369 files changed, 28066 insertions, 3474 deletions

diff --git a/src/lib/libc/crypt/Makefile.inc b/src/lib/libc/crypt/Makefile.inc
new file mode 100644
index 0000000000..9d96d657db
--- /dev/null
+++ b/src/lib/libc/crypt/Makefile.inc
@@ -0,0 +1,12 @@
+#       $OpenBSD: Makefile.inc,v 1.10 1998/07/21 22:23:20 provos Exp $
+
+.PATH: ${.CURDIR}/arch/${MACHINE_ARCH}/crypt ${.CURDIR}/crypt
+
+SRCS+=  cast.c crypt.c morecrypt.c md5crypt.c arc4random.c blowfish.c
+SRCS+=  bcrypt.c
+
+MAN+=   crypt.3 blowfish.3 arc4random.3
+MLINKS+=crypt.3 encrypt.3 crypt.3 setkey.3 crypt.3 des_cipher.3
+MLINKS+=crypt.3 des_setkey.3 blowfish.3 blf_key.3 blowfish.3 blf_enc.3
+MLINKS+=blowfish.3 blf_dec.3
+MLINKS+=arc4random.3 arc4random_stir.3 arc4random.3 arc4random_addrandom.3
diff --git a/src/lib/libc/crypt/arc4random.3 b/src/lib/libc/crypt/arc4random.3
new file mode 100644
index 0000000000..741965c5ac
--- /dev/null
+++ b/src/lib/libc/crypt/arc4random.3
@@ -0,0 +1,83 @@
+.\" $OpenBSD: arc4random.3,v 1.4 1998/09/07 16:44:34 aaron Exp $
+.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"      This product includes software developed by Niels Provos.
+.\" 4. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" Manual page, using -mandoc macros
+.\"
+.Dd April 15, 1997
+.Dt ARC4RANDOM 3
+.Os "OpenBSD 2.0"
+.Sh NAME
+.Nm arc4random,
+.Nm arc4random_stir,
+.Nm arc4random_addrandom
+.Nd arc4 random number generator.
+.Sh SYNOPSIS
+.Fd #include <stdlib.h>
+.Ft u_int32_t
+.Fn arc4random "void"
+.Ft void
+.Fn arc4random_stir "void"
+.Ft void
+.Fn arc4random_addrandom "u_char *dat" "int datlen"
+.Sh DESCRIPTION
+The
+.Fn arc4random 
+function uses the key stream generator employed by the
+arc4 cipher, which uses 8*8 8 bit S-Boxes. The S-Boxes
+can be in about 
+.if t 2\u\s71700\s10\d
+.if n (2**1700)
+states.
+.Pp
+The
+.Fn arc4random_stir
+function reads data from 
+.Pa /dev/arandom
+and uses it to permutate the S-Boxes via
+.Fn arc4random_addrandom .
+.Pp
+There is no need to call 
+.Fn arc4random_stir
+before using
+.Fn arc4random ,
+since
+.Fn arc4random
+automatically initalizes itself.
+.Sh SEE ALSO
+.Xr rand48 3 ,
+.Xr rand 3 ,
+.Xr random 3
+.Sh HISTORY
+.Pa RC4 
+has been designed by RSA Data Security, Inc. It was posted anonymously
+to the USENET and was confirmed to be equivalent by several sources who
+had access to the original cipher. Since 
+.Pa RC4
+used to be a trade secret, the cipher is now referred to as 
+.Pa ARC4 .
diff --git a/src/lib/libc/crypt/arc4random.c b/src/lib/libc/crypt/arc4random.c
new file mode 100644
index 0000000000..5279c21518
--- /dev/null
+++ b/src/lib/libc/crypt/arc4random.c
@@ -0,0 +1,176 @@
+/*      $OpenBSD: arc4random.c,v 1.3 1998/03/22 19:01:16 niklas Exp $   */
+
+/*
+ * Arc4 random number generator for OpenBSD.
+ * Copyright 1996 David Mazieres <dm@lcs.mit.edu>.
+ *
+ * Modification and redistribution in source and binary forms is
+ * permitted provided that due credit is given to the author and the
+ * OpenBSD project (for instance by leaving this copyright notice
+ * intact).
+ */
+
+/*
+ * This code is derived from section 17.1 of Applied Cryptography,
+ * second edition, which describes a stream cipher allegedly
+ * compatible with RSA Labs "RC4" cipher (the actual description of
+ * which is a trade secret).  The same algorithm is used as a stream
+ * cipher called "arcfour" in Tatu Ylonen's ssh package.
+ *
+ * Here the stream cipher has been modified always to include the time
+ * when initializing the state.  That makes it impossible to
+ * regenerate the same random sequence twice, so this can't be used
+ * for encryption, but will generate good random numbers.
+ *
+ * RC4 is a registered trademark of RSA Laboratories.
+ */
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/time.h>
+
+#ifdef __GNUC__
+#define inline __inline
+#else                           /* !__GNUC__ */
+#define inline
+#endif                          /* !__GNUC__ */
+
+struct arc4_stream {
+        u_int8_t i;
+        u_int8_t j;
+        u_int8_t s[256];
+};
+
+int     rs_initialized;
+static struct arc4_stream rs;
+
+static inline void
+arc4_init(as)
+        struct arc4_stream *as;
+{
+        int     n;
+
+        for (n = 0; n < 256; n++)
+                as->s[n] = n;
+        as->i = 0;
+        as->j = 0;
+}
+
+static inline void
+arc4_addrandom(as, dat, datlen)
+        struct arc4_stream *as;
+        u_char *dat;
+        int     datlen;
+{
+        int     n;
+        u_int8_t si;
+
+        as->i--;
+        for (n = 0; n < 256; n++) {
+                as->i = (as->i + 1);
+                si = as->s[as->i];
+                as->j = (as->j + si + dat[n % datlen]);
+                as->s[as->i] = as->s[as->j];
+                as->s[as->j] = si;
+        }
+}
+
+static void
+arc4_stir(as)
+        struct arc4_stream *as;
+{
+        int     fd;
+        struct {
+                struct timeval tv;
+                u_int8_t rnd[128 - sizeof(struct timeval)];
+        }       rdat;
+
+        gettimeofday(&rdat.tv, NULL);
+        fd = open("/dev/arandom", O_RDONLY);
+        if (fd >= 0) {
+                read(fd, rdat.rnd, sizeof(rdat.rnd));
+                close(fd);
+        }
+        /* fd < 0?  Ah, what the heck. We'll just take whatever was on the
+         * stack... */
+
+        arc4_addrandom(as, (void *) &rdat, sizeof(rdat));
+}
+
+static inline u_int8_t
+arc4_getbyte(as)
+        struct arc4_stream *as;
+{
+        u_int8_t si, sj;
+
+        as->i = (as->i + 1);
+        si = as->s[as->i];
+        as->j = (as->j + si);
+        sj = as->s[as->j];
+        as->s[as->i] = sj;
+        as->s[as->j] = si;
+        return (as->s[(si + sj) & 0xff]);
+}
+
+static inline u_int32_t
+arc4_getword(as)
+        struct arc4_stream *as;
+{
+        u_int32_t val;
+        val = arc4_getbyte(as) << 24;
+        val |= arc4_getbyte(as) << 16;
+        val |= arc4_getbyte(as) << 8;
+        val |= arc4_getbyte(as);
+        return val;
+}
+
+void
+arc4random_stir()
+{
+        if (!rs_initialized) {
+                arc4_init(&rs);
+                rs_initialized = 1;
+        }
+        arc4_stir(&rs);
+}
+
+void
+arc4random_addrandom(dat, datlen)
+        u_char *dat;
+        int     datlen;
+{
+        if (!rs_initialized)
+                arc4random_stir();
+        arc4_addrandom(&rs, dat, datlen);
+}
+
+u_int32_t
+arc4random()
+{
+        if (!rs_initialized)
+                arc4random_stir();
+        return arc4_getword(&rs);
+}
+
+#if 0
+/*-------- Test code for i386 --------*/
+#include <stdio.h>
+#include <machine/pctr.h>
+int
+main(int argc, char **argv)
+{
+        const int iter = 1000000;
+        int     i;
+        pctrval v;
+
+        v = rdtsc();
+        for (i = 0; i < iter; i++)
+                arc4random();
+        v = rdtsc() - v;
+        v /= iter;
+
+        printf("%qd cycles\n", v);
+}
+#endif
diff --git a/src/lib/libc/crypt/bcrypt.c b/src/lib/libc/crypt/bcrypt.c
new file mode 100644
index 0000000000..1b121fb28f
--- /dev/null
+++ b/src/lib/libc/crypt/bcrypt.c
@@ -0,0 +1,362 @@
+/*      $OpenBSD: bcrypt.c,v 1.12 1998/08/10 18:33:07 provos Exp $      */
+
+/*
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* This password hashing algorithm was designed by David Mazieres
+ * <dm@lcs.mit.edu> and works as follows:
+ *
+ * 1. state := InitState ()
+ * 2. state := ExpandKey (state, salt, password) 3.
+ * REPEAT rounds:
+ *      state := ExpandKey (state, 0, salt)
+ *      state := ExpandKey(state, 0, password)
+ * 4. ctext := "OrpheanBeholderScryDoubt"
+ * 5. REPEAT 64:
+ *      ctext := Encrypt_ECB (state, ctext);
+ * 6. RETURN Concatenate (salt, ctext);
+ *
+ */
+
+#if 0
+#include <stdio.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <string.h>
+#include <pwd.h>
+#include <blf.h>
+
+/* This implementation is adaptable to current computing power.
+ * You can have up to 2^31 rounds which should be enough for some
+ * time to come.
+ */
+
+#define BCRYPT_VERSION '2'
+#define BCRYPT_MAXSALT 16       /* Precomputation is just so nice */
+#define BCRYPT_BLOCKS 6         /* Ciphertext blocks */
+#define BCRYPT_MINROUNDS 16     /* we have log2(rounds) in salt */
+
+char   *bcrypt_gensalt __P((u_int8_t));
+
+static void encode_salt __P((char *, u_int8_t *, u_int16_t, u_int8_t));
+static void encode_base64 __P((u_int8_t *, u_int8_t *, u_int16_t));
+static void decode_base64 __P((u_int8_t *, u_int16_t, u_int8_t *));
+
+static char    encrypted[_PASSWORD_LEN];
+static char    gsalt[BCRYPT_MAXSALT * 4 / 3 + 1];
+static char    error[] = ":";
+
+const static u_int8_t Base64Code[] =
+"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+
+const static u_int8_t index_64[128] =
+{
+        255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+        255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+        255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+        255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+        255, 255, 255, 255, 255, 255, 0, 1, 54, 55,
+        56, 57, 58, 59, 60, 61, 62, 63, 255, 255,
+        255, 255, 255, 255, 255, 2, 3, 4, 5, 6,
+        7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
+        17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
+        255, 255, 255, 255, 255, 255, 28, 29, 30,
+        31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
+        41, 42, 43, 44, 45, 46, 47, 48, 49, 50,
+        51, 52, 53, 255, 255, 255, 255, 255
+};
+#define CHAR64(c)  ( (c) > 127 ? 255 : index_64[(c)])
+
+#ifdef __STDC__
+static void
+decode_base64(u_int8_t *buffer, u_int16_t len, u_int8_t *data)
+#else
+static void
+decode_base64(buffer, len, data)
+        u_int8_t *buffer;
+        u_int16_t len;
+        u_int8_t *data;
+#endif
+{
+        u_int8_t *bp = buffer;
+        u_int8_t *p = data;
+        u_int8_t c1, c2, c3, c4;
+        while (bp < buffer + len) {
+                c1 = CHAR64(*p);
+                c2 = CHAR64(*(p + 1));
+
+                /* Invalid data */
+                if (c1 == 255 || c2 == 255)
+                        break;
+
+                *bp++ = (c1 << 2) | ((c2 & 0x30) >> 4);
+                if (bp >= buffer + len)
+                        break;
+
+                c3 = CHAR64(*(p + 2));
+                if (c3 == 255)
+                        break;
+
+                *bp++ = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2);
+                if (bp >= buffer + len)
+                        break;
+
+                c4 = CHAR64(*(p + 3));
+                if (c4 == 255)
+                        break;
+                *bp++ = ((c3 & 0x03) << 6) | c4;
+
+                p += 4;
+        }
+}
+
+#ifdef __STDC__
+static void
+encode_salt(char *salt, u_int8_t *csalt, u_int16_t clen, u_int8_t logr)
+#else
+static void
+encode_salt(salt, csalt, clen, logr)
+        char   *salt;
+        u_int8_t *csalt;
+        u_int16_t clen;
+        u_int8_t logr;
+#endif
+{
+        salt[0] = '$';
+        salt[1] = BCRYPT_VERSION;
+        salt[2] = 'a';
+        salt[3] = '$';
+
+        snprintf(salt + 4, 4, "%2.2u$", logr);
+
+        encode_base64((u_int8_t *) salt + 7, csalt, clen);
+}
+/* Generates a salt for this version of crypt.
+   Since versions may change. Keeping this here
+   seems sensible.
+ */
+
+#ifdef __STDC__
+char *
+bcrypt_gensalt(u_int8_t log_rounds)
+#else
+char *
+bcrypt_gensalt(log_rounds)
+        u_int8_t log_rounds;
+#endif
+{
+        u_int8_t csalt[BCRYPT_MAXSALT];
+        u_int16_t i;
+        u_int32_t seed = 0;
+
+        for (i = 0; i < BCRYPT_MAXSALT; i++) {
+                if (i % 4 == 0)
+                        seed = arc4random();
+                csalt[i] = seed & 0xff;
+                seed = seed >> 8;
+        }
+
+        if (log_rounds < 4)
+                log_rounds = 4;
+
+        encode_salt(gsalt, csalt, BCRYPT_MAXSALT, log_rounds);
+        return gsalt;
+}
+/* We handle $Vers$log2(NumRounds)$salt+passwd$
+   i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */
+
+char   *
+bcrypt(key, salt)
+        const char   *key;
+        const char   *salt;
+{
+        blf_ctx state;
+        u_int32_t rounds, i, k;
+        u_int16_t j;
+        u_int8_t key_len, salt_len, logr, minor;
+        u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
+        u_int8_t csalt[BCRYPT_MAXSALT];
+        u_int32_t cdata[BCRYPT_BLOCKS];
+
+        /* Discard "$" identifier */
+        salt++;
+
+        if (*salt > BCRYPT_VERSION) {
+                /* How do I handle errors ? Return ':' */
+                return error;
+        }
+
+        /* Check for minor versions */
+        if (salt[1] != '$') {
+                 switch (salt[1]) {
+                 case 'a':
+                         /* 'ab' should not yield the same as 'abab' */
+                         minor = salt[1];
+                         salt++;
+                         break;
+                 default:
+                         return error;
+                 }
+        } else
+                 minor = 0;
+
+        /* Discard version + "$" identifier */
+        salt += 2;
+
+        if (salt[2] != '$')
+                /* Out of sync with passwd entry */
+                return error;
+
+        /* Computer power doesnt increase linear, 2^x should be fine */
+        if ((rounds = (u_int32_t) 1 << (logr = atoi(salt))) < BCRYPT_MINROUNDS)
+                return error;
+
+        /* Discard num rounds + "$" identifier */
+        salt += 3;
+
+        /* We dont want the base64 salt but the raw data */
+        decode_base64(csalt, BCRYPT_MAXSALT, (u_int8_t *) salt);
+        salt_len = BCRYPT_MAXSALT;
+        key_len = strlen(key) + (minor >= 'a' ? 1 : 0);
+
+        /* Setting up S-Boxes and Subkeys */
+        Blowfish_initstate(&state);
+        Blowfish_expandstate(&state, csalt, salt_len,
+            (u_int8_t *) key, key_len);
+        for (k = 0; k < rounds; k++) {
+                Blowfish_expand0state(&state, (u_int8_t *) key, key_len);
+                Blowfish_expand0state(&state, csalt, salt_len);
+        }
+
+        /* This can be precomputed later */
+        j = 0;
+        for (i = 0; i < BCRYPT_BLOCKS; i++)
+                cdata[i] = Blowfish_stream2word(ciphertext, 4 * BCRYPT_BLOCKS, &j);
+
+        /* Now do the encryption */
+        for (k = 0; k < 64; k++)
+                blf_enc(&state, cdata, BCRYPT_BLOCKS / 2);
+
+        for (i = 0; i < BCRYPT_BLOCKS; i++) {
+                ciphertext[4 * i + 3] = cdata[i] & 0xff;
+                cdata[i] = cdata[i] >> 8;
+                ciphertext[4 * i + 2] = cdata[i] & 0xff;
+                cdata[i] = cdata[i] >> 8;
+                ciphertext[4 * i + 1] = cdata[i] & 0xff;
+                cdata[i] = cdata[i] >> 8;
+                ciphertext[4 * i + 0] = cdata[i] & 0xff;
+        }
+
+
+        i = 0;
+        encrypted[i++] = '$';
+        encrypted[i++] = BCRYPT_VERSION;
+        if (minor)
+                encrypted[i++] = minor;
+        encrypted[i++] = '$';
+
+        snprintf(encrypted + i, 4, "%2.2u$", logr);
+
+        encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
+        encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
+            4 * BCRYPT_BLOCKS - 1);
+        return encrypted;
+}
+
+#ifdef __STDC__
+static void
+encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len)
+#else
+static void
+encode_base64(buffer, data, len)
+        u_int8_t *buffer;
+        u_int8_t *data;
+        u_int16_t len;
+#endif
+{
+        u_int8_t *bp = buffer;
+        u_int8_t *p = data;
+        u_int8_t c1, c2;
+        while (p < data + len) {
+                c1 = *p++;
+                *bp++ = Base64Code[(c1 >> 2)];
+                c1 = (c1 & 0x03) << 4;
+                if (p >= data + len) {
+                        *bp++ = Base64Code[c1];
+                        break;
+                }
+                c2 = *p++;
+                c1 |= (c2 >> 4) & 0x0f;
+                *bp++ = Base64Code[c1];
+                c1 = (c2 & 0x0f) << 2;
+                if (p >= data + len) {
+                        *bp++ = Base64Code[c1];
+                        break;
+                }
+                c2 = *p++;
+                c1 |= (c2 >> 6) & 0x03;
+                *bp++ = Base64Code[c1];
+                *bp++ = Base64Code[c2 & 0x3f];
+        }
+        *bp = '\0';
+}
+#if 0
+void
+main()
+{
+        char    blubber[73];
+        char    salt[100];
+        char   *p;
+        salt[0] = '$';
+        salt[1] = BCRYPT_VERSION;
+        salt[2] = '$';
+
+        snprintf(salt + 3, 4, "%2.2u$", 5);
+
+        printf("24 bytes of salt: ");
+        fgets(salt + 6, 94, stdin);
+        salt[99] = 0;
+        printf("72 bytes of password: ");
+        fpurge(stdin);
+        fgets(blubber, 73, stdin);
+        blubber[72] = 0;
+
+        p = crypt(blubber, salt);
+        printf("Passwd entry: %s\n\n", p);
+
+        p = bcrypt_gensalt(5);
+        printf("Generated salt: %s\n", p);
+        p = crypt(blubber, p);
+        printf("Passwd entry: %s\n", p);
+}
+#endif
diff --git a/src/lib/libc/crypt/blowfish.3 b/src/lib/libc/crypt/blowfish.3
new file mode 100644
index 0000000000..02a1ef8738
--- /dev/null
+++ b/src/lib/libc/crypt/blowfish.3
@@ -0,0 +1,104 @@
+.\" $OpenBSD: blowfish.3,v 1.2 1998/08/10 18:40:58 provos Exp $
+.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"      This product includes software developed by Niels Provos.
+.\" 4. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" Manual page, using -mandoc macros
+.\"
+.Dd February 13, 1997
+.Dt BLOWFISH 3
+.Os "OpenBSD 2.0"
+.Sh NAME
+.Nm blf_key,
+.Nm blf_enc,
+.Nm blf_dec
+.Nd Blowfish encryption
+.Sh SYNOPSIS
+.Fd #include <blf.h>
+.Ft void
+.Fn blf_key "blf_ctx *state" "const u_int8_t *key" "u_int16_t keylen"
+.Ft void
+.Fn blf_enc "blf_ctx *state" "u_int32_t *data" "u_int16_t datalen"
+.Ft void
+.Fn blf_dec "blf_ctx *state" "u_int32_t *data" "u_int16_t datalen"
+.Ft void
+.Fn blf_ecb_encrypt "blf_ctx *state" "u_int8_t *data" "u_int32_t datalen"
+.Ft void
+.Fn blf_ecb_decrypt "blf_ctx *state" "u_int8_t *data" "u_int32_t datalen"
+.Ft void
+.Fn blf_cbc_encrypt "blf_ctx *state" "u_int8_t *iv" "u_int8_t *data" "u_int32_t datalen"
+.Ft void
+.Fn blf_cbc_decrypt "blf_ctx *state" "u_int8_t *iv" "u_int8_t *data" "u_int32_t datalen"
+.Sh DESCRIPTION
+.Pa Blowfish
+is a fast unpatented block cipher designed by Bruce Schneier.
+It basically consists of a 16 times iterated Feistel network.
+The block size is 64 bit and the key size is maximal 448 bit.
+.Pp
+The
+.Fn blf_key
+function initializes the 4 8bit S-boxes and the 18 Subkeys with
+the hexadecimal digits of Pi. The key is used for further randomization.
+The first argument to
+.Fn blf_enc
+is the initalized state derived from
+.Fn blf_key .
+The stream of 32-bit words is encrypted in Electronic Codebook
+Mode (ECB) and
+.Pa datalen
+must be even.
+.Fn blf_dec
+is used for decrypting Blowfish encrypted blocks.
+.Pp
+The functions 
+.Fn blf_ecb_encrypt
+and
+.Fn blf_ecb_decrypt 
+are used for encrypting and decrypting octet streams in ECB mode.
+The functions 
+.Fn blf_cbc_encrypt
+and
+.Fn blf_cbc_decrypt 
+are used for encrypting and decrypting octet streams in
+Cipherblock Chaining Mode (CBC).
+.Pp
+The functions
+.Fn Blowfish_initstate ,
+.Fn Blowfish_expand0state ,
+.Fn Blowfish_expandstate ,
+.Fn Blowfish_encipher
+and
+.Fn Blowfish_decipher
+are used for customization of the
+.Pa Blowfish
+cipher, e.g. for the blowfish password hashing function.
+.Sh SEE ALSO
+.Xr crypt 3 ,
+.Xr passwd 1 ,
+.Xr passwd 5
+.Sh AUTHOR
+Niels Provos <provos@physnet.uni-hamburg.de>
diff --git a/src/lib/libc/crypt/blowfish.c b/src/lib/libc/crypt/blowfish.c
new file mode 100644
index 0000000000..6cddbc64b3
--- /dev/null
+++ b/src/lib/libc/crypt/blowfish.c
@@ -0,0 +1,774 @@
+/* $OpenBSD: blowfish.c,v 1.12 1998/08/30 22:35:39 niklas Exp $ */
+/*
+ * Blowfish block cipher for OpenBSD
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code is derived from section 14.3 and the given source
+ * in section V of Applied Cryptography, second edition.
+ * Blowfish is an unpatented fast block cipher designed by
+ * Bruce Schneier.
+ */
+
+#if 0
+#include <stdio.h>              /* used for debugging */
+#include <string.h>
+#endif
+
+#include <sys/types.h>
+#include <blf.h>
+
+#undef inline
+#ifdef __GNUC__
+#define inline __inline
+#else                           /* !__GNUC__ */
+#define inline
+#endif                          /* !__GNUC__ */
+
+/* Function for Feistel Networks */
+
+#define F(bc, x) ((((bc)->S[0][((x) & 0xFF000000) >> 24] \
+                    + (bc)->S[1][((x) &0xFF0000 ) >> 16]) \
+                   ^ (bc)->S[2][((x) & 0xFF00) >> 8]) \
+                  + (bc)->S[3][(x) & 0x00FF])
+
+#define BLFRND(bc,i,j,n) (i ^= F(bc,j) ^ (bc)->P[n])
+
+void
+Blowfish_encipher(c, xl, xr)
+        blf_ctx *c;
+        u_int32_t *xl;
+        u_int32_t *xr;
+{
+        u_int32_t Xl;
+        u_int32_t Xr;
+
+        Xl = *xl;
+        Xr = *xr;
+
+        Xl ^= c->P[0];
+        BLFRND(c, Xr, Xl, 1); BLFRND(c, Xl, Xr, 2);
+        BLFRND(c, Xr, Xl, 3); BLFRND(c, Xl, Xr, 4);
+        BLFRND(c, Xr, Xl, 5); BLFRND(c, Xl, Xr, 6);
+        BLFRND(c, Xr, Xl, 7); BLFRND(c, Xl, Xr, 8);
+        BLFRND(c, Xr, Xl, 9); BLFRND(c, Xl, Xr, 10);
+        BLFRND(c, Xr, Xl, 11); BLFRND(c, Xl, Xr, 12);
+        BLFRND(c, Xr, Xl, 13); BLFRND(c, Xl, Xr, 14);
+        BLFRND(c, Xr, Xl, 15); BLFRND(c, Xl, Xr, 16);
+
+        *xl = Xr ^ c->P[17];
+        *xr = Xl;
+}
+
+void
+Blowfish_decipher(c, xl, xr)
+        blf_ctx *c;
+        u_int32_t *xl;
+        u_int32_t *xr;
+{
+        u_int32_t Xl;
+        u_int32_t Xr;
+
+        Xl = *xl;
+        Xr = *xr;
+
+        Xl ^= c->P[17];
+        BLFRND(c, Xr, Xl, 16); BLFRND(c, Xl, Xr, 15);
+        BLFRND(c, Xr, Xl, 14); BLFRND(c, Xl, Xr, 13);
+        BLFRND(c, Xr, Xl, 12); BLFRND(c, Xl, Xr, 11);
+        BLFRND(c, Xr, Xl, 10); BLFRND(c, Xl, Xr, 9);
+        BLFRND(c, Xr, Xl, 8); BLFRND(c, Xl, Xr, 7);
+        BLFRND(c, Xr, Xl, 6); BLFRND(c, Xl, Xr, 5);
+        BLFRND(c, Xr, Xl, 4); BLFRND(c, Xl, Xr, 3);
+        BLFRND(c, Xr, Xl, 2); BLFRND(c, Xl, Xr, 1);
+
+        *xl = Xr ^ c->P[0];
+        *xr = Xl;
+}
+
+void
+Blowfish_initstate(c)
+        blf_ctx *c;
+{
+
+/* P-box and S-box tables initialized with digits of Pi */
+
+        const blf_ctx initstate =
+
+        { {
+                {
+                        0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
+                        0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
+                        0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+                        0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
+                        0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
+                        0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+                        0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
+                        0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
+                        0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+                        0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
+                        0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
+                        0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+                        0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
+                        0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
+                        0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+                        0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
+                        0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
+                        0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+                        0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
+                        0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
+                        0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+                        0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
+                        0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
+                        0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+                        0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
+                        0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
+                        0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+                        0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
+                        0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
+                        0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+                        0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
+                        0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
+                        0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+                        0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
+                        0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
+                        0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+                        0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
+                        0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
+                        0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+                        0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
+                        0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
+                        0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+                        0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
+                        0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
+                        0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+                        0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
+                        0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
+                        0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+                        0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
+                        0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
+                        0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+                        0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
+                        0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
+                        0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+                        0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
+                        0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
+                        0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+                        0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
+                        0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
+                        0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+                        0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
+                        0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
+                        0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+                0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
+                {
+                        0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
+                        0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
+                        0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+                        0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
+                        0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
+                        0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+                        0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
+                        0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
+                        0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+                        0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
+                        0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
+                        0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+                        0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
+                        0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
+                        0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+                        0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
+                        0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
+                        0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+                        0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
+                        0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
+                        0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+                        0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
+                        0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
+                        0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+                        0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
+                        0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
+                        0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+                        0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
+                        0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
+                        0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+                        0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
+                        0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
+                        0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+                        0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
+                        0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
+                        0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+                        0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
+                        0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
+                        0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+                        0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
+                        0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
+                        0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+                        0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
+                        0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
+                        0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+                        0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
+                        0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
+                        0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+                        0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
+                        0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
+                        0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+                        0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
+                        0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
+                        0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+                        0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
+                        0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
+                        0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+                        0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
+                        0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
+                        0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+                        0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
+                        0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
+                        0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+                0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
+                {
+                        0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
+                        0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
+                        0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+                        0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
+                        0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
+                        0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+                        0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
+                        0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
+                        0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+                        0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
+                        0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
+                        0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+                        0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
+                        0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
+                        0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+                        0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
+                        0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
+                        0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+                        0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
+                        0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
+                        0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+                        0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
+                        0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
+                        0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+                        0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
+                        0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
+                        0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+                        0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
+                        0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
+                        0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+                        0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
+                        0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
+                        0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+                        0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
+                        0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
+                        0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+                        0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
+                        0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
+                        0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+                        0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
+                        0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
+                        0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+                        0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
+                        0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
+                        0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+                        0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
+                        0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
+                        0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+                        0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
+                        0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
+                        0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+                        0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
+                        0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
+                        0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+                        0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
+                        0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
+                        0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+                        0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
+                        0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
+                        0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+                        0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
+                        0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
+                        0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+                0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
+                {
+                        0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
+                        0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
+                        0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+                        0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
+                        0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
+                        0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+                        0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
+                        0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
+                        0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+                        0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
+                        0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
+                        0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+                        0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
+                        0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
+                        0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+                        0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
+                        0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
+                        0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+                        0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
+                        0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
+                        0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+                        0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
+                        0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
+                        0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+                        0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
+                        0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
+                        0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+                        0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
+                        0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
+                        0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+                        0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
+                        0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
+                        0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+                        0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
+                        0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
+                        0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+                        0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
+                        0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
+                        0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+                        0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
+                        0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
+                        0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+                        0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
+                        0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
+                        0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+                        0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
+                        0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
+                        0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+                        0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
+                        0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
+                        0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+                        0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
+                        0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
+                        0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+                        0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
+                        0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
+                        0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+                        0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
+                        0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
+                        0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+                        0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
+                        0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
+                        0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+                0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
+        },
+        {
+                0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
+                0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
+                0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+                0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
+                0x9216d5d9, 0x8979fb1b
+        } };
+
+        *c = initstate;
+
+}
+
+#ifdef __STDC__
+u_int32_t
+Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, u_int16_t *current)
+#else
+u_int32_t
+Blowfish_stream2word(data, databytes, current)
+        const u_int8_t *data;
+        u_int16_t databytes;
+        u_int16_t *current;
+#endif
+{
+        u_int8_t i;
+        u_int16_t j;
+        u_int32_t temp;
+
+        temp = 0x00000000;
+        j = *current;
+
+        for (i = 0; i < 4; i++, j++) {
+                if (j >= databytes)
+                        j = 0;
+                temp = (temp << 8) | data[j];
+        }
+
+        *current = j;
+        return temp;
+}
+
+#if __STDC__
+void
+Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
+#else
+void
+Blowfish_expand0state(c, key, keybytes)
+        blf_ctx *c;
+        const u_int8_t *key;
+        u_int16_t keybytes;
+#endif
+{
+        u_int16_t i;
+        u_int16_t j;
+        u_int16_t k;
+        u_int32_t temp;
+        u_int32_t datal;
+        u_int32_t datar;
+
+        j = 0;
+        for (i = 0; i < BLF_N + 2; i++) {
+                /* Extract 4 int8 to 1 int32 from keystream */
+                temp = Blowfish_stream2word(key, keybytes, &j);
+                c->P[i] = c->P[i] ^ temp;
+        }
+
+        j = 0;
+        datal = 0x00000000;
+        datar = 0x00000000;
+        for (i = 0; i < BLF_N + 2; i += 2) {
+                Blowfish_encipher(c, &datal, &datar);
+
+                c->P[i] = datal;
+                c->P[i + 1] = datar;
+        }
+
+        for (i = 0; i < 4; i++) {
+                for (k = 0; k < 256; k += 2) {
+                        Blowfish_encipher(c, &datal, &datar);
+
+                        c->S[i][k] = datal;
+                        c->S[i][k + 1] = datar;
+                }
+        }
+}
+
+
+#if __STDC__
+void
+Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
+                     const u_int8_t *key, u_int16_t keybytes)
+#else
+void
+Blowfish_expandstate(c, data, databytes, key, keybytes)
+        blf_ctx *c;
+        const u_int8_t *data;
+        u_int16_t databytes;
+        const u_int8_t *key;
+        u_int16_t keybytes;
+#endif
+{
+        u_int16_t i;
+        u_int16_t j;
+        u_int16_t k;
+        u_int32_t temp;
+        u_int32_t datal;
+        u_int32_t datar;
+
+        j = 0;
+        for (i = 0; i < BLF_N + 2; i++) {
+                /* Extract 4 int8 to 1 int32 from keystream */
+                temp = Blowfish_stream2word(key, keybytes, &j);
+                c->P[i] = c->P[i] ^ temp;
+        }
+
+        j = 0;
+        datal = 0x00000000;
+        datar = 0x00000000;
+        for (i = 0; i < BLF_N + 2; i += 2) {
+                datal ^= Blowfish_stream2word(data, databytes, &j);
+                datar ^= Blowfish_stream2word(data, databytes, &j);
+                Blowfish_encipher(c, &datal, &datar);
+
+                c->P[i] = datal;
+                c->P[i + 1] = datar;
+        }
+
+        for (i = 0; i < 4; i++) {
+                for (k = 0; k < 256; k += 2) {
+                        datal ^= Blowfish_stream2word(data, databytes, &j);
+                        datar ^= Blowfish_stream2word(data, databytes, &j);
+                        Blowfish_encipher(c, &datal, &datar);
+
+                        c->S[i][k] = datal;
+                        c->S[i][k + 1] = datar;
+                }
+        }
+
+}
+
+#if __STDC__
+void
+blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
+#else
+void
+blf_key(c, k, len)
+        blf_ctx *c;
+        const u_int8_t *k;
+        u_int16_t len;
+#endif
+{
+        /* Initalize S-boxes and subkeys with Pi */
+        Blowfish_initstate(c);
+
+        /* Transform S-boxes and subkeys with key */
+        Blowfish_expand0state(c, k, len);
+}
+
+#if __STDC__
+void
+blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
+#else
+void
+blf_enc(c, data, blocks)
+        blf_ctx *c;
+        u_int32_t *data;
+        u_int16_t blocks;
+#endif
+{
+        u_int32_t *d;
+        u_int16_t i;
+
+        d = data;
+        for (i = 0; i < blocks; i++) {
+                Blowfish_encipher(c, d, d + 1);
+                d += 2;
+        }
+}
+
+#if __STDC__
+void
+blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
+#else
+void
+blf_dec(c, data, blocks)
+        blf_ctx *c;
+        u_int32_t *data;
+        u_int16_t blocks;
+#endif
+{
+        u_int32_t *d;
+        u_int16_t i;
+
+        d = data;
+        for (i = 0; i < blocks; i++) {
+                Blowfish_decipher(c, d, d + 1);
+                d += 2;
+        }
+}
+
+#if __STDC__
+void
+blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
+#else
+void
+blf_ecb_encrypt(c, data, len)
+     blf_ctx *c;
+     u_int8_t *data;
+     u_int32_t len;
+#endif
+{
+        u_int32_t l, r;
+        u_int32_t i;
+
+        for (i = 0; i < len; i += 8) {
+                l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+                r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+                Blowfish_encipher(c, &l, &r);
+                data[0] = l >> 24 & 0xff;
+                data[1] = l >> 16 & 0xff;
+                data[2] = l >> 8 & 0xff;
+                data[3] = l & 0xff;
+                data[4] = r >> 24 & 0xff;
+                data[5] = r >> 16 & 0xff;
+                data[6] = r >> 8 & 0xff;
+                data[7] = r & 0xff;
+                data += 8;
+        }
+}
+
+#if __STDC__
+void
+blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
+#else
+void
+blf_ecb_decrypt(c, data, len)
+     blf_ctx *c;
+     u_int8_t *data;
+     u_int32_t len;
+#endif
+{
+        u_int32_t l, r;
+        u_int32_t i;
+
+        for (i = 0; i < len; i += 8) {
+                l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+                r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+                Blowfish_decipher(c, &l, &r);
+                data[0] = l >> 24 & 0xff;
+                data[1] = l >> 16 & 0xff;
+                data[2] = l >> 8 & 0xff;
+                data[3] = l & 0xff;
+                data[4] = r >> 24 & 0xff;
+                data[5] = r >> 16 & 0xff;
+                data[6] = r >> 8 & 0xff;
+                data[7] = r & 0xff;
+                data += 8;
+        }
+}
+
+#if __STDC__
+void
+blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
+#else
+void
+blf_cbc_encrypt(c, iv, data, len)
+     blf_ctx *c;
+     u_int8_t *iv;
+     u_int8_t *data;
+     u_int32_t len;
+#endif
+{
+        u_int32_t l, r;
+        u_int32_t i, j;
+
+        for (i = 0; i < len; i += 8) {
+                for (j = 0; j < 8; j++)
+                        data[j] ^= iv[j];
+                l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+                r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+                Blowfish_encipher(c, &l, &r);
+                data[0] = l >> 24 & 0xff;
+                data[1] = l >> 16 & 0xff;
+                data[2] = l >> 8 & 0xff;
+                data[3] = l & 0xff;
+                data[4] = r >> 24 & 0xff;
+                data[5] = r >> 16 & 0xff;
+                data[6] = r >> 8 & 0xff;
+                data[7] = r & 0xff;
+                iv = data;
+                data += 8;
+        }
+}
+
+#if __STDC__
+void
+blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
+#else
+void
+blf_cbc_decrypt(c, iva, data, len)
+     blf_ctx *c;
+     u_int8_t *iva;
+     u_int8_t *data;
+     u_int32_t len;
+#endif
+{
+        u_int32_t l, r;
+        u_int8_t *iv;
+        u_int32_t i, j;
+
+        iv = data + len - 16;
+        data = data + len - 8;
+        for (i = len - 8; i >= 8; i -= 8) {
+                l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+                r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+                Blowfish_decipher(c, &l, &r);
+                data[0] = l >> 24 & 0xff;
+                data[1] = l >> 16 & 0xff;
+                data[2] = l >> 8 & 0xff;
+                data[3] = l & 0xff;
+                data[4] = r >> 24 & 0xff;
+                data[5] = r >> 16 & 0xff;
+                data[6] = r >> 8 & 0xff;
+                data[7] = r & 0xff;
+                for (j = 0; j < 8; j++)
+                        data[j] ^= iv[j];
+                iv = data;
+                data -= 8;
+        }
+        l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+        r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+        Blowfish_decipher(c, &l, &r);
+        data[0] = l >> 24 & 0xff;
+        data[1] = l >> 16 & 0xff;
+        data[2] = l >> 8 & 0xff;
+        data[3] = l & 0xff;
+        data[4] = r >> 24 & 0xff;
+        data[5] = r >> 16 & 0xff;
+        data[6] = r >> 8 & 0xff;
+        data[7] = r & 0xff;
+        for (j = 0; j < 8; j++)
+                data[j] ^= iva[j];
+}
+
+#if 0
+void
+report(u_int32_t data[], u_int16_t len)
+{
+        u_int16_t i;
+        for (i = 0; i < len; i += 2)
+                printf("Block %0hd: %08lx %08lx.\n",
+                    i / 2, data[i], data[i + 1]);
+}
+void
