90 @@
+#!/bin/sh
+
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
+export PATH
+
+cmd='../apps/openssl req -config ../apps/openssl.cnf'
+
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testreq.pem
+fi
+
+if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then
+  echo "skipping req conversion test for $t"
+  exit 0
+fi
+
+echo testing req conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -verify -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -verify -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa
new file mode 100644
index 0000000000..413e2ec0a0
--- /dev/null
+++ b/src/lib/libssl/test/trsa
@@ -0,0 +1,90 @@
+#!/bin/sh
+
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
+export PATH
+
+if ../apps/openssl no-rsa; then
+  echo skipping rsa conversion test
+  exit 0
+fi
+
+cmd='../apps/openssl rsa'
+
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testrsa.pem
+fi
+
+echo testing rsa conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid
new file mode 100644
index 0000000000..40a1dfa97c
--- /dev/null
+++ b/src/lib/libssl/test/tsid
@@ -0,0 +1,85 @@
+#!/bin/sh
+
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
+export PATH
+
+cmd='../apps/openssl sess_id'
+
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testsid.pem
+fi
+
+echo testing session-id conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509
new file mode 100644
index 0000000000..d380963abc
--- /dev/null
+++ b/src/lib/libssl/test/tx509
@@ -0,0 +1,85 @@
+#!/bin/sh
+
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
+export PATH
+
+cmd='../apps/openssl x509'
+
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testx509.pem
+fi
+
+echo testing X509 conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> n"
+$cmd -in fff.p -inform p -outform n >f.n
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+echo "n -> d"
+$cmd -in f.n -inform n -outform d >ff.d2
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> n"
+$cmd -in f.d -inform d -outform n >ff.n1
+if [ $? != 0 ]; then exit 1; fi
+echo "n -> n"
+$cmd -in f.n -inform n -outform n >ff.n2
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> n"
+$cmd -in f.p -inform p -outform n >ff.n3
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+echo "n -> p"
+$cmd -in f.n -inform n -outform p >ff.p2
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p2
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp f.n ff.n1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.n ff.n2
+if [ $? != 0 ]; then exit 1; fi
+cmp f.n ff.n3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p2
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem
new file mode 100644
index 0000000000..0da253d5c3
--- /dev/null
+++ b/src/lib/libssl/test/v3-cert1.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
+NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
+dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
+ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
+ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
+miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
+AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
+MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
+AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
+X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
+WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem
new file mode 100644
index 0000000000..de0723ff8d
--- /dev/null
+++ b/src/lib/libssl/test/v3-cert2.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
+YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
+ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
+dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
+WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
+BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
+FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
+6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
+G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
+YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
+b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
+F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
+lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
+jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
new file mode 100644
index 0000000000..38838ea9a5
--- /dev/null
+++ b/src/lib/libssl/tls1.h
@@ -0,0 +1,195 @@
+/* ssl/tls1.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_TLS1_H 
+#define HEADER_TLS1_H 
+
+#include <openssl/buffer.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    1
+
+#define TLS1_VERSION                    0x0301
+#define TLS1_VERSION_MAJOR              0x03
+#define TLS1_VERSION_MINOR              0x01
+
+#define TLS1_AD_DECRYPTION_FAILED       21
+#define TLS1_AD_RECORD_OVERFLOW         22
+#define TLS1_AD_UNKNOWN_CA              48      /* fatal */
+#define TLS1_AD_ACCESS_DENIED           49      /* fatal */
+#define TLS1_AD_DECODE_ERROR            50      /* fatal */
+#define TLS1_AD_DECRYPT_ERROR           51
+#define TLS1_AD_EXPORT_RESTRICTION      60      /* fatal */
+#define TLS1_AD_PROTOCOL_VERSION        70      /* fatal */
+#define TLS1_AD_INSUFFICIENT_SECURITY   71      /* fatal */
+#define TLS1_AD_INTERNAL_ERROR          80      /* fatal */
+#define TLS1_AD_USER_CANCELLED          90
+#define TLS1_AD_NO_RENEGOTIATION        100
+
+/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
+ * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
+ * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
+ * shouldn't. */
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5          0x03000060
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5      0x03000061
+#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA         0x03000062
+#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA     0x03000063
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA          0x03000064
+#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA      0x03000065
+#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA                0x03000066
+
+/* AES ciphersuites from RFC3268 */
+
+#define TLS1_CK_RSA_WITH_AES_128_SHA                    0x0300002F
+#define TLS1_CK_DH_DSS_WITH_AES_128_SHA                 0x03000030
+#define TLS1_CK_DH_RSA_WITH_AES_128_SHA                 0x03000031
+#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA                0x03000032
+#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA                0x03000033
+#define TLS1_CK_ADH_WITH_AES_128_SHA                    0x03000034
+
+#define TLS1_CK_RSA_WITH_AES_256_SHA                    0x03000035
+#define TLS1_CK_DH_DSS_WITH_AES_256_SHA                 0x03000036
+#define TLS1_CK_DH_RSA_WITH_AES_256_SHA                 0x03000037
+#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA                0x03000038
+#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
+#define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
+
+/* XXX
+ * Inconsistency alert:
+ * The OpenSSL names of ciphers with ephemeral DH here include the string
+ * "DHE", while elsewhere it has always been "EDH".