+main(void)
+{
+
+        blf_ctx c;
+        char    key[] = "AAAAA";
+        char    key2[] = "abcdefghijklmnopqrstuvwxyz";
+
+        u_int32_t data[10];
+        u_int32_t data2[] =
+        {0x424c4f57l, 0x46495348l};
+
+        u_int16_t i;
+
+        /* First test */
+        for (i = 0; i < 10; i++)
+                data[i] = i;
+
+        blf_key(&c, (u_int8_t *) key, 5);
+        blf_enc(&c, data, 5);
+        blf_dec(&c, data, 1);
+        blf_dec(&c, data + 2, 4);
+        printf("Should read as 0 - 9.\n");
+        report(data, 10);
+
+        /* Second test */
+        blf_key(&c, (u_int8_t *) key2, strlen(key2));
+        blf_enc(&c, data2, 1);
+        printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
+        report(data2, 2);
+        blf_dec(&c, data2, 1);
+        report(data2, 2);
+}
+#endif
diff --git a/src/lib/libc/crypt/cast.c b/src/lib/libc/crypt/cast.c
new file mode 100644
index 0000000000..264138f03e
--- /dev/null
+++ b/src/lib/libc/crypt/cast.c
@@ -0,0 +1,779 @@
+/*      $OpenBSD: cast.c,v 1.2 1998/07/21 22:42:03 provos Exp $       */
+/*
+ *      CAST-128 in C
+ *      Written by Steve Reid <sreid@sea-to-sky.net>
+ *      100% Public Domain - no warranty
+ *      Released 1997.10.11
+ */
+
+#include <sys/types.h>
+
+#include <cast.h>
+
+/* CAST S-Boxes */
+
+static const u_int32_t cast_sbox1[256] = {
+        0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A,
+        0x1E213F2F, 0x9C004DD3, 0x6003E540, 0xCF9FC949,
+        0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675,
+        0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E,
+        0x28683B6F, 0xC07FD059, 0xFF2379C8, 0x775F50E2,
+        0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D,
+        0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F,
+        0x2ABE32E1, 0xAA54166B, 0x22568E3A, 0xA2D341D0,
+        0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE,
+        0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7,
+        0xB82CBAEF, 0xD751D159, 0x6FF7F0ED, 0x5A097A1F,
+        0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935,
+        0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D,
+        0xB7332290, 0xE93B159F, 0xB48EE411, 0x4BFF345D,
+        0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165,
+        0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50,
+        0x882240F2, 0x0C6E4F38, 0xA4E4BFD7, 0x4F5BA272,
+        0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE,
+        0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D,
+        0x57538AD5, 0x6A390493, 0xE63D37E0, 0x2A54F6B3,
+        0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A,
+        0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167,
+        0x38901091, 0xC6B505EB, 0x84C7CB8C, 0x2AD75A0F,
+        0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291,
+        0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9,
+        0x6C00B32D, 0x73E2BB14, 0xA0BEBC3C, 0x54623779,
+        0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6,
+        0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2,
+        0x81383F05, 0x6963C5C8, 0x76CB5AD6, 0xD49974C9,
+        0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511,
+        0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E,
+        0x31366241, 0x051EF495, 0xAA573B04, 0x4A805D8D,
+        0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E,
+        0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5,
+        0x6B54BFAB, 0x2B0B1426, 0xAB4CC9D7, 0x449CCD82,
+        0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324,
+        0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC,
+        0xEADF55B3, 0xD5BD9E98, 0xE31231B2, 0x2AD5AD6C,
+        0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F,
+        0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC,
+        0x7B5A41F0, 0xD37CFBAD, 0x1B069505, 0x41ECE491,
+        0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D,
+        0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE,
+        0xE01063DA, 0x4736F464, 0x5AD328D8, 0xB347CC96,
+        0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A,
+        0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A,
+        0x3F04442F, 0x6188B153, 0xE0397A2E, 0x5727CB79,
+        0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D,
+        0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779,
+        0x4744EAD4, 0xB11C3274, 0xDD24CB9E, 0x7E1C54BD,
+        0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755,
+        0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6,
+        0x580304F0, 0xCA042CF1, 0x011A37EA, 0x8DBFAADB,
+        0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9,
+        0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0,
+        0x7C63B2CF, 0x700B45E1, 0xD5EA50F1, 0x85A92872,
+        0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79,
+        0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C,
+        0x474D6AD7, 0x7C0C5E5C, 0xD1231959, 0x381B7298,
+        0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E,
+        0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571,
+        0x962BDA1C, 0xE1E696FF, 0xB141AB08, 0x7CCA89B9,
+        0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D,
+        0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF
+};
+
+static const u_int32_t cast_sbox2[256] = {
+        0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380,
+        0xFE61CF7A, 0xEEC5207A, 0x55889C94, 0x72FC0651,
+        0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA,
+        0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3,
+        0xA0B52F7B, 0x59E83605, 0xEE15B094, 0xE9FFD909,
+        0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB,
+        0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B,
+        0x01420DDB, 0xE4E7EF5B, 0x25A1FF41, 0xE180F806,
+        0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4,
+        0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B,
+        0xE113C85B, 0xACC40083, 0xD7503525, 0xF7EA615F,
+        0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359,
+        0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21,
+        0x071F6181, 0x39F7627F, 0x361E3084, 0xE4EB573B,
+        0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D,
+        0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C,
+        0x10843094, 0x2537A95E, 0xF46F6FFE, 0xA1FF3B1F,
+        0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34,
+        0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D,
+        0x8A45388C, 0x1D804366, 0x721D9BFD, 0xA58684BB,
+        0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4,
+        0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD,
+        0xC5D655DD, 0xEB667064, 0x77840B4D, 0xA1B6A801,
+        0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860,
+        0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755,
+        0xB5625DBF, 0x68561BE6, 0x83CA6B94, 0x2D6ED23B,
+        0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709,
+        0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304,
+        0x81ED6F61, 0x20E74364, 0xB45E1378, 0xDE18639B,
+        0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B,
+        0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C,
+        0x488CB402, 0x1BA4FE5B, 0xA4B09F6B, 0x1CA815CF,
+        0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9,
+        0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C,
+        0xEE41E729, 0x6E1D2D7C, 0x50045286, 0x1E6685F3,
+        0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13,
+        0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9,
+        0xCDFF33A6, 0xA02B1741, 0x7CBAD9A2, 0x2180036F,
+        0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB,
+        0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6,
+        0xCDF0B680, 0x17844D3B, 0x31EEF84D, 0x7E0824E4,
+        0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6,
+        0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43,
+        0xB3FAEC54, 0x157FD7FA, 0xEF8579CC, 0xD152DE58,
+        0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8,
+        0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906,
+        0xB8DA230C, 0x80823028, 0xDCDEF3C8, 0xD35FB171,
+        0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D,
+        0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89,
+        0x8B1C34BC, 0x301E16E6, 0x273BE979, 0xB0FFEAA6,
+        0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B,
+        0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4,
+        0xDC8637A0, 0x16A7D3B1, 0x9FC393B7, 0xA7136EEB,
+        0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6,
+        0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E,
+        0xDB92F2FB, 0x5EEA29CB, 0x145892F5, 0x91584F7F,
+        0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA,
+        0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249,
+        0xB284600C, 0xD835731D, 0xDCB1C647, 0xAC4C56EA,
+        0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA,
+        0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD,
+        0x649DA589, 0xA345415E, 0x5C038323, 0x3E5D3BB9,
+        0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF,
+        0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1
+};
+
+static const u_int32_t cast_sbox3[256] = {
+        0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907,
+        0x47607FFF, 0x369FE44B, 0x8C1FC644, 0xAECECA90,
+        0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE,
+        0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5,
+        0x11107D9F, 0x07647DB9, 0xB2E3E4D4, 0x3D4F285E,
+        0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E,
+        0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC,
+        0x21FFFCEE, 0x825B1BFD, 0x9255C5ED, 0x1257A240,
+        0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E,
+        0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5,
+        0xA8C01DB7, 0x579FC264, 0x67094F31, 0xF2BD3F5F,
+        0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B,
+        0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99,
+        0xA197C81C, 0x4A012D6E, 0xC5884A28, 0xCCC36F71,
+        0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F,
+        0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04,
+        0xA747D2D0, 0x1651192E, 0xAF70BF3E, 0x58C31380,
+        0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82,
+        0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8,
+        0x8427F4A0, 0x1EAC5790, 0x796FB449, 0x8252DC15,
+        0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504,
+        0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2,
+        0x23EFE941, 0xA903F12E, 0x60270DF2, 0x0276E4B6,
+        0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176,
+        0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E,
+        0x842F7D83, 0x340CE5C8, 0x96BBB682, 0x93B4B148,
+        0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D,
+        0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC,
+        0x8B907CEE, 0xB51FD240, 0xE7C07CE3, 0xE566B4A1,
+        0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341,
+        0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C,
+        0xF76CEDD9, 0xBDA8229C, 0x127DADAA, 0x438A074E,
+        0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15,
+        0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51,
+        0x68CC7BFB, 0xD90F2788, 0x12490181, 0x5DE5FFD4,
+        0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F,
+        0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B,
+        0x6D498623, 0x193CBCFA, 0x27627545, 0x825CF47A,
+        0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392,
+        0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B,
+        0x285BA1C8, 0x3C62F44F, 0x35C0EAA5, 0xE805D231,
+        0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B,
+        0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889,
+        0x694BCC11, 0x236A5CAE, 0x12DECA4D, 0x2C3F8CC5,
+        0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67,
+        0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45,
+        0x3A609437, 0xEC00C9A9, 0x44715253, 0x0A874B49,
+        0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536,
+        0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D,
+        0x07478CD1, 0x006E1888, 0xA2E53F55, 0xB9E6D4BC,
+        0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D,
+        0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0,
+        0x947B0001, 0x570075D2, 0xF9BB88F8, 0x8942019E,
+        0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69,
+        0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767,
+        0xCF1FEBD2, 0x61EFC8C2, 0xF1AC2571, 0xCC8239C2,
+        0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE,
+        0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49,
+        0x5727C148, 0x2BE98A1D, 0x8AB41738, 0x20E1BE24,
+        0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D,
+        0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0,
+        0x642B1E31, 0x9C305A00, 0x52BCE688, 0x1B03588A,
+        0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5,
+        0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783
+};
+
+static const u_int32_t cast_sbox4[256] = {
+        0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298,
+        0x4A4F7BDB, 0x64AD8C57, 0x85510443, 0xFA020ED1,
+        0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120,
+        0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF,
+        0x28147F5F, 0x4FA2B8CD, 0xC9430040, 0x0CC32220,
+        0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15,
+        0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE,
+        0x1A05645F, 0x0C13FEFE, 0x081B08CA, 0x05170121,
+        0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701,
+        0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25,
+        0xCE84FFDF, 0xF5718801, 0x3DD64B04, 0xA26F263B,
+        0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5,
+        0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93,
+        0xD3772061, 0x11B638E1, 0x72500E03, 0xF80EB2BB,
+        0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746,
+        0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5,
+        0x4D351805, 0x7F3D5CE3, 0xA6C866C6, 0x5D5BCCA9,
+        0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D,
+        0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB,
+        0x022083B8, 0x3FB6180C, 0x18F8931E, 0x281658E6,
+        0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C,
+        0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23,
+        0x69DEAD38, 0x1574CA16, 0xDF871B62, 0x211C40B7,
+        0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003,
+        0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340,
+        0x557BE8DE, 0x00EAE4A7, 0x0CE5C2EC, 0x4DB4BBA6,
+        0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327,
+        0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119,
+        0x6E85CB75, 0xBE07C002, 0xC2325577, 0x893FF4EC,
+        0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24,
+        0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205,
+        0xAAC9548A, 0xECA1D7C7, 0x041AFA32, 0x1D16625A,
+        0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031,
+        0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79,
+        0x026A4CEB, 0x52437EFF, 0x2F8F76B4, 0x0DF980A5,
+        0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF,
+        0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C,
+        0x1741A254, 0xE5B6A035, 0x213D42F6, 0x2C1C7C26,
+        0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69,
+        0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB,
+        0x63315C21, 0x5E0A72EC, 0x49BAFEFD, 0x187908D9,
+        0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7,
+        0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF,
+        0x71EAE2A1, 0x1F9AF36E, 0xCFCBD12F, 0xC1DE8417,
+        0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3,
+        0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2,
+        0x6F7DE532, 0x58FD7EB6, 0xD01EE900, 0x24ADFFC2,
+        0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2,
+        0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF,
+        0x29908415, 0x7FBB977F, 0xAF9EB3DB, 0x29C9ED2A,
+        0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091,
+        0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919,
+        0x77079103, 0xDEA03AF6, 0x78A8565E, 0xDEE356DF,
+        0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF,
+        0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF,
+        0xAFE67AFB, 0xF470C4B2, 0xF3E0EB5B, 0xD6CC9876,
+        0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367,
+        0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB,
+        0xB5676E69, 0x9BD3DDDA, 0xDF7E052F, 0xDB25701C,
+        0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04,
+        0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43,
+        0x41823979, 0x932BCDF6, 0xB657C34D, 0x4EDFD282,
+        0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E,
+        0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2
+};
+
+static const u_int32_t cast_sbox5[256] = {
+        0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911,
+        0xB86A7FFF, 0x1DD358F5, 0x44DD9D44, 0x1731167F,
+        0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00,
+        0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A,
+        0xE6A2E77F, 0xF0C720CD, 0xC4494816, 0xCCF5C180,
+        0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF,
+        0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2,
+        0x4E40B48D, 0x248EB6FB, 0x8DBA1CFE, 0x41A99B02,
+        0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725,
+        0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A,
+        0xF2F3F763, 0x68AF8040, 0xED0C9E56, 0x11B4958B,
+        0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7,
+        0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571,
+        0x0C05372A, 0x578535F2, 0x2261BE02, 0xD642A0C9,
+        0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC,
+        0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981,
+        0x5C1FF900, 0xFE38D399, 0x0C4EFF0B, 0x062407EA,
+        0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774,
+        0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263,
+        0xDF65001F, 0x0EC50966, 0xDFDD55BC, 0x29DE0655,
+        0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468,
+        0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2,
+        0xBCF3F0AA, 0x87AC36E9, 0xE53A7426, 0x01B3D82B,
+        0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910,
+        0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284,
+        0x636737B6, 0x50F5B616, 0xF24766E3, 0x8ECA36C1,
+        0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4,
+        0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA,
+        0x26E46695, 0xB7566419, 0xF654EFC5, 0xD08D58B7,
+        0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049,
+        0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE,
+        0xC62BF3CD, 0x9E0885F9, 0x68CB3E47, 0x086C010F,
+        0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6,
+        0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA,
+        0x0AB378D5, 0xD951FB0C, 0xDED7DA56, 0x4124BBE4,
+        0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE,
+        0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561,
+        0xC3DC0280, 0x05687715, 0x646C6BD7, 0x44904DB3,
+        0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6,
+        0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840,
+        0x76F0AE02, 0x083BE84D, 0x28421C9A, 0x44489406,
+        0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4,
+        0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472,
+        0x3CA5D717, 0x7D161BBA, 0x9CAD9010, 0xAF462BA2,
+        0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487,
+        0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7,
+        0x445F7382, 0x175683F4, 0xCDC66A97, 0x70BE0288,
+        0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5,
+        0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2,
+        0x1C5C1572, 0xF6721B2C, 0x1AD2FFF3, 0x8C25404E,
+        0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78,
+        0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E,
+        0x44094F85, 0x3F481D87, 0xFCFEAE7B, 0x77B5FF76,
+        0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801,
+        0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0,
+        0xDF3B0874, 0x95055110, 0x1B5AD7A8, 0xF61ED5AD,
+        0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58,
+        0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0,
+        0x5CE96C28, 0xE176EDA3, 0x6BAC307F, 0x376829D2,
+        0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20,
+        0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE,
+        0xF9E0659A, 0xEEB9491D, 0x34010718, 0xBB30CAB8,
+        0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55,
+        0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4
+};
+
+static const u_int32_t cast_sbox6[256] = {
+        0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C,
+        0x95DB08E7, 0x016843B4, 0xECED5CBC, 0x325553AC,
+        0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9,
+        0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138,
+        0x33F14961, 0xC01937BD, 0xF506C6DA, 0xE4625E7E,
+        0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367,
+        0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866,
+        0xA084DB2D, 0x09A8486F, 0xA888614A, 0x2900AF98,
+        0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C,
+        0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072,
+        0xFD41197E, 0x9305A6B0, 0xE86BE3DA, 0x74BED3CD,
+        0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3,
+        0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53,
+        0x5C3D9C01, 0x64BDB941, 0x2C0E636A, 0xBA7DD9CD,
+        0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D,
+        0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8,
+        0x284CAF89, 0xAA928223, 0x9334BE53, 0x3B3A21BF,
+        0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9,
+        0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807,
+        0x5B7C5ECC, 0x221DB3A6, 0x9A69A02F, 0x68818A54,
+        0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A,
+        0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387,
+        0x53BDDB65, 0xE76FFBE7, 0xE967FD78, 0x0BA93563,
+        0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC,
+        0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0,
+        0xE81F994F, 0x9528CD89, 0xFD339FED, 0xB87834BF,
+        0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE,
+        0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF,
+        0x4EC75B95, 0x24F2C3C0, 0x42D15D99, 0xCD0D7FA0,
+        0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F,
+        0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2,
+        0x372B74AF, 0x692573E4, 0xE9A9D848, 0xF3160289,
+        0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853,
+        0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950,
+        0x36F73523, 0x4CFB6E87, 0x7DA4CEC0, 0x6C152DAA,
+        0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F,
+        0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9,
+        0x2B05D08D, 0x48B9D585, 0xDC049441, 0xC8098F9B,
+        0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751,
+        0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE,
+        0xBF32679D, 0xD45B5B75, 0xB353FD00, 0xCBB0E358,
+        0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13,
+        0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397,
+        0x47CF8E7A, 0xB6C85283, 0x3CC2ACFB, 0x3FC06976,
+        0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459,
+        0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0,
+        0x3007CD3E, 0x74719EEF, 0xDC872681, 0x073340D4,
+        0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891,
+        0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F,
+        0x6FE4AC98, 0xB173ECC0, 0xBC60B42A, 0x953498DA,
+        0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB,
+        0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC,
+        0xE8816F4A, 0x3814F200, 0xA3F94043, 0x9C7A54C2,
+        0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084,
+        0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB,
+        0xBA5AC7B5, 0xB6F6DEAF, 0x3A479C3A, 0x5302DA25,
+        0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B,
+        0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121,
+        0xB81A928A, 0x60ED5869, 0x97C55B96, 0xEAEC991B,
+        0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5,
+        0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855,
+        0xD36B4CF1, 0xF544EDEB, 0xB0E93524, 0xBEBB8FBD,
+        0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454,
+        0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F
+};
+
+static const u_int32_t cast_sbox7[256] = {
+        0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693,
+        0x2A8D7F6F, 0xAB9BC912, 0xDE6008A1, 0x2028DA1F,
+        0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82,
+        0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE,
+        0xA05FBCF6, 0xCD4181E9, 0xE150210C, 0xE24EF1BD,
+        0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43,
+        0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F,
+        0x089766BE, 0xBAEEADF4, 0x1286BECF, 0xB6EACB19,
+        0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9,
+        0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2,
+        0x107789BE, 0xB3B2E9CE, 0x0502AA8F, 0x0BC0351E,
+        0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516,
+        0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83,
+        0x334266CE, 0x8C9341B7, 0xD0D854C0, 0xCB3A6C88,
+        0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E,
+        0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816,
+        0x0A961288, 0xE1A5C06E, 0x13749E67, 0x72FC081A,
+        0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756,
+        0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F,
+        0xBC8EC511, 0x38BC46E9, 0xC6E6FA14, 0xBAE8584A,
+        0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B,
+        0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264,
+        0x92544A8B, 0x009B4FC3, 0xABA68CED, 0x9AC96F78,
+        0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688,
+        0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D,
+        0xF7DEBB85, 0x61FE033C, 0x16746233, 0x3C034C28,
+        0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802,
+        0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3,
+        0x0C4FB99A, 0xBB325778, 0x3EC6D97B, 0x6E77A6A9,
+        0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7,
+        0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302,
+        0xB96D8C32, 0xEBD4E7BE, 0xBE8B9D2D, 0x7979FB06,
+        0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858,
+        0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033,
+        0xF28EBFB0, 0xF5B9C310, 0xA0EAC280, 0x08B9767A,
+        0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A,
+        0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4,
+        0x826D2BEF, 0x4EEB8476, 0x488DCF25, 0x36C9D566,
+        0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF,
+        0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509,
+        0xF22B017D, 0xA4173F70, 0xDD1E16C3, 0x15E0D7F9,
+        0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962,
+        0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C,
+        0x93D29A22, 0xE32DBF9A, 0x058745B9, 0x3453DC1E,
+        0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07,
+        0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C,
+        0x66626C1C, 0x7154C24C, 0xEA082B2A, 0x93EB2939,
+        0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C,
+        0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E,
+        0xD3A0C108, 0xA1E7160E, 0xE4F2DFA6, 0x693ED285,
+        0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378,
+        0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301,
+        0xC79F022F, 0x3C997E7E, 0x5E4F9504, 0x3FFAFBBD,
+        0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE,
+        0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567,
+        0x5592A33D, 0xB5229301, 0xCFD2A87F, 0x60AEB767,
+        0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2,
+        0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647,
+        0x97FD61A9, 0xEA7759F4, 0x2D57539D, 0x569A58CF,
+        0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914,
+        0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2,
+        0x3FFA50BC, 0x3D40F021, 0xC3C0BDAE, 0x4958C24C,
+        0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA,
+        0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3
+};
+
+static const u_int32_t cast_sbox8[256] = {
+        0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095,
+        0x7789F8B7, 0xE6C1121B, 0x0E241600, 0x052CE8B5,
+        0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174,
+        0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC,
+        0xDE9ADEB1, 0x0A0CC32C, 0xBE197029, 0x84A00940,
+        0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD,
+        0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42,
+        0xC7ECE831, 0x3F8F95E7, 0x72DF191B, 0x7580330D,
+        0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164,
+        0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2,
+        0x12A8DDEC, 0xFDAA335D, 0x176F43E8, 0x71FB46D4,
+        0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862,
+        0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0,
+        0x4CFDE06F, 0xC28EC4B8, 0x57E8726E, 0x647A78FC,
+        0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6,
+        0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C,
+        0xBBD35049, 0x2998DF04, 0x980CF42A, 0x9B6DF491,
+        0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E,
+        0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B,
+        0x3CF1D2E2, 0x19B47A38, 0x424F7618, 0x35856039,
+        0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8,
+        0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8,
+        0x7170C608, 0x2D5E3354, 0xD4DE495A, 0x64C6D006,
+        0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42,
+        0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564,
+        0xF8D7E54E, 0x3E378160, 0x7895CDA5, 0x859C15A5,
+        0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB,
+        0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472,
+        0x835FFCB8, 0x6DF4C1F2, 0x96F5B195, 0xFD0AF0FC,
+        0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225,
+        0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8,
+        0xC4618187, 0xEA7A6E98, 0x7CD16EFC, 0x1436876C,
+        0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441,
+        0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB,
+        0xA842EEDF, 0xFDBA60B4, 0xF1907B75, 0x20E3030F,
+        0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054,
+        0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504,
+        0xF1E47D8D, 0x844A1BE5, 0xBAE7DFDC, 0x42CBDA70,
+        0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C,
+        0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC,
+        0x77853B53, 0x37EFFCB5, 0xC5068778, 0xE580B3E6,
+        0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C,
+        0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD,
+        0xDD06CAA2, 0x37DF932B, 0xC4248289, 0xACF3EBC3,
+        0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4,
+        0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4,
+        0xE87B40E4, 0xE98EA084, 0x5889E9E1, 0xEFD390FC,
+        0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101,
+        0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA,
+        0x646F1282, 0x7523D24A, 0xE0779695, 0xF9C17A8F,
+        0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF,
+        0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E,
+        0x11403092, 0x00DA6D77, 0x4A0CDD61, 0xAD1F4603,
+        0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A,
+        0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37,
+        0x2DE705CA, 0x8951570F, 0xDF09822B, 0xBD691A6C,
+        0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819,
+        0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384,
+        0x5938FA0F, 0x42399EF3, 0x36997B07, 0x0E84093D,
+        0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C,
+        0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347,
+        0x589E8D82, 0x0D2059D1, 0xA466BB1E, 0xF8DA0A82,
+        0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D,
+        0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E
+};
+
+/* Macros to access 8-bit bytes out of a 32-bit word */
+#define U8a(x) ( (u_int8_t) (x>>24) )
+#define U8b(x) ( (u_int8_t) ((x>>16)&255) )
+#define U8c(x) ( (u_int8_t) ((x>>8)&255) )
+#define U8d(x) ( (u_int8_t) ((x)&255) )
+
+/* Circular left shift */
+#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )
+
+/* CAST-128 uses three different round functions */
+#define F1(l, r, i) \
+        t = ROL(key->xkey[i] + r, key->xkey[i+16]); \
+        l ^= ((cast_sbox1[U8a(t)] ^ cast_sbox2[U8b(t)]) - \
+         cast_sbox3[U8c(t)]) + cast_sbox4[U8d(t)];
+#define F2(l, r, i) \
+        t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \
+        l ^= ((cast_sbox1[U8a(t)] - cast_sbox2[U8b(t)]) + \
+         cast_sbox3[U8c(t)]) ^ cast_sbox4[U8d(t)];
+#define F3(l, r, i) \
+        t = ROL(key->xkey[i] - r, key->xkey[i+16]); \
+        l ^= ((cast_sbox1[U8a(t)] + cast_sbox2[U8b(t)]) ^ \
+         cast_sbox3[U8c(t)]) - cast_sbox4[U8d(t)];
+
+
+/***** Encryption Function *****/
+
+void cast_encrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock)
+{
+u_int32_t t, l, r;
+
+        /* Get inblock into l,r */
+        l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
+         ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
+        r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
+         ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
+        /* Do the work */
+        F1(l, r,  0);
+        F2(r, l,  1);
+        F3(l, r,  2);
+        F1(r, l,  3);
+        F2(l, r,  4);
+        F3(r, l,  5);
+        F1(l, r,  6);
+        F2(r, l,  7);
+        F3(l, r,  8);
+        F1(r, l,  9);
+        F2(l, r, 10);
+        F3(r, l, 11);
+        /* Only do full 16 rounds if key length > 80 bits */
+        if (key->rounds > 12) {
+                F1(l, r, 12);
+                F2(r, l, 13);
+                F3(l, r, 14);
+                F1(r, l, 15);
+        }
+        /* Put l,r into outblock */
+        outblock[0] = U8a(r);
+        outblock[1] = U8b(r);
+        outblock[2] = U8c(r);
+        outblock[3] = U8d(r);
+        outblock[4] = U8a(l);
+        outblock[5] = U8b(l);
+        outblock[6] = U8c(l);
+        outblock[7] = U8d(l);
+        /* Wipe clean */
+        t = l = r = 0;
+}
+
+
+/***** Decryption Function *****/
+
+void cast_decrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock)
+{
+u_int32_t t, l, r;
+
+        /* Get inblock into l,r */
+        r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
+         ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
+        l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
+         ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
+        /* Do the work */
+        /* Only do full 16 rounds if key length > 80 bits */
+        if (key->rounds > 12) {
+                F1(r, l, 15);
+                F3(l, r, 14);
+                F2(r, l, 13);
+                F1(l, r, 12);
+        }
+        F3(r, l, 11);
+        F2(l, r, 10);
+        F1(r, l,  9);
+        F3(l, r,  8);
+        F2(r, l,  7);
+        F1(l, r,  6);
+        F3(r, l,  5);
+        F2(l, r,  4);
+        F1(r, l,  3);
+        F3(l, r,  2);
+        F2(r, l,  1);
+        F1(l, r,  0);
+        /* Put l,r into outblock */
+        outblock[0] = U8a(l);
+        outblock[1] = U8b(l);
+        outblock[2] = U8c(l);
+        outblock[3] = U8d(l);
+        outblock[4] = U8a(r);
+        outblock[5] = U8b(r);
+        outblock[6] = U8c(r);
+        outblock[7] = U8d(r);
+        /* Wipe clean */
+        t = l = r = 0;
+}
+
+
+/***** Key Schedual *****/
+
+void cast_setkey(cast_key* key, u_int8_t* rawkey, int keybytes)
+{
+u_int32_t t[4], z[4], x[4];
+int i;
+
+        /* Set number of rounds to 12 or 16, depending on key length */
+        key->rounds = (keybytes <= 10 ? 12 : 16);
+
+        /* Copy key to workspace x */
+        for (i = 0; i < 4; i++) {
+                x[i] = 0;
+                if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24;
+                if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16;
+                if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8;
+                if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3];
+        }
+        /* Generate 32 subkeys, four at a time */
+        for (i = 0; i < 32; i+=4) {
+                switch (i & 4) {
+                 case 0:
+                        t[0] = z[0] = x[0] ^ cast_sbox5[U8b(x[3])] ^
+                         cast_sbox6[U8d(x[3])] ^ cast_sbox7[U8a(x[3])] ^
+                         cast_sbox8[U8c(x[3])] ^ cast_sbox7[U8a(x[2])];
+                        t[1] = z[1] = x[2] ^ cast_sbox5[U8a(z[0])] ^
+                         cast_sbox6[U8c(z[0])] ^ cast_sbox7[U8b(z[0])] ^
+                         cast_sbox8[U8d(z[0])] ^ cast_sbox8[U8c(x[2])];
+                        t[2] = z[2] = x[3] ^ cast_sbox5[U8d(z[1])] ^
+                         cast_sbox6[U8c(z[1])] ^ cast_sbox7[U8b(z[1])] ^
+                         cast_sbox8[U8a(z[1])] ^ cast_sbox5[U8b(x[2])];
+                        t[3] = z[3] = x[1] ^ cast_sbox5[U8c(z[2])] ^
+                         cast_sbox6[U8b(z[2])] ^ cast_sbox7[U8d(z[2])] ^
+                         cast_sbox8[U8a(z[2])] ^ cast_sbox6[U8d(x[2])];
+                        break;
+                 case 4:
+                        t[0] = x[0] = z[2] ^ cast_sbox5[U8b(z[1])] ^
+                         cast_sbox6[U8d(z[1])] ^ cast_sbox7[U8a(z[1])] ^
+                         cast_sbox8[U8c(z[1])] ^ cast_sbox7[U8a(z[0])];
+                        t[1] = x[1] = z[0] ^ cast_sbox5[U8a(x[0])] ^
+                         cast_sbox6[U8c(x[0])] ^ cast_sbox7[U8b(x[0])] ^
+                         cast_sbox8[U8d(x[0])] ^ cast_sbox8[U8c(z[0])];
+                        t[2] = x[2] = z[1] ^ cast_sbox5[U8d(x[1])] ^
+                         cast_sbox6[U8c(x[1])] ^ cast_sbox7[U8b(x[1])] ^
+                         cast_sbox8[U8a(x[1])] ^ cast_sbox5[U8b(z[0])];
+                        t[3] = x[3] = z[3] ^ cast_sbox5[U8c(x[2])] ^
+                         cast_sbox6[U8b(x[2])] ^ cast_sbox7[U8d(x[2])] ^
+                         cast_sbox8[U8a(x[2])] ^ cast_sbox6[U8d(z[0])];
+                        break;
+                }
+                switch (i & 12) {
+                 case 0:
+                 case 12:
+                        key->xkey[i+0] = cast_sbox5[U8a(t[2])] ^ cast_sbox6[U8b(t[2])] ^
+                         cast_sbox7[U8d(t[1])] ^ cast_sbox8[U8c(t[1])];
+                        key->xkey[i+1] = cast_sbox5[U8c(t[2])] ^ cast_sbox6[U8d(t[2])] ^
+                         cast_sbox7[U8b(t[1])] ^ cast_sbox8[U8a(t[1])];
+                        key->xkey[i+2] = cast_sbox5[U8a(t[3])] ^ cast_sbox6[U8b(t[3])] ^
+                         cast_sbox7[U8d(t[0])] ^ cast_sbox8[U8c(t[0])];
+                        key->xkey[i+3] = cast_sbox5[U8c(t[3])] ^ cast_sbox6[U8d(t[3])] ^
+                         cast_sbox7[U8b(t[0])] ^ cast_sbox8[U8a(t[0])];
+                        break;
+                 case 4:
+                 case 8:
+                        key->xkey[i+0] = cast_sbox5[U8d(t[0])] ^ cast_sbox6[U8c(t[0])] ^
+                         cast_sbox7[U8a(t[3])] ^ cast_sbox8[U8b(t[3])];
+                        key->xkey[i+1] = cast_sbox5[U8b(t[0])] ^ cast_sbox6[U8a(t[0])] ^
+                         cast_sbox7[U8c(t[3])] ^ cast_sbox8[U8d(t[3])];
+                        key->xkey[i+2] = cast_sbox5[U8d(t[1])] ^ cast_sbox6[U8c(t[1])] ^
+                         cast_sbox7[U8a(t[2])] ^ cast_sbox8[U8b(t[2])];
+                        key->xkey[i+3] = cast_sbox5[U8b(t[1])] ^ cast_sbox6[U8a(t[1])] ^
+                         cast_sbox7[U8c(t[2])] ^ cast_sbox8[U8d(t[2])];
+                        break;
+                }
+                switch (i & 12) {
+                 case 0:
+                        key->xkey[i+0] ^= cast_sbox5[U8c(z[0])];
+                        key->xkey[i+1] ^= cast_sbox6[U8c(z[1])];
+                        key->xkey[i+2] ^= cast_sbox7[U8b(z[2])];
+                        key->xkey[i+3] ^= cast_sbox8[U8a(z[3])];
+                        break;
+                 case 4:
+                        key->xkey[i+0] ^= cast_sbox5[U8a(x[2])];
+                        key->xkey[i+1] ^= cast_sbox6[U8b(x[3])];
+                        key->xkey[i+2] ^= cast_sbox7[U8d(x[0])];
+                        key->xkey[i+3] ^= cast_sbox8[U8d(x[1])];
+                        break;
+                 case 8:
+                        key->xkey[i+0] ^= cast_sbox5[U8b(z[2])];
+                        key->xkey[i+1] ^= cast_sbox6[U8a(z[3])];
+                        key->xkey[i+2] ^= cast_sbox7[U8c(z[0])];
+                        key->xkey[i+3] ^= cast_sbox8[U8c(z[1])];
+                        break;
+                 case 12:
+                        key->xkey[i+0] ^= cast_sbox5[U8d(x[0])];
+                        key->xkey[i+1] ^= cast_sbox6[U8d(x[1])];
+                        key->xkey[i+2] ^= cast_sbox7[U8a(x[2])];
+                        key->xkey[i+3] ^= cast_sbox8[U8b(x[3])];
+                        break;
+                }
+                if (i >= 16) {
+                        key->xkey[i+0] &= 31;
+                        key->xkey[i+1] &= 31;
+                        key->xkey[i+2] &= 31;
+                        key->xkey[i+3] &= 31;
+                }
+        }
+        /* Wipe clean */
+        for (i = 0; i < 4; i++) {
+                t[i] = x[i] = z[i] = 0;
+        }
+}
+
+/* Made in Canada */
+
diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3
new file mode 100644
index 0000000000..524645de55
--- /dev/null
+++ b/src/lib/libc/crypt/crypt.3
@@ -0,0 +1,298 @@
+.\" $OpenBSD: crypt.3,v 1.11 1998/02/27 12:17:45 deraadt Exp $
+.\"
+.\" FreeSec: libcrypt
+.\"
+.\" Copyright (c) 1994 David Burren
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 4. Neither the name of the author nor the names of other contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" Manual page, using -mandoc macros
+.\"
+.Dd March 9, 1994
+.Dt CRYPT 3
+.Os
+.Sh NAME
+.Nm crypt ,
+.Nm setkey ,
+.Nm encrypt ,
+.Nm des_setkey ,
+.Nm des_cipher
+.Nd DES encryption
+.Sh SYNOPSIS
+.Fd #include <unistd.h>
+.Ft char
+.Fn *crypt "const char *key" "const char *setting"
+.Ft int
+.Fn setkey "char *key"
+.Ft int
+.Fn encrypt "char *block" "int flag"
+.Ft int
+.Fn des_setkey "const char *key"
+.Ft int
+.Fn des_cipher "const char *in" "char *out" "int32_t salt" "int count"
+.Sh DESCRIPTION
+The
+.Fn crypt
+function performs password encryption, based on the
+.Tn NBS
+Data Encryption Standard (DES).
+Additional code has been added to deter key search attempts and to use
+stronger hashing algorithms.
+The first argument to
+.Fn crypt
+is a
+.Dv null Ns -terminated
+string, typically a user's typed password.
+The second is in one of three forms:
+if it begins with an underscore (``_'') then an extended format is used
+in interpreting both the key and the setting, as outlined below. If it begins
+with an string character (``$'') and a number then a different algorithm
+is used depending on the number. At the moment a ``$1'' chooses MD5 hashing
+and a ``$2'' chooses Blowfish hashing, see below for more information.
+.Ss Extended crypt:
+.Pp
+The
+.Ar key
+is divided into groups of 8 characters (the last group is null-padded)
+and the low-order 7 bits of each each character (56 bits per group) are
+used to form the DES key as follows:
+the first group of 56 bits becomes the initial DES key.
+For each additional group, the XOR of the encryption of the current DES
+key with itself and the group bits becomes the next DES key.
+.Pp
+The setting is a 9-character array consisting of an underscore followed
+by 4 bytes of iteration count and 4 bytes of salt.
+These are encoded as printable characters, 6 bits per character,
+least significant character first.
+The values 0 to 63 are encoded as ``./0-9A-Za-z''.
+This allows 24 bits for both
+.Fa count
+and
+.Fa salt .
+.Ss "MD5" crypt:
+.Pp
+For 
+.Tn MD5 
+crypt the version number, 
+.Fa salt 
+and the hashed password are separated
+by the ``$'' character. The maximum length of a password is limited by
+the length counter of the MD5 context, which is about
+2**64. A valid MD5 password entry looks like this: 
+.Pp
+``$1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1''.
+.Pp
+The whole MD5 password string is passed as 
+.Fa setting
+for interpretation.
+.Ss "Blowfish" crypt:
+.Pp
+The 
+.Tn Blowfish 
+version of crypt has 128 bits of 
+.Fa salt 
+in order to make building
+dictionaries of common passwords space consuming. The initial state
+of the 
+.Tn Blowfish 
+cipher is expanded using the 
+.Fa salt
+and the
+.Fa password 
+repeating the process a variable number of rounds, which is encoded in
+the password string. The maximum password length is 72. The final Blowfish
+password entry is created by encrypting
+the string ``OrpheanBeholderScryDoubt'' with the 
+.Tn Blowfish 
+state 64 times.
+.Pp
+The version number, the logarithm of the number of rounds and 
+the concatenation of salt and
+hashed password are separated by the ``$'' character. An encoded ``8''
+would specify 256 rounds.
+A valid Blowfish password looks like this:
+.Pp
+``$2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC''.
+.Pp
+The whole Blowfish password string is passed as 
+.Fa setting
+for interpretation.
+.Ss "Traditional" crypt:
+.Pp
+The first 8 bytes of the key are null-padded, and the low-order 7 bits of
+each character is used to form the 56-bit
+.Tn DES
+key.
+.Pp
+The setting is a 2-character array of the ASCII-encoded salt.
+Thus only 12 bits of
+.Fa salt
+are used.
+.Fa count
+is set to 25.
+.Ss DES Algorithm:
+.Pp
+The
+.Fa salt
+introduces disorder in the
+.Tn DES
+algorithm in one of 16777216 or 4096 possible ways
+(ie. with 24 or 12 bits: if bit
+.Em i
+of the
+.Ar salt
+is set, then bits
+.Em i
+and
+.Em i+24
+are swapped in the
+.Tn DES
+E-box output).
+.Pp
+The DES key is used to encrypt a 64-bit constant using
+.Ar count
+iterations of
+.Tn DES .
+The value returned is a
+.Dv null Ns -terminated
+string, 20 or 13 bytes (plus null) in length, consisting of the
+.Ar setting
+followed by the encoded 64-bit encryption.
+.Pp
+The functions,
+.Fn encrypt ,
+.Fn setkey ,
+.Fn des_setkey
+and
+.Fn des_cipher
+provide access to the
+.Tn DES
+algorithm itself.
+.Fn setkey
+is passed a 64-byte array of binary values (numeric 0 or 1).
+A 56-bit key is extracted from this array by dividing the
+array into groups of 8, and ignoring the last bit in each group.
+That bit is reserved for a byte parity check by DES, but is ignored
+by these functions.
+.Pp
+The
+.Fa block
+argument to
+.Fn encrypt
+is also a 64-byte array of binary values.
+If the value of
+.Fa flag
+is 0,
+.Fa block
+is encrypted otherwise it is decrypted.
+The result is returned in the original array
+.Fa block
+after using the key specified by
+.Fn setkey
+to process it.
+.Pp
+The argument to
+.Fn des_setkey
+is a character array of length 8.
+The least significant bit (the parity bit) in each character is ignored,
+and the remaining bits are concatenated to form a 56-bit key.
+The function
+.Fn des_cipher
+encrypts (or decrypts if
+.Fa count
+is negative) the 64-bits stored in the 8 characters at
+.Fa in
+using
+.Xr abs 3
+of
+.Fa count
+iterations of
+.Tn DES
+and stores the 64-bit result in the 8 characters at
+.Fa out
+(which may be the same as
+.Fa in
+).
+The
+.Fa salt
+specifies perturbations to the
+.Tn DES
+E-box output as described above.
+.Pp
+The function
+.Fn crypt
+returns a pointer to the encrypted value on success, and NULL on failure.
+The functions
+.Fn setkey ,
+.Fn encrypt ,
+.Fn des_setkey ,
+and
+.Fn des_cipher
+return 0 on success and 1 on failure.
+.Pp
+The
+.Fn crypt ,
+.Fn setkey
+and
+.Fn des_setkey
+functions all manipulate the same key space.
+.Sh SEE ALSO
+.Xr login 1 ,
+.Xr passwd 1 ,
+.Xr blowfish 3 ,
+.Xr getpass 3 ,
+.Xr md5 3 ,
+.Xr passwd 5
+.Sh BUGS
+The
+.Fn crypt
+function returns a pointer to static data, and subsequent calls to
+.Fn crypt
+will modify the same object.
+.Sh HISTORY
+A rotor-based
+.Fn crypt
+function appeared in
+.At v6 .
+The current style
+.Fn crypt
+first appeared in
+.At v7 .
+.Pp
+This library (FreeSec 1.0) was developed outside the United States of America
+as an unencumbered replacement for the U.S.-only libcrypt encryption
+library.
+Programs linked against the 
+.Fn crypt
+interface may be exported from the U.S.A. only if they use 
+.Fn crypt
+solely for authentication purposes and avoid use of
+the other programmer interfaces listed above. Special care has been taken
+in the library so that programs which only use the 
+.Fn crypt
+interface do not pull in the other components.
+.Sh AUTHOR
+David Burren <davidb@werj.com.au>
diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c
new file mode 100644
index 0000000000..8fd319a4f3
--- /dev/null
+++ b/src/lib/libc/crypt/crypt.c
@@ -0,0 +1,714 @@
+/*      $OpenBSD: crypt.c,v 1.13 1998/03/22 19:01:18 niklas Exp $       */
+
+/*
+ * FreeSec: libcrypt
+ *
+ * Copyright (c) 1994 David Burren
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the author nor the names of other contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *
+ * This is an original implementation of the DES and the crypt(3) interfaces
+ * by David Burren <davidb@werj.com.au>.
+ *
+ * An excellent reference on the underlying algorithm (and related
+ * algorithms) is:
+ *
+ *      B. Schneier, Applied Cryptography: protocols, algorithms,
+ *      and source code in C, John Wiley & Sons, 1994.
+ *
+ * Note that in that book's description of DES the lookups for the initial,
+ * pbox, and final permutations are inverted (this has been brought to the
+ * attention of the author).  A list of errata for this book has been
+ * posted to the sci.crypt newsgroup by the author and is available for FTP.
+ *
+ * NOTE:
+ * This file has a static version of des_setkey() so that crypt.o exports
+ * only the crypt() interface. This is required to make binaries linked
+ * against crypt.o exportable or re-exportable from the USA.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: crypt.c,v 1.13 1998/03/22 19:01:18 niklas Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <pwd.h>
+#include <string.h>
+
+#ifdef DEBUG
+# include <stdio.h>
+#endif
+
+static u_char   IP[64] = {
+        58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
+        62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
+        57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
+        61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
+};
+
+static u_char   inv_key_perm[64];
+static u_char   u_key_perm[56];
+static u_char   key_perm[56] = {
+        57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
+        10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
+        63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
+        14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
+};
+
+static u_char   key_shifts[16] = {
+        1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+
+static u_char   inv_comp_perm[56];
+static u_char   comp_perm[48] = {
+        14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
+        23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
+        41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+        44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
+};
+
+/*
+ *      No E box is used, as it's replaced by some ANDs, shifts, and ORs.
+ */
+
+static u_char   u_sbox[8][64];
+static u_char   sbox[8][64] = {
+        {
+                14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
+                 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
+                 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
+                15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
+        },
+        {
+                15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
+                 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
+                 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
+                13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
+        },
+        {
+                10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
+                13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
+                13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
+                 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
+        },
+        {
+                 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
+                13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
+                10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
+                 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
+        },
+        {
+                 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
+                14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
+                 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
+                11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
+        },
+        {
+                12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
+                10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
+                 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
+                 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
+        },
+        {
+                 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
+                13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
+                 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
+                 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
+        },
+        {
+                13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
+                 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
+                 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
+                 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
+        }
+};
+
+static u_char   un_pbox[32];
+static u_char   pbox[32] = {
+        16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
+         2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
+};
+
+static u_int32_t bits32[32] =
+{
+        0x80000000, 0x40000000, 0x20000000, 0x10000000,
+        0x08000000, 0x04000000, 0x02000000, 0x01000000,
+        0x00800000, 0x00400000, 0x00200000, 0x00100000,
+        0x00080000, 0x00040000, 0x00020000, 0x00010000,
+        0x00008000, 0x00004000, 0x00002000, 0x00001000,
+        0x00000800, 0x00000400, 0x00000200, 0x00000100,
+        0x00000080, 0x00000040, 0x00000020, 0x00000010,
+        0x00000008, 0x00000004, 0x00000002, 0x00000001
+};
+
+static u_char   bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+
+static u_int32_t saltbits;
+static int32_t  old_salt;
+static u_int32_t *bits28, *bits24;
+static u_char   init_perm[64], final_perm[64];
+static u_int32_t en_keysl[16], en_keysr[16];
+static u_int32_t de_keysl[16], de_keysr[16];
+static int      des_initialised = 0;
+static u_char   m_sbox[4][4096];
+static u_int32_t psbox[4][256];
+static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
+static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
+static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
+static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
+static u_int32_t old_rawkey0, old_rawkey1;
+
+static u_char   ascii64[] =
+         "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+/*        0000000000111111111122222222223333333333444444444455555555556666 */
+/*        0123456789012345678901234567890123456789012345678901234567890123 */
+
+static __inline int
+ascii_to_bin(ch)
+        char ch;
+{
+        if (ch > 'z')
+                return(0);
+        if (ch >= 'a')
+                return(ch - 'a' + 38);
+        if (ch > 'Z')
+                return(0);
+        if (ch >= 'A')
+                return(ch - 'A' + 12);
+        if (ch > '9')
+                return(0);
+        if (ch >= '.')
+                return(ch - '.');
+        return(0);
+}
+
+static void
+des_init()
+{
+        int     i, j, b, k, inbit, obit;
+        u_int32_t       *p, *il, *ir, *fl, *fr;
+
+        old_rawkey0 = old_rawkey1 = 0;
+        saltbits = 0;
+        old_salt = 0;
+        bits24 = (bits28 = bits32 + 4) + 4;
+
+        /*
+         * Invert the S-boxes, reordering the input bits.
+         */
+        for (i = 0; i < 8; i++)
+                for (j = 0; j < 64; j++) {
+                        b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
+                        u_sbox[i][j] = sbox[i][b];
+                }
+
+        /*
+         * Convert the inverted S-boxes into 4 arrays of 8 bits.
+         * Each will handle 12 bits of the S-box input.
+         */
+        for (b = 0; b < 4; b++)
+                for (i = 0; i < 64; i++)
+                        for (j = 0; j < 64; j++)
+                                m_sbox[b][(i << 6) | j] =
+                                        (u_sbox[(b << 1)][i] << 4) |
+                                        u_sbox[(b << 1) + 1][j];
+
+        /*
+         * Set up the initial & final permutations into a useful form, and
+         * initialise the inverted key permutation.
+         */
+        for (i = 0; i < 64; i++) {
+                init_perm[final_perm[i] = IP[i] - 1] = i;
+                inv_key_perm[i] = 255;
+        }
+
+        /*
+         * Invert the key permutation and initialise the inverted key
+         * compression permutation.
+         */
+        for (i = 0; i < 56; i++) {
+                u_key_perm[i] = key_perm[i] - 1;
+                inv_key_perm[key_perm[i] - 1] = i;
+                inv_comp_perm[i] = 255;
+        }
+
+        /*
+         * Invert the key compression permutation.
+         */
+        for (i = 0; i < 48; i++) {
+                inv_comp_perm[comp_perm[i] - 1] = i;
+        }
+
+        /*
+         * Set up the OR-mask arrays for the initial and final permutations,
+         * and for the key initial and compression permutations.
+         */
+        for (k = 0; k < 8; k++) {
+                for (i = 0; i < 256; i++) {
+                        *(il = &ip_maskl[k][i]) = 0;
+                        *(ir = &ip_maskr[k][i]) = 0;
+                        *(fl = &fp_maskl[k][i]) = 0;
+                        *(fr = &fp_maskr[k][i]) = 0;
+                        for (j = 0; j < 8; j++) {
+                                inbit = 8 * k + j;
+                                if (i & bits8[j]) {
+                                        if ((obit = init_perm[inbit]) < 32)
+                                                *il |= bits32[obit];
+                                        else
+                                                *ir |= bits32[obit-32];
+                                        if ((obit = final_perm[inbit]) < 32)
+                                                *fl |= bits32[obit];
+                                        else
+                                                *fr |= bits32[obit - 32];
+                                }
+                        }
+                }
+                for (i = 0; i < 128; i++) {
+                        *(il = &key_perm_maskl[k][i]) = 0;
+                        *(ir = &key_perm_maskr[k][i]) = 0;
+                        for (j = 0; j < 7; j++) {
+                                inbit = 8 * k + j;
+                                if (i & bits8[j + 1]) {
+                                        if ((obit = inv_key_perm[inbit]) == 255)
+                                                continue;
+                                        if (obit < 28)
+                                                *il |= bits28[obit];
+                                        else
+                                                *ir |= bits28[obit - 28];
+                                }
+                        }
+                        *(il = &comp_maskl[k][i]) = 0;
+                        *(ir = &comp_maskr[k][i]) = 0;
+                        for (j = 0; j < 7; j++) {
+                                inbit = 7 * k + j;
+                                if (i & bits8[j + 1]) {
+                                        if ((obit=inv_comp_perm[inbit]) == 255)
+                                                continue;
+                                        if (obit < 24)
+                                                *il |= bits24[obit];
+                                        else
+                                                *ir |= bits24[obit - 24];
+                                }
+                        }
+                }
+        }
+
+        /*
+         * Invert the P-box permutation, and convert into OR-masks for
+         * handling the output of the S-box arrays setup above.
+         */
+        for (i = 0; i < 32; i++)
+                un_pbox[pbox[i] - 1] = i;
+
+        for (b = 0; b < 4; b++)
+                for (i = 0; i < 256; i++) {
+                        *(p = &psbox[b][i]) = 0;
+                        for (j = 0; j < 8; j++) {
+                                if (i & bits8[j])
+                                        *p |= bits32[un_pbox[8 * b + j]];
+                        }
+                }
+
+        des_initialised = 1;
+}
+
+static void
+setup_salt(salt)
+        int32_t salt;
+{
+        u_int32_t       obit, saltbit;
+        int     i;
+
+        if (salt == old_salt)
+                return;
+        old_salt = salt;
+
+        saltbits = 0;
+        saltbit = 1;
+        obit = 0x800000;
+        for (i = 0; i < 24; i++) {
+                if (salt & saltbit)
+                        saltbits |= obit;
+                saltbit <<= 1;
+                obit >>= 1;
+        }
+}
+
+static int
+des_setkey(key)
+        const char *key;
+{
+        u_int32_t k0, k1, rawkey0, rawkey1;
+        int     shifts, round;
+
+        if (!des_initialised)
+                des_init();
+
+        rawkey0 = ntohl(*(u_int32_t *) key);
+        rawkey1 = ntohl(*(u_int32_t *) (key + 4));
+
+        if ((rawkey0 | rawkey1)
+            && rawkey0 == old_rawkey0
+            && rawkey1 == old_rawkey1) {
+                /*
+                 * Already setup for this key.
+                 * This optimisation fails on a zero key (which is weak and
+                 * has bad parity anyway) in order to simplify the starting
+                 * conditions.
+                 */
+                return(0);
+        }
+        old_rawkey0 = rawkey0;
+        old_rawkey1 = rawkey1;
+
+        /*
+         *      Do key permutation and split into two 28-bit subkeys.
+         */
+        k0 = key_perm_maskl[0][rawkey0 >> 25]
+           | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
+           | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
+           | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
+           | key_perm_maskl[4][rawkey1 >> 25]
+           | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
+           | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
+           | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
+        k1 = key_perm_maskr[0][rawkey0 >> 25]
+           | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
+           | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
+           | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
+           | key_perm_maskr[4][rawkey1 >> 25]
+           | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
+           | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
+           | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
+        /*
+         *      Rotate subkeys and do compression permutation.
+         */
+        shifts = 0;
+        for (round = 0; round < 16; round++) {
+                u_int32_t       t0, t1;
+
+                shifts += key_shifts[round];
+
+                t0 = (k0 << shifts) | (k0 >> (28 - shifts));
+                t1 = (k1 << shifts) | (k1 >> (28 - shifts));
+
+                de_keysl[15 - round] =
+                en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
+                                | comp_maskl[1][(t0 >> 14) & 0x7f]
+                                | comp_maskl[2][(t0 >> 7) & 0x7f]
+                                | comp_maskl[3][t0 & 0x7f]
+                                | comp_maskl[4][(t1 >> 21) & 0x7f]
+                                | comp_maskl[5][(t1 >> 14) & 0x7f]
+                                | comp_maskl[6][(t1 >> 7) & 0x7f]
+                                | comp_maskl[7][t1 & 0x7f];
+
+                de_keysr[15 - round] =
+                en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
+                                | comp_maskr[1][(t0 >> 14) & 0x7f]
+                                | comp_maskr[2][(t0 >> 7) & 0x7f]
+                                | comp_maskr[3][t0 & 0x7f]
+                                | comp_maskr[4][(t1 >> 21) & 0x7f]
+                                | comp_maskr[5][(t1 >> 14) & 0x7f]
+                                | comp_maskr[6][(t1 >> 7) & 0x7f]
+                                | comp_maskr[7][t1 & 0x7f];
+        }
+        return(0);
+}
+
+static int
+do_des(l_in, r_in, l_out, r_out, count)
+        u_int32_t l_in, r_in, *l_out, *r_out;
+        int count;
+{
+        /*
+         *      l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
+         */
+        u_int32_t       l, r, *kl, *kr, *kl1, *kr1;
+        u_int32_t       f, r48l, r48r;
+        int             round;
+
+        if (count == 0) {
+                return(1);
+        } else if (count > 0) {
+                /*
+                 * Encrypting
+                 */
+                kl1 = en_keysl;
+                kr1 = en_keysr;
+        } else {
+                /*
+                 * Decrypting
+                 */
+                count = -count;
+                kl1 = de_keysl;
+                kr1 = de_keysr;
+        }
+
+        /*
+         *      Do initial permutation (IP).
+         */
+        l = ip_maskl[0][l_in >> 24]
+          | ip_maskl[1][(l_in >> 16) & 0xff]
+          | ip_maskl[2][(l_in >> 8) & 0xff]
+          | ip_maskl[3][l_in & 0xff]
+          | ip_maskl[4][r_in >> 24]
+          | ip_maskl[5][(r_in >> 16) & 0xff]
+          | ip_maskl[6][(r_in >> 8) & 0xff]
+          | ip_maskl[7][r_in & 0xff];
+        r = ip_maskr[0][l_in >> 24]
+          | ip_maskr[1][(l_in >> 16) & 0xff]
+          | ip_maskr[2][(l_in >> 8) & 0xff]
+          | ip_maskr[3][l_in & 0xff]
+          | ip_maskr[4][r_in >> 24]
+          | ip_maskr[5][(r_in >> 16) & 0xff]
+          | ip_maskr[6][(r_in >> 8) & 0xff]
+          | ip_maskr[7][r_in & 0xff];
+
+        while (count--) {
+                /*
+                 * Do each round.
+                 */
+                kl = kl1;
+                kr = kr1;
+                round = 16;
+                while (round--) {
+                        /*
+                         * Expand R to 48 bits (simulate the E-box).
+                         */
+                        r48l    = ((r & 0x00000001) << 23)
+                                | ((r & 0xf8000000) >> 9)
+                                | ((r & 0x1f800000) >> 11)
+                                | ((r & 0x01f80000) >> 13)
+                                | ((r & 0x001f8000) >> 15);
+
+                        r48r    = ((r & 0x0001f800) << 7)
+                                | ((r & 0x00001f80) << 5)
+                                | ((r & 0x000001f8) << 3)
+                                | ((r & 0x0000001f) << 1)
+                                | ((r & 0x80000000) >> 31);
+                        /*
+                         * Do salting for crypt() and friends, and
+                         * XOR with the permuted key.
+                         */
+                        f = (r48l ^ r48r) & saltbits;
+                        r48l ^= f ^ *kl++;
+                        r48r ^= f ^ *kr++;
+                        /*
+                         * Do sbox lookups (which shrink it back to 32 bits)
+                         * and do the pbox permutation at the same time.
+                         */
+                        f = psbox[0][m_sbox[0][r48l >> 12]]
+                          | psbox[1][m_sbox[1][r48l & 0xfff]]
+                          | psbox[2][m_sbox[2][r48r >> 12]]
+                          | psbox[3][m_sbox[3][r48r & 0xfff]];
+                        /*
+                         * Now that we've permuted things, complete f().
+                         */
+                        f ^= l;
+                        l = r;
+                        r = f;
+                }
+                r = l;
+                l = f;
+        }
+        /*
+         * Do final permutation (inverse of IP).
+         */
+        *l_out  = fp_maskl[0][l >> 24]
+                | fp_maskl[1][(l >> 16) & 0xff]
+                | fp_maskl[2][(l >> 8) & 0xff]
+                | fp_maskl[3][l & 0xff]
+                | fp_maskl[4][r >> 24]
+                | fp_maskl[5][(r >> 16) & 0xff]
+                | fp_maskl[6][(r >> 8) & 0xff]
+                | fp_maskl[7][r & 0xff];
+        *r_out  = fp_maskr[0][l >> 24]
+                | fp_maskr[1][(l >> 16) & 0xff]
+                | fp_maskr[2][(l >> 8) & 0xff]
+                | fp_maskr[3][l & 0xff]
+                | fp_maskr[4][r >> 24]
+                | fp_maskr[5][(r >> 16) & 0xff]
+                | fp_maskr[6][(r >> 8) & 0xff]
+                | fp_maskr[7][r & 0xff];
+        return(0);
+}
+
+static int
+des_cipher(in, out, salt, count)
+        const char *in;
+        char *out;
+        int32_t salt;
+        int count;
+{
+        u_int32_t l_out, r_out, rawl, rawr;
+        u_int32_t x[2];
+        int     retval;
+
+        if (!des_initialised)
+                des_init();
+
+        setup_salt(salt);
+
+        memcpy(x, in, sizeof x);
+        rawl = ntohl(x[0]);
+        rawr = ntohl(x[1]);
+        retval = do_des(rawl, rawr, &l_out, &r_out, count);
+
+        x[0] = htonl(l_out);
+        x[1] = htonl(r_out);
+        memcpy(out, x, sizeof x);
+        return(retval);
+}
+
+char *
+crypt(key, setting)
+        const char *key;
+        const char *setting;
+{
+        int             i;
+        u_int32_t       count, salt, l, r0, r1, keybuf[2];
+        u_char          *p, *q;
+        static u_char   output[21];
+        extern char     *md5crypt __P((const char *, const char *));
+        extern char     *bcrypt __P((const char *, const char *));
+
+        if (setting[0] == '$') {
+                switch (setting[1]) {
+                case '1':
+                        return (md5crypt(key, setting));
+                default:
+                        return bcrypt(key, setting);
+                }
+        }
+
+        if (!des_initialised)
+                des_init();
+
+        /*
+         * Copy the key, shifting each character up by one bit
+         * and padding with zeros.
+         */
+        q = (u_char *) keybuf;
+        while ((q - (u_char *) keybuf) < sizeof(keybuf)) {
+                if ((*q++ = *key << 1))
+                        key++;
+        }
+        if (des_setkey((u_char *) keybuf))
+                return(NULL);
+
+        if (*setting == _PASSWORD_EFMT1) {
+                /*
+                 * "new"-style:
+                 *      setting - underscore, 4 bytes of count, 4 bytes of salt
+                 *      key - unlimited characters
+                 */
+                for (i = 1, count = 0; i < 5; i++)
+                        count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
+
+                for (i = 5, salt = 0; i < 9; i++)
+                        salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
+
+                while (*key) {
+                        /*
+                         * Encrypt the key with itself.
+                         */
+                        if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0, 1))
+                                return(NULL);
+                        /*
+                         * And XOR with the next 8 characters of the key.
+                         */
+                        q = (u_char *) keybuf;
+                        while (((q - (u_char *) keybuf) < sizeof(keybuf)) &&
+                                        *key)
+                                *q++ ^= *key++ << 1;
+
+                        if (des_setkey((u_char *) keybuf))
+                                return(NULL);
+                }
+                strncpy((char *)output, setting, 9);
+
+                /*
+                 * Double check that we weren't given a short setting.
+                 * If we were, the above code will probably have created
+                 * wierd values for count and salt, but we don't really care.
+                 * Just make sure the output string doesn't have an extra
+                 * NUL in it.
+                 */
+                output[9] = '\0';
+                p = output + strlen((const char *)output);
+        } else {
+                /*
+                 * "old"-style:
+                 *      setting - 2 bytes of salt
+                 *      key - up to 8 characters
+                 */
+                count = 25;
+
+                salt = (ascii_to_bin(setting[1]) << 6)
+                     |  ascii_to_bin(setting[0]);
+
+                output[0] = setting[0];
+                /*
+                 * If the encrypted password that the salt was extracted from
+                 * is only 1 character long, the salt will be corrupted.  We
+                 * need to ensure that the output string doesn't have an extra
+                 * NUL in it!
+                 */
+                output[1] = setting[1] ? setting[1] : output[0];
+
+                p = output + 2;
+        }
+        setup_salt(salt);
+        /*
+         * Do it.
+         */
+        if (do_des(0, 0, &r0, &r1, count))
+                return(NULL);
+        /*
+         * Now encode the result...
+         */
+        l = (r0 >> 8);
+        *p++ = ascii64[(l >> 18) & 0x3f];
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+
+        l = (r0 << 16) | ((r1 >> 16) & 0xffff);
+        *p++ = ascii64[(l >> 18) & 0x3f];
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+
+        l = r1 << 2;
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+        *p = 0;
+
+        return((char *)output);
+}
diff --git a/src/lib/libc/crypt/md5crypt.c b/src/lib/libc/crypt/md5crypt.c
new file mode 100644
index 0000000000..7ec60f38e0
--- /dev/null
+++ b/src/lib/libc/crypt/md5crypt.c
@@ -0,0 +1,157 @@
+/*      $OpenBSD: md5crypt.c,v 1.9 1997/07/23 20:58:27 kstailey Exp $   */
+
+/*
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ *
+ * $FreeBSD: crypt.c,v 1.5 1996/10/14 08:34:02 phk Exp $
+ *
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: md5crypt.c,v 1.9 1997/07/23 20:58:27 kstailey Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <md5.h>
+#include <string.h>
+
+static unsigned char itoa64[] =         /* 0 ... 63 => ascii - 64 */
+        "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+static void to64 __P((char *, u_int32_t, int));
+
+static void
+to64(s, v, n)
+        char *s;
+        u_int32_t v;
+        int n;
+{
+        while (--n >= 0) {
+                *s++ = itoa64[v&0x3f];
+                v >>= 6;
+        }
+}
+
+/*
+ * UNIX password
+ *
+ * Use MD5 for what it is best at...
+ */
+
+char *
+md5crypt(pw, salt)
+        register const char *pw;
+        register const char *salt;
+{
+        /*
+         * This string is magic for this algorithm.  Having
+         * it this way, we can get get better later on
+         */
+        static unsigned char    *magic = (unsigned char *)"$1$";
+
+        static char     passwd[120], *p;
+        static const unsigned char *sp,*ep;
+        unsigned char   final[16];
+        int sl,pl,i;
+        MD5_CTX ctx,ctx1;
+        u_int32_t l;
+
+        /* Refine the Salt first */
+        sp = (const unsigned char *)salt;
+
+        /* If it starts with the magic string, then skip that */
+        if(!strncmp((const char *)sp,(const char *)magic,strlen((const char *)magic)))
+                sp += strlen((const char *)magic);
+
+        /* It stops at the first '$', max 8 chars */
+        for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
+                continue;
+
+        /* get the length of the true salt */
+        sl = ep - sp;
+
+        MD5Init(&ctx);
+
+        /* The password first, since that is what is most unknown */
+        MD5Update(&ctx,(const unsigned char *)pw,strlen(pw));
+
+        /* Then our magic string */
+        MD5Update(&ctx,magic,strlen((const char *)magic));
+
+        /* Then the raw salt */
+        MD5Update(&ctx,sp,sl);
+
+        /* Then just as many characters of the MD5(pw,salt,pw) */
+        MD5Init(&ctx1);
+        MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
+        MD5Update(&ctx1,sp,sl);
+        MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
+        MD5Final(final,&ctx1);
+        for(pl = strlen(pw); pl > 0; pl -= 16)
+                MD5Update(&ctx,final,pl>16 ? 16 : pl);
+
+        /* Don't leave anything around in vm they could use. */
+        memset(final,0,sizeof final);
+
+        /* Then something really weird... */
+        for (i = strlen(pw); i ; i >>= 1)
+                if(i&1)
+                    MD5Update(&ctx, final, 1);
+                else
+                    MD5Update(&ctx, (const unsigned char *)pw, 1);
+
+        /* Now make the output string */
+        strcpy(passwd,(const char *)magic);
+        strncat(passwd,(const char *)sp,sl);
+        strcat(passwd,"$");
+
+        MD5Final(final,&ctx);
+
+        /*
+         * and now, just to make sure things don't run too fast
+         * On a 60 Mhz Pentium this takes 34 msec, so you would
+         * need 30 seconds to build a 1000 entry dictionary...
+         */
+        for(i=0;i<1000;i++) {
+                MD5Init(&ctx1);
+                if(i & 1)
+                        MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
+                else
+                        MD5Update(&ctx1,final,16);
+
+                if(i % 3)
+                        MD5Update(&ctx1,sp,sl);
+
+                if(i % 7)
+                        MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
+
+                if(i & 1)
+                        MD5Update(&ctx1,final,16);
+                else
+                        MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
+                MD5Final(final,&ctx1);
+        }
+
+        p = passwd + strlen(passwd);
+
+        l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
+        l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
+        l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
+        l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
+        l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
+        l =                    final[11]                ; to64(p,l,2); p += 2;
+        *p = '\0';
+
+        /* Don't leave anything around in vm they could use. */
+        memset(final,0,sizeof final);
+
+        return passwd;
+}
+
diff --git a/src/lib/libc/crypt/morecrypt.c b/src/lib/libc/crypt/morecrypt.c
new file mode 100644
index 0000000000..e9e0ced4c1
--- /dev/null
+++ b/src/lib/libc/crypt/morecrypt.c
@@ -0,0 +1,628 @@
+/*      $OpenBSD: morecrypt.c,v 1.9 1998/03/22 19:01:20 niklas Exp $    */
+
+/*
+ * FreeSec: libcrypt
+ *
+ * Copyright (c) 1994 David Burren
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the author nor the names of other contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *
+ * This is an original implementation of the DES and the crypt(3) interfaces
+ * by David Burren <davidb@werj.com.au>.
+ *
+ * An excellent reference on the underlying algorithm (and related
+ * algorithms) is:
+ *
+ *      B. Schneier, Applied Cryptography: protocols, algorithms,
+ *      and source code in C, John Wiley & Sons, 1994.
+ *
+ * Note that in that book's description of DES the lookups for the initial,
+ * pbox, and final permutations are inverted (this has been brought to the
+ * attention of the author).  A list of errata for this book has been
+ * posted to the sci.crypt newsgroup by the author and is available for FTP.
+ *
+ * NOTE:
+ * This file must copy certain chunks of crypt.c for legal reasons.
+ * crypt.c can only export the interface crypt(), to make binaries
+ * exportable from the USA. Hence, to also have the other crypto interfaces
+ * available we have to copy pieces...
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: morecrypt.c,v 1.9 1998/03/22 19:01:20 niklas Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <pwd.h>
+#include <string.h>
+
+#ifdef DEBUG
+# include <stdio.h>
+#endif
+
+static u_char   IP[64] = {
+        58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
+        62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
+        57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
+        61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
+};
+
+static u_char   inv_key_perm[64];
+static u_char   u_key_perm[56];
+static u_char   key_perm[56] = {
+        57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
+        10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
+        63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
+        14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
+};
+
+static u_char   key_shifts[16] = {
+        1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+
+static u_char   inv_comp_perm[56];
+static u_char   comp_perm[48] = {
+        14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
+        23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
+        41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+        44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
+};
+
+/*
+ *      No E box is used, as it's replaced by some ANDs, shifts, and ORs.
+ */
+
+static u_char   u_sbox[8][64];
+static u_char   sbox[8][64] = {
+        {
+                14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
+                 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
+                 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
+                15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
+        },
+        {
+                15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
+                 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
+                 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
+                13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
+        },
+        {
+                10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
+                13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
+                13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
+                 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
+        },
+        {
+                 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
+                13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
+                10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
+                 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
+        },
+        {
+                 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
+                14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
+                 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
+                11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
+        },
+        {
+                12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
+                10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
+                 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
+                 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
+        },
+        {
+                 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
+                13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
+                 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
+                 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
+        },
+        {
+                13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
+                 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
+                 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
+                 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
+        }
+};
+
+static u_char   un_pbox[32];
+static u_char   pbox[32] = {
+        16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
+         2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
+};
+
+static u_int32_t bits32[32] =
+{
+        0x80000000, 0x40000000, 0x20000000, 0x10000000,
+        0x08000000, 0x04000000, 0x02000000, 0x01000000,
+        0x00800000, 0x00400000, 0x00200000, 0x00100000,
+        0x00080000, 0x00040000, 0x00020000, 0x00010000,
+        0x00008000, 0x00004000, 0x00002000, 0x00001000,
+        0x00000800, 0x00000400, 0x00000200, 0x00000100,
+        0x00000080, 0x00000040, 0x00000020, 0x00000010,
+        0x00000008, 0x00000004, 0x00000002, 0x00000001
+};
+
+static u_char   bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+
+static u_int32_t saltbits;
+static int32_t  old_salt;
+static u_int32_t *bits28, *bits24;
+static u_char   init_perm[64], final_perm[64];
+static u_int32_t en_keysl[16], en_keysr[16];
+static u_int32_t de_keysl[16], de_keysr[16];
+static int      des_initialised = 0;
+static u_char   m_sbox[4][4096];
+static u_int32_t psbox[4][256];
+static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
+static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
+static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
+static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
+static u_int32_t old_rawkey0, old_rawkey1;
+
+static __inline int
+ascii_to_bin(ch)
+        char ch;
+{
+        if (ch > 'z')
+                return(0);
+        if (ch >= 'a')
+                return(ch - 'a' + 38);
+        if (ch > 'Z')
+                return(0);
+        if (ch >= 'A')
+                return(ch - 'A' + 12);
+        if (ch > '9')
+                return(0);
+        if (ch >= '.')
+                return(ch - '.');
+        return(0);
+}
+
+void
+des_init()
+{
+        int     i, j, b, k, inbit, obit;
+        u_int32_t       *p, *il, *ir, *fl, *fr;
+
+        old_rawkey0 = old_rawkey1 = 0;
+        saltbits = 0;
+        old_salt = 0;
+        bits24 = (bits28 = bits32 + 4) + 4;
+
+        /*
+         * Invert the S-boxes, reordering the input bits.
+         */
+        for (i = 0; i < 8; i++)
+                for (j = 0; j < 64; j++) {
+                        b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
+                        u_sbox[i][j] = sbox[i][b];
+                }
+
+        /*
+         * Convert the inverted S-boxes into 4 arrays of 8 bits.
+         * Each will handle 12 bits of the S-box input.
+         */
+        for (b = 0; b < 4; b++)
+                for (i = 0; i < 64; i++)
+                        for (j = 0; j < 64; j++)
+                                m_sbox[b][(i << 6) | j] =
+                                        (u_sbox[(b << 1)][i] << 4) |
+                                        u_sbox[(b << 1) + 1][j];
+
+        /*
+         * Set up the initial & final permutations into a useful form, and
+         * initialise the inverted key permutation.
+         */
+        for (i = 0; i < 64; i++) {
+                init_perm[final_perm[i] = IP[i] - 1] = i;
+                inv_key_perm[i] = 255;
+        }
+
+        /*
+         * Invert the key permutation and initialise the inverted key
+         * compression permutation.
+         */
+        for (i = 0; i < 56; i++) {
+                u_key_perm[i] = key_perm[i] - 1;
+                inv_key_perm[key_perm[i] - 1] = i;
+                inv_comp_perm[i] = 255;
+        }
+
+        /*
+         * Invert the key compression permutation.
+         */
+        for (i = 0; i < 48; i++) {
+                inv_comp_perm[comp_perm[i] - 1] = i;
+        }
+
+        /*
+         * Set up the OR-mask arrays for the initial and final permutations,
+         * and for the key initial and compression permutations.
+         */
+        for (k = 0; k < 8; k++) {
+                for (i = 0; i < 256; i++) {
+                        *(il = &ip_maskl[k][i]) = 0;
+                        *(ir = &ip_maskr[k][i]) = 0;
+                        *(fl = &fp_maskl[k][i]) = 0;
+                        *(fr = &fp_maskr[k][i]) = 0;
+                        for (j = 0; j < 8; j++) {
+                                inbit = 8 * k + j;
+                                if (i & bits8[j]) {
+                                        if ((obit = init_perm[inbit]) < 32)
+                                                *il |= bits32[obit];
+                                        else
+                                                *ir |= bits32[obit-32];
+                                        if ((obit = final_perm[inbit]) < 32)
+                                                *fl |= bits32[obit];
+                                        else
+                                                *fr |= bits32[obit - 32];
+                                }
+                        }
+                }
+                for (i = 0; i < 128; i++) {
+                        *(il = &key_perm_maskl[k][i]) = 0;
+                        *(ir = &key_perm_maskr[k][i]) = 0;
+                        for (j = 0; j < 7; j++) {
+                                inbit = 8 * k + j;
+                                if (i & bits8[j + 1]) {
+                                        if ((obit = inv_key_perm[inbit]) == 255)
+                                                continue;
+                                        if (obit < 28)
+                                                *il |= bits28[obit];
+                                        else
+                                                *ir |= bits28[obit - 28];
+                                }
+                        }
+                        *(il = &comp_maskl[k][i]) = 0;
+                        *(ir = &comp_maskr[k][i]) = 0;
+                        for (j = 0; j < 7; j++) {
+                                inbit = 7 * k + j;
+                                if (i & bits8[j + 1]) {
+                                        if ((obit=inv_comp_perm[inbit]) == 255)
+                                                continue;
+                                        if (obit < 24)
+                                                *il |= bits24[obit];
+                                        else
+                                                *ir |= bits24[obit - 24];
+                                }
+                        }
+                }
+        }
+
+        /*
+         * Invert the P-box permutation, and convert into OR-masks for
+         * handling the output of the S-box arrays setup above.
+         */
+        for (i = 0; i < 32; i++)
+                un_pbox[pbox[i] - 1] = i;
+
+        for (b = 0; b < 4; b++)
+                for (i = 0; i < 256; i++) {
+                        *(p = &psbox[b][i]) = 0;
+                        for (j = 0; j < 8; j++) {
+                                if (i & bits8[j])
+                                        *p |= bits32[un_pbox[8 * b + j]];
+                        }
+                }
+
+        des_initialised = 1;
+}
+
+void
+setup_salt(salt)
+        int32_t salt;
+{
+        u_int32_t       obit, saltbit;
+        int     i;
+
+        if (salt == old_salt)
+                return;
+        old_salt = salt;
+
+        saltbits = 0;
+        saltbit = 1;
+        obit = 0x800000;
+        for (i = 0; i < 24; i++) {
+                if (salt & saltbit)
+                        saltbits |= obit;
+                saltbit <<= 1;
+                obit >>= 1;
+        }
+}
+
+int
+do_des(l_in, r_in, l_out, r_out, count)
+        u_int32_t l_in, r_in, *l_out, *r_out;
+        int count;
+{
+        /*
+         *      l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
+         */
+        u_int32_t       l, r, *kl, *kr, *kl1, *kr1;
+        u_int32_t       f, r48l, r48r;
+        int             round;
+
+        if (count == 0) {
+                return(1);
+        } else if (count > 0) {
+                /*
+                 * Encrypting
+                 */
+                kl1 = en_keysl;
+                kr1 = en_keysr;
+        } else {
+                /*
+                 * Decrypting
+                 */
+                count = -count;
+                kl1 = de_keysl;
+                kr1 = de_keysr;
+        }
+
+        /*
+         *      Do initial permutation (IP).
+         */
+        l = ip_maskl[0][l_in >> 24]
+          | ip_maskl[1][(l_in >> 16) & 0xff]
+          | ip_maskl[2][(l_in >> 8) & 0xff]
+          | ip_maskl[3][l_in & 0xff]
+          | ip_maskl[4][r_in >> 24]
+          | ip_maskl[5][(r_in >> 16) & 0xff]
+          | ip_maskl[6][(r_in >> 8) & 0xff]
+          | ip_maskl[7][r_in & 0xff];
+        r = ip_maskr[0][l_in >> 24]
+          | ip_maskr[1][(l_in >> 16) & 0xff]
+          | ip_maskr[2][(l_in >> 8) & 0xff]
+          | ip_maskr[3][l_in & 0xff]
+          | ip_maskr[4][r_in >> 24]
+          | ip_maskr[5][(r_in >> 16) & 0xff]
+          | ip_maskr[6][(r_in >> 8) & 0xff]
+          | ip_maskr[7][r_in & 0xff];
+
+        while (count--) {
+                /*
+                 * Do each round.
+                 */
+                kl = kl1;
+                kr = kr1;
+                round = 16;
+                while (round--) {
+                        /*
+                         * Expand R to 48 bits (simulate the E-box).
+                         */
+                        r48l    = ((r & 0x00000001) << 23)
+                                | ((r & 0xf8000000) >> 9)
+                                | ((r & 0x1f800000) >> 11)
+                                | ((r & 0x01f80000) >> 13)
+                                | ((r & 0x001f8000) >> 15);
+
+                        r48r    = ((r & 0x0001f800) << 7)
+                                | ((r & 0x00001f80) << 5)
+                                | ((r & 0x000001f8) << 3)
+                                | ((r & 0x0000001f) << 1)
+                                | ((r & 0x80000000) >> 31);
+                        /*
+                         * Do salting for crypt() and friends, and
+                         * XOR with the permuted key.
+                         */
+                        f = (r48l ^ r48r) & saltbits;
+                        r48l ^= f ^ *kl++;
+                        r48r ^= f ^ *kr++;
+                        /*
+                         * Do sbox lookups (which shrink it back to 32 bits)
+                         * and do the pbox permutation at the same time.
+                         */
+                        f = psbox[0][m_sbox[0][r48l >> 12]]
+                          | psbox[1][m_sbox[1][r48l & 0xfff]]
+                          | psbox[2][m_sbox[2][r48r >> 12]]
+                          | psbox[3][m_sbox[3][r48r & 0xfff]];
+                        /*
+                         * Now that we've permuted things, complete f().
+                         */
+                        f ^= l;
+                        l = r;
+                        r = f;
+                }
+                r = l;
+                l = f;
+        }
+        /*
+         * Do final permutation (inverse of IP).
+         */
+        *l_out  = fp_maskl[0][l >> 24]
+                | fp_maskl[1][(l >> 16) & 0xff]
+                | fp_maskl[2][(l >> 8) & 0xff]
+                | fp_maskl[3][l & 0xff]
+                | fp_maskl[4][r >> 24]
+                | fp_maskl[5][(r >> 16) & 0xff]
+                | fp_maskl[6][(r >> 8) & 0xff]
+                | fp_maskl[7][r & 0xff];
+        *r_out  = fp_maskr[0][l >> 24]
+                | fp_maskr[1][(l >> 16) & 0xff]
+                | fp_maskr[2][(l >> 8) & 0xff]
+                | fp_maskr[3][l & 0xff]
+                | fp_maskr[4][r >> 24]
+                | fp_maskr[5][(r >> 16) & 0xff]
+                | fp_maskr[6][(r >> 8) & 0xff]
+                | fp_maskr[7][r & 0xff];
+        return(0);
+}
+
+int
+des_cipher(in, out, salt, count)
+        const char *in;
+        char *out;
+        long salt;
+        int count;
+{
+        u_int32_t l_out, r_out, rawl, rawr;
+        u_int32_t x[2];
+        int     retval;
+
+        if (!des_initialised)
+                des_init();
+
+        setup_salt((int32_t)salt);
+
+        memcpy(x, in, sizeof x);
+        rawl = ntohl(x[0]);
+        rawr = ntohl(x[1]);
+        retval = do_des(rawl, rawr, &l_out, &r_out, count);
+
+        x[0] = htonl(l_out);
+        x[1] = htonl(r_out);
+        memcpy(out, x, sizeof x);
+        return(retval);
+}
+
+int
+des_setkey(key)
+        const char *key;
+{
+        u_int32_t k0, k1, rawkey0, rawkey1;
+        int     shifts, round;
+
+        if (!des_initialised)
+                des_init();
+
+        rawkey0 = ntohl(*(u_int32_t *) key);
+        rawkey1 = ntohl(*(u_int32_t *) (key + 4));
+
+        if ((rawkey0 | rawkey1)
+            && rawkey0 == old_rawkey0
+            && rawkey1 == old_rawkey1) {
+                /*
+                 * Already setup for this key.
+                 * This optimisation fails on a zero key (which is weak and
+                 * has bad parity anyway) in order to simplify the starting
+                 * conditions.
+                 */
+                return(0);
+        }
+        old_rawkey0 = rawkey0;
+        old_rawkey1 = rawkey1;
+
+        /*
+         *      Do key permutation and split into two 28-bit subkeys.
+         */
+        k0 = key_perm_maskl[0][rawkey0 >> 25]
+           | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
+           | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
+           | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
+           | key_perm_maskl[4][rawkey1 >> 25]
+           | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
+           | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
+           | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
+        k1 = key_perm_maskr[0][rawkey0 >> 25]
+           | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
+           | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
+           | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
+           | key_perm_maskr[4][rawkey1 >> 25]
+           | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
+           | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
+           | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
+        /*
+         *      Rotate subkeys and do compression permutation.
+         */
+        shifts = 0;
+        for (round = 0; round < 16; round++) {
+                u_int32_t       t0, t1;
+
+                shifts += key_shifts[round];
+
+                t0 = (k0 << shifts) | (k0 >> (28 - shifts));
+                t1 = (k1 << shifts) | (k1 >> (28 - shifts));
+
+                de_keysl[15 - round] =
+                en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
+                                | comp_maskl[1][(t0 >> 14) & 0x7f]
+                                | comp_maskl[2][(t0 >> 7) & 0x7f]
+                                | comp_maskl[3][t0 & 0x7f]
+                                | comp_maskl[4][(t1 >> 21) & 0x7f]
+                                | comp_maskl[5][(t1 >> 14) & 0x7f]
+                                | comp_maskl[6][(t1 >> 7) & 0x7f]
+                                | comp_maskl[7][t1 & 0x7f];
+
+                de_keysr[15 - round] =
+                en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
+                                | comp_maskr[1][(t0 >> 14) & 0x7f]
+                                | comp_maskr[2][(t0 >> 7) & 0x7f]
+                                | comp_maskr[3][t0 & 0x7f]
+                                | comp_maskr[4][(t1 >> 21) & 0x7f]
+                                | comp_maskr[5][(t1 >> 14) & 0x7f]
+                                | comp_maskr[6][(t1 >> 7) & 0x7f]
+                                | comp_maskr[7][t1 & 0x7f];
+        }
+        return(0);
+}
+
+int
+setkey(key)
+        const char *key;
+{
+        int     i, j;
+        u_int32_t packed_keys[2];
+        u_char  *p;
+
+        p = (u_char *) packed_keys;
+
+        for (i = 0; i < 8; i++) {
+                p[i] = 0;
+                for (j = 0; j < 8; j++)
+                        if (*key++ & 1)
+                                p[i] |= bits8[j];
+        }
+        return(des_setkey(p));
+}
+
+int
+encrypt(block, flag)
+        char *block;
+        int flag;
+{
+        u_int32_t io[2];
+        u_char  *p;
+        int     i, j, retval;
+
+        if (!des_initialised)
+                des_init();
+
+        setup_salt((int32_t)0);
+        p = (u_char *)block;
+        for (i = 0; i < 2; i++) {
+                io[i] = 0L;
+                for (j = 0; j < 32; j++)
+                        if (*p++ & 1)
+                                io[i] |= bits32[j];
+        }
+        retval = do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
+        for (i = 0; i < 2; i++)
+                for (j = 0; j < 32; j++)
+                        block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
+        return(retval);
+}
diff --git a/src/lib/libc/include/namespace.h b/src/lib/libc/include/namespace.h
index 803657e006..4a51f15ddf 100644
--- a/src/lib/libc/include/namespace.h
+++ b/src/lib/libc/include/namespace.h
@@ -1,4 +1,4 @@
-/*      $NetBSD: namespace.h,v 1.2 1995/02/27 13:02:12 cgd Exp $        */
+/*      $OpenBSD: namespace.h,v 1.2 1996/08/19 08:28:08 tholo Exp $     */
 