+ * (The alias for the list of all such ciphers also is "EDH".)
+ * The specifications speak of "EDH"; maybe we should allow both forms
+ * for everything. */
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5         "EXP1024-RC4-MD5"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5     "EXP1024-RC2-CBC-MD5"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA        "EXP1024-DES-CBC-SHA"
+#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA    "EXP1024-DHE-DSS-DES-CBC-SHA"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA         "EXP1024-RC4-SHA"
+#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA     "EXP1024-DHE-DSS-RC4-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA               "DHE-DSS-RC4-SHA"
+
+/* AES ciphersuites from RFC3268 */
+#define TLS1_TXT_RSA_WITH_AES_128_SHA                   "AES128-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA                "DH-DSS-AES128-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA                "DH-RSA-AES128-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA               "DHE-DSS-AES128-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA               "DHE-RSA-AES128-SHA"
+#define TLS1_TXT_ADH_WITH_AES_128_SHA                   "ADH-AES128-SHA"
+
+#define TLS1_TXT_RSA_WITH_AES_256_SHA                   "AES256-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA                "DH-DSS-AES256-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA                "DH-RSA-AES256-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA               "DHE-DSS-AES256-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
+#define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
+
+
+#define TLS_CT_RSA_SIGN                 1
+#define TLS_CT_DSS_SIGN                 2
+#define TLS_CT_RSA_FIXED_DH             3
+#define TLS_CT_DSS_FIXED_DH             4
+#define TLS_CT_NUMBER                   4
+
+#define TLS1_FINISH_MAC_LENGTH          12
+
+#define TLS_MD_MAX_CONST_SIZE                   20
+#define TLS_MD_CLIENT_FINISH_CONST              "client finished"
+#define TLS_MD_CLIENT_FINISH_CONST_SIZE         15
+#define TLS_MD_SERVER_FINISH_CONST              "server finished"
+#define TLS_MD_SERVER_FINISH_CONST_SIZE         15
+#define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
+#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
+#define TLS_MD_KEY_EXPANSION_CONST              "key expansion"
+#define TLS_MD_KEY_EXPANSION_CONST_SIZE         13
+#define TLS_MD_CLIENT_WRITE_KEY_CONST           "client write key"
+#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE      16
+#define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
+#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
+#define TLS_MD_IV_BLOCK_CONST                   "IV block"
+#define TLS_MD_IV_BLOCK_CONST_SIZE              8
+#define TLS_MD_MASTER_SECRET_CONST              "master secret"
+#define TLS_MD_MASTER_SECRET_CONST_SIZE         13
+
+#ifdef CHARSET_EBCDIC
+#undef TLS_MD_CLIENT_FINISH_CONST
+#define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*client finished*/
+#undef TLS_MD_SERVER_FINISH_CONST
+#define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*server finished*/
+#undef TLS_MD_SERVER_WRITE_KEY_CONST
+#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
+#undef TLS_MD_KEY_EXPANSION_CONST
+#define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"  /*key expansion*/
+#undef TLS_MD_CLIENT_WRITE_KEY_CONST
+#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*client write key*/
+#undef TLS_MD_SERVER_WRITE_KEY_CONST
+#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
+#undef TLS_MD_IV_BLOCK_CONST
+#define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"  /*IV block*/
+#undef TLS_MD_MASTER_SECRET_CONST
+#define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libssl/x509v3.cnf b/src/lib/libssl/x509v3.cnf
new file mode 100644
index 0000000000..e430088671
--- /dev/null
+++ b/src/lib/libssl/x509v3.cnf
@@ -0,0 +1,26 @@
+# default settings
+CERTPATHLEN             = 1
+CERTUSAGE               = digitalSignature,keyCertSign
+CERTIP                  = 0.0.0.0
+CERTFQDN                = nohost.nodomain
+
+# This section should be referenced when building an x509v3 CA
+# Certificate.
+# The default path length and the key usage can be overriden
+# modified by setting the CERTPATHLEN and CERTUSAGE environment 
+# variables.
+[x509v3_CA]
+basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN
+keyUsage=$ENV::CERTUSAGE
+
+# This section should be referenced to add an IP Address
+# as an alternate subject name, needed by isakmpd
+# The address must be provided in the CERTIP environment variable
+[x509v3_IPAddr]
+subjectAltName=IP:$ENV::CERTIP
+
+# This section should be referenced to add a FQDN hostname
+# as an alternate subject name, needed by isakmpd
+# The address must be provided in the CERTFQDN environment variable
+[x509v3_FQDN]
+subjectAltName=DNS:$ENV::CERTFQDN