 #define catclose        _catclose
 #define catgets         _catgets
diff --git a/src/lib/libc/net/Makefile.inc b/src/lib/libc/net/Makefile.inc
index 2d220067e4..935a1904c1 100644
--- a/src/lib/libc/net/Makefile.inc
+++ b/src/lib/libc/net/Makefile.inc
@@ -1,16 +1,19 @@
-#       $NetBSD: Makefile.inc,v 1.23 1995/03/02 09:09:07 chopps Exp $
-#       @(#)Makefile.inc        8.2 (Berkeley) 9/5/93
+#       $OpenBSD: Makefile.inc,v 1.16 1998/08/29 21:11:40 deraadt Exp $
 
 # net sources
 .PATH: ${.CURDIR}/arch/${MACHINE_ARCH}/net ${.CURDIR}/net
 
-SRCS+=  gethostnamadr.c getnetbyaddr.c getnetbyname.c getnetent.c \
-        getproto.c getprotoent.c getprotoname.c getservbyname.c \
+CFLAGS+=-DRESOLVSORT
+
+SRCS+=  base64.c gethostnamadr.c getnetbyaddr.c getnetbyname.c getnetent.c \
+        getnetnamadr.c getproto.c getprotoent.c getprotoname.c getservbyname.c \
         getservbyport.c getservent.c herror.c inet_addr.c inet_lnaof.c \
-        inet_makeaddr.c inet_netof.c inet_network.c inet_ntoa.c \
-        iso_addr.c linkaddr.c ns_addr.c ns_ntoa.c rcmd.c recv.c res_comp.c \
-        res_debug.c res_init.c res_mkquery.c res_query.c res_send.c \
-        send.c sethostent.c ethers.c
+        inet_makeaddr.c inet_neta.c inet_netof.c inet_network.c \
+        inet_net_ntop.c inet_net_pton.c inet_ntoa.c inet_ntop.c \
+        inet_pton.c ipx_addr.c ipx_ntoa.c \
+        iso_addr.c linkaddr.c ns_addr.c ns_ntoa.c nsap_addr.c rcmd.c recv.c \
+        res_comp.c res_data.c res_debug.c res_init.c res_mkquery.c res_query.c \
+        res_random.c res_send.c send.c sethostent.c ethers.c rcmdsh.c
 
 # machine-dependent net sources
 # m-d Makefile.inc must include sources for:
@@ -18,16 +21,21 @@ SRCS+=	gethostnamadr.c getnetbyaddr.c getnetbyname.c getnetent.c \
 
 .include "${.CURDIR}/arch/${MACHINE_ARCH}/net/Makefile.inc"
 
-MAN+=   byteorder.3 gethostbyname.3 getnetent.3 getprotoent.3 getservent.3 \
-        inet.3 linkaddr.3 ns.3 rcmd.3 resolver.3 ethers.3
+MAN+=   byteorder.3 ethers.3 gethostbyname.3 getnetent.3 getprotoent.3 \
+        getservent.3 inet.3 inet_net.3 iso_addr.3 link_addr.3 ns.3 ipx.3 \
+        rcmd.3 rcmdsh.3 resolver.3
 
 MLINKS+=byteorder.3 htonl.3 byteorder.3 htons.3 byteorder.3 ntohl.3 \
-        byteorder.3 ntohs.3
+        byteorder.3 ntohs.3 byteorder.3 htobe16.3 byteorder.3 htobe32.3 \
+        byteorder.3 betoh16.3 byteorder.3 betoh32.3 byteorder.3 htole16.3 \
+        byteorder.3 htole32.3 byteorder.3 letoh16.3 byteorder.3 letoh32.3 \
+        byteorder.3 swap16.3 byteorder.3 swap32.3
 MLINKS+=ethers.3 ether_aton.3 ethers.3 ether_hostton.3 ethers.3 ether_line.3 \
-        ethers.3 ether_ntoa.3 ethers.3 ether_ntohost.3
+        ethers.3 ether_ntoa.3 ethers.3 ether_ntohost.3 ethers.3 ether_addr.3
 MLINKS+=gethostbyname.3 endhostent.3 gethostbyname.3 gethostbyaddr.3 \
         gethostbyname.3 sethostent.3 gethostbyname.3 gethostent.3 \
-        gethostbyname.3 herror.3
+        gethostbyname.3 herror.3 gethostbyname.3 gethostbyname2.3 \
+        gethostbyname.3 hstrerror.3
 MLINKS+=getnetent.3 endnetent.3 getnetent.3 getnetbyaddr.3 \
         getnetent.3 getnetbyname.3 getnetent.3 setnetent.3
 MLINKS+=getprotoent.3 endprotoent.3 getprotoent.3 getprotobyname.3 \
@@ -37,8 +45,10 @@ MLINKS+=getservent.3 endservent.3 getservent.3 getservbyname.3 \
 MLINKS+=inet.3 addr.3 inet.3 inet_addr.3 inet.3 inet_aton.3 \
         inet.3 inet_lnaof.3 inet.3 inet_makeaddr.3 inet.3 inet_netof.3 \
         inet.3 inet_network.3 inet.3 inet_ntoa.3 inet.3 network.3 \
-        inet.3 ntoa.3
-MLINKS+=linkaddr.3 linkntoa.3
+        inet.3 ntoa.3 inet.3 inet_ntop.3 inet.3 inet_pton.3
+MLINKS+=iso_addr.3 iso_ntoa.3
+MLINKS+=link_addr.3 link_ntoa.3
+MLINKS+=ipx.3 ipx_addr.3 ipx.3 ipx_ntoa.3
 MLINKS+=ns.3 ns_addr.3 ns.3 ns_ntoa.3
 MLINKS+=rcmd.3 iruserok.3 rcmd.3 rresvport.3 rcmd.3 ruserok.3
 MLINKS+=resolver.3 dn_comp.3 resolver.3 dn_expand.3 resolver.3 res_init.3 \
diff --git a/src/lib/libc/net/base64.c b/src/lib/libc/net/base64.c
new file mode 100644
index 0000000000..452fe5afcc
--- /dev/null
+++ b/src/lib/libc/net/base64.c
@@ -0,0 +1,317 @@
+/*      $OpenBSD: base64.c,v 1.3 1997/11/08 20:46:55 deraadt Exp $      */
+
+/*
+ * Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/*
+ * Portions Copyright (c) 1995 by International Business Machines, Inc.
+ *
+ * International Business Machines, Inc. (hereinafter called IBM) grants
+ * permission under its copyrights to use, copy, modify, and distribute this
+ * Software with or without fee, provided that the above copyright notice and
+ * all paragraphs of this notice appear in all copies, and that the name of IBM
+ * not be used in connection with the marketing of any product incorporating
+ * the Software or modifications thereof, without specific, written prior
+ * permission.
+ *
+ * To the extent it has a right to do so, IBM grants an immunity from suit
+ * under its patents, if any, for the use, sale or manufacture of products to
+ * the extent that such products are used for performing Domain Name System
+ * dynamic updates in TCP/IP networks by means of the Software.  No immunity is
+ * granted for any product per se or for any other function of any product.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE.  IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
+ * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
+ * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+
+#include <ctype.h>
+#include <resolv.h>
+#include <stdio.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#define Assert(Cond) if (!(Cond)) abort()
+
+static const char Base64[] =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const char Pad64 = '=';
+
+/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
+   The following encoding technique is taken from RFC 1521 by Borenstein
+   and Freed.  It is reproduced here in a slightly edited form for
+   convenience.
+
+   A 65-character subset of US-ASCII is used, enabling 6 bits to be
+   represented per printable character. (The extra 65th character, "=",
+   is used to signify a special processing function.)
+
+   The encoding process represents 24-bit groups of input bits as output
+   strings of 4 encoded characters. Proceeding from left to right, a
+   24-bit input group is formed by concatenating 3 8-bit input groups.
+   These 24 bits are then treated as 4 concatenated 6-bit groups, each
+   of which is translated into a single digit in the base64 alphabet.
+
+   Each 6-bit group is used as an index into an array of 64 printable
+   characters. The character referenced by the index is placed in the
+   output string.
+
+                         Table 1: The Base64 Alphabet
+
+      Value Encoding  Value Encoding  Value Encoding  Value Encoding
+          0 A            17 R            34 i            51 z
+          1 B            18 S            35 j            52 0
+          2 C            19 T            36 k            53 1
+          3 D            20 U            37 l            54 2
+          4 E            21 V            38 m            55 3
+          5 F            22 W            39 n            56 4
+          6 G            23 X            40 o            57 5
+          7 H            24 Y            41 p            58 6
+          8 I            25 Z            42 q            59 7
+          9 J            26 a            43 r            60 8
+         10 K            27 b            44 s            61 9
+         11 L            28 c            45 t            62 +
+         12 M            29 d            46 u            63 /
+         13 N            30 e            47 v
+         14 O            31 f            48 w         (pad) =
+         15 P            32 g            49 x
+         16 Q            33 h            50 y
+
+   Special processing is performed if fewer than 24 bits are available
+   at the end of the data being encoded.  A full encoding quantum is
+   always completed at the end of a quantity.  When fewer than 24 input
+   bits are available in an input group, zero bits are added (on the
+   right) to form an integral number of 6-bit groups.  Padding at the
+   end of the data is performed using the '=' character.
+
+   Since all base64 input is an integral number of octets, only the
+         -------------------------------------------------                       
+   following cases can arise:
+   
+       (1) the final quantum of encoding input is an integral
+           multiple of 24 bits; here, the final unit of encoded
+           output will be an integral multiple of 4 characters
+           with no "=" padding,
+       (2) the final quantum of encoding input is exactly 8 bits;
+           here, the final unit of encoded output will be two
+           characters followed by two "=" padding characters, or
+       (3) the final quantum of encoding input is exactly 16 bits;
+           here, the final unit of encoded output will be three
+           characters followed by one "=" padding character.
+   */
+
+int
+b64_ntop(src, srclength, target, targsize)
+        u_char const *src;
+        size_t srclength;
+        char *target;
+        size_t targsize;
+{
+        size_t datalength = 0;
+        u_char input[3];
+        u_char output[4];
+        int i;
+
+        while (2 < srclength) {
+                input[0] = *src++;
+                input[1] = *src++;
+                input[2] = *src++;
+                srclength -= 3;
+
+                output[0] = input[0] >> 2;
+                output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+                output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+                output[3] = input[2] & 0x3f;
+                Assert(output[0] < 64);
+                Assert(output[1] < 64);
+                Assert(output[2] < 64);
+                Assert(output[3] < 64);
+
+                if (datalength + 4 > targsize)
+                        return (-1);
+                target[datalength++] = Base64[output[0]];
+                target[datalength++] = Base64[output[1]];
+                target[datalength++] = Base64[output[2]];
+                target[datalength++] = Base64[output[3]];
+        }
+    
+        /* Now we worry about padding. */
+        if (0 != srclength) {
+                /* Get what's left. */
+                input[0] = input[1] = input[2] = '\0';
+                for (i = 0; i < srclength; i++)
+                        input[i] = *src++;
+        
+                output[0] = input[0] >> 2;
+                output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+                output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+                Assert(output[0] < 64);
+                Assert(output[1] < 64);
+                Assert(output[2] < 64);
+
+                if (datalength + 4 > targsize)
+                        return (-1);
+                target[datalength++] = Base64[output[0]];
+                target[datalength++] = Base64[output[1]];
+                if (srclength == 1)
+                        target[datalength++] = Pad64;
+                else
+                        target[datalength++] = Base64[output[2]];
+                target[datalength++] = Pad64;
+        }
+        if (datalength >= targsize)
+                return (-1);
+        target[datalength] = '\0';      /* Returned value doesn't count \0. */
+        return (datalength);
+}
+
+/* skips all whitespace anywhere.
+   converts characters, four at a time, starting at (or after)
+   src from base - 64 numbers into three 8 bit bytes in the target area.
+   it returns the number of data bytes stored at the target, or -1 on error.
+ */
+
+int
+b64_pton(src, target, targsize)
+        char const *src;
+        u_char *target;
+        size_t targsize;
+{
+        int tarindex, state, ch;
+        char *pos;
+
+        state = 0;
+        tarindex = 0;
+
+        while ((ch = *src++) != '\0') {
+                if (isspace(ch))        /* Skip whitespace anywhere. */
+                        continue;
+
+                if (ch == Pad64)
+                        break;
+
+                pos = strchr(Base64, ch);
+                if (pos == 0)           /* A non-base64 character. */
+                        return (-1);
+
+                switch (state) {
+                case 0:
+                        if (target) {
+                                if (tarindex >= targsize)
+                                        return (-1);
+                                target[tarindex] = (pos - Base64) << 2;
+                        }
+                        state = 1;
+                        break;
+                case 1:
+                        if (target) {
+                                if (tarindex + 1 >= targsize)
+                                        return (-1);
+                                target[tarindex]   |=  (pos - Base64) >> 4;
+                                target[tarindex+1]  = ((pos - Base64) & 0x0f)
+                                                        << 4 ;
+                        }
+                        tarindex++;
+                        state = 2;
+                        break;
+                case 2:
+                        if (target) {
+                                if (tarindex + 1 >= targsize)
+                                        return (-1);
+                                target[tarindex]   |=  (pos - Base64) >> 2;
+                                target[tarindex+1]  = ((pos - Base64) & 0x03)
+                                                        << 6;
+                        }
+                        tarindex++;
+                        state = 3;
+                        break;
+                case 3:
+                        if (target) {
+                                if (tarindex >= targsize)
+                                        return (-1);
+                                target[tarindex] |= (pos - Base64);
+                        }
+                        tarindex++;
+                        state = 0;
+                        break;
+                }
+        }
+
+        /*
+         * We are done decoding Base-64 chars.  Let's see if we ended
+         * on a byte boundary, and/or with erroneous trailing characters.
+         */
+
+        if (ch == Pad64) {              /* We got a pad char. */
+                ch = *src++;            /* Skip it, get next. */
+                switch (state) {
+                case 0:         /* Invalid = in first position */
+                case 1:         /* Invalid = in second position */
+                        return (-1);
+
+                case 2:         /* Valid, means one byte of info */
+                        /* Skip any number of spaces. */
+                        for (; ch != '\0'; ch = *src++)
+                                if (!isspace(ch))
+                                        break;
+                        /* Make sure there is another trailing = sign. */
+                        if (ch != Pad64)
+                                return (-1);
+                        ch = *src++;            /* Skip the = */
+                        /* Fall through to "single trailing =" case. */
+                        /* FALLTHROUGH */
+
+                case 3:         /* Valid, means two bytes of info */
+                        /*
+                         * We know this char is an =.  Is there anything but
+                         * whitespace after it?
+                         */
+                        for (; ch != '\0'; ch = *src++)
+                                if (!isspace(ch))
+                                        return (-1);
+
+                        /*
+                         * Now make sure for cases 2 and 3 that the "extra"
+                         * bits that slopped past the last full byte were
+                         * zeros.  If we don't check them, they become a
+                         * subliminal channel.
+                         */
+                        if (target && target[tarindex] != 0)
+                                return (-1);
+                }
+        } else {
+                /*
+                 * We ended by seeing the end of the string.  Make sure we
+                 * have no partial bytes lying around.
+                 */
+                if (state != 0)
+                        return (-1);
+        }
+
+        return (tarindex);
+}
diff --git a/src/lib/libc/net/byteorder.3 b/src/lib/libc/net/byteorder.3
index 701a69f688..f2788b25dc 100644
--- a/src/lib/libc/net/byteorder.3
+++ b/src/lib/libc/net/byteorder.3
@@ -1,4 +1,4 @@
-.\"     $NetBSD: byteorder.3,v 1.3 1995/02/25 06:20:27 cgd Exp $
+.\"     $OpenBSD: byteorder.3,v 1.5 1997/11/19 23:30:17 niklas Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -31,8 +31,6 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)byteorder.3 8.1 (Berkeley) 6/4/93
-.\"
 .Dd June 4, 1993
 .Dt BYTEORDER 3
 .Os BSD 4.2
@@ -40,26 +38,101 @@
 .Nm htonl ,
 .Nm htons ,
 .Nm ntohl ,
-.Nm ntohs
-.Nd convert values between host and network byte order
+.Nm ntohs ,
+.Nm htobe32 ,
+.Nm htobe16 ,
+.Nm betoh32 ,
+.Nm betoh16 ,
+.Nm htole32 ,
+.Nm htole16 ,
+.Nm letoh32 ,
+.Nm letoh16 ,
+.Nm swap32 ,
+.Nm swap16
+.Nd convert values between different byte orderings
 .Sh SYNOPSIS
-.Fd #include <sys/param.h>
-.Ft u_long
-.Fn htonl "u_long hostlong"
-.Ft u_short
-.Fn htons "u_short hostshort"
-.Ft u_long
-.Fn ntohl "u_long netlong"
-.Ft u_short
-.Fn ntohs "u_short netshort"
+.Fd #include <sys/types.h>
+.Fd #include <machine/endian.h>
+.Ft u_int32_t
+.Fn htonl "u_int32_t host32"
+.Ft u_int16_t
+.Fn htons "u_int16_t host16"
+.Ft u_int32_t
+.Fn ntohl "u_int32_t net32"
+.Ft u_int16_t
+.Fn ntohs "u_int16_t net16"
+.Ft u_int32_t
+.Fn htobe32 "u_int32_t host32"
+.Ft u_int16_t
+.Fn htobe16 "u_int16_t host16"
+.Ft u_int32_t
+.Fn betoh32 "u_int32_t big32"
+.Ft u_int16_t
+.Fn betoh16 "u_int16_t big16"
+.Ft u_int32_t
+.Fn htole32 "u_int32_t host32"
+.Ft u_int16_t
+.Fn htole16 "u_int16_t host16"
+.Ft u_int32_t
+.Fn letoh32 "u_int32_t little32"
+.Ft u_int16_t
+.Fn letoh16 "u_int16_t little16"
+.Ft u_int32_t
+.Fn swap32 "u_int32_t val32"
+.Ft u_int16_t
+.Fn swap16 "u_int16_t val16"
 .Sh DESCRIPTION
-These routines convert 16 and 32 bit quantities between network
-byte order and host byte order.
+These routines convert 16 and 32 bit quantities between different
+byte orderings.  The "swap" functions reverse the byte ordering of
+the given quantity, the others converts either from/to the native
+byte order used by the host to/from either little- or big-endian (a.k.a
+network) order.
+.Pp
+Apart from the "swap" functions, the names can be described by this form:
+{src-order}to{dst-order}{size}.
+Both {src-order} and {dst-order} can take the following forms:
+.Bl -tag -width "be "
+.It Em h
+host order
+.It Em n
+network order (big-endian)
+.It Em be
+big-endian (Most significant byte first)
+.It Em le
+little-endian (Least significant byte first)
+.El
+.Pp
+One of the specified orderings must be "h".
+{Size} will take these forms:
+.Bl -tag -width "32 "
+.It Em l
+long (32-bit, used in conjunction with forms involving "n")
+.It Em s
+short (16-bit, used in conjunction with forms involving "n")
+.It Em 16
+16-bit
+.It Em 32
+32-bit
+.El
+.Pp
+The "swap" functions are of the form: swap{size}.
+.Pp
+Names involving "n" convert quantities between network
+byte order and host byte order.  The last letter (s/l) is a mnemonic
+for the traditional names for such quantities, short and long,
+respectively.  Today, the C concept of "short"/"long" integers
+need not coincide with this traditional misunderstanding.
 On machines which have a byte order which is the same as the network
 order, routines are defined as null macros.
 .Pp
-These routines are most often used in conjunction with Internet
-addresses and ports as returned by
+The functions involving either "be", "le" or "swap" use the numbers
+(16/32) for specifying the bitwidth of the quantities they operate on.
+Currently all supported architectures are either big- or little-endian
+so either the "be" or the "le" variants are implemented as null macros.
+.Pp
+The routines mentioned above which have either {src-order} or {dst-order}
+set to "n" are most often used in
+conjunction with Internet addresses and ports as returned by
 .Xr gethostbyname 3
 and
 .Xr getservent 3 .
@@ -73,6 +146,10 @@ functions appeared in
 .Bx 4.2 .
 .Sh BUGS
 On the
-.Tn VAX
+.Tn vax ,
+.Tn alpha ,
+.Tn i386 ,
+and so far
+.Tn mips
 bytes are handled backwards from most everyone else in
 the world.  This is not expected to be fixed in the near future.
diff --git a/src/lib/libc/net/ethers.3 b/src/lib/libc/net/ethers.3
index 81e6c65935..f5db308115 100644
--- a/src/lib/libc/net/ethers.3
+++ b/src/lib/libc/net/ethers.3
@@ -1,15 +1,17 @@
+.\"     $OpenBSD: ethers.3,v 1.9 1998/05/12 09:15:19 deraadt Exp $
 .\"
 .\" Written by roland@frob.com.  Public domain.
 .\"
 .Dd December 16, 1993
 .Dt ETHERS 3
-.Os NetBSD
+.Os
 .Sh NAME
+.Nm ether_aton ,
 .Nm ether_ntoa ,
 .Nm ether_addr ,
 .Nm ether_ntohost ,
 .Nm ether_hostton ,
-.Nm ether_line ,
+.Nm ether_line
 .Nd get ethers entry
 .Sh SYNOPSIS
 .Fd #include <netinet/if_ether.h>
@@ -17,15 +19,18 @@
 .Fn ether_ntoa "struct ether_addr *e"
 .Ft struct ether_addr *
 .Fn ether_aton "char *s"
+.Ft int
 .Fn ether_ntohost "char *hostname" "struct ether_addr *e"
+.Ft int
 .Fn ether_hostton "char *hostname" "struct ether_addr *e"
+.Ft int
 .Fn ether_line "char *l" "struct ether_addr *e" "char *hostname"
 .Sh DESCRIPTION
 Ethernet addresses are represented by the 
 following structure:
 .Bd -literal -offset indent
 struct ether_addr {
-        u_char  ether_addr_octet[6];
+        u_int8_t  ether_addr_octet[6];
 };
 .Ed
 .Pp
@@ -51,12 +56,15 @@ addresses,
 The
 .Fn ether_ntohost
 function looks up the given Ethernet address and writes the associated
-host name into the character buffer passed.
+host name into the character buffer passed.  This buffer should be
+.Ev MAXHOSTNAMELEN
+characters in size.
 The
 .Fn ether_hostton
 function looks up the given host name and writes the associated
 Ethernet address into the structure passed.  Both functions return
 zero if they find the requested host name or address, and -1 if not.
+.Pp
 Each call reads
 .Pa /etc/ethers 
 from the beginning; if a + appears alone on a line in the file, then
@@ -76,6 +84,9 @@ function parses a line from the
 file and fills in the passed ``struct ether_addr'' and character
 buffer with the Ethernet address and host name on the line.  It
 returns zero if the line was successfully parsed and -1 if not.
+The character buffer buffer should be
+.Ev MAXHOSTNAMELEN
+characters in size.
 .Sh FILES
 .Bl -tag -width /etc/ethers -compact
 .It Pa /etc/ethers
@@ -95,8 +106,4 @@ NetBSD 0.9b.
 .Sh BUGS
 The data space used by these functions is static; if future use
 requires the data, it should be copied before any subsequent calls to
-these functions overwrite it.  There is no way to restrict how many
-character will be written into the host name buffer passed.  A very
-long line in
-.Pa /etc/ethers
-could overflow your buffer.
+these functions overwrite it.
diff --git a/src/lib/libc/net/ethers.c b/src/lib/libc/net/ethers.c
index 0f32b9b71b..9df876b6f4 100644
--- a/src/lib/libc/net/ethers.c
+++ b/src/lib/libc/net/ethers.c
@@ -1,12 +1,42 @@
-/*      $NetBSD: ethers.c,v 1.5 1995/02/25 06:20:28 cgd Exp $   */
+/*      $OpenBSD: ethers.c,v 1.9 1998/06/21 22:13:44 millert Exp $      */
 
-/* 
- * ethers(3N) a la Sun.
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
  *
- * Written by Roland McGrath <roland@frob.com> 10/14/93.
- * Public domain.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* 
+ * ethers(3) a la Sun.
+ * Originally Written by Roland McGrath <roland@frob.com> 10/14/93.
+ * Substantially modified by Todd C. Miller <Todd.Miller@courtesan.com>
  */
 
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: ethers.c,v 1.9 1998/06/21 22:13:44 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <net/if.h>
@@ -18,22 +48,60 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <ctype.h>
 
 #ifndef _PATH_ETHERS
-#define _PATH_ETHERS "/etc/ethers"
+#define _PATH_ETHERS    "/etc/ethers"
 #endif
 
+static char * _ether_aton __P((char *, struct ether_addr *));
+
 char *
 ether_ntoa(e)
         struct ether_addr *e;
 {
         static char a[] = "xx:xx:xx:xx:xx:xx";
 
-        sprintf(a, "%02x:%02x:%02x:%02x:%02x:%02x",
+        if (e->ether_addr_octet[0] > 0xFF || e->ether_addr_octet[1] > 0xFF ||
+            e->ether_addr_octet[2] > 0xFF || e->ether_addr_octet[3] > 0xFF ||
+            e->ether_addr_octet[4] > 0xFF || e->ether_addr_octet[5] > 0xFF) {
+                errno = EINVAL;
+                return (NULL);
+        }
+
+        (void)sprintf(a, "%02x:%02x:%02x:%02x:%02x:%02x",
             e->ether_addr_octet[0], e->ether_addr_octet[1],
             e->ether_addr_octet[2], e->ether_addr_octet[3],
             e->ether_addr_octet[4], e->ether_addr_octet[5]);
-        return a;
+
+        return (a);
+}
+
+static char *
+_ether_aton(s, e)
+        char *s;
+        struct ether_addr *e;
+{
+        int i;
+        long l;
+        char *pp;
+
+        while (isspace(*s))
+                s++;
+
+        /* expect 6 hex octets separated by ':' or space/NUL if last octet */
+        for (i = 0; i < 6; i++) {
+                l = strtol(s, &pp, 16);
+                if (pp == s || l > 0xFF)
+                        return (NULL);
+                if (!(*pp == ':' || (i == 5 && (isspace(*pp) || *pp == '\0'))))
+                        return (NULL);
+                e->ether_addr_octet[i] = (u_char)l;
+                s = pp + 1;
+        }
+
+        /* return character after the octets ala strtol(3) */
+        return (pp);
 }
 
 struct ether_addr *
@@ -41,33 +109,32 @@ ether_aton(s)
         char *s;
 {
         static struct ether_addr n;
-        u_int i[6];
-
-        if (sscanf(s, " %x:%x:%x:%x:%x:%x ", &i[0], &i[1],
-            &i[2], &i[3], &i[4], &i[5]) == 6) {
-                n.ether_addr_octet[0] = (u_char)i[0];
-                n.ether_addr_octet[1] = (u_char)i[1];
-                n.ether_addr_octet[2] = (u_char)i[2];
-                n.ether_addr_octet[3] = (u_char)i[3];
-                n.ether_addr_octet[4] = (u_char)i[4];
-                n.ether_addr_octet[5] = (u_char)i[5];
-                return &n;
-        }
-        return NULL;
+
+        return (_ether_aton(s, &n) ? &n : NULL);
 }
 
+int
 ether_ntohost(hostname, e)
         char *hostname;
         struct ether_addr *e;
 {
         FILE *f; 
-        char buf[BUFSIZ];
+        char buf[BUFSIZ+1], *p;
+        size_t len;
         struct ether_addr try;
-
 #ifdef YP
-        char trybuf[sizeof "xx:xx:xx:xx:xx:xx"];
+        char trybuf[sizeof("xx:xx:xx:xx:xx:xx")];
         int trylen;
+#endif
+
+        if (e->ether_addr_octet[0] > 0xFF || e->ether_addr_octet[1] > 0xFF ||
+            e->ether_addr_octet[2] > 0xFF || e->ether_addr_octet[3] > 0xFF ||
+            e->ether_addr_octet[4] > 0xFF || e->ether_addr_octet[5] > 0xFF) {
+                errno = EINVAL;
+                return (-1);
+        }
 
+#ifdef YP
         sprintf(trybuf, "%x:%x:%x:%x:%x:%x", 
             e->ether_addr_octet[0], e->ether_addr_octet[1],
             e->ether_addr_octet[2], e->ether_addr_octet[3],
@@ -76,12 +143,19 @@ ether_ntohost(hostname, e)
 #endif
 
         f = fopen(_PATH_ETHERS, "r");
-        if (f==NULL)
-                return -1;
-        while (fgets(buf, sizeof buf, f)) {
+        if (f == NULL)
+                return (-1);
+        while ((p = fgetln(f, &len)) != NULL) {
+                if (p[len-1] == '\n')
+                        len--;
+                if (len > sizeof(buf) - 2)
+                        continue;
+                (void)memcpy(buf, p, len);
+                buf[len] = '\n';        /* code assumes newlines later on */
+                buf[len+1] = '\0';
 #ifdef YP
                 /* A + in the file means try YP now.  */
-                if (!strncmp(buf, "+\n", sizeof buf)) {
+                if (!strncmp(buf, "+\n", sizeof(buf))) {
                         char *ypbuf, *ypdom;
                         int ypbuflen;
 
@@ -93,42 +167,51 @@ ether_ntohost(hostname, e)
                         if (ether_line(ypbuf, &try, hostname) == 0) {
                                 free(ypbuf);
                                 (void)fclose(f);
-                                return 0;
+                                return (0);
                         }
                         free(ypbuf);
                         continue;
                 }
 #endif
                 if (ether_line(buf, &try, hostname) == 0 &&
-                    bcmp((char *)&try, (char *)e, sizeof try) == 0) {
+                    memcmp((void *)&try, (void *)e, sizeof(try)) == 0) {
                         (void)fclose(f);
-                        return 0;
+                        return (0);
                 }     
         }
         (void)fclose(f);
         errno = ENOENT;
-        return -1;
+        return (-1);
 }
 
+int
 ether_hostton(hostname, e)
         char *hostname;
         struct ether_addr *e;
 {
         FILE *f;
-        char buf[BUFSIZ];
+        char buf[BUFSIZ+1], *p;
         char try[MAXHOSTNAMELEN];
+        size_t len;
 #ifdef YP
         int hostlen = strlen(hostname);
 #endif
 
         f = fopen(_PATH_ETHERS, "r");
         if (f==NULL)
-                return -1;
+                return (-1);
 
-        while (fgets(buf, sizeof buf, f)) {
+        while ((p = fgetln(f, &len)) != NULL) {
+                if (p[len-1] == '\n')
+                        len--;
+                if (len > sizeof(buf) - 2)
+                        continue;
+                memcpy(buf, p, len);
+                buf[len] = '\n';        /* code assumes newlines later on */
+                buf[len+1] = '\0';
 #ifdef YP
                 /* A + in the file means try YP now.  */
-                if (!strncmp(buf, "+\n", sizeof buf)) {
+                if (!strncmp(buf, "+\n", sizeof(buf))) {
                         char *ypbuf, *ypdom;
                         int ypbuflen;
 
@@ -140,7 +223,7 @@ ether_hostton(hostname, e)
                         if (ether_line(ypbuf, e, try) == 0) {
                                 free(ypbuf);
                                 (void)fclose(f);
-                                return 0;
+                                return (0);
                         }
                         free(ypbuf);
                         continue;
@@ -148,31 +231,40 @@ ether_hostton(hostname, e)
 #endif
                 if (ether_line(buf, e, try) == 0 && strcmp(hostname, try) == 0) {
                         (void)fclose(f);
-                        return 0;
+                        return (0);
                 }
         }
         (void)fclose(f);
         errno = ENOENT;
-        return -1;
+        return (-1);
 }
 
-ether_line(l, e, hostname)
-        char *l;
+int
+ether_line(line, e, hostname)
+        char *line;
         struct ether_addr *e;
         char *hostname;
 {
-        u_int i[6];
-
-        if (sscanf(l, " %x:%x:%x:%x:%x:%x %s\n", &i[0], &i[1],
-            &i[2], &i[3], &i[4], &i[5], hostname) == 7) {
-                e->ether_addr_octet[0] = (u_char)i[0];
-                e->ether_addr_octet[1] = (u_char)i[1];
-                e->ether_addr_octet[2] = (u_char)i[2];
-                e->ether_addr_octet[3] = (u_char)i[3];
-                e->ether_addr_octet[4] = (u_char)i[4];
-                e->ether_addr_octet[5] = (u_char)i[5];
-                return 0;
-        }
+        char *p;
+        size_t n;
+
+        /* Parse "xx:xx:xx:xx:xx:xx" */
+        if ((p = _ether_aton(line, e)) == NULL || (*p != ' ' && *p != '\t'))
+                goto bad;
+
+        /* Now get the hostname */
+        while (isspace(*p))
+                p++;
+        if (*p == '\0')
+                goto bad;
+        n = strcspn(p, " \t\n");
+        if (n >= MAXHOSTNAMELEN)
+                goto bad;
+        (void)strncpy(hostname, p, n);
+        hostname[n] = '\0';
+        return (0);
+
+bad:
         errno = EINVAL;
-        return -1;
+        return (-1);
 }
diff --git a/src/lib/libc/net/gethostbyname.3 b/src/lib/libc/net/gethostbyname.3
index bac0368296..37069c0a59 100644
--- a/src/lib/libc/net/gethostbyname.3
+++ b/src/lib/libc/net/gethostbyname.3
@@ -1,4 +1,4 @@
-.\"     $NetBSD: gethostbyname.3,v 1.6 1995/02/25 06:20:28 cgd Exp $
+.\"     $OpenBSD: gethostbyname.3,v 1.9 1998/09/07 16:44:35 aaron Exp $
 .\"
 .\" Copyright (c) 1983, 1987, 1991, 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -31,17 +31,17 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)gethostbyname.3     8.2 (Berkeley) 4/19/94
-.\"
-.Dd April 19, 1994
+.Dd March 13, 1997
 .Dt GETHOSTBYNAME 3
-.Os BSD 4.2
+.Os
 .Sh NAME
 .Nm gethostbyname ,
+.Nm gethostbyname2 ,
 .Nm gethostbyaddr ,
 .Nm gethostent ,
 .Nm sethostent ,
 .Nm endhostent ,
+.Nm hstrerror ,
 .Nm herror
 .Nd get network host entry
 .Sh SYNOPSIS
@@ -50,12 +50,19 @@
 .Ft struct hostent *
 .Fn gethostbyname "const char *name"
 .Ft struct hostent *
+.Fn gethostbyname2 "const char *name" "int af"
+.Ft struct hostent *
 .Fn gethostbyaddr "const char *addr" "int len" "int type"
 .Ft struct hostent *
 .Fn gethostent void
+.Ft void
 .Fn sethostent "int stayopen"
+.Ft void
 .Fn endhostent void
-.Fn herror "char *string"
+.Ft void
+.Fn herror "const char *string"
+.Ft const char *
+.Fn hstrerror "int err"
 .Sh DESCRIPTION
 The
 .Fn gethostbyname
@@ -92,8 +99,7 @@ Official name of the host.
 .It Fa h_aliases
 A zero terminated array of alternate names for the host.
 .It Fa h_addrtype
-The type of address being returned; currently always
-.Dv AF_INET .
+The type of address being returned.
 .It Fa h_length
 The length, in bytes, of the address.
 .It Fa h_addr_list
@@ -103,6 +109,7 @@ Host addresses are returned in network byte order.
 The first address in
 .Fa h_addr_list ;
 this is for backward compatibility.
+.El
 .Pp
 When using the nameserver,
 .Fn gethostbyname
@@ -116,6 +123,14 @@ See
 .Xr hostname 7
 for the domain search procedure and the alias file format.
 .Pp
+.Fn Gethostbyname2
+is an advanced form of
+.Fn gethostbyname
+which allows lookups in address families other than
+.Dv AF_INET ,
+for example
+.Dv AF_INET6 .
+.Pp
 The
 .Fn sethostent
 function
@@ -141,13 +156,27 @@ function
 closes the
 .Tn TCP
 connection.
+.Pp
+The
+.Fn herror
+function prints an error message describing the failure.  If its argument
+.Fa string
+is
+.Pf non Dv -NULL ,
+it is prepended to the message string and separated from it by a colon
+and a space.  The error message is printed with a trailing newline.
+The contents of the error message is the same as that returned by 
+.Fn hstrerror
+with argument
+.Fa h_errno .
 .Sh FILES
 .Bl -tag -width /etc/hosts -compact
 .It Pa /etc/hosts
 .El
 .Sh DIAGNOSTICS
 Error return status from 
-.Fn gethostbyname
+.Fn gethostbyname ,
+.Fn gethostbyname2 ,
 and
 .Fn gethostbyaddr
 is indicated by return of a null pointer.
@@ -155,15 +184,6 @@ The external integer
 .Va h_errno
 may then be checked to see whether this is a temporary failure
 or an invalid or unknown host.
-The routine
-.Fn herror
-can be used to print an error message describing the failure.
-If its argument
-.Fa string
-is
-.Pf non Dv -NULL ,
-it is printed, followed by a colon and a space.
-The error message is printed with a trailing newline.
 .Pp
 The variable
 .Va h_errno
@@ -197,20 +217,6 @@ for example, a mail-forwarder may be registered for this domain.
 The
 .Fn gethostent
 function
-is defined, and
-.Fn sethostent
-and
-.Fn endhostent
-are redefined,
-when
-.Xr libc 3
-is built to use only the routines to lookup in
-.Pa /etc/hosts
-and not the name server.
-.Pp
-The
-.Fn gethostent
-function
 reads the next line of
 .Pa /etc/hosts ,
 opening the file if necessary.
@@ -224,7 +230,8 @@ If the
 .Fa stayopen
 argument is non-zero,
 the file will not be closed after each call to
-.Fn gethostbyname
+.Fn gethostbyname ,
+.Fn gethostbyname2 ,
 or
 .Fn gethostbyaddr .
 .Pp
@@ -251,4 +258,9 @@ These functions use static data storage;
 if the data is needed for future use, it should be
 copied before any subsequent calls overwrite it.
 Only the Internet
-address format is currently understood.
+address formats are currently understood.
+.Pp
+YP does not support any address families other than 
+.Dv AF_INET
+and uses
+the traditional database format.
diff --git a/src/lib/libc/net/gethostnamadr.c b/src/lib/libc/net/gethostnamadr.c
index ec3f14a900..7321225863 100644
--- a/src/lib/libc/net/gethostnamadr.c
+++ b/src/lib/libc/net/gethostnamadr.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: gethostnamadr.c,v 1.13 1995/05/21 16:21:14 mycroft Exp $       */
-
 /*-
  * Copyright (c) 1985, 1988, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -54,12 +52,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)gethostnamadr.c     8.1 (Berkeley) 6/4/93";
-static char rcsid[] = "$Id: gethnamaddr.c,v 4.9.1.1 1993/05/02 22:43:03 vixie Rel ";
-#else
-static char rcsid[] = "$NetBSD: gethostnamadr.c,v 1.13 1995/05/21 16:21:14 mycroft Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: gethostnamadr.c,v 1.30 1998/03/16 05:06:55 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -73,12 +66,16 @@ static char rcsid[] = "$NetBSD: gethostnamadr.c,v 1.13 1995/05/21 16:21:14 mycro
 #include <ctype.h>
 #include <errno.h>
 #include <string.h>
+#include <syslog.h>
 #ifdef YP
 #include <rpc/rpc.h>
-#include <rpcsvc/yp_prot.h>
+#include <rpcsvc/yp.h>
 #include <rpcsvc/ypclnt.h>
+#include "ypinternal.h"
 #endif
 
+#define MULTI_PTRS_ARE_ALIASES 1        /* XXX - experimental */
+
 #define MAXALIASES      35
 #define MAXADDRS        35
 
@@ -91,10 +88,26 @@ static char *__ypdomain;
 static struct hostent host;
 static char *host_aliases[MAXALIASES];
 static char hostbuf[BUFSIZ+1];
-static struct in_addr host_addr;
+static union {
+        struct in_addr _host_in_addr;
+        u_char _host_addr[16];          /* IPv4 or IPv6 */
+} _host_addr_u;
+#define host_addr _host_addr_u._host_addr
 static FILE *hostf = NULL;
 static int stayopen = 0;
 
+static void map_v4v6_address __P((const char *src, char *dst));
+static void map_v4v6_hostent __P((struct hostent *hp, char **bp, int *len));
+
+#ifdef RESOLVSORT
+static void addrsort __P((char **, int));
+#endif
+
+int _hokchar __P((const char *));
+
+static const char AskedForGot[] =
+                          "gethostby*.getanswer: asked for \"%s\", got \"%s\"";
+
 #if PACKETSZ > 1024
 #define MAXPACKET       PACKETSZ
 #else
@@ -107,31 +120,81 @@ typedef union {
 } querybuf;
 
 typedef union {
-    int32_t al;
-    char ac;
+        int32_t al;
+        char ac;
 } align;
 
-static int qcomp __P((struct in_addr **, struct in_addr **));
-static struct hostent *getanswer __P((querybuf *, int, int));
+static struct hostent *getanswer __P((const querybuf *, int, const char *,
+                                      int));
 
 extern int h_errno;
 
+int
+_hokchar(p)
+        const char *p;
+{
+        char c;
+
+        /*
+         * Many people do not obey RFC 822 and 1035.  The valid
+         * characters are a-z, A-Z, 0-9, '-' and . But the others
+         * tested for below can happen, and we must be more permissive
+         * than the resolver until those idiots clean up their act.
+         * We let '/' through, but not '..'
+         */
+        while ((c = *p++)) {
+                if (('a' <= c && c <= 'z') ||
+                    ('A' <= c && c <= 'Z') ||
+                    ('0' <= c && c <= '9'))
+                        continue;
+                if (strchr("-_/", c))
+                        continue;
+                if (c == '.' && *p != '.')
+                        continue;
+                return 0;
+        }
+        return 1;
+}
+
 static struct hostent *
-getanswer(answer, anslen, iquery)
-        querybuf *answer;
+getanswer(answer, anslen, qname, qtype)
+        const querybuf *answer;
         int anslen;
-        int iquery;
+        const char *qname;
+        int qtype;
 {
-        register HEADER *hp;
-        register u_char *cp;
+        register const HEADER *hp;
+        register const u_char *cp;
         register int n;
-        u_char *eom;
-        char *bp, **ap;
+        const u_char *eom;
+        char *bp, **ap, **hap;
         int type, class, buflen, ancount, qdcount;
-        int haveanswer, getclass = C_ANY;
-        char **hap;
+        int haveanswer, had_error;
+        int toobig = 0;
+        char tbuf[MAXDNAME];
+        const char *tname;
+        int (*name_ok) __P((const char *));
 
+        tname = qname;
+        host.h_name = NULL;
         eom = answer->buf + anslen;
+        switch (qtype) {
+        case T_A:
+        case T_AAAA:
+#ifdef USE_RESOLV_NAME_OK
+                name_ok = res_hnok;
+                break;
+#endif
+        case T_PTR:
+#ifdef USE_RESOLV_NAME_OK
+                name_ok = res_dnok;
+#else
+                name_ok = _hokchar;
+#endif
+                break;
+        default:
+                return (NULL);
+        }
         /*
          * find first satisfactory answer
          */
@@ -139,31 +202,29 @@ getanswer(answer, anslen, iquery)
         ancount = ntohs(hp->ancount);
         qdcount = ntohs(hp->qdcount);
         bp = hostbuf;
-        buflen = sizeof(hostbuf);
-        cp = answer->buf + sizeof(HEADER);
-        if (qdcount) {
-                if (iquery) {
-                        if ((n = dn_expand((u_char *)answer->buf,
-                            (u_char *)eom, (u_char *)cp, (u_char *)bp,
-                            buflen)) < 0) {
-                                h_errno = NO_RECOVERY;
-                                return ((struct hostent *) NULL);
-                        }
-                        cp += n + QFIXEDSZ;
-                        host.h_name = bp;
-                        n = strlen(bp) + 1;
-                        bp += n;
-                        buflen -= n;
-                } else
-                        cp += __dn_skipname(cp, eom) + QFIXEDSZ;
-                while (--qdcount > 0)
-                        cp += __dn_skipname(cp, eom) + QFIXEDSZ;
-        } else if (iquery) {
-                if (hp->aa)
-                        h_errno = HOST_NOT_FOUND;
-                else
-                        h_errno = TRY_AGAIN;
-                return ((struct hostent *) NULL);
+        buflen = sizeof hostbuf;
+        cp = answer->buf + HFIXEDSZ;
+        if (qdcount != 1) {
+                h_errno = NO_RECOVERY;
+                return (NULL);
+        }
+        n = dn_expand(answer->buf, eom, cp, bp, buflen);
+        if ((n < 0) || !(*name_ok)(bp)) {
+                h_errno = NO_RECOVERY;
+                return (NULL);
+        }
+        cp += n + QFIXEDSZ;
+        if (qtype == T_A || qtype == T_AAAA) {
+                /* res_send() has already verified that the query name is the
+                 * same as the one we sent; this just gets the expanded name
+                 * (i.e., with the succeeding search-domain tacked on).
+                 */
+                n = strlen(bp) + 1;             /* for the \0 */
+                host.h_name = bp;
+                bp += n;
+                buflen -= n;
+                /* The qname can be abbreviated, but h_name is now absolute. */
+                qname = host.h_name;
         }
         ap = host_aliases;
         *ap = NULL;
@@ -172,104 +233,256 @@ getanswer(answer, anslen, iquery)
         *hap = NULL;
         host.h_addr_list = h_addr_ptrs;
         haveanswer = 0;
-        while (--ancount >= 0 && cp < eom) {
-                if ((n = dn_expand((u_char *)answer->buf, (u_char *)eom,
-                    (u_char *)cp, (u_char *)bp, buflen)) < 0)
-                        break;
-                cp += n;
+        had_error = 0;
+        while (ancount-- > 0 && cp < eom && !had_error) {
+                n = dn_expand(answer->buf, eom, cp, bp, buflen);
+                if ((n < 0) || !(*name_ok)(bp)) {
+                        had_error++;
+                        continue;
+                }
+                cp += n;                        /* name */
                 type = _getshort(cp);
-                cp += sizeof(u_int16_t);
+                cp += INT16SZ;                  /* type */
                 class = _getshort(cp);
-                cp += sizeof(u_int16_t) + sizeof(u_int32_t);
+                cp += INT16SZ + INT32SZ;        /* class, TTL */
                 n = _getshort(cp);
-                cp += sizeof(u_int16_t);
-                if (type == T_CNAME) {
+                cp += INT16SZ;                  /* len */
+                if (class != C_IN) {
+                        /* XXX - debug? syslog? */
                         cp += n;
+                        continue;               /* XXX - had_error++ ? */
+                }
+                if ((qtype == T_A || qtype == T_AAAA) && type == T_CNAME) {
                         if (ap >= &host_aliases[MAXALIASES-1])
                                 continue;
+                        n = dn_expand(answer->buf, eom, cp, tbuf, sizeof tbuf);
+                        if ((n < 0) || !(*name_ok)(tbuf)) {
+                                had_error++;
+                                continue;
+                        }
+                        cp += n;
+                        /* Store alias. */
                         *ap++ = bp;
-                        n = strlen(bp) + 1;
+                        n = strlen(bp) + 1;     /* for the \0 */
+                        bp += n;
+                        buflen -= n;
+                        /* Get canonical name. */
+                        n = strlen(tbuf) + 1;   /* for the \0 */
+                        if (n > buflen) {
+                                had_error++;
+                                continue;
+                        }
+                        strcpy(bp, tbuf);
+                        host.h_name = bp;
                         bp += n;
                         buflen -= n;
                         continue;
                 }
-                if (iquery && type == T_PTR) {
-                        if ((n = dn_expand((u_char *)answer->buf,
-                            (u_char *)eom, (u_char *)cp, (u_char *)bp,
-                            buflen)) < 0)
-                                break;
+                if (qtype == T_PTR && type == T_CNAME) {
+                        n = dn_expand(answer->buf, eom, cp, tbuf, sizeof tbuf);
+                        if ((n < 0) || !res_hnok(tbuf)) {
+                                had_error++;
+                                continue;
+                        }
                         cp += n;
-                        host.h_name = bp;
-                        return(&host);
+                        /* Get canonical name. */
+                        n = strlen(tbuf) + 1;   /* for the \0 */
+                        if (n > buflen) {
+                                had_error++;
+                                continue;
+                        }
+                        strcpy(bp, tbuf);
+                        tname = bp;
+                        bp += n;
+                        buflen -= n;
+                        continue;
                 }
-                if (iquery || type != T_A)  {
-#ifdef DEBUG
-                        if (_res.options & RES_DEBUG)
-                                printf("unexpected answer type %d, size %d\n",
-                                        type, n);
-#endif
+                if (type != qtype) {
+                        syslog(LOG_NOTICE|LOG_AUTH,
+               "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
+                               qname, p_class(C_IN), p_type(qtype),
+                               p_type(type));
                         cp += n;
-                        continue;
+                        continue;               /* XXX - had_error++ ? */
                 }
-                if (haveanswer) {
-                        if (n != host.h_length) {
+                switch (type) {
+                case T_PTR:
+                        if (strcasecmp(tname, bp) != 0) {
+                                syslog(LOG_NOTICE|LOG_AUTH,
+                                       AskedForGot, qname, bp);
                                 cp += n;
-                                continue;
+                                continue;       /* XXX - had_error++ ? */
+                        }
+                        n = dn_expand(answer->buf, eom, cp, bp, buflen);
+                        if ((n < 0) || !res_hnok(bp)) {
+                                had_error++;
+                                break;
+                        }
+#if MULTI_PTRS_ARE_ALIASES
+                        cp += n;
+                        if (!haveanswer)
+                                host.h_name = bp;
+                        else if (ap < &host_aliases[MAXALIASES-1])
+                                *ap++ = bp;
+                        else
+                                n = -1;
+                        if (n != -1) {
+                                n = strlen(bp) + 1;     /* for the \0 */
+                                bp += n;
+                                buflen -= n;
                         }
-                        if (class != getclass) {
+                        break;
+#else
+                        host.h_name = bp;
+                        if (_res.options & RES_USE_INET6) {
+                                n = strlen(bp) + 1;     /* for the \0 */
+                                bp += n;
+                                buflen -= n;
+                                map_v4v6_hostent(&host, &bp, &buflen);
+                        }
+                        h_errno = NETDB_SUCCESS;
+                        return (&host);
+#endif
+                case T_A:
+                case T_AAAA:
+                        if (strcasecmp(host.h_name, bp) != 0) {
+                                syslog(LOG_NOTICE|LOG_AUTH,
+                                       AskedForGot, host.h_name, bp);
+                                cp += n;
+                                continue;       /* XXX - had_error++ ? */
+                        }
+                        if (n != host.h_length) {
                                 cp += n;
                                 continue;
                         }
-                } else {
-                        host.h_length = n;
-                        getclass = class;
-                        host.h_addrtype = (class == C_IN) ? AF_INET : AF_UNSPEC;
-                        if (!iquery) {
+                        if (!haveanswer) {
+                                register int nn;
+
                                 host.h_name = bp;
-                                bp += strlen(bp) + 1;
+                                nn = strlen(bp) + 1;    /* for the \0 */
+                                bp += nn;
+                                buflen -= nn;
                         }
-                }
 
-                bp += sizeof(align) - ((u_long)bp % sizeof(align));
+                        bp += sizeof(align) - ((u_long)bp % sizeof(align));
 
-                if (bp + n >= &hostbuf[sizeof(hostbuf)]) {
+                        if (bp + n >= &hostbuf[sizeof hostbuf]) {
+#ifdef DEBUG
+                                if (_res.options & RES_DEBUG)
+                                        printf("size (%d) too big\n", n);
+#endif
+                                had_error++;
+                                continue;
+                        }
+                        if (hap >= &h_addr_ptrs[MAXADDRS-1]) {
+                                if (!toobig++)
 #ifdef DEBUG
-                        if (_res.options & RES_DEBUG)
-                                printf("size (%d) too big\n", n);
+                                        if (_res.options & RES_DEBUG)
+                                                printf("Too many addresses (%d)\n", MAXADDRS);
 #endif
+                                cp += n;
+                                continue;
+                        }
+                        bcopy(cp, *hap++ = bp, n);
+                        bp += n;
+                        buflen -= n;
+                        cp += n;
                         break;
                 }
-                bcopy(cp, *hap++ = bp, n);
-                bp +=n;
-                cp += n;
-                haveanswer++;
+                if (!had_error)
+                        haveanswer++;
         }
         if (haveanswer) {
                 *ap = NULL;
                 *hap = NULL;
-                if (_res.nsort) {
-                        qsort(host.h_addr_list, haveanswer,
-                            sizeof(struct in_addr),
-                            (int (*)__P((const void *, const void *)))qcomp);
+# if defined(RESOLVSORT)
+                /*
+                 * Note: we sort even if host can take only one address
+                 * in its return structures - should give it the "best"
+                 * address in that case, not some random one
+                 */
+                if (_res.nsort && haveanswer > 1 && qtype == T_A)
+                        addrsort(h_addr_ptrs, haveanswer);
+# endif /*RESOLVSORT*/
+                if (!host.h_name) {
+                        n = strlen(qname) + 1;  /* for the \0 */
+                        if (n > buflen)
+                                goto try_again;
+                        strcpy(bp, qname);
+                        host.h_name = bp;
+                        bp += n;
+                        buflen -= n;
                 }
+                if (_res.options & RES_USE_INET6)
+                        map_v4v6_hostent(&host, &bp, &buflen);
+                h_errno = NETDB_SUCCESS;
                 return (&host);
-        } else {
-                h_errno = TRY_AGAIN;
-                return ((struct hostent *) NULL);
         }
+ try_again:
+        h_errno = TRY_AGAIN;
+        return (NULL);
 }
 
 struct hostent *
 gethostbyname(name)
         const char *name;
 {
+        struct hostent *hp;
+        extern struct hostent *_gethtbyname2();
+
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1)
+                return (_gethtbyname2(name, AF_INET));
+
+        if (_res.options & RES_USE_INET6) {
+                hp = gethostbyname2(name, AF_INET6);
+                if (hp)
+                        return (hp);
+        }
+        return (gethostbyname2(name, AF_INET));
+}
+
+struct hostent *
+gethostbyname2(name, af)
+        const char *name;
+        int af;
+{
         querybuf buf;
         register const char *cp;
-        int n, i;
-        extern struct hostent *_gethtbyname(), *_yp_gethtbyname();
+        char *bp;
+        int n, size, type, len, i;
+        extern struct hostent *_gethtbyname2(), *_yp_gethtbyname();
         register struct hostent *hp;
         char lookups[MAXDNSLUS];
 
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1)
+                return (_gethtbyname2(name, af));
+
+        switch (af) {
+        case AF_INET:
+                size = INADDRSZ;
+                type = T_A;
+                break;
+        case AF_INET6:
+                size = IN6ADDRSZ;
+                type = T_AAAA;
+                break;
+        default:
+                h_errno = NETDB_INTERNAL;
+                errno = EAFNOSUPPORT;
+                return (NULL);
+        }
+
+        host.h_addrtype = af;
+        host.h_length = size;
+
+        /*
+         * if there aren't any dots, it could be a user-level alias.
+         * this is also done in res_query() since we are not the only
+         * function that looks up host names.
+         */
+        if (!strchr(name, '.') && (cp = __hostalias(name)))
+                name = cp;
+
         /*
          * disallow names consisting only of digits/dots, unless
          * they end in a dot.
@@ -284,26 +497,59 @@ gethostbyname(name)
                                  * Fake up a hostent as if we'd actually
                                  * done a lookup.
                                  */
-                                if (!inet_aton(name, &host_addr)) {
+                                if (inet_pton(af, name, host_addr) <= 0) {
                                         h_errno = HOST_NOT_FOUND;
-                                        return((struct hostent *) NULL);
+                                        return (NULL);
                                 }
-                                host.h_name = (char *)name;
+                                strncpy(hostbuf, name, MAXHOSTNAMELEN-1);
+                                hostbuf[MAXHOSTNAMELEN-1] = '\0';
+                                bp = hostbuf + MAXHOSTNAMELEN;
+                                len = sizeof hostbuf - MAXHOSTNAMELEN;
+                                host.h_name = hostbuf;
                                 host.h_aliases = host_aliases;
                                 host_aliases[0] = NULL;
-                                host.h_addrtype = AF_INET;
-                                host.h_length = sizeof(u_int32_t);
-                                h_addr_ptrs[0] = (char *)&host_addr;
+                                h_addr_ptrs[0] = (char *)host_addr;
                                 h_addr_ptrs[1] = NULL;
                                 host.h_addr_list = h_addr_ptrs;
+                                if (_res.options & RES_USE_INET6)
+                                        map_v4v6_hostent(&host, &bp, &len);
+                                h_errno = NETDB_SUCCESS;
                                 return (&host);
                         }
                         if (!isdigit(*cp) && *cp != '.') 
                                 break;
                 }
-
-        if ((_res.options & RES_INIT) == 0 && res_init() == -1)
-                return (_gethtbyname(name));
+        if ((isxdigit(name[0]) && strchr(name, ':') != NULL) ||
+            name[0] == ':')
+                for (cp = name;; ++cp) {
+                        if (!*cp) {
+                                if (*--cp == '.')
+                                        break;
+                                /*
+                                 * All-IPv6-legal, no dot at the end.
+                                 * Fake up a hostent as if we'd actually
+                                 * done a lookup.
+                                 */
+                                if (inet_pton(af, name, host_addr) <= 0) {
+                                        h_errno = HOST_NOT_FOUND;
+                                        return (NULL);
+                                }
+                                strncpy(hostbuf, name, MAXHOSTNAMELEN-1);
+                                hostbuf[MAXHOSTNAMELEN-1] = '\0';
+                                bp = hostbuf + MAXHOSTNAMELEN;
+                                len = sizeof hostbuf - MAXHOSTNAMELEN;
+                                host.h_name = hostbuf;
+                                host.h_aliases = host_aliases;
+                                host_aliases[0] = NULL;
+                                h_addr_ptrs[0] = (char *)host_addr;
+                                h_addr_ptrs[1] = NULL;
+                                host.h_addr_list = h_addr_ptrs;
+                                h_errno = NETDB_SUCCESS;
+                                return (&host);
+                        }
+                        if (!isxdigit(*cp) && *cp != ':' && *cp != '.') 
+                                break;
+                }
 
         bcopy(_res.lookups, lookups, sizeof lookups);
         if (lookups[0] == '\0')
@@ -314,11 +560,13 @@ gethostbyname(name)
                 switch (lookups[i]) {
 #ifdef YP
                 case 'y':
-                        hp = _yp_gethtbyname(name);
+                        /* YP only supports AF_INET. */
+                        if (af == AF_INET)
+                                hp = _yp_gethtbyname(name);
                         break;
 #endif
                 case 'b':
-                        if ((n = res_search(name, C_IN, T_A, buf.buf,
+                        if ((n = res_search(name, C_IN, type, buf.buf,
                             sizeof(buf))) < 0) {
 #ifdef DEBUG
                                 if (_res.options & RES_DEBUG)
@@ -326,38 +574,79 @@ gethostbyname(name)
 #endif
                                 break;
                         }
-                        hp = getanswer(&buf, n, 0);
+                        hp = getanswer(&buf, n, name, type);
                         break;
                 case 'f':
-                        hp = _gethtbyname(name);
+                        hp = _gethtbyname2(name, af);
                         break;
                 }
         }
+        /* XXX h_errno not correct in all cases... */
         return (hp);
 }
 
 struct hostent *
-gethostbyaddr(addr, len, type)
-        const char *addr;
-        int len, type;
+gethostbyaddr(addr, len, af)
+        const char *addr;       /* XXX should have been def'd as u_char! */
+        int len, af;
 {
-        int n, i;
+        const u_char *uaddr = (const u_char *)addr;
+        static const u_char mapped[] = { 0,0, 0,0, 0,0, 0,0, 0,0, 0xff,0xff };
+        static const u_char tunnelled[] = { 0,0, 0,0, 0,0, 0,0, 0,0, 0,0 };
+        int n, size, i;
         querybuf buf;
         register struct hostent *hp;
-        char qbuf[MAXDNAME];
+        char qbuf[MAXDNAME+1], *qp;
         extern struct hostent *_gethtbyaddr(), *_yp_gethtbyaddr();
         char lookups[MAXDNSLUS];
         
-        if (type != AF_INET)
-                return ((struct hostent *) NULL);
-        (void)sprintf(qbuf, "%u.%u.%u.%u.in-addr.arpa",
-                ((unsigned)addr[3] & 0xff),
-                ((unsigned)addr[2] & 0xff),
-                ((unsigned)addr[1] & 0xff),
-                ((unsigned)addr[0] & 0xff));
-
         if ((_res.options & RES_INIT) == 0 && res_init() == -1)
-                return (_gethtbyaddr(addr, len, type));
+                return (_gethtbyaddr(addr, len, af));
+
+        if (af == AF_INET6 && len == IN6ADDRSZ &&
+            (!bcmp(uaddr, mapped, sizeof mapped) ||
+             !bcmp(uaddr, tunnelled, sizeof tunnelled))) {
+                /* Unmap. */
+                addr += sizeof mapped;
+                uaddr += sizeof mapped;
+                af = AF_INET;
+                len = INADDRSZ;
+        }
+        switch (af) {
+        case AF_INET:
+                size = INADDRSZ;
+                break;
+        case AF_INET6:
+                size = IN6ADDRSZ;
+                break;
+        default:
+                errno = EAFNOSUPPORT;
+                h_errno = NETDB_INTERNAL;
+                return (NULL);
+        }
+        if (size != len) {
+                errno = EINVAL;
+                h_errno = NETDB_INTERNAL;
+                return (NULL);
+        }
+        switch (af) {
+        case AF_INET:
+                (void) sprintf(qbuf, "%u.%u.%u.%u.in-addr.arpa",
+                               (uaddr[3] & 0xff),
+                               (uaddr[2] & 0xff),
+                               (uaddr[1] & 0xff),
+                               (uaddr[0] & 0xff));
+                break;
+        case AF_INET6:
+                qp = qbuf;
+                for (n = IN6ADDRSZ - 1; n >= 0; n--) {
+                        qp += sprintf(qp, "%x.%x.",
+                                       uaddr[n] & 0xf,
+                                       (uaddr[n] >> 4) & 0xf);
+                }
+                strcpy(qp, "ip6.int");
+                break;
+        }
 
         bcopy(_res.lookups, lookups, sizeof lookups);
         if (lookups[0] == '\0')
@@ -368,11 +657,14 @@ gethostbyaddr(addr, len, type)
                 switch (lookups[i]) {
 #ifdef YP
                 case 'y':
-                        hp = _yp_gethtbyaddr(addr, len, type);
+                        /* YP only supports AF_INET. */
+                        if (af == AF_INET)
+                                hp = _yp_gethtbyaddr(addr);
                         break;
 #endif
                 case 'b':
-                        n = res_query(qbuf, C_IN, T_PTR, (char *)&buf, sizeof(buf));
+                        n = res_query(qbuf, C_IN, T_PTR, (u_char *)buf.buf,
+                            sizeof buf.buf);
                         if (n < 0) {
 #ifdef DEBUG
                                 if (_res.options & RES_DEBUG)
@@ -380,20 +672,27 @@ gethostbyaddr(addr, len, type)
 #endif
                                 break;
                         }
-                        hp = getanswer(&buf, n, 1);
-                        if (hp == NULL)
+                        if (!(hp = getanswer(&buf, n, qbuf, T_PTR)))
                                 break;
-                        hp->h_addrtype = type;
+                        hp->h_addrtype = af;
                         hp->h_length = len;
-                        h_addr_ptrs[0] = (char *)&host_addr;
-                        h_addr_ptrs[1] = (char *)0;
-                        host_addr = *(struct in_addr *)addr;
+                        bcopy(addr, host_addr, len);
+                        h_addr_ptrs[0] = (char *)host_addr;
+                        h_addr_ptrs[1] = NULL;
+                        if (af == AF_INET && (_res.options & RES_USE_INET6)) {
+                                map_v4v6_address((char*)host_addr,
+                                    (char*)host_addr);
+                                hp->h_addrtype = AF_INET6;
+                                hp->h_length = IN6ADDRSZ;
+                        }
+                        h_errno = NETDB_SUCCESS;
                         break;
                 case 'f':
-                        hp = _gethtbyaddr(addr, len, type);
+                        hp = _gethtbyaddr(addr, len, af);
                         break;
                 }
         }
+        /* XXX h_errno not correct in all cases... */
         return (hp);
 }
 
@@ -422,35 +721,57 @@ _gethtent()
 {
         char *p;
         register char *cp, **q;
+        int af;
+        size_t len;
 
-        if (hostf == NULL && (hostf = fopen(_PATH_HOSTS, "r" )) == NULL)
+        if (!hostf && !(hostf = fopen(_PATH_HOSTS, "r" ))) {
+                h_errno = NETDB_INTERNAL;
                 return (NULL);
-again:
-        if ((p = fgets(hostbuf, BUFSIZ, hostf)) == NULL)
+        }
+ again:
+        if ((p = fgetln(hostf, &len)) == NULL) {
+                h_errno = HOST_NOT_FOUND;
                 return (NULL);
-        if (*p == '#')
+        }
+        if (p[len-1] == '\n')
+                len--;
+        if (len >= sizeof(hostbuf) || len == 0)
                 goto again;
-        cp = strpbrk(p, "#\n");
-        if (cp == NULL)
+        p = memcpy(hostbuf, p, len);
+        hostbuf[len] = '\0';
+        if (*p == '#')
                 goto again;
-        *cp = '\0';
-        cp = strpbrk(p, " \t");
-        if (cp == NULL)
+        if ((cp = strchr(p, '#')))
+                *cp = '\0';
+        if (!(cp = strpbrk(p, " \t")))
                 goto again;
         *cp++ = '\0';
-        /* THIS STUFF IS INTERNET SPECIFIC */
-        h_addr_ptrs[0] = (char *)&host_addr;
+        if ((_res.options & RES_USE_INET6) &&
+            inet_pton(AF_INET6, p, host_addr) > 0) {
+                af = AF_INET6;
+                len = IN6ADDRSZ;
+        } else if (inet_pton(AF_INET, p, host_addr) > 0) {
+                if (_res.options & RES_USE_INET6) {
+                        map_v4v6_address((char*)host_addr, (char*)host_addr);
+                        af = AF_INET6;
+                        len = IN6ADDRSZ;
+                } else {
+                        af = AF_INET;
+                        len = INADDRSZ;
+                }
+        } else {
+                goto again;
+        }
+        h_addr_ptrs[0] = (char *)host_addr;
         h_addr_ptrs[1] = NULL;
-        (void) inet_aton(p, &host_addr);
         host.h_addr_list = h_addr_ptrs;
-        host.h_length = sizeof(u_int32_t);
-        host.h_addrtype = AF_INET;
+        host.h_length = len;
+        host.h_addrtype = af;
         while (*cp == ' ' || *cp == '\t')
                 cp++;
         host.h_name = cp;
         q = host.h_aliases = host_aliases;
-        cp = strpbrk(cp, " \t");
-        if (cp != NULL) 
+        if ((cp = strpbrk(cp, " \t")))
                 *cp++ = '\0';
         while (cp && *cp) {
                 if (*cp == ' ' || *cp == '\t') {
@@ -459,70 +780,73 @@ again:
                 }
                 if (q < &host_aliases[MAXALIASES - 1])
                         *q++ = cp;
-                cp = strpbrk(cp, " \t");
-                if (cp != NULL)
+                if ((cp = strpbrk(cp, " \t")))
                         *cp++ = '\0';
         }
         *q = NULL;
+        if (_res.options & RES_USE_INET6) {
+                char *bp = hostbuf;
+                int buflen = sizeof hostbuf;
+
+                map_v4v6_hostent(&host, &bp, &buflen);
+        }
+        h_errno = NETDB_SUCCESS;
         return (&host);
 }
 
 struct hostent *
 _gethtbyname(name)
-        char *name;
+        const char *name;
+{
+        extern struct hostent *_gethtbyname2();
+        struct hostent *hp;
+
+        if (_res.options & RES_USE_INET6) {
+                hp = _gethtbyname2(name, AF_INET6);
+                if (hp)
+                        return (hp);
+        }
+        return (_gethtbyname2(name, AF_INET));
+}
+
+struct hostent *
+_gethtbyname2(name, af)
+        const char *name;
+        int af;
 {
         register struct hostent *p;
         register char **cp;
         
         _sethtent(0);
-        while (p = _gethtent()) {
+        while ((p = _gethtent())) {
+                if (p->h_addrtype != af)
+                        continue;
                 if (strcasecmp(p->h_name, name) == 0)
                         break;
                 for (cp = p->h_aliases; *cp != 0; cp++)
                         if (strcasecmp(*cp, name) == 0)
                                 goto found;
         }
-found:
+ found:
         _endhtent();
-        if (p==NULL)
-                h_errno = HOST_NOT_FOUND;
         return (p);
 }
 
 struct hostent *
-_gethtbyaddr(addr, len, type)
+_gethtbyaddr(addr, len, af)
         const char *addr;
-        int len, type;
+        int len, af;
 {
         register struct hostent *p;
 
         _sethtent(0);
-        while (p = _gethtent())
-                if (p->h_addrtype == type && !bcmp(p->h_addr, addr, len))
+        while ((p = _gethtent()))
+                if (p->h_addrtype == af && !bcmp(p->h_addr, addr, len))
                         break;
         _endhtent();
-        if (p==NULL)
-                h_errno = HOST_NOT_FOUND;
         return (p);
 }
 
-static int
-qcomp(a1, a2)
-        struct in_addr **a1, **a2;
-{
-        int pos1, pos2;
-
-        for (pos1 = 0; pos1 < _res.nsort; pos1++)
-                if (_res.sort_list[pos1].addr.s_addr ==
-                    ((*a1)->s_addr & _res.sort_list[pos1].mask))
-                        break;
-        for (pos2 = 0; pos2 < _res.nsort; pos2++)
-                if (_res.sort_list[pos2].addr.s_addr ==
-                    ((*a2)->s_addr & _res.sort_list[pos2].mask))
-                        break;
-        return pos1 - pos2;
-}
-
 #ifdef YP
 struct hostent *
 _yphostent(line)
@@ -537,7 +861,7 @@ _yphostent(line)
 
         host.h_name = NULL;
         host.h_addr_list = h_addr_ptrs;
-        host.h_length = sizeof(u_int32_t);
+        host.h_length = INADDRSZ;
         host.h_addrtype = AF_INET;
         hap = h_addr_ptrs;
         buf = host_addrs;
@@ -598,9 +922,8 @@ done:
 }
 
 struct hostent *
-_yp_gethtbyaddr(addr, len, type)
+_yp_gethtbyaddr(addr)
         const char *addr;
-        int len, type;
 {
         struct hostent *hp = (struct hostent *)NULL;
         static char *__ypcurrent;
@@ -636,6 +959,8 @@ _yp_gethtbyname(name)
         static char *__ypcurrent;
         int __ypcurrentlen, r;
 
+        if (strlen(name) >= MAXHOSTNAMELEN)
+                return (NULL);
         if (!__ypdomain) {
                 if (_yp_check(&__ypdomain) == 0)
                         return (hp);
@@ -645,10 +970,110 @@ _yp_gethtbyname(name)
         __ypcurrent = NULL;
         r = yp_match(__ypdomain, "hosts.byname", name,
                 strlen(name), &__ypcurrent, &__ypcurrentlen);
-        if (r==0)
+        if (r == 0)
                 hp = _yphostent(__ypcurrent);
-        if (hp==NULL)
+        if (hp == NULL)
                 h_errno = HOST_NOT_FOUND;
         return (hp);
 }
 #endif
+
+static void
+map_v4v6_address(src, dst)
+        const char *src;
+        char *dst;
+{
+        u_char *p = (u_char *)dst;
+        char tmp[INADDRSZ];
+        int i;
+
+        /* Stash a temporary copy so our caller can update in place. */
+        bcopy(src, tmp, INADDRSZ);
+        /* Mark this ipv6 addr as a mapped ipv4. */
+        for (i = 0; i < 10; i++)
+                *p++ = 0x00;
+        *p++ = 0xff;
+        *p++ = 0xff;
+        /* Retrieve the saved copy and we're done. */
+        bcopy(tmp, (void*)p, INADDRSZ);
+}
+
+static void
+map_v4v6_hostent(hp, bpp, lenp)
+        struct hostent *hp;
+        char **bpp;
+        int *lenp;
+{
+        char **ap;
+
+        if (hp->h_addrtype != AF_INET || hp->h_length != INADDRSZ)
+                return;
+        hp->h_addrtype = AF_INET6;
+        hp->h_length = IN6ADDRSZ;
+        for (ap = hp->h_addr_list; *ap; ap++) {
+                int i = sizeof(align) - ((u_long)*bpp % sizeof(align));
+
+                if (*lenp < (i + IN6ADDRSZ)) {
+                        /* Out of memory.  Truncate address list here.  XXX */
+                        *ap = NULL;
+                        return;
+                }
+                *bpp += i;
+                *lenp -= i;
+                map_v4v6_address(*ap, *bpp);
+                *ap = *bpp;
+                *bpp += IN6ADDRSZ;
+                *lenp -= IN6ADDRSZ;
+        }
+}
+
+struct hostent *
+gethostent()
+{
+        return (_gethtent());
+}
+
+#ifdef RESOLVSORT
+static void
+addrsort(ap, num)
+        char **ap;
+        int num;
+{
+        int i, j;
+        char **p;
+        short aval[MAXADDRS];
+        int needsort = 0;
+
+        p = ap;
+        for (i = 0; i < num; i++, p++) {
+            for (j = 0 ; (unsigned)j < _res.nsort; j++)
+                if (_res.sort_list[j].addr.s_addr == 
+                    (((struct in_addr *)(*p))->s_addr & _res.sort_list[j].mask))
+                        break;
+            aval[i] = j;
+            if (needsort == 0 && i > 0 && j < aval[i-1])
+                needsort = i;
+        }
+        if (!needsort)
+            return;
+
+        while (needsort < num) {
+            for (j = needsort - 1; j >= 0; j--) {
+                if (aval[j] > aval[j+1]) {
+                    char *hp;
+
+                    i = aval[j];
+                    aval[j] = aval[j+1];
+                    aval[j+1] = i;
+
+                    hp = ap[j];
+                    ap[j] = ap[j+1];
+                    ap[j+1] = hp;
+
+                } else
+                    break;
+            }
+            needsort++;
+        }
+}
+#endif
diff --git a/src/lib/libc/net/getnetbyaddr.c b/src/lib/libc/net/getnetbyaddr.c
index c193860e36..925d1d5895 100644
--- a/src/lib/libc/net/getnetbyaddr.c
+++ b/src/lib/libc/net/getnetbyaddr.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: getnetbyaddr.c,v 1.4 1995/02/25 06:20:30 cgd Exp $     */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)getnetbyaddr.c      8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: getnetbyaddr.c,v 1.4 1995/02/25 06:20:30 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: getnetbyaddr.c,v 1.5 1997/07/09 01:08:28 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <netdb.h>
@@ -46,14 +40,14 @@ static char rcsid[] = "$NetBSD: getnetbyaddr.c,v 1.4 1995/02/25 06:20:30 cgd Exp
 extern int _net_stayopen;
 
 struct netent *
-getnetbyaddr(net, type)
-        register long net;
+_getnetbyaddr(net, type)
+        register in_addr_t net;
         register int type;
 {
         register struct netent *p;
 
         setnetent(_net_stayopen);
-        while (p = getnetent())
+        while ((p = getnetent()))
                 if (p->n_addrtype == type && p->n_net == net)
                         break;
         if (!_net_stayopen)
diff --git a/src/lib/libc/net/getnetbyname.c b/src/lib/libc/net/getnetbyname.c
index 93a2e1256c..4e39cf6860 100644
--- a/src/lib/libc/net/getnetbyname.c
+++ b/src/lib/libc/net/getnetbyname.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: getnetbyname.c,v 1.4 1995/02/25 06:20:31 cgd Exp $     */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)getnetbyname.c      8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: getnetbyname.c,v 1.4 1995/02/25 06:20:31 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: getnetbyname.c,v 1.5 1997/07/09 01:08:29 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <netdb.h>
@@ -47,18 +41,18 @@ static char rcsid[] = "$NetBSD: getnetbyname.c,v 1.4 1995/02/25 06:20:31 cgd Exp
 extern int _net_stayopen;
 
 struct netent *
-getnetbyname(name)
+_getnetbyname(name)
         register const char *name;
 {
         register struct netent *p;
         register char **cp;
 
         setnetent(_net_stayopen);
-        while (p = getnetent()) {
-                if (strcmp(p->n_name, name) == 0)
+        while ((p = getnetent())) {
+                if (strcasecmp(p->n_name, name) == 0)
                         break;
                 for (cp = p->n_aliases; *cp != 0; cp++)
-                        if (strcmp(*cp, name) == 0)
+                        if (strcasecmp(*cp, name) == 0)
                                 goto found;
         }
 found:
diff --git a/src/lib/libc/net/getnetent.3 b/src/lib/libc/net/getnetent.3
index d4f0bedbf9..5864b75839 100644
--- a/src/lib/libc/net/getnetent.3
+++ b/src/lib/libc/net/getnetent.3
@@ -1,4 +1,4 @@
-.\"     $NetBSD: getnetent.3,v 1.3 1995/02/25 06:20:32 cgd Exp $
+.\"     $OpenBSD: getnetent.3,v 1.5 1998/03/16 05:06:56 millert Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -31,11 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)getnetent.3 8.1 (Berkeley) 6/4/93
-.\"
-.Dd June 4, 1993
+.Dd March 13, 1997
 .Dt GETNETENT 3
-.Os BSD 4.2
+.Os
 .Sh NAME
 .Nm getnetent ,
 .Nm getnetbyaddr ,
@@ -50,7 +48,7 @@
 .Ft struct netent *
 .Fn getnetbyname "char *name"
 .Ft struct netent *
-.Fn getnetbyaddr "long net" "int type"
+.Fn getnetbyaddr "in_addr_t net" "int type"
 .Fn setnetent "int stayopen"
 .Fn endnetent 
 .Sh DESCRIPTION
@@ -70,7 +68,7 @@ struct	netent {
         char            *n_name;        /* official name of net */
         char            **n_aliases;    /* alias list */
         int             n_addrtype;     /* net number type */
-        unsigned long   n_net;          /* net number */
+        in_addr_t       n_net;          /* net number */
 };
 .Ed
 .Pp
@@ -113,11 +111,10 @@ The
 function
 and
 .Fn getnetbyaddr
-sequentially search from the beginning
-of the file until a matching
-net name or
-net address and type is found,
-or until
+search the domain name server if the system is configured to use one.
+If the search fails, or no name server is configured, they sequentially
+search from the beginning of the file until a matching net name or
+net address and type is found, or until
 .Dv EOF
 is encountered.
 Network numbers are supplied in host order.
@@ -131,7 +128,8 @@ Null pointer
 .Dv EOF
 or error.
 .Sh SEE ALSO
-.Xr networks 5
+.Xr networks 5 ,
+.Xr resolver 3
 .Sh HISTORY
 The
 .Fn getnetent ,
@@ -143,11 +141,8 @@ and
 functions appeared in 
 .Bx 4.2 .
 .Sh BUGS
-The data space used by
-these functions is static; if future use requires the data, it should be
-copied before any subsequent calls to these functions overwrite it.
-Only Internet network
-numbers are currently understood.
-Expecting network numbers to fit
-in no more than 32 bits is probably
-naive.
+The data space used by these functions is static; if future use
+requires the data, it should be copied before any subsequent calls
+to these functions overwrite it.  Only Internet network numbers
+are currently understood.  Expecting network numbers to fit in no
+more than 32 bits is naive.
diff --git a/src/lib/libc/net/getnetent.c b/src/lib/libc/net/getnetent.c
index b4e16b8f5d..8f618a1d5e 100644
--- a/src/lib/libc/net/getnetent.c
+++ b/src/lib/libc/net/getnetent.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: getnetent.c,v 1.4 1995/02/25 06:20:33 cgd Exp $        */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)getnetent.c 8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: getnetent.c,v 1.4 1995/02/25 06:20:33 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: getnetent.c,v 1.8 1998/03/16 05:06:57 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
@@ -81,22 +75,27 @@ endnetent()
 struct netent *
 getnetent()
 {
-        char *p;
-        register char *cp, **q;
+        char *p, *cp, **q;
+        size_t len;
 
         if (netf == NULL && (netf = fopen(_PATH_NETWORKS, "r" )) == NULL)
                 return (NULL);
 again:
-        p = fgets(line, BUFSIZ, netf);
-        if (p == NULL)
+        if ((p = fgetln(netf, &len)) == NULL)
                 return (NULL);
-        if (*p == '#')
+        if (p[len-1] == '\n')
+                len--;
+        if (len >= sizeof(line) || len == 0)
                 goto again;
-        cp = strpbrk(p, "#\n");
-        if (cp == NULL)
+        p = memcpy(line, p, len);
+        line[len] = '\0';
+        if (*p == '#')
                 goto again;
-        *cp = '\0';
+        if ((cp = strchr(p, '#')) != NULL)
+                *cp = '\0';
         net.n_name = p;
+        if (strlen(net.n_name) >= MAXHOSTNAMELEN-1)
+                net.n_name[MAXHOSTNAMELEN-1] = '\0';
         cp = strpbrk(p, " \t");
         if (cp == NULL)
                 goto again;
@@ -116,8 +115,11 @@ again:
                         cp++;
                         continue;
                 }
-                if (q < &net_aliases[MAXALIASES - 1])
+                if (q < &net_aliases[MAXALIASES - 1]) {
                         *q++ = cp;
+                        if (strlen(cp) >= MAXHOSTNAMELEN-1)
+                                cp[MAXHOSTNAMELEN-1] = '\0';
+                }
                 cp = strpbrk(cp, " \t");
                 if (cp != NULL)
                         *cp++ = '\0';
diff --git a/src/lib/libc/net/getnetnamadr.c b/src/lib/libc/net/getnetnamadr.c
new file mode 100644
index 0000000000..de208bbac9
--- /dev/null
+++ b/src/lib/libc/net/getnetnamadr.c
@@ -0,0 +1,382 @@
+/*      $OpenBSD: getnetnamadr.c,v 1.10 1997/12/02 01:34:05 deraadt Exp $       */
+
+/*
+ * Copyright (c) 1997, Jason Downs.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Jason Downs for the
+ *      OpenBSD system.
+ * 4. Neither the name(s) of the author(s) nor the name OpenBSD
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/* Copyright (c) 1993 Carlos Leandro and Rui Salgueiro
+ *      Dep. Matematica Universidade de Coimbra, Portugal, Europe
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ */
+/*
+ * Copyright (c) 1983, 1993
+ *      The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char sccsid[] = "@(#)getnetbyaddr.c      8.1 (Berkeley) 6/4/93";
+static char sccsid_[] = "from getnetnamadr.c    1.4 (Coimbra) 93/06/03";
+static char rcsid[] = "$From: getnetnamadr.c,v 8.7 1996/08/05 08:31:35 vixie Exp $";
+#else
+static char rcsid[] = "$OpenBSD: getnetnamadr.c,v 1.10 1997/12/02 01:34:05 deraadt Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+
+#include <stdio.h>
+#include <netdb.h>
+#include <resolv.h>
+#include <ctype.h>
+#include <errno.h>
+#include <string.h>
+
+extern int h_errno;
+
+struct netent *_getnetbyaddr __P((in_addr_t net, int type));
+struct netent *_getnetbyname __P((const char *name));
+
+int _hokchar __P((const char *));
+
+#define BYADDR 0
+#define BYNAME 1
+#define MAXALIASES      35
+
+#if PACKETSZ > 1024
+#define MAXPACKET       PACKETSZ
+#else
+#define MAXPACKET       1024
+#endif
+
+typedef union {
+        HEADER  hdr;
+        u_char  buf[MAXPACKET];
+} querybuf;
+
+typedef union {
+        long    al;
+        char    ac;
+} align;
+
+static struct netent *
+getnetanswer(answer, anslen, net_i)
+        querybuf *answer;
+        int anslen;
+        int net_i;
+{
+
+        register HEADER *hp;
+        register u_char *cp;
+        register int n;
+        u_char *eom;
+        int type, class, buflen, ancount, qdcount, haveanswer, i, nchar;
+        char aux1[MAXHOSTNAMELEN], aux2[MAXHOSTNAMELEN], ans[MAXHOSTNAMELEN];
+        char *in, *st, *pauxt, *bp, **ap;
+        char *paux1 = &aux1[0], *paux2 = &aux2[0], flag = 0;
+        static  struct netent net_entry;
+        static  char *net_aliases[MAXALIASES], netbuf[BUFSIZ+1];
+
+        /*
+         * find first satisfactory answer
+         *
+         *      answer --> +------------+  ( MESSAGE )
+         *                 |   Header   |
+         *                 +------------+
+         *                 |  Question  | the question for the name server
+         *                 +------------+
+         *                 |   Answer   | RRs answering the question
+         *                 +------------+
+         *                 | Authority  | RRs pointing toward an authority
+         *                 | Additional | RRs holding additional information
+         *                 +------------+
+         */
+        eom = answer->buf + anslen;
+        hp = &answer->hdr;
+        ancount = ntohs(hp->ancount); /* #/records in the answer section */
+        qdcount = ntohs(hp->qdcount); /* #/entries in the question section */
+        bp = netbuf;
+        buflen = sizeof(netbuf);
+        cp = answer->buf + HFIXEDSZ;
+        if (!qdcount) {
+                if (hp->aa)
+                        h_errno = HOST_NOT_FOUND;
+                else
+                        h_errno = TRY_AGAIN;
+                return (NULL);
+        }
+        while (qdcount-- > 0)
+                cp += __dn_skipname(cp, eom) + QFIXEDSZ;
+        ap = net_aliases;
+        *ap = NULL;
+        net_entry.n_aliases = net_aliases;
+        haveanswer = 0;
+        while (--ancount >= 0 && cp < eom) {
+                n = dn_expand(answer->buf, eom, cp, bp, buflen);
+#ifdef USE_RESOLV_NAME_OK
+                if ((n < 0) || !res_dnok(bp))
+#else
+                if ((n < 0) || !_hokchar(bp))
+#endif
+                        break;
+                cp += n;
+                ans[0] = '\0';
+                (void)strncpy(&ans[0], bp, sizeof ans-1);
+                ans[sizeof ans-1] = '\0';
+                GETSHORT(type, cp);
+                GETSHORT(class, cp);
+                cp += INT32SZ;          /* TTL */
+                GETSHORT(n, cp);
+                if (class == C_IN && type == T_PTR) {
+                        n = dn_expand(answer->buf, eom, cp, bp, buflen);
+                        if ((n < 0) || !res_hnok(bp)) {
+                                cp += n;
+                                return (NULL);
+                        }
+                        cp += n; 
+                        *ap++ = bp;
+                        bp += strlen(bp) + 1;
+                        net_entry.n_addrtype =
+                                (class == C_IN) ? AF_INET : AF_UNSPEC;
+                        haveanswer++;
+                }
+        }
+        if (haveanswer) {
+                *ap = NULL;
+                switch (net_i) {
+                case BYADDR:
+                        net_entry.n_name = *net_entry.n_aliases;
+                        net_entry.n_net = 0L;
+                        break;
+                case BYNAME:
+                        in = *net_entry.n_aliases;
+                        net_entry.n_name = &ans[0];
+                        aux2[0] = '\0';
+                        for (i = 0; i < 4; i++) {
+                                for (st = in, nchar = 0;
+                                     *st != '.';
+                                     st++, nchar++)
+                                        ;
+                                if (nchar != 1 || *in != '0' || flag) {
+                                        flag = 1;
+                                        (void)strncpy(paux1,
+                                                      (i==0) ? in : in-1,
+                                                      (i==0) ?nchar : nchar+1);
+                                        paux1[(i==0) ? nchar : nchar+1] = '\0';
+                                        pauxt = paux2;
+                                        paux2 = strcat(paux1, paux2);
+                                        paux1 = pauxt;
+                                }
+                                in = ++st;
+                        }                 
+                        net_entry.n_net = inet_network(paux2);
+                        break;
+                }
+                net_entry.n_aliases++;
+                return (&net_entry);
+        }
+        h_errno = TRY_AGAIN;
+        return (NULL);
+}
+
+struct netent *
+getnetbyaddr(net, net_type)
+        register in_addr_t net;
+        register int net_type;
+{
+        unsigned int netbr[4];
+        int nn, anslen;
+        querybuf buf;
+        char qbuf[MAXDNAME];
+        in_addr_t net2;
+        struct netent *net_entry = NULL;
+        char lookups[MAXDNSLUS];
+        int i;
+
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1)
+                return(_getnetbyaddr(net, net_type));
+
+        bcopy(_res.lookups, lookups, sizeof lookups);
+        if (lookups[0] == '\0')
+                strncpy(lookups, "bf", sizeof lookups);
+
+        for (i = 0; i < MAXDNSLUS && lookups[i]; i++) {
+                switch (lookups[i]) {
+#ifdef YP
+                case 'y':
+                        /* There is no YP support. */
+                        break;
+#endif  /* YP */
+                case 'b':
+                        if (net_type != AF_INET)
+                                break;  /* DNS only supports AF_INET? */
+
+                        for (nn = 4, net2 = net; net2; net2 >>= 8)
+                                netbr[--nn] = net2 & 0xff;
+                        switch (nn) {
+                        case 3:         /* Class A */
+                                snprintf(qbuf, sizeof(qbuf),
+                                    "0.0.0.%u.in-addr.arpa", netbr[3]);
+                                break;
+                        case 2:         /* Class B */
+                                snprintf(qbuf, sizeof(qbuf),
+                                    "0.0.%u.%u.in-addr.arpa",
+                                    netbr[3], netbr[2]);
+                                break;
+                        case 1:         /* Class C */
+                                snprintf(qbuf, sizeof(qbuf),
+                                    "0.%u.%u.%u.in-addr.arpa",
+                                    netbr[3], netbr[2], netbr[1]);
+                                break;
+                        case 0:         /* Class D - E */
+                                snprintf(qbuf, sizeof(qbuf),
+                                    "%u.%u.%u.%u.in-addr.arpa",
+                                    netbr[3], netbr[2], netbr[1], netbr[0]);
+                                break;
+                        }
+                        anslen = res_query(qbuf, C_IN, T_PTR, (u_char *)&buf,
+                            sizeof(buf));
+                        if (anslen < 0) {
+#ifdef DEBUG
+                                if (_res.options & RES_DEBUG)
+                                        printf("res_query failed\n");
+#endif
+                                break;
+                        }
+                        net_entry = getnetanswer(&buf, anslen, BYADDR);
+                        if (net_entry != NULL) {
+                                unsigned u_net = net;   /* maybe net should be unsigned ? */
+
+                                /* Strip trailing zeros */
+                                while ((u_net & 0xff) == 0 && u_net != 0)
+                                        u_net >>= 8;
+                                net_entry->n_net = u_net;
+                                return (net_entry);
+                        }
+                        break;
+                case 'f':
+                        net_entry = _getnetbyaddr(net, net_type);
+                        if (net_entry != NULL)
+                                return (net_entry);
+                }
+        }
+
+        /* Nothing matched. */
+        return (NULL);
+}
+
+struct netent *
+getnetbyname(net)
+        register const char *net;
+{
+        int anslen;
+        querybuf buf;
+        char qbuf[MAXDNAME];
+        struct netent *net_entry = NULL;
+        char lookups[MAXDNSLUS];
+        int i;
+
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1)
+                return (_getnetbyname(net));
+
+        bcopy(_res.lookups, lookups, sizeof lookups);
+        if (lookups[0] == '\0')
+                strncpy(lookups, "bf", sizeof lookups);
+
+        for (i = 0; i < MAXDNSLUS && lookups[i]; i++) {
+                switch (lookups[i]) {
+#ifdef YP
+                case 'y':
+                        /* There is no YP support. */
+                        break;
+#endif  /* YP */
+                case 'b':
+                        strncpy(qbuf, net, sizeof qbuf-1);
+                        qbuf[sizeof qbuf-1] = '\0';
+                        anslen = res_search(qbuf, C_IN, T_PTR, (u_char *)&buf,
+                            sizeof(buf));
+                        if (anslen < 0) {
+#ifdef DEBUG
+                                if (_res.options & RES_DEBUG)
+                                        printf("res_query failed\n");
+#endif
+                                break;
+                        }
+                        net_entry = getnetanswer(&buf, anslen, BYNAME);
+                        if (net_entry != NULL)
+                                return (net_entry);
+                        break;
+                case 'f':
+                        net_entry = _getnetbyname(net);
+                        if (net_entry != NULL)
+                                return (net_entry);
+                        break;
+                }
+        }
+
+        /* Nothing matched. */
+        return (NULL);
+}
diff --git a/src/lib/libc/net/getproto.c b/src/lib/libc/net/getproto.c
index 49c09b0806..474d8d9427 100644
--- a/src/lib/libc/net/getproto.c
+++ b/src/lib/libc/net/getproto.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: getproto.c,v 1.4 1995/02/25 06:20:33 cgd Exp $ */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)getproto.c  8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: getproto.c,v 1.4 1995/02/25 06:20:33 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: getproto.c,v 1.3 1997/07/09 01:08:31 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <netdb.h>
@@ -52,7 +46,7 @@ getprotobynumber(proto)
         register struct protoent *p;
 
         setprotoent(_proto_stayopen);
-        while (p = getprotoent())
+        while ((p = getprotoent()))
                 if (p->p_proto == proto)
                         break;
         if (!_proto_stayopen)
diff --git a/src/lib/libc/net/getprotoent.3 b/src/lib/libc/net/getprotoent.3
index 8d607199ef..f67987954f 100644
--- a/src/lib/libc/net/getprotoent.3
+++ b/src/lib/libc/net/getprotoent.3
@@ -1,4 +1,4 @@
-.\"     $NetBSD: getprotoent.3,v 1.3 1995/02/25 06:20:34 cgd Exp $
+.\"     $OpenBSD: getprotoent.3,v 1.2 1996/08/19 08:28:50 tholo Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -31,8 +31,6 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)getprotoent.3       8.1 (Berkeley) 6/4/93
-.\"
 .Dd June 4, 1993
 .Dt GETPROTOENT 3
 .Os BSD 4.2
diff --git a/src/lib/libc/net/getprotoent.c b/src/lib/libc/net/getprotoent.c
index 1179b9029b..2bef526e7a 100644
--- a/src/lib/libc/net/getprotoent.c
+++ b/src/lib/libc/net/getprotoent.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: getprotoent.c,v 1.4 1995/02/25 06:20:35 cgd Exp $      */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)getprotoent.c       8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: getprotoent.c,v 1.4 1995/02/25 06:20:35 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: getprotoent.c,v 1.3 1998/03/16 05:06:59 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
@@ -80,20 +74,24 @@ endprotoent()
 struct protoent *
 getprotoent()
 {
-        char *p;
-        register char *cp, **q;
+        char *p, *cp, **q;
+        size_t len;
 
         if (protof == NULL && (protof = fopen(_PATH_PROTOCOLS, "r" )) == NULL)
                 return (NULL);
 again:
-        if ((p = fgets(line, BUFSIZ, protof)) == NULL)
+        if ((p = fgetln(protof, &len)) == NULL)
                 return (NULL);
-        if (*p == '#')
+        if (p[len-1] == '\n')
+                len--;
+        if (len >= sizeof(line) || len == 0)
                 goto again;
-        cp = strpbrk(p, "#\n");
-        if (cp == NULL)
+        p = memcpy(line, p, len);
+        line[len] = '\0';
+        if (*p == '#')
                 goto again;
-        *cp = '\0';
+        if ((cp = strchr(p, '#')) != NULL)
+                *cp = '\0';
         proto.p_name = p;
         cp = strpbrk(p, " \t");
         if (cp == NULL)
diff --git a/src/lib/libc/net/getprotoname.c b/src/lib/libc/net/getprotoname.c
index 4f8cf21c3f..7a4e5fede5 100644
--- a/src/lib/libc/net/getprotoname.c
+++ b/src/lib/libc/net/getprotoname.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: getprotoname.c,v 1.4 1995/02/25 06:20:36 cgd Exp $     */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)getprotoname.c      8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: getprotoname.c,v 1.4 1995/02/25 06:20:36 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: getprotoname.c,v 1.3 1997/07/09 01:08:32 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <netdb.h>
@@ -54,7 +48,7 @@ getprotobyname(name)
         register char **cp;
 
         setprotoent(_proto_stayopen);
-        while (p = getprotoent()) {
+        while ((p = getprotoent())) {
                 if (strcmp(p->p_name, name) == 0)
                         break;
                 for (cp = p->p_aliases; *cp != 0; cp++)
diff --git a/src/lib/libc/net/getservbyname.c b/src/lib/libc/net/getservbyname.c
index b4a6311966..25f0e27d06 100644
--- a/src/lib/libc/net/getservbyname.c
+++ b/src/lib/libc/net/getservbyname.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: getservbyname.c,v 1.4 1995/02/25 06:20:36 cgd Exp $    */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)getservbyname.c     8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: getservbyname.c,v 1.4 1995/02/25 06:20:36 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: getservbyname.c,v 1.3 1997/07/09 01:08:34 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <netdb.h>
@@ -54,7 +48,7 @@ getservbyname(name, proto)
         register char **cp;
 
         setservent(_serv_stayopen);
-        while (p = getservent()) {
+        while ((p = getservent())) {
                 if (strcmp(name, p->s_name) == 0)
                         goto gotname;
                 for (cp = p->s_aliases; *cp; cp++)
diff --git a/src/lib/libc/net/getservbyport.c b/src/lib/libc/net/getservbyport.c
index c34790737b..4b063760d2 100644
--- a/src/lib/libc/net/getservbyport.c
+++ b/src/lib/libc/net/getservbyport.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: getservbyport.c,v 1.4 1995/02/25 06:20:37 cgd Exp $    */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)getservbyport.c     8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: getservbyport.c,v 1.4 1995/02/25 06:20:37 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: getservbyport.c,v 1.3 1997/07/09 01:08:35 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <netdb.h>
@@ -54,7 +48,7 @@ getservbyport(port, proto)
         register struct servent *p;
 
         setservent(_serv_stayopen);
-        while (p = getservent()) {
+        while ((p = getservent())) {
                 if (p->s_port != port)
                         continue;
                 if (proto == 0 || strcmp(p->s_proto, proto) == 0)
diff --git a/src/lib/libc/net/getservent.3 b/src/lib/libc/net/getservent.3
index 9e0656be00..d1684c28c4 100644
--- a/src/lib/libc/net/getservent.3
+++ b/src/lib/libc/net/getservent.3
@@ -1,4 +1,4 @@
-.\"     $NetBSD: getservent.3,v 1.3 1995/02/25 06:20:38 cgd Exp $
+.\"     $OpenBSD: getservent.3,v 1.3 1996/08/30 02:00:11 millert Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -31,8 +31,6 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)getservent.3        8.3 (Berkeley) 1/12/94
-.\"
 .Dd January 12, 1994
 .Dt GETSERVENT 3
 .Os BSD 4.2
@@ -50,7 +48,7 @@
 .Ft struct servent *
 .Fn getservbyname "char *name" "char *proto"
 .Ft struct servent *
-.Fn getservbyport "int port" proto
+.Fn getservbyport "int port" "char *proto"
 .Ft void
 .Fn setservent "int stayopen"
 .Ft void
diff --git a/src/lib/libc/net/getservent.c b/src/lib/libc/net/getservent.c
index 316891450e..7d8cb6d8ca 100644
--- a/src/lib/libc/net/getservent.c
+++ b/src/lib/libc/net/getservent.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: getservent.c,v 1.4 1995/02/25 06:20:38 cgd Exp $       */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)getservent.c        8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: getservent.c,v 1.4 1995/02/25 06:20:38 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: getservent.c,v 1.4 1998/03/16 05:07:00 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
@@ -80,20 +74,24 @@ endservent()
 struct servent *
 getservent()
 {
-        char *p;
-        register char *cp, **q;
+        char *p, *cp, **q;
+        size_t len;
 
         if (servf == NULL && (servf = fopen(_PATH_SERVICES, "r" )) == NULL)
                 return (NULL);
 again:
-        if ((p = fgets(line, BUFSIZ, servf)) == NULL)
+        if ((p = fgetln(servf, &len)) == NULL)
                 return (NULL);
-        if (*p == '#')
+        if (p[len-1] == '\n')
+                len--;
+        if (len >= sizeof(line) || len == 0)
                 goto again;
-        cp = strpbrk(p, "#\n");
-        if (cp == NULL)
+        p = memcpy(line, p, len);
+        line[len] = '\0';
+        if (*p == '#')
                 goto again;
-        *cp = '\0';
+        if ((cp = strchr(p, '#')) != NULL)
+                *cp = '\0';
         serv.s_name = p;
         p = strpbrk(p, " \t");
         if (p == NULL)
@@ -105,7 +103,7 @@ again:
         if (cp == NULL)
                 goto again;
         *cp++ = '\0';
-        serv.s_port = htons((u_short)atoi(p));
+        serv.s_port = htons((in_port_t)atoi(p));
         serv.s_proto = cp;
         q = serv.s_aliases = serv_aliases;
         cp = strpbrk(cp, " \t");
diff --git a/src/lib/libc/net/herror.c b/src/lib/libc/net/herror.c
index 41adbf1055..737bb115a7 100644
--- a/src/lib/libc/net/herror.c
+++ b/src/lib/libc/net/herror.c
@@ -1,9 +1,11 @@
-/*      $NetBSD: herror.c,v 1.5 1995/02/25 06:20:39 cgd Exp $   */
+/*      $OpenBSD: herror.c,v 1.4 1997/03/13 19:07:28 downsj Exp $       */
 
-/*-
+/*
+ * ++Copyright++ 1987, 1993
+ * -
  * Copyright (c) 1987, 1993
- *      The Regents of the University of California.  All rights reserved.
- *
+ *    The Regents of the University of California.  All rights reserved.
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -14,12 +16,12 @@
  *    documentation and/or other materials provided with the distribution.
  * 3. All advertising materials mentioning features or use of this software
  *    must display the following acknowledgement:
- *      This product includes software developed by the University of
- *      California, Berkeley and its contributors.
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
  * 4. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -56,26 +58,27 @@
 #if defined(LIBC_SCCS) && !defined(lint)
 #if 0
 static char sccsid[] = "@(#)herror.c    8.1 (Berkeley) 6/4/93";
-static char rcsid[] = "$Id: herror.c,v 4.9.1.1 1993/05/02 23:14:35 vixie Rel ";
+static char rcsid[] = "$From: herror.c,v 8.3 1996/08/05 08:31:35 vixie Exp $";
 #else
-static char rcsid[] = "$NetBSD: herror.c,v 1.5 1995/02/25 06:20:39 cgd Exp $";
+static char rcsid[] = "$OpenBSD: herror.c,v 1.4 1997/03/13 19:07:28 downsj Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
+#include <sys/param.h>
 #include <sys/uio.h>
 #include <netdb.h>
 #include <unistd.h>
 #include <string.h>
 
-char    *h_errlist[] = {
-        "Error 0",
+const char *h_errlist[] = {
+        "Resolver Error 0 (no error)",
         "Unknown host",                         /* 1 HOST_NOT_FOUND */
         "Host name lookup failure",             /* 2 TRY_AGAIN */
         "Unknown server error",                 /* 3 NO_RECOVERY */
         "No address associated with name",      /* 4 NO_ADDRESS */
 };
-int     h_nerr = { sizeof(h_errlist)/sizeof(h_errlist[0]) };
+int     h_nerr = { sizeof h_errlist / sizeof h_errlist[0] };
 
 extern int      h_errno;
 
@@ -98,8 +101,7 @@ herror(s)
                 v->iov_len = 2;
                 v++;
         }
-        v->iov_base = (u_int)h_errno < h_nerr ?
-            h_errlist[h_errno] : "Unknown error";
+        v->iov_base = (char *)hstrerror(h_errno);
         v->iov_len = strlen(v->iov_base);
         v++;
         v->iov_base = "\n";
@@ -107,9 +109,13 @@ herror(s)
         writev(STDERR_FILENO, iov, (v - iov) + 1);
 }
 
-char *
+const char *
 hstrerror(err)
         int err;
 {
-        return (u_int)err < h_nerr ? h_errlist[err] : "Unknown resolver error";
+        if (err < 0)
+                return ("Resolver internal error");
+        else if (err < h_nerr)
+                return (h_errlist[err]);
+        return ("Unknown resolver error");
 }
diff --git a/src/lib/libc/net/htonl.c b/src/lib/libc/net/htonl.c
index ac85cb0fd7..73b7432731 100644
--- a/src/lib/libc/net/htonl.c
+++ b/src/lib/libc/net/htonl.c
@@ -1,29 +1,25 @@
-/*      $NetBSD: htonl.c,v 1.5 1995/04/28 23:25:14 jtc Exp $    */
-
 /*
  * Written by J.T. Conklin <jtc@netbsd.org>.
  * Public domain.
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$NetBSD: htonl.c,v 1.5 1995/04/28 23:25:14 jtc Exp $";
-#endif
+static char *rcsid = "$OpenBSD: htonl.c,v 1.4 1996/12/12 03:19:55 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
 #include <machine/endian.h>
 
 #undef htonl
 
-unsigned long
+u_int32_t
 htonl(x)
-        unsigned long x;
+        u_int32_t x;
 {
-        u_int32_t y = x;
-
 #if BYTE_ORDER == LITTLE_ENDIAN
-        u_char *s = (u_char *)&y;
-        return s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3];
+        u_char *s = (u_char *)&x;
+        return (u_int32_t)(s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3]);
 #else
-        return y;
+        return x;
 #endif
 }
diff --git a/src/lib/libc/net/htons.c b/src/lib/libc/net/htons.c
index b2500a51d1..47cf25952d 100644
--- a/src/lib/libc/net/htons.c
+++ b/src/lib/libc/net/htons.c
@@ -1,26 +1,28 @@
-/*      $NetBSD: htons.c,v 1.5 1995/04/28 23:25:19 jtc Exp $    */
-
 /*
  * Written by J.T. Conklin <jtc@netbsd.org>.
  * Public domain.
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$NetBSD: htons.c,v 1.5 1995/04/28 23:25:19 jtc Exp $";
-#endif
+static char *rcsid = "$OpenBSD: htons.c,v 1.6 1997/07/25 20:30:07 mickey Exp $";
+#endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
 #include <machine/endian.h>
 
 #undef htons
 
-unsigned short
+u_int16_t
+#ifdef __STDC__
+htons(u_int16_t x)
+#else
 htons(x)
-        unsigned short x;
+        u_int16_t x;
+#endif
 {
 #if BYTE_ORDER == LITTLE_ENDIAN
         u_char *s = (u_char *) &x;
-        return s[0] << 8 | s[1];
+        return (u_int16_t)(s[0] << 8 | s[1]);
 #else
         return x;
 #endif
diff --git a/src/lib/libc/net/inet.3 b/src/lib/libc/net/inet.3
index 49bac97e96..2fb86cd927 100644
--- a/src/lib/libc/net/inet.3
+++ b/src/lib/libc/net/inet.3
@@ -1,4 +1,5 @@
-.\"     $NetBSD: inet.3,v 1.4 1995/02/27 09:45:26 chopps Exp $
+.\"     $OpenBSD: inet.3,v 1.4 1997/06/23 04:01:11 millert Exp $
+.\"     $NetBSD: inet.3,v 1.7 1997/06/18 02:25:24 lukem Exp $
 .\"
 .\" Copyright (c) 1983, 1990, 1991, 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -33,36 +34,42 @@
 .\"
 .\"     @(#)inet.3      8.1 (Berkeley) 6/4/93
 .\"
-.Dd June 4, 1993
+.Dd June 18, 1997
 .Dt INET 3
 .Os BSD 4.2
 .Sh NAME
-.Nm inet_aton ,
 .Nm inet_addr ,
+.Nm inet_aton ,
+.Nm inet_lnaof ,
+.Nm inet_makeaddr ,
+.Nm inet_netof ,
 .Nm inet_network ,
 .Nm inet_ntoa ,
-.Nm inet_makeaddr ,
-.Nm inet_lnaof ,
-.Nm inet_netof
+.Nm inet_ntop ,
+.Nm inet_pton
 .Nd Internet address manipulation routines
 .Sh SYNOPSIS
 .Fd #include <sys/socket.h>
 .Fd #include <netinet/in.h>
 .Fd #include <arpa/inet.h>
-.Ft int 
-.Fn inet_aton "const char *cp" "struct in_addr *pin"
-.Ft unsigned long 
+.Ft in_addr_t
 .Fn inet_addr "const char *cp"
-.Ft unsigned long 
+.Ft int
+.Fn inet_aton "const char *cp" "struct in_addr *addr"
+.Ft in_addr_t
+.Fn inet_lnaof "struct in_addr in"
+.Ft struct in_addr
+.Fn inet_makeaddr "unsigned long net" "unsigned long lna"
+.Ft in_addr_t
+.Fn inet_netof "struct in_addr in"
+.Ft in_addr_t
 .Fn inet_network "const char *cp"
 .Ft char *
 .Fn inet_ntoa "struct in_addr in"
-.Ft struct in_addr 
-.Fn inet_makeaddr "int net" "int lna"
-.Ft unsigned long 
-.Fn inet_lnaof "struct in_addr in"
-.Ft unsigned long 
-.Fn inet_netof "struct in_addr in"
+.Ft const char *
+.Fn inet_ntop "int af" "const void *src" "char *dst" "size_t size"
+.Ft int
+.Fn inet_pton "int af" "const char *src" "void *dst"
 .Sh DESCRIPTION
 The routines
 .Fn inet_aton ,
@@ -74,6 +81,17 @@ numbers expressed in the Internet standard
 .Ql \&.
 notation.
 The
+.Fn inet_pton
+function converts a presentation format address (that is, printable form
+as held in a character string) to network format (usually a
+.Ft struct in_addr
+or some other internal binary representation, in network byte order).  It
+returns 1 if the address was valid for the specified address family, or
+0 if the address wasn't parseable in the specified address family, or -1
+if some system error occurred (in which case
+.Va errno
+will have been set).  This function is presently valid for AF_INET and
+AF_INET6.  The
 .Fn inet_aton
 routine interprets the specified character string as an Internet address,
 placing the address into the structure provided.
@@ -86,6 +104,16 @@ and
 functions return numbers suitable for use
 as Internet addresses and Internet network
 numbers, respectively.
+.Pp
+The function
+.Fn inet_ntop
+converts an address from network format (usually a
+.Ft struct in_addr
+or some other binary form, in network byte order) to presentation format
+(suitable for external display purposes).  It returns NULL if a system
+error occurs (in which case,
+.Va errno
+will have been set), or it returns a pointer to the destination string.
 The routine
 .Fn inet_ntoa
 takes an Internet address and returns an
@@ -108,7 +136,7 @@ All Internet addresses are returned in network
 order (bytes ordered from left to right).
 All network numbers and local address parts are
 returned as machine format integer values.
-.Sh INTERNET ADDRESSES
+.Sh INTERNET ADDRESSES (IP VERSION 4)
 Values specified using the
 .Ql \&.
 notation take one
@@ -124,15 +152,14 @@ When four parts are specified, each is interpreted
 as a byte of data and assigned, from left to right,
 to the four bytes of an Internet address.  Note
 that when an Internet address is viewed as a 32-bit
-integer quantity on the
-.Tn VAX
-the bytes referred to
-above appear as
+integer quantity on a system that uses little-endian
+byte order (such as the 
+.Tn Intel 386, 486
+and
+.Tn Pentium
+processors) the bytes referred to above appear as
 .Dq Li d.c.b.a .
-That is,
-.Tn VAX
-bytes are
-ordered from right to left.
+That is, little-endian bytes are ordered from right to left.
 .Pp
 When a three part address is specified, the last
 part is interpreted as a 16-bit quantity and placed
@@ -161,6 +188,68 @@ may be decimal, octal, or hexadecimal, as specified
 in the C language (i.e., a leading 0x or 0X implies
 hexadecimal; otherwise, a leading 0 implies octal;
 otherwise, the number is interpreted as decimal).
+.Sh INTERNET ADDRESSES (IP VERSION 6)
+The presentation format of an IPv6 address is given in [RFC1884 2.2]:
+.Pp
+There are three conventional forms for representing IPv6 addresses as
+text strings:
+.Bl -enum
+.It
+The preferred form is x:x:x:x:x:x:x:x, where the 'x's are the
+hexadecimal values of the eight 16-bit pieces of the address.
+Examples:
+.Bd -literal -offset indent
+FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
+1080:0:0:0:8:800:200C:417A
+.Ed
+.Pp
+Note that it is not necessary to write the leading zeros in an
+individual field, but there must be at least one numeral in
+every field (except for the case described in 2.).
+.It
+Due to the method of allocating certain styles of IPv6
+addresses, it will be common for addresses to contain long
+strings of zero bits.  In order to make writing addresses
+.Pp
+containing zero bits easier a special syntax is available to
+compress the zeros.  The use of ``::'' indicates multiple groups
+of 16-bits of zeros.  The ``::'' can only appear once in an
+address.  The ``::'' can also be used to compress the leading
+and/or trailing zeros in an address.
+.Pp
+For example the following addresses:
+.Bd -literal -offset indent
+1080:0:0:0:8:800:200C:417A  a unicast address
+FF01:0:0:0:0:0:0:43         a multicast address
+0:0:0:0:0:0:0:1             the loopback address
+0:0:0:0:0:0:0:0             the unspecified addresses
+.Ed
+.Pp
+may be represented as:
+.Bd -literal -offset indent
+1080::8:800:200C:417A       a unicast address
+FF01::43                    a multicast address
+::1                         the loopback address
+::                          the unspecified addresses
+.Ed
+.It
+An alternative form that is sometimes more convenient when
+dealing with a mixed environment of IPv4 and IPv6 nodes is
+x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values
+of the six high-order 16-bit pieces of the address, and the 'd's
+are the decimal values of the four low-order 8-bit pieces of the
+address (standard IPv4 representation).  Examples:
+.Bd -literal -offset indent
+0:0:0:0:0:0:13.1.68.3
+0:0:0:0:0:FFFF:129.144.52.38
+.Ed
+.Pp
+or in compressed form:
+.Bd -literal -offset indent
+::13.1.68.3
+::FFFF:129.144.52.38
+.Ed
+.El
 .Sh DIAGNOSTICS
 The constant
 .Dv INADDR_NONE
@@ -170,14 +259,44 @@ and
 .Fn inet_network
 for malformed requests.
 .Sh SEE ALSO
+.Xr byteorder 3 ,
 .Xr gethostbyname 3 ,
 .Xr getnetent 3 ,
+.Xr inet_net 3 ,
 .Xr hosts 5 ,
-.Xr networks 5 ,
+.Xr networks 5
+.Sh STANDARDS
+The
+.Nm inet_ntop
+and
+.Nm inet_pton
+functions conforms to the IETF IPng BSD API and address formatting
+specifications.  Note that
+.Nm inet_pton
+does not accept 1-, 2-, or 3-part  dotted addresses; all four parts
+must be specified.  This is a narrower input set than that accepted by
+.Nm inet_aton .
 .Sh HISTORY
-These
-functions appeared in 
+The 
+.Nm inet_addr ,
+.Nm inet_network ,
+.Nm inet_makeaddr ,
+.Nm inet_lnaof
+and
+.Nm inet_netof
+functions appeared in
 .Bx 4.2 .
+The
+.Nm inet_aton
+and
+.Nm inet_ntoa
+functions appeared in
+.Bx 4.3 .
+The
+.Nm inet_pton
+and
+.Nm inet_ntop
+functions appeared in BIND 4.9.4.
 .Sh BUGS
 The value
 .Dv INADDR_NONE
@@ -187,11 +306,14 @@ cannot return that value without indicating failure.
 The newer
 .Fn inet_aton
 function does not share this problem.
+.Pp
 The problem of host byte ordering versus network byte ordering is
 confusing.
+.Pp
 The string returned by
 .Fn inet_ntoa
 resides in a static memory area.
 .Pp
-Inet_addr should return a
-.Fa struct in_addr .
+.Fn inet_addr
+should return a
+.Fa "struct in_addr" .
diff --git a/src/lib/libc/net/inet_addr.c b/src/lib/libc/net/inet_addr.c
index b5b9d8302f..5e4dcdafb2 100644
--- a/src/lib/libc/net/inet_addr.c
+++ b/src/lib/libc/net/inet_addr.c
@@ -1,9 +1,11 @@
-/*      $NetBSD: inet_addr.c,v 1.5 1995/02/25 06:20:41 cgd Exp $        */
+/*      $OpenBSD: inet_addr.c,v 1.5 1997/04/05 21:13:10 millert Exp $   */
 
 /*
+ * ++Copyright++ 1983, 1990, 1993
+ * -
  * Copyright (c) 1983, 1990, 1993
- *      The Regents of the University of California.  All rights reserved.
- *
+ *    The Regents of the University of California.  All rights reserved.
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -14,12 +16,12 @@
  *    documentation and/or other materials provided with the distribution.
  * 3. All advertising materials mentioning features or use of this software
  *    must display the following acknowledgement:
- *      This product includes software developed by the University of
- *      California, Berkeley and its contributors.
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
  * 4. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -31,16 +33,38 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ * -
+ * Portions Copyright (c) 1993 by Digital Equipment Corporation.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies, and that
+ * the name of Digital Equipment Corporation not be used in advertising or
+ * publicity pertaining to distribution of the document or software without
+ * specific, written prior permission.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
+ * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ * -
+ * --Copyright--
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
 #if 0
 static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
+static char rcsid[] = "$From: inet_addr.c,v 8.5 1996/08/05 08:31:35 vixie Exp $";
 #else
-static char rcsid[] = "$NetBSD: inet_addr.c,v 1.5 1995/02/25 06:20:41 cgd Exp $";
+static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.5 1997/04/05 21:13:10 millert Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
+#include <sys/types.h>
 #include <sys/param.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -50,7 +74,7 @@ static char rcsid[] = "$NetBSD: inet_addr.c,v 1.5 1995/02/25 06:20:41 cgd Exp $"
  * Ascii internet address interpretation routine.
  * The value returned is in network order.
  */
-u_long
+in_addr_t
 inet_addr(cp)
         register const char *cp;
 {
@@ -73,56 +97,58 @@ inet_aton(cp, addr)
         register const char *cp;
         struct in_addr *addr;
 {
-        register u_long val;
+        register in_addr_t val;
         register int base, n;
         register char c;
         u_int parts[4];
         register u_int *pp = parts;
 
+        c = *cp;
         for (;;) {
                 /*
                  * Collect number up to ``.''.
                  * Values are specified as for C:
-                 * 0x=hex, 0=octal, other=decimal.
+                 * 0x=hex, 0=octal, isdigit=decimal.
                  */
+                if (!isdigit(c))
+                        return (0);
                 val = 0; base = 10;
-                if (*cp == '0') {
-                        if (*++cp == 'x' || *cp == 'X')
-                                base = 16, cp++;
+                if (c == '0') {
+                        c = *++cp;
+                        if (c == 'x' || c == 'X')
+                                base = 16, c = *++cp;
                         else
                                 base = 8;
                 }
-                while ((c = *cp) != '\0') {
+                for (;;) {
                         if (isascii(c) && isdigit(c)) {
                                 val = (val * base) + (c - '0');
-                                cp++;
-                                continue;
-                        }
-                        if (base == 16 && isascii(c) && isxdigit(c)) {
-                                val = (val << 4) + 
+                                c = *++cp;
+                        } else if (base == 16 && isascii(c) && isxdigit(c)) {
+                                val = (val << 4) |
                                         (c + 10 - (islower(c) ? 'a' : 'A'));
-                                cp++;
-                                continue;
-                        }
-                        break;
+                                c = *++cp;
+                        } else
+                                break;
                 }
-                if (*cp == '.') {
+                if (c == '.') {
                         /*
                          * Internet format:
                          *      a.b.c.d
-                         *      a.b.c   (with c treated as 16-bits)
+                         *      a.b.c   (with c treated as 16 bits)
                          *      a.b     (with b treated as 24 bits)
                          */
-                        if (pp >= parts + 3 || val > 0xff)
+                        if (pp >= parts + 3)
                                 return (0);
-                        *pp++ = val, cp++;
+                        *pp++ = val;
+                        c = *++cp;
                 } else
                         break;
         }
         /*
          * Check for trailing characters.
          */
-        if (*cp && (!isascii(*cp) || !isspace(*cp)))
+        if (c != '\0' && (!isascii(c) || !isspace(c)))
                 return (0);
         /*
          * Concoct the address according to
@@ -131,6 +157,9 @@ inet_aton(cp, addr)
         n = pp - parts + 1;
         switch (n) {
 
+        case 0:
+                return (0);             /* initial nondigit */
+
         case 1:                         /* a -- 32 bits */
                 break;
 
diff --git a/src/lib/libc/net/inet_lnaof.c b/src/lib/libc/net/inet_lnaof.c
index ce1257bf68..6aed18699b 100644
--- a/src/lib/libc/net/inet_lnaof.c
+++ b/src/lib/libc/net/inet_lnaof.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: inet_lnaof.c,v 1.4 1995/02/25 06:20:42 cgd Exp $       */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)inet_lnaof.c        8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: inet_lnaof.c,v 1.4 1995/02/25 06:20:42 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: inet_lnaof.c,v 1.3 1997/04/05 21:13:11 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -50,11 +44,11 @@ static char rcsid[] = "$NetBSD: inet_lnaof.c,v 1.4 1995/02/25 06:20:42 cgd Exp $
  * internet address; handles class a/b/c network
  * number formats.
  */
-u_long
+in_addr_t
 inet_lnaof(in)
         struct in_addr in;
 {
-        register u_long i = ntohl(in.s_addr);
+        register in_addr_t i = ntohl(in.s_addr);
 
         if (IN_CLASSA(i))
                 return ((i)&IN_CLASSA_HOST);
diff --git a/src/lib/libc/net/inet_makeaddr.c b/src/lib/libc/net/inet_makeaddr.c
index 84d366e03a..196a589e4c 100644
--- a/src/lib/libc/net/inet_makeaddr.c
+++ b/src/lib/libc/net/inet_makeaddr.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: inet_makeaddr.c,v 1.4 1995/02/25 06:20:42 cgd Exp $    */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)inet_makeaddr.c     8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: inet_makeaddr.c,v 1.4 1995/02/25 06:20:42 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: inet_makeaddr.c,v 1.3 1997/04/05 21:13:12 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -51,9 +45,9 @@ static char rcsid[] = "$NetBSD: inet_makeaddr.c,v 1.4 1995/02/25 06:20:42 cgd Ex
  */
 struct in_addr
 inet_makeaddr(net, host)
-        u_long net, host;
+        in_addr_t net, host;
 {
-        u_long addr;
+        in_addr_t addr;
 
         if (net < 128)
                 addr = (net << IN_CLASSA_NSHIFT) | (host & IN_CLASSA_HOST);
diff --git a/src/lib/libc/net/inet_net.3 b/src/lib/libc/net/inet_net.3
new file mode 100644
index 0000000000..1a42aff6ea
--- /dev/null
+++ b/src/lib/libc/net/inet_net.3
@@ -0,0 +1,149 @@
+.\"     $OpenBSD: inet_net.3,v 1.1 1997/06/23 03:37:26 millert Exp $
+.\"     $NetBSD: inet_net.3,v 1.1 1997/06/18 02:25:27 lukem Exp $
+.\"
+.\" Copyright (c) 1997 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Luke Mewburn.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"        This product includes software developed by the NetBSD
+.\"        Foundation, Inc. and its contributors.
+.\" 4. Neither the name of The NetBSD Foundation nor the names of its
+.\"    contributors may be used to endorse or promote products derived
+.\"    from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd June 18, 1997
+.Dt INET_NET 3
+.Os
+.Sh NAME
+.Nm inet_net_ntop ,
+.Nm inet_net_pton
+.Nd Internet network number manipulation routines
+.Sh SYNOPSIS
+.Fd #include <sys/socket.h>
+.Fd #include <netinet/in.h>
+.Fd #include <arpa/inet.h>
+.Ft char *
+.Fn inet_net_ntop "int af" "const void *src" "int bits" "char *dst" "size_t size"
+.Ft int
+.Fn inet_net_pton "int af" "const char *src" "void *dst" "size_t size"
+.Sh DESCRIPTION
+The
+.Fn inet_net_ntop
+function converts an Internet network number from network format (usually a
+.Ft struct in_addr
+or some other binary form, in network byte order) to CIDR presentation format
+(suitable for external display purposes).
+.Fa bits
+is the number of bits in
+.Fa src
+that are the network number.
+It returns NULL if a system error occurs (in which case,
+.Va errno
+will have been set), or it returns a pointer to the destination string.
+.Pp
+The
+.Fn inet_net_pton
+function converts a presentation format Internet network number (that is,
+printable form as held in a character string) to network format (usually a
+.Ft struct in_addr
+or some other internal binary representation, in network byte order).
+It returns the number of bits (either computed based on the class, or
+specified with /CIDR), or -1 if a failure occurred
+(in which case
+.Va errno
+will have been set.
+It will be set to
+.Er ENOENT
+if the Internet network number was not valid).
+.Pp
+The currently supported value for
+.Fa af
+is: AF_INET.
+.Fa size
+is the size of the result buffer
+.Fa dst .
+.Pp
+.Sh NETWORK NUMBERS (IP VERSION 4)
+Internet network numbers may be specified in one of the following forms:
+.Bd -literal -offset indent
+a.b.c.d/bits
+a.b.c.d
+a.b.c
+a.b
+a
+.Ed
+.Pp
+When four parts are specified, each is interpreted
+as a byte of data and assigned, from left to right,
+to the four bytes of an Internet network number.  Note
+that when an Internet network number is viewed as a 32-bit
+integer quantity on a system that uses little-endian
+byte order (such as the 
+.Tn Intel 386, 486
+and
+.Tn Pentium
+processors) the bytes referred to above appear as
+.Dq Li d.c.b.a .
+That is, little-endian bytes are ordered from right to left.
+.Pp
+When a three part number is specified, the last
+part is interpreted as a 16-bit quantity and placed
+in the right-most two bytes of the Internet network number.
+This makes the three part number format convenient
+for specifying Class B network numbers as
+.Dq Li 128.net.host .
+.Pp
+When a two part number is supplied, the last part
+is interpreted as a 24-bit quantity and placed in
+the right most three bytes of the Internet network number.
+This makes the two part number format convenient
+for specifying Class A network numbers as
+.Dq Li net.host .
+.Pp
+When only one part is given, the value is stored
+directly in the Internet network number without any byte
+rearrangement.
+.Pp
+All numbers supplied as
+.Dq parts
+in a
+.Ql  \&.
+notation
+may be decimal, octal, or hexadecimal, as specified
+in the C language (i.e., a leading 0x or 0X implies
+hexadecimal; otherwise, a leading 0 implies octal;
+otherwise, the number is interpreted as decimal).
+.Sh SEE ALSO
+.Xr byteorder 3 ,
+.Xr inet 3 ,
+.Xr networks 5
+.Sh HISTORY
+The
+.Nm inet_net_ntop
+and
+.Nm inet_net_pton
+functions first appeared in BIND 4.9.4.
diff --git a/src/lib/libc/net/inet_net_ntop.c b/src/lib/libc/net/inet_net_ntop.c
new file mode 100644
index 0000000000..943ec44550
--- /dev/null
+++ b/src/lib/libc/net/inet_net_ntop.c
@@ -0,0 +1,139 @@
+/*      $OpenBSD: inet_net_ntop.c,v 1.1 1997/03/13 19:07:30 downsj Exp $        */
+
+/*
+ * Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static const char rcsid[] = "$From: inet_net_ntop.c,v 8.2 1996/08/08 06:54:44 vixie Exp $";
+#else
+static const char rcsid[] = "$OpenBSD: inet_net_ntop.c,v 1.1 1997/03/13 19:07:30 downsj Exp $";
+#endif
+#endif
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+static char *   inet_net_ntop_ipv4 __P((const u_char *src, int bits,
+                                        char *dst, size_t size));
+
+/*
+ * char *
+ * inet_net_ntop(af, src, bits, dst, size)
+ *      convert network number from network to presentation format.
+ *      generates CIDR style result always.
+ * return:
+ *      pointer to dst, or NULL if an error occurred (check errno).
+ * author:
+ *      Paul Vixie (ISC), July 1996
+ */
+char *
+inet_net_ntop(af, src, bits, dst, size)
+        int af;
+        const void *src;
+        int bits;
+        char *dst;
+        size_t size;
+{
+        switch (af) {
+        case AF_INET:
+                return (inet_net_ntop_ipv4(src, bits, dst, size));
+        default:
+                errno = EAFNOSUPPORT;
+                return (NULL);
+        }
+}
+
+/*
+ * static char *
+ * inet_net_ntop_ipv4(src, bits, dst, size)
+ *      convert IPv4 network number from network to presentation format.
+ *      generates CIDR style result always.
+ * return:
+ *      pointer to dst, or NULL if an error occurred (check errno).
+ * note:
+ *      network byte order assumed.  this means 192.5.5.240/28 has
+ *      0x11110000 in its fourth octet.
+ * author:
+ *      Paul Vixie (ISC), July 1996
+ */
+static char *
+inet_net_ntop_ipv4(src, bits, dst, size)
+        const u_char *src;
+        int bits;
+        char *dst;
+        size_t size;
+{
+        char *odst = dst;
+        char *t;
+        u_int m;
+        int b;
+
+        if (bits < 0 || bits > 32) {
+                errno = EINVAL;
+                return (NULL);
+        }
+        if (bits == 0) {
+                if (size < sizeof "0")
+                        goto emsgsize;
+                *dst++ = '0';
+                *dst = '\0';
+        }
+
+        /* Format whole octets. */
+        for (b = bits / 8; b > 0; b--) {
+                if (size < sizeof "255.")
+                        goto emsgsize;
+                t = dst;
+                dst += sprintf(dst, "%u", *src++);
+                if (b > 1) {
+                        *dst++ = '.';
+                        *dst = '\0';
+                }
+                size -= (size_t)(dst - t);
+        }
+
+        /* Format partial octet. */
+        b = bits % 8;
+        if (b > 0) {
+                if (size < sizeof ".255")
+                        goto emsgsize;
+                t = dst;
+                if (dst != odst)
+                        *dst++ = '.';
+                m = ((1 << b) - 1) << (8 - b);
+                dst += sprintf(dst, "%u", *src & m);
+                size -= (size_t)(dst - t);
+        }
+
+        /* Format CIDR /width. */
+        if (size < sizeof "/32")
+                goto emsgsize;
+        dst += sprintf(dst, "/%u", bits);
+        return (odst);
+
+ emsgsize:
+        errno = EMSGSIZE;
+        return (NULL);
+}
diff --git a/src/lib/libc/net/inet_net_pton.c b/src/lib/libc/net/inet_net_pton.c
new file mode 100644
index 0000000000..b529e83664
--- /dev/null
+++ b/src/lib/libc/net/inet_net_pton.c
@@ -0,0 +1,207 @@
+/*      $OpenBSD: inet_net_pton.c,v 1.1 1997/03/13 19:07:30 downsj Exp $        */
+
+/*
+ * Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static const char rcsid[] = "$From: inet_net_pton.c,v 8.3 1996/11/11 06:36:52 vixie Exp $";
+#else
+static const char rcsid[] = "$OpenBSD: inet_net_pton.c,v 1.1 1997/03/13 19:07:30 downsj Exp $";
+#endif
+#endif
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <assert.h>
+#include <ctype.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+static int      inet_net_pton_ipv4 __P((const char *src, u_char *dst,
+                                        size_t size));
+
+/*
+ * static int
+ * inet_net_pton(af, src, dst, size)
+ *      convert network number from presentation to network format.
+ *      accepts hex octets, hex strings, decimal octets, and /CIDR.
+ *      "size" is in bytes and describes "dst".
+ * return:
+ *      number of bits, either imputed classfully or specified with /CIDR,
+ *      or -1 if some failure occurred (check errno).  ENOENT means it was
+ *      not a valid network specification.
+ * author:
+ *      Paul Vixie (ISC), June 1996
+ */
+int
+inet_net_pton(af, src, dst, size)
+        int af;
+        const char *src;
+        void *dst;
+        size_t size;
+{
+        switch (af) {
+        case AF_INET:
+                return (inet_net_pton_ipv4(src, dst, size));
+        default:
+                errno = EAFNOSUPPORT;
+                return (-1);
+        }
+}
+
+/*
+ * static int
+ * inet_net_pton_ipv4(src, dst, size)
+ *      convert IPv4 network number from presentation to network format.
+ *      accepts hex octets, hex strings, decimal octets, and /CIDR.
+ *      "size" is in bytes and describes "dst".
+ * return:
+ *      number of bits, either imputed classfully or specified with /CIDR,
+ *      or -1 if some failure occurred (check errno).  ENOENT means it was
+ *      not an IPv4 network specification.
+ * note:
+ *      network byte order assumed.  this means 192.5.5.240/28 has
+ *      0x11110000 in its fourth octet.
+ * author:
+ *      Paul Vixie (ISC), June 1996
+ */
+static int
+inet_net_pton_ipv4(src, dst, size)
+        const char *src;
+        u_char *dst;
+        size_t size;
+{
+        static const char
+                xdigits[] = "0123456789abcdef",
+                digits[] = "0123456789";
+        int n, ch, tmp, dirty, bits;
+        const u_char *odst = dst;
+
+        ch = *src++;
+        if (ch == '0' && (src[0] == 'x' || src[0] == 'X')
+            && isascii(src[1]) && isxdigit(src[1])) {
+                /* Hexadecimal: Eat nybble string. */
+                if (size <= 0)
+                        goto emsgsize;
+                *dst = 0, dirty = 0;
+                src++;  /* skip x or X. */
+                while ((ch = *src++) != '\0' &&
+                       isascii(ch) && isxdigit(ch)) {
+                        if (isupper(ch))
+                                ch = tolower(ch);
+                        n = strchr(xdigits, ch) - xdigits;
+                        assert(n >= 0 && n <= 15);
+                        *dst |= n;
+                        if (!dirty++)
+                                *dst <<= 4;
+                        else if (size-- > 0)
+                                *++dst = 0, dirty = 0;
+                        else
+                                goto emsgsize;
+                }
+                if (dirty)
+                        size--;
+        } else if (isascii(ch) && isdigit(ch)) {
+                /* Decimal: eat dotted digit string. */
+                for (;;) {
+                        tmp = 0;
+                        do {
+                                n = strchr(digits, ch) - digits;
+                                assert(n >= 0 && n <= 9);
+                                tmp *= 10;
+                                tmp += n;
+                                if (tmp > 255)
+                                        goto enoent;
+                        } while ((ch = *src++) != '\0' &&
+                                 isascii(ch) && isdigit(ch));
+                        if (size-- <= 0)
+                                goto emsgsize;
+                        *dst++ = (u_char) tmp;
+                        if (ch == '\0' || ch == '/')
+                                break;
+                        if (ch != '.')
+                                goto enoent;
+                        ch = *src++;
+                        if (!isascii(ch) || !isdigit(ch))
+                                goto enoent;
+                }
+        } else
+                goto enoent;
+
+        bits = -1;
+        if (ch == '/' && isascii(src[0]) && isdigit(src[0]) && dst > odst) {
+                /* CIDR width specifier.  Nothing can follow it. */
+                ch = *src++;    /* Skip over the /. */
+                bits = 0;
+                do {
+                        n = strchr(digits, ch) - digits;
+                        assert(n >= 0 && n <= 9);
+                        bits *= 10;
+                        bits += n;
+                } while ((ch = *src++) != '\0' &&
+                         isascii(ch) && isdigit(ch));
+                if (ch != '\0')
+                        goto enoent;
+                if (bits > 32)
+                        goto emsgsize;
+        }
+
+        /* Firey death and destruction unless we prefetched EOS. */
+        if (ch != '\0')
+                goto enoent;
+
+        /* If nothing was written to the destination, we found no address. */
+        if (dst == odst)
+                goto enoent;
+        /* If no CIDR spec was given, infer width from net class. */
+        if (bits == -1) {
+                if (*odst >= 240)       /* Class E */
+                        bits = 32;
+                else if (*odst >= 224)  /* Class D */
+                        bits = 4;
+                else if (*odst >= 192)  /* Class C */
+                        bits = 24;
+                else if (*odst >= 128)  /* Class B */
+                        bits = 16;
+                else                    /* Class A */
+                        bits = 8;
+                /* If imputed mask is narrower than specified octets, widen. */
+                if (bits >= 8 && bits < ((dst - odst) * 8))
+                        bits = (dst - odst) * 8;
+        }
+        /* Extend network to cover the actual mask. */
+        while (bits > ((dst - odst) * 8)) {
+                if (size-- <= 0)
+                        goto emsgsize;
+                *dst++ = '\0';
+        }
+        return (bits);
+
+ enoent:
+        errno = ENOENT;
+        return (-1);
+
+ emsgsize:
+        errno = EMSGSIZE;
+        return (-1);
+}
diff --git a/src/lib/libc/net/inet_neta.c b/src/lib/libc/net/inet_neta.c
new file mode 100644
index 0000000000..ffcddd8d91
--- /dev/null
+++ b/src/lib/libc/net/inet_neta.c
@@ -0,0 +1,83 @@
+/*      $OpenBSD: inet_neta.c,v 1.2 1997/04/05 21:13:12 millert Exp $   */
+
+/*
+ * Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static const char rcsid[] = "$Id: inet_neta.c,v 1.2 1997/04/05 21:13:12 millert Exp $";
+#else
+static const char rcsid[] = "$OpenBSD: inet_neta.c,v 1.2 1997/04/05 21:13:12 millert Exp $";
+#endif
+#endif
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+/*
+ * char *
+ * inet_neta(src, dst, size)
+ *      format an in_addr_t network number into presentation format.
+ * return:
+ *      pointer to dst, or NULL if an error occurred (check errno).
+ * note:
+ *      format of ``src'' is as for inet_network().
+ * author:
+ *      Paul Vixie (ISC), July 1996
+ */
+char *
+inet_neta(src, dst, size)
+        in_addr_t src;
+        char *dst;
+        size_t size;
+{
+        char *odst = dst;
+        char *tp;
+
+        while (src & 0xffffffff) {
+                u_char b = (src & 0xff000000) >> 24;
+
+                src <<= 8;
+                if (b) {
+                        if (size < sizeof "255.")
+                                goto emsgsize;
+                        tp = dst;
+                        dst += sprintf(dst, "%u", b);
+                        if (src != 0L) {
+                                *dst++ = '.';
+                                *dst = '\0';
+                        }
+                        size -= (size_t)(dst - tp);
+                }
+        }
+        if (dst == odst) {
+                if (size < sizeof "0.0.0.0")
+                        goto emsgsize;
+                strcpy(dst, "0.0.0.0");
+        }
+        return (odst);
+
+ emsgsize:
+        errno = EMSGSIZE;
+        return (NULL);
+}
diff --git a/src/lib/libc/net/inet_netof.c b/src/lib/libc/net/inet_netof.c
index 02f52ca318..f3b9c01697 100644
--- a/src/lib/libc/net/inet_netof.c
+++ b/src/lib/libc/net/inet_netof.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: inet_netof.c,v 1.4 1995/02/25 06:20:43 cgd Exp $       */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)inet_netof.c        8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: inet_netof.c,v 1.4 1995/02/25 06:20:43 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: inet_netof.c,v 1.3 1997/04/05 21:13:13 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -49,11 +43,11 @@ static char rcsid[] = "$NetBSD: inet_netof.c,v 1.4 1995/02/25 06:20:43 cgd Exp $
  * Return the network number from an internet
  * address; handles class a/b/c network #'s.
  */
-u_long
+in_addr_t
 inet_netof(in)
         struct in_addr in;
 {
-        register u_long i = ntohl(in.s_addr);
+        register in_addr_t i = ntohl(in.s_addr);
 
         if (IN_CLASSA(i))
                 return (((i)&IN_CLASSA_NET) >> IN_CLASSA_NSHIFT);
diff --git a/src/lib/libc/net/inet_network.c b/src/lib/libc/net/inet_network.c
index 35105fa75a..8a9a555d62 100644
--- a/src/lib/libc/net/inet_network.c
+++ b/src/lib/libc/net/inet_network.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: inet_network.c,v 1.4 1995/02/25 06:20:45 cgd Exp $     */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)inet_network.c      8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: inet_network.c,v 1.4 1995/02/25 06:20:45 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: inet_network.c,v 1.7 1997/07/09 01:08:37 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
@@ -51,13 +45,13 @@ static char rcsid[] = "$NetBSD: inet_network.c,v 1.4 1995/02/25 06:20:45 cgd Exp
  * The library routines call this routine to interpret
  * network numbers.
  */
-u_long
+in_addr_t
 inet_network(cp)
         register const char *cp;
 {
-        register u_long val, base, n;
+        register in_addr_t val, base, n;
         register char c;
-        u_long parts[4], *pp = parts;
+        in_addr_t parts[4], *pp = parts;
         register int i;
 
 again:
@@ -66,7 +60,7 @@ again:
                 base = 8, cp++;
         if (*cp == 'x' || *cp == 'X')
                 base = 16, cp++;
-        while (c = *cp) {
+        while ((c = *cp)) {
                 if (isdigit(c)) {
                         val = (val * base) + (c - '0');
                         cp++;
@@ -80,7 +74,7 @@ again:
                 break;
         }
         if (*cp == '.') {
-                if (pp >= parts + 4)
+                if (pp >= parts + 3)
                         return (INADDR_NONE);
                 *pp++ = val, cp++;
                 goto again;
@@ -89,11 +83,10 @@ again:
                 return (INADDR_NONE);
         *pp++ = val;
         n = pp - parts;
-        if (n > 4)
-                return (INADDR_NONE);
-        for (val = 0, i = 0; i < n; i++) {
+        for (val = 0, i = 0; i < 4; i++) {
                 val <<= 8;
-                val |= parts[i] & 0xff;
+                if (i < n)
+                        val |= parts[i] & 0xff;
         }
         return (val);
 }
diff --git a/src/lib/libc/net/inet_ntoa.c b/src/lib/libc/net/inet_ntoa.c
index 2da0ab00ff..148732ba5a 100644
--- a/src/lib/libc/net/inet_ntoa.c
+++ b/src/lib/libc/net/inet_ntoa.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: inet_ntoa.c,v 1.4 1995/02/25 06:20:46 cgd Exp $        */
-
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)inet_ntoa.c 8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: inet_ntoa.c,v 1.4 1995/02/25 06:20:46 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.2 1996/08/19 08:29:16 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /*
diff --git a/src/lib/libc/net/inet_ntop.c b/src/lib/libc/net/inet_ntop.c
new file mode 100644
index 0000000000..64d0d13768
--- /dev/null
+++ b/src/lib/libc/net/inet_ntop.c
@@ -0,0 +1,194 @@
+/*      $OpenBSD: inet_ntop.c,v 1.1 1997/03/13 19:07:32 downsj Exp $    */
+
+/* Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char rcsid[] = "$From: inet_ntop.c,v 8.7 1996/08/05 08:41:18 vixie Exp $";
+#else
+static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.1 1997/03/13 19:07:32 downsj Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+#include <string.h>
+#include <errno.h>
+#include <stdio.h>
+
+/*
+ * WARNING: Don't even consider trying to compile this on a system where
+ * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
+ */
+
+static const char *inet_ntop4 __P((const u_char *src, char *dst, size_t size));
+static const char *inet_ntop6 __P((const u_char *src, char *dst, size_t size));
+
+/* char *
+ * inet_ntop(af, src, dst, size)
+ *      convert a network format address to presentation format.
+ * return:
+ *      pointer to presentation format address (`dst'), or NULL (see errno).
+ * author:
+ *      Paul Vixie, 1996.
+ */
+const char *
+inet_ntop(af, src, dst, size)
+        int af;
+        const void *src;
+        char *dst;
+        size_t size;
+{
+        switch (af) {
+        case AF_INET:
+                return (inet_ntop4(src, dst, size));
+        case AF_INET6:
+                return (inet_ntop6(src, dst, size));
+        default:
+                errno = EAFNOSUPPORT;
+                return (NULL);
+        }
+        /* NOTREACHED */
+}
+
+/* const char *
+ * inet_ntop4(src, dst, size)
+ *      format an IPv4 address, more or less like inet_ntoa()
+ * return:
+ *      `dst' (as a const)
+ * notes:
+ *      (1) uses no statics
+ *      (2) takes a u_char* not an in_addr as input
+ * author:
+ *      Paul Vixie, 1996.
+ */
+static const char *
+inet_ntop4(src, dst, size)
+        const u_char *src;
+        char *dst;
+        size_t size;
+{
+        static const char fmt[] = "%u.%u.%u.%u";
+        char tmp[sizeof "255.255.255.255"];
+
+        if (sprintf(tmp, fmt, src[0], src[1], src[2], src[3]) > size) {
+                errno = ENOSPC;
+                return (NULL);
+        }
+        strcpy(dst, tmp);
+        return (dst);
+}
+
+/* const char *
+ * inet_ntop6(src, dst, size)
+ *      convert IPv6 binary address into presentation (printable) format
+ * author:
+ *      Paul Vixie, 1996.
+ */
+static const char *
+inet_ntop6(src, dst, size)
+        const u_char *src;
+        char *dst;
+        size_t size;
+{
+        /*
+         * Note that int32_t and int16_t need only be "at least" large enough
+         * to contain a value of the specified size.  On some systems, like
+         * Crays, there is no such thing as an integer variable with 16 bits.
+         * Keep this in mind if you think this function should have been coded
+         * to use pointer overlays.  All the world's not a VAX.
+         */
+        char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
+        struct { int base, len; } best, cur;
+        u_int words[IN6ADDRSZ / INT16SZ];
+        int i;
+
+        /*
+         * Preprocess:
+         *      Copy the input (bytewise) array into a wordwise array.
+         *      Find the longest run of 0x00's in src[] for :: shorthanding.
+         */
+        memset(words, '\0', sizeof words);
+        for (i = 0; i < IN6ADDRSZ; i++)
+                words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3));
+        best.base = -1;
+        cur.base = -1;
+        for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) {
+                if (words[i] == 0) {
+                        if (cur.base == -1)
+                                cur.base = i, cur.len = 1;
+                        else
+                                cur.len++;
+                } else {
+                        if (cur.base != -1) {
+                                if (best.base == -1 || cur.len > best.len)
+                                        best = cur;
+                                cur.base = -1;
+                        }
+                }
+        }
+        if (cur.base != -1) {
+                if (best.base == -1 || cur.len > best.len)
+                        best = cur;
+        }
+        if (best.base != -1 && best.len < 2)
+                best.base = -1;
+
+        /*
+         * Format the result.
+         */
+        tp = tmp;
+        for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) {
+                /* Are we inside the best run of 0x00's? */
+                if (best.base != -1 && i >= best.base &&
+                    i < (best.base + best.len)) {
+                        if (i == best.base)
+                                *tp++ = ':';
+                        continue;
+                }
+                /* Are we following an initial run of 0x00s or any real hex? */
+                if (i != 0)
+                        *tp++ = ':';
+                /* Is this address an encapsulated IPv4? */
+                if (i == 6 && best.base == 0 &&
+                    (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
+                        if (!inet_ntop4(src+12, tp, sizeof tmp - (tp - tmp)))
+                                return (NULL);
+                        tp += strlen(tp);
+                        break;
+                }
+                tp += sprintf(tp, "%x", words[i]);
+        }
+        /* Was it a trailing run of 0x00's? */
+        if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ))
+                *tp++ = ':';
+        *tp++ = '\0';
+
+        /*
+         * Check for overflow, copy, and we're done.
+         */
+        if ((size_t)(tp - tmp) > size) {
+                errno = ENOSPC;
+                return (NULL);
+        }
+        strcpy(dst, tmp);
+        return (dst);
+}
diff --git a/src/lib/libc/net/inet_pton.c b/src/lib/libc/net/inet_pton.c
new file mode 100644
index 0000000000..46b4b24819
--- /dev/null
+++ b/src/lib/libc/net/inet_pton.c
@@ -0,0 +1,220 @@
+/*      $OpenBSD: inet_pton.c,v 1.2 1997/04/13 05:08:24 deraadt Exp $   */
+
+/* Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char rcsid[] = "$From: inet_pton.c,v 8.7 1996/08/05 08:31:35 vixie Exp $";
+#else
+static char rcsid[] = "$OpenBSD: inet_pton.c,v 1.2 1997/04/13 05:08:24 deraadt Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+#include <string.h>
+#include <errno.h>
+
+/*
+ * WARNING: Don't even consider trying to compile this on a system where
+ * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
+ */
+
+static int      inet_pton4 __P((const char *src, u_char *dst));
+static int      inet_pton6 __P((const char *src, u_char *dst));
+
+/* int
+ * inet_pton(af, src, dst)
+ *      convert from presentation format (which usually means ASCII printable)
+ *      to network format (which is usually some kind of binary format).
+ * return:
+ *      1 if the address was valid for the specified address family
+ *      0 if the address wasn't valid (`dst' is untouched in this case)
+ *      -1 if some other error occurred (`dst' is untouched in this case, too)
+ * author:
+ *      Paul Vixie, 1996.
+ */
+int
+inet_pton(af, src, dst)
+        int af;
+        const char *src;
+        void *dst;
+{
+        switch (af) {
+        case AF_INET:
+                return (inet_pton4(src, dst));
+        case AF_INET6:
+                return (inet_pton6(src, dst));
+        default:
+                errno = EAFNOSUPPORT;
+                return (-1);
+        }
+        /* NOTREACHED */
+}
+
+/* int
+ * inet_pton4(src, dst)
+ *      like inet_aton() but without all the hexadecimal and shorthand.
+ * return:
+ *      1 if `src' is a valid dotted quad, else 0.
+ * notice:
+ *      does not touch `dst' unless it's returning 1.
+ * author:
+ *      Paul Vixie, 1996.
+ */
+static int
+inet_pton4(src, dst)
+        const char *src;
+        u_char *dst;
+{
+        static const char digits[] = "0123456789";
+        int saw_digit, octets, ch;
+        u_char tmp[INADDRSZ], *tp;
+
+        saw_digit = 0;
+        octets = 0;
+        *(tp = tmp) = 0;
+        while ((ch = *src++) != '\0') {
+                const char *pch;
+
+                if ((pch = strchr(digits, ch)) != NULL) {
+                        u_int new = *tp * 10 + (pch - digits);
+
+                        if (new > 255)
+                                return (0);
+                        if (! saw_digit) {
+                                if (++octets > 4)
+                                        return (0);
+                                saw_digit = 1;
+                        }
+                        *tp = new;
+                } else if (ch == '.' && saw_digit) {
+                        if (octets == 4)
+                                return (0);
+                        *++tp = 0;
+                        saw_digit = 0;
+                } else
+                        return (0);
+        }
+        if (octets < 4)
+                return (0);
+
+        memcpy(dst, tmp, INADDRSZ);
+        return (1);
+}
+
+/* int
+ * inet_pton6(src, dst)
+ *      convert presentation level address to network order binary form.
+ * return:
+ *      1 if `src' is a valid [RFC1884 2.2] address, else 0.
+ * notice:
+ *      (1) does not touch `dst' unless it's returning 1.
+ *      (2) :: in a full address is silently ignored.
+ * credit:
+ *      inspired by Mark Andrews.
+ * author:
+ *      Paul Vixie, 1996.
+ */
+static int
+inet_pton6(src, dst)
+        const char *src;
+        u_char *dst;
+{
+        static const char xdigits_l[] = "0123456789abcdef",
+                          xdigits_u[] = "0123456789ABCDEF";
+        u_char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
+        const char *xdigits, *curtok;
+        int ch, saw_xdigit;
+        u_int val;
+
+        memset((tp = tmp), '\0', IN6ADDRSZ);
+        endp = tp + IN6ADDRSZ;
+        colonp = NULL;
+        /* Leading :: requires some special handling. */
+        if (*src == ':')
+                if (*++src != ':')
+                        return (0);
+        curtok = src;
+        saw_xdigit = 0;
+        val = 0;
+        while ((ch = *src++) != '\0') {
+                const char *pch;
+
+                if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
+                        pch = strchr((xdigits = xdigits_u), ch);
+                if (pch != NULL) {
+                        val <<= 4;
+                        val |= (pch - xdigits);
+                        if (val > 0xffff)
+                                return (0);
+                        saw_xdigit = 1;
+                        continue;
+                }
+                if (ch == ':') {
+                        curtok = src;
+                        if (!saw_xdigit) {
+                                if (colonp)
+                                        return (0);
+                                colonp = tp;
+                                continue;
+                        }
+                        if (tp + INT16SZ > endp)
+                                return (0);
+                        *tp++ = (u_char) (val >> 8) & 0xff;
+                        *tp++ = (u_char) val & 0xff;
+                        saw_xdigit = 0;
+                        val = 0;
+                        continue;
+                }
+                if (ch == '.' && ((tp + INADDRSZ) <= endp) &&
+                    inet_pton4(curtok, tp) > 0) {
+                        tp += INADDRSZ;
+                        saw_xdigit = 0;
+                        break;  /* '\0' was seen by inet_pton4(). */
+                }
+                return (0);
+        }
+        if (saw_xdigit) {
+                if (tp + INT16SZ > endp)
+                        return (0);
+                *tp++ = (u_char) (val >> 8) & 0xff;
+                *tp++ = (u_char) val & 0xff;
+        }
+        if (colonp != NULL) {
+                /*
+                 * Since some memmove()'s erroneously fail to handle
+                 * overlapping regions, we'll do the shift by hand.
+                 */
+                const int n = tp - colonp;
+                int i;
+
+                for (i = 1; i <= n; i++) {
+                        endp[- i] = colonp[n - i];
+                        colonp[n - i] = 0;
+                }
+                tp = endp;
+        }
+        if (tp != endp)
+                return (0);
+        memcpy(dst, tmp, IN6ADDRSZ);
+        return (1);
+}
diff --git a/src/lib/libc/net/ipx.3 b/src/lib/libc/net/ipx.3
new file mode 100644
index 0000000000..073be74807
--- /dev/null
+++ b/src/lib/libc/net/ipx.3
@@ -0,0 +1,126 @@
+.\"     $OpenBSD: ipx.3,v 1.3 1997/09/09 11:45:17 kstailey Exp $
+.\"
+.\" Copyright (c) 1986, 1991, 1993
+.\"     The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"     This product includes software developed by the University of
+.\"     California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd June 4, 1993
+.Dt IPX 3
+.Os OpenBSD 1.2
+.Sh NAME
+.Nm ipx_addr ,
+.Nm ipx_ntoa
+.Nd IPX address conversion routines
+.Sh SYNOPSIS
+.Fd #include <sys/types.h>
+.Fd #include <netipx/ipx.h>
+.Ft struct ipx_addr 
+.Fn ipx_addr "char *cp"
+.Ft char *
+.Fn ipx_ntoa "struct ipx_addr ipx"
+.Sh DESCRIPTION
+The routine
+.Fn ipx_addr
+interprets character strings representing
+.Tn IPX
+addresses, returning binary information suitable
+for use in system calls.
+The routine
+.Fn ipx_ntoa
+takes
+.Tn IPX
+addresses and returns
+.Tn ASCII
+strings representing the address in a
+notation in common use:
+.Bd -filled -offset indent
+<network number>.<host number>.<port number>
+.Ed
+.Pp
+Trailing zero fields are suppressed, and each number is printed in hexadecimal,
+in a format suitable for input to 
+.Fn ipx_addr .
+Any fields lacking super-decimal digits will have a
+trailing
+.Ql H
+appended.
+.Pp
+An effort has been made to insure that
+.Fn ipx_addr
+be compatible with most formats in common use.
+It will first separate an address into 1 to 3 fields using a single delimiter
+chosen from
+period
+.Ql \&. ,
+colon
+.Ql \&:
+or pound-sign
+.Ql \&# .
+Each field is then examined for byte separators (colon or period).
+If there are byte separators, each subfield separated is taken to be
+a small hexadecimal number, and the entirety is taken as a network-byte-ordered
+quantity to be zero extended in the high-network-order bytes.
+Next, the field is inspected for hyphens, in which case
+the field is assumed to be a number in decimal notation
+with hyphens separating the millenia.
+Next, the field is assumed to be a number:
+It is interpreted
+as hexadecimal if there is a leading
+.Ql 0x
+(as in C),
+a trailing
+.Ql H
+(as in Mesa), or there are any super-decimal digits present.
+It is interpreted as octal is there is a leading
+.Ql 0
+and there are no super-octal digits.
+Otherwise, it is converted as a decimal number.
+.Sh RETURN VALUES
+None. (See
+.Sx BUGS . )
+.Sh SEE ALSO
+.Xr ns 4 ,
+.Xr hosts 5 ,
+.Xr networks 5
+.Sh HISTORY
+The precursor
+.Fn ns_addr
+and
+.Fn ns_ntoa
+functions appeared in 
+.Bx 4.3 .
+.Sh BUGS
+The string returned by
+.Fn ipx_ntoa
+resides in a static memory area.
+The function
+.Fn ipx_addr
+should diagnose improperly formed input, and there should be an unambiguous
+way to recognize this.
diff --git a/src/lib/libc/net/ipx_addr.c b/src/lib/libc/net/ipx_addr.c
new file mode 100644
index 0000000000..a76e03e913
--- /dev/null
+++ b/src/lib/libc/net/ipx_addr.c
@@ -0,0 +1,229 @@
+/*
+ * Copyright (c) 1986, 1993
+ *      The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * J.Q. Johnson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * from @(#)ipx_addr.c
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: ipx_addr.c,v 1.3 1997/07/09 01:08:39 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <netipx/ipx.h>
+#include <stdio.h>
+#include <string.h>
+
+static struct ipx_addr addr, zero_addr;
+
+static void Field(), cvtbase();
+
+struct ipx_addr 
+ipx_addr(name)
+        const char *name;
+{
+        char separator;
+        char *hostname, *socketname, *cp;
+        char buf[50];
+
+        (void)strncpy(buf, name, sizeof(buf) - 1);
+        buf[sizeof(buf) - 1] = '\0';
+
+        /*
+         * First, figure out what he intends as a field separtor.
+         * Despite the way this routine is written, the prefered
+         * form  2-272.AA001234H.01777, i.e. XDE standard.
+         * Great efforts are made to insure backward compatability.
+         */
+        if ((hostname = strchr(buf, '#')))
+                separator = '#';
+        else {
+                hostname = strchr(buf, '.');
+                if ((cp = strchr(buf, ':')) &&
+                    ((hostname && cp < hostname) || (hostname == 0))) {
+                        hostname = cp;
+                        separator = ':';
+                } else
+                        separator = '.';
+        }
+        if (hostname)
+                *hostname++ = 0;
+
+        addr = zero_addr;
+        Field(buf, addr.ipx_net.c_net, 4);
+        if (hostname == 0)
+                return (addr);  /* No separator means net only */
+
+        socketname = strchr(hostname, separator);
+        if (socketname) {
+                *socketname++ = 0;
+                Field(socketname, (u_char *)&addr.ipx_port, 2);
+        }
+
+        Field(hostname, addr.ipx_host.c_host, 6);
+
+        return (addr);
+}
+
+static void
+Field(buf, out, len)
+        char *buf;
+        u_char *out;
+        int len;
+{
+        register char *bp = buf;
+        int i, ibase, base16 = 0, base10 = 0, clen = 0;
+        int hb[6], *hp;
+        char *fmt;
+
+        /*
+         * first try 2-273#2-852-151-014#socket
+         */
+        if ((*buf != '-') &&
+            (1 < (i = sscanf(buf, "%d-%d-%d-%d-%d",
+                        &hb[0], &hb[1], &hb[2], &hb[3], &hb[4])))) {
+                cvtbase(1000L, 256, hb, i, out, len);
+                return;
+        }
+        /*
+         * try form 8E1#0.0.AA.0.5E.E6#socket
+         */
+        if (1 < (i = sscanf(buf,"%x.%x.%x.%x.%x.%x",
+                        &hb[0], &hb[1], &hb[2], &hb[3], &hb[4], &hb[5]))) {
+                cvtbase(256L, 256, hb, i, out, len);
+                return;
+        }
+        /*
+         * try form 8E1#0:0:AA:0:5E:E6#socket
+         */
+        if (1 < (i = sscanf(buf,"%x:%x:%x:%x:%x:%x",
+                        &hb[0], &hb[1], &hb[2], &hb[3], &hb[4], &hb[5]))) {
+                cvtbase(256L, 256, hb, i, out, len);
+                return;
+        }
+        /*
+         * This is REALLY stretching it but there was a
+         * comma notation separting shorts -- definitely non standard
+         */
+        if (1 < (i = sscanf(buf,"%x,%x,%x",
+                        &hb[0], &hb[1], &hb[2]))) {
+                hb[0] = htons(hb[0]); hb[1] = htons(hb[1]);
+                hb[2] = htons(hb[2]);
+                cvtbase(65536L, 256, hb, i, out, len);
+                return;
+        }
+
+        /* Need to decide if base 10, 16 or 8 */
+        while (*bp) switch (*bp++) {
+
+        case '0': case '1': case '2': case '3': case '4': case '5':
+        case '6': case '7': case '-':
+                break;
+
+        case '8': case '9':
+                base10 = 1;
+                break;
+
+        case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
+        case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
+                base16 = 1;
+                break;
+        
+        case 'x': case 'X':
+                *--bp = '0';
+                base16 = 1;
+                break;
+
+        case 'h': case 'H':
+                base16 = 1;
+                /* fall into */
+
+        default:
+                *--bp = 0; /* Ends Loop */
+        }
+        if (base16) {
+                fmt = "%3x";
+                ibase = 4096;
+        } else if (base10 == 0 && *buf == '0') {
+                fmt = "%3o";
+                ibase = 512;
+        } else {
+                fmt = "%3d";
+                ibase = 1000;
+        }
+
+        for (bp = buf; *bp++; ) clen++;
+        if (clen == 0) clen++;
+        if (clen > 18) clen = 18;
+        i = ((clen - 1) / 3) + 1;
+        bp = clen + buf - 3;
+        hp = hb + i - 1;
+
+        while (hp > hb) {
+                (void)sscanf(bp, fmt, hp);
+                bp[0] = 0;
+                hp--;
+                bp -= 3;
+        }
+        (void)sscanf(buf, fmt, hp);
+        cvtbase((long)ibase, 256, hb, i, out, len);
+}
+
+static void
+cvtbase(oldbase,newbase,input,inlen,result,reslen)
+        long oldbase;
+        int newbase;
+        int input[];
+        int inlen;
+        unsigned char result[];
+        int reslen;
+{
+        int d, e;
+        long sum;
+
+        e = 1;
+        while (e > 0 && reslen > 0) {
+                d = 0; e = 0; sum = 0;
+                /* long division: input=input/newbase */
+                while (d < inlen) {
+                        sum = sum*oldbase + (long) input[d];
+                        e += (sum > 0);
+                        input[d++] = sum / newbase;
+                        sum %= newbase;
+                }
+                result[--reslen] = sum; /* accumulate remainder */
+        }
+        for (d=0; d < reslen; d++)
+                result[d] = 0;
+}
diff --git a/src/lib/libc/net/ipx_ntoa.c b/src/lib/libc/net/ipx_ntoa.c
new file mode 100644
index 0000000000..1dcfe7181b
--- /dev/null
+++ b/src/lib/libc/net/ipx_ntoa.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1986, 1993
+ *      The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: ipx_ntoa.c,v 1.2 1996/08/19 08:29:20 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <netipx/ipx.h>
+#include <stdio.h>
+
+char *
+ipx_ntoa(addr)
+        struct ipx_addr addr;
+{
+        static char obuf[] = "xxxx.xx:xx:xx:xx:xx:xx.uuuuu";
+
+        sprintf(obuf, "%8xH.%02x:%02x:%02x:%02x:%02x:%02x.%u",
+                ntohl(addr.ipx_net.l_net),
+                addr.ipx_host.c_host[0],
+                addr.ipx_host.c_host[1],
+                addr.ipx_host.c_host[2],
+                addr.ipx_host.c_host[3],
+                addr.ipx_host.c_host[4],
+                addr.ipx_host.c_host[5],
+                ntohs(addr.ipx_port));
+        return (obuf);
+}
diff --git a/src/lib/libc/net/iso_addr.3 b/src/lib/libc/net/iso_addr.3
index 95c136e5fc..d9bf9086be 100644
--- a/src/lib/libc/net/iso_addr.3
+++ b/src/lib/libc/net/iso_addr.3
@@ -1,4 +1,4 @@
-.\"     $NetBSD: iso_addr.3,v 1.2 1995/02/25 06:20:46 cgd Exp $
+.\"     $OpenBSD: iso_addr.3,v 1.2 1996/08/19 08:29:22 tholo Exp $
 .\"
 .\" Copyright (c) 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -31,8 +31,6 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)iso_addr.3  8.1 (Berkeley) 6/4/93
-.\"
 .Dd June 4, 1993
 .Dt ISO_ADDR 3
 .Os
diff --git a/src/lib/libc/net/iso_addr.c b/src/lib/libc/net/iso_addr.c
index c26ec1a64a..01561e395b 100644
--- a/src/lib/libc/net/iso_addr.c
+++ b/src/lib/libc/net/iso_addr.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: iso_addr.c,v 1.4 1995/02/25 06:20:47 cgd Exp $ */
-
 /*
  * Copyright (c) 1989, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)iso_addr.c  8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: iso_addr.c,v 1.4 1995/02/25 06:20:47 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: iso_addr.c,v 1.2 1996/08/19 08:29:23 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
diff --git a/src/lib/libc/net/linkaddr.3 b/src/lib/libc/net/link_addr.3
index 1a2af9b30d..eb6c952177 100644
--- a/src/lib/libc/net/linkaddr.3
+++ b/src/lib/libc/net/link_addr.3
@@ -1,4 +1,4 @@
-.\"     $NetBSD: linkaddr.3,v 1.2 1995/02/25 06:20:48 cgd Exp $
+.\"     $OpenBSD: link_addr.3,v 1.2 1996/08/19 08:29:25 tholo Exp $
 .\"
 .\" Copyright (c) 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -34,8 +34,6 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)linkaddr.3  8.1 (Berkeley) 7/28/93
-.\"
 .Dd July 28, 1993
 .Dt LINK_ADDR 3
 .Os BSD 4.4
diff --git a/src/lib/libc/net/linkaddr.c b/src/lib/libc/net/linkaddr.c
index 19a0de3abd..fb522f3233 100644
--- a/src/lib/libc/net/linkaddr.c
+++ b/src/lib/libc/net/linkaddr.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: linkaddr.c,v 1.5 1995/02/25 06:20:49 cgd Exp $ */
-
 /*-
  * Copyright (c) 1990, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)linkaddr.c  8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: linkaddr.c,v 1.5 1995/02/25 06:20:49 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: linkaddr.c,v 1.2 1996/08/19 08:29:27 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
diff --git a/src/lib/libc/net/ns.3 b/src/lib/libc/net/ns.3
index f89b4fe042..6e096d9f4b 100644
--- a/src/lib/libc/net/ns.3
+++ b/src/lib/libc/net/ns.3
@@ -1,4 +1,4 @@
-.\"     $NetBSD: ns.3,v 1.3 1995/02/25 06:20:50 cgd Exp $
+.\"     $OpenBSD: ns.3,v 1.2 1996/08/19 08:29:29 tholo Exp $
 .\"
 .\" Copyright (c) 1986, 1991, 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -31,8 +31,6 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)ns.3        8.1 (Berkeley) 6/4/93
-.\"
 .Dd June 4, 1993
 .Dt NS 3
 .Os BSD 4.3
diff --git a/src/lib/libc/net/ns_addr.c b/src/lib/libc/net/ns_addr.c
index f75ddb23b7..8f2e4bc513 100644
--- a/src/lib/libc/net/ns_addr.c
+++ b/src/lib/libc/net/ns_addr.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: ns_addr.c,v 1.5 1995/02/25 06:20:51 cgd Exp $  */
-
 /*
  * Copyright (c) 1986, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -37,11 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)ns_addr.c   8.1 (Berkeley) 6/7/93";
-#else
-static char rcsid[] = "$NetBSD: ns_addr.c,v 1.5 1995/02/25 06:20:51 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: ns_addr.c,v 1.4 1997/07/21 20:31:05 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -51,7 +45,8 @@ static char rcsid[] = "$NetBSD: ns_addr.c,v 1.5 1995/02/25 06:20:51 cgd Exp $";
 
 static struct ns_addr addr, zero_addr;
 
-static void Field(), cvtbase();
+static void Field __P((char *, u_int8_t *, int));
+static void cvtbase __P((long, int, int[], int, u_int8_t[], int));
 
 struct ns_addr 
 ns_addr(name)
@@ -70,7 +65,7 @@ ns_addr(name)
          * form  2-272.AA001234H.01777, i.e. XDE standard.
          * Great efforts are made to insure backward compatability.
          */
-        if (hostname = strchr(buf, '#'))
+        if ((hostname = strchr(buf, '#')))
                 separator = '#';
         else {
                 hostname = strchr(buf, '.');
@@ -95,7 +90,7 @@ ns_addr(name)
                 Field(socketname, (u_char *)&addr.x_port, 2);
         }
 
-        Field(hostname, addr.x_host.c_host, 6);
+        Field(hostname, (u_char *)addr.x_host.c_host, 6);
 
         return (addr);
 }
diff --git a/src/lib/libc/net/ns_ntoa.c b/src/lib/libc/net/ns_ntoa.c
index ad3265399b..c33f710966 100644
--- a/src/lib/libc/net/ns_ntoa.c
+++ b/src/lib/libc/net/ns_ntoa.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: ns_ntoa.c,v 1.4 1995/02/25 06:20:51 cgd Exp $  */
-
 /*
  * Copyright (c) 1986, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,32 +32,29 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)ns_ntoa.c   8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: ns_ntoa.c,v 1.4 1995/02/25 06:20:51 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: ns_ntoa.c,v 1.7 1997/08/24 21:25:48 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
 #include <netns/ns.h>
 #include <stdio.h>
 
+static char *spectHex __P((char *));
+
 char *
 ns_ntoa(addr)
         struct ns_addr addr;
 {
         static char obuf[40];
-        union { union ns_net net_e; u_long long_e; } net;
-        u_short port = htons(addr.x_port);
+        union { union ns_net net_e; u_int32_t long_e; } net;
+        in_port_t port = htons(addr.x_port);
         register char *cp;
         char *cp2;
         register u_char *up = addr.x_host.c_host;
         u_char *uplim = up + 6;
-        static char *spectHex();
 
         net.net_e = addr.x_net;
-        sprintf(obuf, "%lx", ntohl(net.long_e));
+        sprintf(obuf, "%x", ntohl(net.long_e));
         cp = spectHex(obuf);
         cp2 = cp + 1;
         while (*up==0 && up < uplim) up++;
diff --git a/src/lib/libc/net/nsap_addr.c b/src/lib/libc/net/nsap_addr.c
new file mode 100644
index 0000000000..22a5f8d66e
--- /dev/null
+++ b/src/lib/libc/net/nsap_addr.c
@@ -0,0 +1,109 @@
+/*      $OpenBSD: nsap_addr.c,v 1.4 1997/07/09 01:08:45 millert Exp $   */
+
+/*
+ * Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char rcsid[] = "$From: nsap_addr.c,v 8.3 1996/08/05 08:31:35 vixie Exp $";
+#else
+static char rcsid[] = "$OpenBSD: nsap_addr.c,v 1.4 1997/07/09 01:08:45 millert Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <ctype.h>
+#include <resolv.h>
+
+static char
+xtob(c)
+        register int c;
+{
+        return (c - (((c >= '0') && (c <= '9')) ? '0' : '7'));
+}
+
+u_int
+inet_nsap_addr(ascii, binary, maxlen)
+        const char *ascii;
+        u_char *binary;
+        int maxlen;
+{
+        register u_char c, nib;
+        u_int len = 0;
+
+        while ((c = *ascii++) != '\0' && len < maxlen) {
+                if (c == '.' || c == '+' || c == '/')
+                        continue;
+                if (!isascii(c))
+                        return (0);
+                if (islower(c))
+                        c = toupper(c);
+                if (isxdigit(c)) {
+                        nib = xtob(c);
+                        if ((c = *ascii++)) {
+                                c = toupper(c);
+                                if (isxdigit(c)) {
+                                        *binary++ = (nib << 4) | xtob(c);
+                                        len++;
+                                } else
+                                        return (0);
+                        }
+                        else
+                                return (0);
+                }
+                else
+                        return (0);
+        }
+        return (len);
+}
+
+char *
+inet_nsap_ntoa(binlen, binary, ascii)
+        int binlen;
+        register const u_char *binary;
+        register char *ascii;
+{
+        register int nib;
+        int i;
+        static char tmpbuf[255*3];
+        char *start;
+
+        if (ascii)
+                start = ascii;
+        else {
+                ascii = tmpbuf;
+                start = tmpbuf;
+        }
+
+        if (binlen > 255)
+                binlen = 255;
+
+        for (i = 0; i < binlen; i++) {
+                nib = *binary >> 4;
+                *ascii++ = nib + (nib < 10 ? '0' : '7');
+                nib = *binary++ & 0x0f;
+                *ascii++ = nib + (nib < 10 ? '0' : '7');
+                if (((i % 2) == 0 && (i + 1) < binlen))
+                        *ascii++ = '.';
+        }
+        *ascii = '\0';
+        return (start);
+}
diff --git a/src/lib/libc/net/ntohl.c b/src/lib/libc/net/ntohl.c
index 05b7f4c9a3..7d3e227e60 100644
--- a/src/lib/libc/net/ntohl.c
+++ b/src/lib/libc/net/ntohl.c
@@ -1,29 +1,25 @@
-/*      $NetBSD: ntohl.c,v 1.5 1995/04/28 23:25:21 jtc Exp $    */
-
 /*
  * Written by J.T. Conklin <jtc@netbsd.org>.
  * Public domain.
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$NetBSD: ntohl.c,v 1.5 1995/04/28 23:25:21 jtc Exp $";
-#endif
+static char *rcsid = "$OpenBSD: ntohl.c,v 1.4 1996/12/12 03:19:56 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
 #include <machine/endian.h>
 
 #undef ntohl
 
-unsigned long
+u_int32_t
 ntohl(x)
-        unsigned long x;
+        u_int32_t x;
 {
-        u_int32_t y = x;
-
 #if BYTE_ORDER == LITTLE_ENDIAN
-        u_char *s = (u_char *)&y;
-        return s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3];
+        u_char *s = (u_char *)&x;
+        return (u_int32_t)(s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3]);
 #else
-        return y;
+        return x;
 #endif
 }
diff --git a/src/lib/libc/net/ntohs.c b/src/lib/libc/net/ntohs.c
index 93ab83ee4d..cf6414d4a6 100644
--- a/src/lib/libc/net/ntohs.c
+++ b/src/lib/libc/net/ntohs.c
@@ -1,26 +1,28 @@
-/*      $NetBSD: ntohs.c,v 1.5 1995/04/28 23:25:23 jtc Exp $    */
-
 /*
  * Written by J.T. Conklin <jtc@netbsd.org>.
  * Public domain.
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$NetBSD: ntohs.c,v 1.5 1995/04/28 23:25:23 jtc Exp $";
-#endif
+static char *rcsid = "$OpenBSD: ntohs.c,v 1.6 1997/07/25 20:30:07 mickey Exp $";
+#endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
 #include <machine/endian.h>
 
 #undef ntohs
 
-unsigned short
+u_int16_t
+#ifdef __STDC__
+ntohs(u_int16_t x)
+#else
 ntohs(x)
-        unsigned short x;
+        u_int16_t x;
+#endif
 {
 #if BYTE_ORDER == LITTLE_ENDIAN
         u_char *s = (u_char *) &x;
-        return s[0] << 8 | s[1];
+        return (u_int16_t)(s[0] << 8 | s[1]);
 #else
         return x;
 #endif
diff --git a/src/lib/libc/net/rcmd.3 b/src/lib/libc/net/rcmd.3
index 4db847c392..e69e822834 100644
--- a/src/lib/libc/net/rcmd.3
+++ b/src/lib/libc/net/rcmd.3
@@ -1,4 +1,4 @@
-.\"     $NetBSD: rcmd.3,v 1.8 1995/02/25 06:20:52 cgd Exp $
+.\"     $OpenBSD: rcmd.3,v 1.10 1997/09/29 18:25:47 deraadt Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -31,8 +31,6 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)rcmd.3      8.1 (Berkeley) 6/4/93
-.\"
 .Dd June 4, 1993
 .Dt RCMD 3
 .Os BSD 4.2
@@ -49,16 +47,30 @@
 .Ft int
 .Fn rresvport "int *port"
 .Ft int
-.Fn iruserok "u_long raddr" "int superuser" "const char *ruser" "const char *luser"
+.Fn iruserok "u_int32_t raddr" "int superuser" "const char *ruser" "const char *luser"
 .Ft int
 .Fn ruserok "const char *rhost" "int superuser" "const char *ruser" "const char *luser"
 .Sh DESCRIPTION
 The
 .Fn rcmd
 function
-is used by the super-user to execute a command on
-a remote machine using an authentication scheme based
-on reserved port numbers.
+is used by the super-user to execute a command on a remote
+machine using an authentication scheme based on reserved
+port numbers.  If the calling process is not setuid and the
+.Li RSH
+environment variable is set and
+.Fa inport
+is
+.Li shell/tcp ,
+.Xr rcmdsh 3
+is called instead with the value of
+.Li RSH .
+Alternately, if the user is not the super-user,
+.Fn rcmd
+will invoke
+.Xr rcmdsh 3
+to run the command via
+.Xr rsh 1 .
 The
 .Fn rresvport
 function
@@ -90,6 +102,9 @@ is set to the standard name of the host
 and a connection is established to a server
 residing at the well-known Internet port
 .Fa inport .
+If the user is not the super-user, the only valid port is
+.Li shell/tcp ,
+(usually port 514).
 .Pp
 If the connection succeeds,
 a socket in the Internet domain of type
@@ -121,6 +136,9 @@ command) will be made the same as the
 and no
 provision is made for sending arbitrary signals to the remote process,
 although you may be able to get its attention by using out-of-band data.
+Note that if the user is not the super-user,
+.Fa fd2p
+must be 0.
 .Pp
 The protocol is described in detail in
 .Xr rshd 8 .
@@ -134,6 +152,9 @@ by
 and several other functions.  Privileged Internet ports are those
 in the range 0 to 1023.  Only the super-user
 is allowed to bind an address of this sort to a socket.
+.Fn rresvport
+needs to be seeded with a port number; if that port
+is not available it will find another.
 .Pp
 The
 .Fn iruserok
@@ -165,7 +186,7 @@ and
 .Fn ruserok
 return \-1.
 If the local domain (as obtained from
-.Xr gethostname 2 )
+.Xr gethostname 3 )
 is the same as the remote domain, only the machine name need be specified.
 .Pp
 If the IP address of the remote host is known,
@@ -195,8 +216,10 @@ is overloaded to mean ``All network ports in use.''
 .Xr rsh 1 ,
 .Xr intro 2 ,
 .Xr rexec 3 ,
+.Xr rcmdsh 3 ,
 .Xr rexecd 8 ,
 .Xr rlogind 8 ,
+.Xr bindresvport 3 ,
 .Xr rshd 8
 .Sh HISTORY
 These
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
index e0310031b0..c933f5b447 100644
--- a/src/lib/libc/net/rcmd.c
+++ b/src/lib/libc/net/rcmd.c
@@ -1,6 +1,5 @@
-/*      $NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $        */
-
 /*
+ * Copyright (c) 1995, 1996, 1998 Theo de Raadt.  All rights reserved.
  * Copyright (c) 1983, 1993, 1994
  *      The Regents of the University of California.  All rights reserved.
  *
@@ -16,6 +15,7 @@
  *    must display the following acknowledgement:
  *      This product includes software developed by the University of
  *      California, Berkeley and its contributors.
+ *      This product includes software developed by Theo de Raadt.
  * 4. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
@@ -34,11 +34,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)rcmd.c      8.3 (Berkeley) 3/26/94";
-#else
-static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
-#endif
+static char *rcsid = "$OpenBSD: rcmd.c,v 1.31 1998/03/19 00:30:05 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -57,24 +53,46 @@ static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
 #include <stdio.h>
 #include <ctype.h>
 #include <string.h>
+#include <syslog.h>
+#include <stdlib.h>
+#include <netgroup.h>
 
-int     __ivaliduser __P((FILE *, u_long, const char *, const char *));
-static int __icheckhost __P((u_long, const char *));
+int     __ivaliduser __P((FILE *, in_addr_t, const char *, const char *));
+static int __icheckhost __P((u_int32_t, const char *));
+static char *__gethostloop __P((u_int32_t));
 
 int
 rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
         char **ahost;
-        u_short rport;
+        in_port_t rport;
         const char *locuser, *remuser, *cmd;
         int *fd2p;
 {
         struct hostent *hp;
         struct sockaddr_in sin, from;
-        fd_set reads;
-        long oldmask;
+        fd_set *readsp = NULL;
+        int oldmask;
         pid_t pid;
         int s, lport, timo;
-        char c;
+        char c, *p;
+
+        /* call rcmdsh() with specified remote shell if appropriate. */
+        if (!issetugid() && (p = getenv("RSH"))) {
+                struct servent *sp = getservbyname("shell", "tcp");
+
+                if (sp && sp->s_port == rport)
+                        return (rcmdsh(ahost, rport, locuser, remuser,
+                            cmd, p));
+        }
+
+        /* use rsh(1) if non-root and remote port is shell. */
+        if (geteuid()) {
+                struct servent *sp = getservbyname("shell", "tcp");
+
+                if (sp && sp->s_port == rport)
+                        return (rcmdsh(ahost, rport, locuser, remuser,
+                            cmd, NULL));
+        }
 
         pid = getpid();
         hp = gethostbyname(*ahost);
@@ -83,6 +101,7 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                 return (-1);
         }
         *ahost = hp->h_name;
+
         oldmask = sigblock(sigmask(SIGURG));
         for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
                 s = rresvport(&lport);
@@ -97,6 +116,7 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                         return (-1);
                 }
                 fcntl(s, F_SETOWN, pid);
+                bzero(&sin, sizeof sin);
                 sin.sin_len = sizeof(struct sockaddr_in);
                 sin.sin_family = hp->h_addrtype;
                 sin.sin_port = rport;
@@ -130,7 +150,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                 sigsetmask(oldmask);
                 return (-1);
         }
+#if 0
+        /*
+         * try to rresvport() to the same port. This will make rresvport()
+         * fail it's first bind, resulting in it choosing a random port.
+         */
         lport--;
+#endif
         if (fd2p == 0) {
                 write(s, "", 1);
                 lport = 0;
@@ -138,9 +164,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                 char num[8];
                 int s2 = rresvport(&lport), s3;
                 int len = sizeof(from);
+                int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
 
                 if (s2 < 0)
                         goto bad;
+                readsp = (fd_set *)malloc(fdssize);
+                if (readsp == NULL)
+                        goto bad;
                 listen(s2, 1);
                 (void)snprintf(num, sizeof(num), "%d", lport);
                 if (write(s, num, strlen(num)+1) != strlen(num)+1) {
@@ -150,12 +180,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                         (void)close(s2);
                         goto bad;
                 }
-                FD_ZERO(&reads);
-                FD_SET(s, &reads);
-                FD_SET(s2, &reads);
+again:
+                bzero(readsp, fdssize);
+                FD_SET(s, readsp);
+                FD_SET(s2, readsp);
                 errno = 0;
-                if (select(MAX(s, s2) + 1, &reads, 0, 0, 0) < 1 ||
-                    !FD_ISSET(s2, &reads)) {
+                if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 ||
+                    !FD_ISSET(s2, readsp)) {
                         if (errno != 0)
                                 (void)fprintf(stderr,
                                     "rcmd: select (setting up stderr): %s\n",
@@ -167,6 +198,14 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                         goto bad;
                 }
                 s3 = accept(s2, (struct sockaddr *)&from, &len);
+                /*
+                 * XXX careful for ftp bounce attacks. If discovered, shut them
+                 * down and check for the real auxiliary channel to connect.
+                 */
+                if (from.sin_family == AF_INET && from.sin_port == htons(20)) {
+                        close(s3);
+                        goto again;
+                }
                 (void)close(s2);
                 if (s3 < 0) {
                         (void)fprintf(stderr,
@@ -201,11 +240,14 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                 goto bad2;
         }
         sigsetmask(oldmask);
+        free(readsp);
         return (s);
 bad2:
         if (lport)
                 (void)close(*fd2p);
 bad:
+        if (readsp)
+                free(readsp);
         (void)close(s);
         sigsetmask(oldmask);
         return (-1);
@@ -218,27 +260,29 @@ rresvport(alport)
         struct sockaddr_in sin;
         int s;
 
+        bzero(&sin, sizeof sin);
         sin.sin_len = sizeof(struct sockaddr_in);
         sin.sin_family = AF_INET;
         sin.sin_addr.s_addr = INADDR_ANY;
         s = socket(AF_INET, SOCK_STREAM, 0);
         if (s < 0)
                 return (-1);
-        for (;;) {
-                sin.sin_port = htons((u_short)*alport);
+        sin.sin_port = htons((in_port_t)*alport);
+        if (*alport < IPPORT_RESERVED - 1) {
                 if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
                         return (s);
                 if (errno != EADDRINUSE) {
                         (void)close(s);
                         return (-1);
                 }
-                (*alport)--;
-                if (*alport == IPPORT_RESERVED/2) {
-                        (void)close(s);
-                        errno = EAGAIN;         /* close */
-                        return (-1);
-                }
         }
+        sin.sin_port = 0;
+        if (bindresvport(s, &sin) == -1) {
+                (void)close(s);
+                return (-1);
+        }
+        *alport = (int)ntohs(sin.sin_port);
+        return (s);
 }
 
 int     __check_rhosts_file = 1;
@@ -253,7 +297,7 @@ ruserok(rhost, superuser, ruser, luser)
         char **ap;
         int i;
 #define MAXADDRS        35
-        u_long addrs[MAXADDRS + 1];
+        u_int32_t addrs[MAXADDRS + 1];
 
         if ((hp = gethostbyname(rhost)) == NULL)
                 return (-1);
@@ -262,7 +306,7 @@ ruserok(rhost, superuser, ruser, luser)
         addrs[i] = 0;
 
         for (i = 0; i < MAXADDRS && addrs[i]; i++)
-                if (iruserok(addrs[i], superuser, ruser, luser) == 0)
+                if (iruserok((in_addr_t)addrs[i], superuser, ruser, luser) == 0)
                         return (0);
         return (-1);
 }
@@ -278,7 +322,7 @@ ruserok(rhost, superuser, ruser, luser)
  */
 int
 iruserok(raddr, superuser, ruser, luser)
-        u_long raddr;
+        u_int32_t raddr;
         int superuser;
         const char *ruser, *luser;
 {
@@ -352,41 +396,47 @@ again:
  * Returns 0 if ok, -1 if not ok.
  */
 int
-__ivaliduser(hostf, raddr, luser, ruser)
+__ivaliduser(hostf, raddrl, luser, ruser)
         FILE *hostf;
-        u_long raddr;
+        in_addr_t raddrl;
         const char *luser, *ruser;
 {
         register char *user, *p;
-        int ch;
-        char buf[MAXHOSTNAMELEN + 128];         /* host + login */
+        char *buf;
         const char *auser, *ahost;
         int hostok, userok;
-        char rhost[MAXHOSTNAMELEN];
-        struct hostent *hp;
+        char *rhost = (char *)-1;
         char domain[MAXHOSTNAMELEN];
+        u_int32_t raddr = (u_int32_t)raddrl;
+        size_t buflen;
 
         getdomainname(domain, sizeof(domain));
 
-        while (fgets(buf, sizeof(buf), hostf)) {
+        while ((buf = fgetln(hostf, &buflen))) {
                 p = buf;
-                /* Skip lines that are too long. */
-                if (strchr(p, '\n') == NULL) {
-                        while ((ch = getc(hostf)) != '\n' && ch != EOF);
+                if (*p == '#')
                         continue;
-                }
-                while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
+                while (*p != '\n' && *p != ' ' && *p != '\t' && p < buf + buflen) {
+                        if (!isprint(*p))
+                                goto bail;
                         *p = isupper(*p) ? tolower(*p) : *p;
                         p++;
                 }
+                if (p >= buf + buflen)
+                        continue;
                 if (*p == ' ' || *p == '\t') {
                         *p++ = '\0';
-                        while (*p == ' ' || *p == '\t')
+                        while ((*p == ' ' || *p == '\t') && p < buf + buflen)
                                 p++;
+                        if (p >= buf + buflen)
+                                continue;
                         user = p;
                         while (*p != '\n' && *p != ' ' &&
-                            *p != '\t' && *p != '\0')
+                            *p != '\t' && p < buf + buflen) {
+                                if (!isprint(*p))
+                                        goto bail;
                                 p++;
+                        }
                 } else
                         user = p;
                 *p = '\0';
@@ -397,25 +447,27 @@ __ivaliduser(hostf, raddr, luser, ruser)
                 auser = *user ? user : luser;
                 ahost = buf;
 
-                if ((hp = gethostbyaddr((char *) &raddr,
-                                        sizeof(raddr), AF_INET)) == NULL) {
-                        abort();
-                        return -1;
-                }
-                (void) strncpy(rhost, hp->h_name, sizeof(rhost));
-                rhost[sizeof(rhost) - 1] = '\0';
+                if (strlen(ahost) >= MAXHOSTNAMELEN)
+                        continue;
 
+                /*
+                 * innetgr() must lookup a hostname (we do not attempt
+                 * to change the semantics so that netgroups may have
+                 * #.#.#.# addresses in the list.)
+                 */
                 if (ahost[0] == '+')
                         switch (ahost[1]) {
                         case '\0':
                                 hostok = 1;
                                 break;
-
                         case '@':
-                                hostok = innetgr(&ahost[2], rhost, NULL,
-                                                 domain);
+                                if (rhost == (char *)-1)
+                                        rhost = __gethostloop(raddr);
+                                hostok = 0;
+                                if (rhost)
+                                        hostok = innetgr(&ahost[2], rhost,
+                                            NULL, domain);
                                 break;
-
                         default:
                                 hostok = __icheckhost(raddr, &ahost[1]);
                                 break;
@@ -425,12 +477,14 @@ __ivaliduser(hostf, raddr, luser, ruser)
                         case '\0':
                                 hostok = -1;
                                 break;
-
                         case '@':
-                                hostok = -innetgr(&ahost[2], rhost, NULL,
-                                                  domain);
+                                if (rhost == (char *)-1)
+                                        rhost = __gethostloop(raddr);
+                                hostok = 0;
+                                if (rhost)
+                                        hostok = -innetgr(&ahost[2], rhost,
+                                            NULL, domain);
                                 break;
-
                         default:
                                 hostok = -__icheckhost(raddr, &ahost[1]);
                                 break;
@@ -444,14 +498,12 @@ __ivaliduser(hostf, raddr, luser, ruser)
                         case '\0':
                                 userok = 1;
                                 break;
-
                         case '@':
                                 userok = innetgr(&auser[2], NULL, ruser,
-                                                 domain);
+                                    domain);
                                 break;
-
                         default:
-                                userok = strcmp(ruser, &auser[1]) == 0;
+                                userok = strcmp(ruser, &auser[1]) ? 0 : 1;
                                 break;
                         }
                 else if (auser[0] == '-')
@@ -459,59 +511,97 @@ __ivaliduser(hostf, raddr, luser, ruser)
                         case '\0':
                                 userok = -1;
                                 break;
-
                         case '@':
                                 userok = -innetgr(&auser[2], NULL, ruser,
-                                                  domain);
+                                    domain);
                                 break;
-
                         default:
-                                userok = -(strcmp(ruser, &auser[1]) == 0);
+                                userok = strcmp(ruser, &auser[1]) ? 0 : -1;
                                 break;
                         }
                 else
-                        userok = strcmp(ruser, auser) == 0;
+                        userok = strcmp(ruser, auser) ? 0 : 1;
 
                 /* Check if one component did not match */
                 if (hostok == 0 || userok == 0)
                         continue;
 
                 /* Check if we got a forbidden pair */
-                if (userok == -1 || hostok == -1)
-                        return -1;
+                if (userok <= -1 || hostok <= -1)
+                        return (-1);
 
                 /* Check if we got a valid pair */
-                if (hostok == 1 && userok == 1)
-                        return 0;
+                if (hostok >= 1 && userok >= 1)
+                        return (0);
         }
-        return -1;
+bail:
+        return (-1);
 }
 
 /*
- * Returns "true" if match, 0 if no match.
+ * Returns "true" if match, 0 if no match.  If we do not find any
+ * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
  */
 static int
 __icheckhost(raddr, lhost)
-        u_long raddr;
+        u_int32_t raddr;
         const char *lhost;
 {
         register struct hostent *hp;
-        register u_long laddr;
         register char **pp;
+        struct in_addr in;
+
+        hp = gethostbyname(lhost);
+        if (hp != NULL) {
+                /* Spin through ip addresses. */
+                for (pp = hp->h_addr_list; *pp; ++pp)
+                        if (!bcmp(&raddr, *pp, sizeof(raddr)))
+                                return (1);
+        }
 
-        /* Try for raw ip address first. */
-        if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1)
-                return (raddr == laddr);
-
-        /* Better be a hostname. */
-        if ((hp = gethostbyname(lhost)) == NULL)
-                return (0);
-
-        /* Spin through ip addresses. */
-        for (pp = hp->h_addr_list; *pp; ++pp)
-                if (!bcmp(&raddr, *pp, sizeof(u_long)))
-                        return (1);
-
-        /* No match. */
+        in.s_addr = raddr;
+        if (strcmp(lhost, inet_ntoa(in)) == 0)
+                return (1);
         return (0);
 }
+
+/*
+ * Return the hostname associated with the supplied address.
+ * Do a reverse lookup as well for security. If a loop cannot
+ * be found, pack the result of inet_ntoa() into the string.
+ */
+static char *
+__gethostloop(raddr)
+        u_int32_t raddr;
+{
+        static char remotehost[MAXHOSTNAMELEN];
+        struct hostent *hp;
+        struct in_addr in;
+
+        hp = gethostbyaddr((char *) &raddr, sizeof(raddr), AF_INET);
+        if (hp == NULL)
+                return (NULL);
+
+        /*
+         * Look up the name and check that the supplied
+         * address is in the list
+         */
+        strncpy(remotehost, hp->h_name, sizeof(remotehost) - 1);
+        remotehost[sizeof(remotehost) - 1] = '\0';
+        hp = gethostbyname(remotehost);
+        if (hp == NULL)
+                return (NULL);
+
+        for (; hp->h_addr_list[0] != NULL; hp->h_addr_list++)
+                if (!bcmp(hp->h_addr_list[0], (caddr_t)&raddr, sizeof(raddr)))
+                        return (remotehost);
+
+        /*
+         * either the DNS adminstrator has made a configuration
+         * mistake, or someone has attempted to spoof us
+         */
+        in.s_addr = raddr;
+        syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
+            inet_ntoa(in), hp->h_name);
+        return (NULL);
+}
diff --git a/src/lib/libc/stdlib/realloc.3 b/src/lib/libc/net/rcmdsh.3
index 66f09b2081..fd89acee8f 100644
--- a/src/lib/libc/stdlib/realloc.3
+++ b/src/lib/libc/net/rcmdsh.3
@@ -1,5 +1,7 @@
-.\" Copyright (c) 1991 The Regents of the University of California.
-.\" All rights reserved.
+.\"     $OpenBSD: rcmdsh.3,v 1.3 1998/06/26 17:54:09 millert Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"     The Regents of the University of California.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -29,72 +31,78 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)realloc.3     5.1 (Berkeley) 5/2/91
-.\"     $Id: realloc.3,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $
-.\"
-.Dd May 2, 1991
-.Dt REALLOC 3
-.Os
+.Dd Sep 1, 1996
+.Dt RCMDSH 3
+.Os OpenBSD
 .Sh NAME
-.Nm realloc
-.Nd reallocation of memory function
+.Nm rcmdsh
+.Nd return a stream to a remote command without superuser
 .Sh SYNOPSIS
-.Fd #include <stdlib.h>
-.Ft void *
-.Fn realloc "void *ptr" "size_t size"
+.Fd #include <unistd.h>
+.Ft int
+.Fn rcmdsh "char **ahost" "int inport" "const char *locuser" "const char *remuser" "const char *cmd" "char *rshprog"
 .Sh DESCRIPTION
 The
-.Fn realloc
-function changes the size of the object pointed to by
-.Fa ptr
-to the size specified by
-.Fa size .
-The contents of the object are unchanged up to the lesser
-of the new and old sizes.
-If the new size is larger, the value of the newly allocated portion
-of the object is indeterminate.
-If
-.Fa ptr
-is a null pointer, the
-.Fn realloc
-function behaves like the
-.Xr malloc 3
-function for the specified size.
-Otherwise, if
-.Fa ptr
-does not match a pointer earlier returned by the
-.Xr calloc 3 ,
-.Xr malloc 3 ,
-or 
-.Fn realloc
-function, or if the space has been deallocated
-by a call to the
-.Xr free
-or
-.Fn realloc
-function, unpredictable and usually detrimental
-behavior will occur.
-If the space cannot be allocated, the object 
-pointed to by
-.Fa ptr
-is unchanged.
-If
-.Fa size
-is zero and
-.Fa ptr
-is not a null pointer, the object it points to is freed.
+.Fn rcmdsh
+function
+is used by normal users to execute a command on
+a remote machine using an authentication scheme based
+on reserved port numbers using
+.Xr rshd 8
+or the value of
+.Fa rshprog
+(if non-NULL).
 .Pp
 The
-.Fn realloc
-function returns either a null pointer or a pointer
-to the possibly moved allocated space.
+.Fn rcmdsh
+function
+looks up the host
+.Fa *ahost
+using
+.Xr gethostbyname 3 ,
+returning \-1 if the host does not exist.
+Otherwise
+.Fa *ahost
+is set to the standard name of the host
+and a connection is established to a server
+residing at the well-known Internet port
+.Li shell/tcp
+(or whatever port is used by
+.Fa rshprog
+).  The parameter
+.Fa inport
+is ignored; it is only included to provide an interface similar to
+.Xr rcmd 3 .
+.Pp
+If the connection succeeds,
+a socket in the
+.Tn UNIX
+domain of type
+.Dv SOCK_STREAM
+is returned to the caller, and given to the remote
+command as 
+.Em stdin
+and
+.Em stdout ,
+and
+.Em stderr .
+.Sh DIAGNOSTICS
+The
+.Fn rcmdsh
+function
+returns a valid socket descriptor on success.
+It returns \-1 on error and prints a diagnostic message on the standard error.
 .Sh SEE ALSO
-.Xr alloca 3 ,
-.Xr calloc 3 ,
-.Xr free 3 ,
-.Xr malloc 3 ,
-.Sh STANDARDS
+.Xr rsh 1 ,
+.Xr socketpair 2 ,
+.Xr rcmd 3 ,
+.Xr rshd 8
+.Sh BUGS
+If
+.Xr rsh 1
+gets an error a file descriptor is still returned instead of \-1.
+.Sh HISTORY
 The
-.Fn realloc
-function conforms to
-.St -ansiC .
+.Fn rcmdsh
+function first appeared in
+.Ox 2.0 .
diff --git a/src/lib/libc/net/rcmdsh.c b/src/lib/libc/net/rcmdsh.c
new file mode 100644
index 0000000000..93523a4c56
--- /dev/null
+++ b/src/lib/libc/net/rcmdsh.c
@@ -0,0 +1,124 @@
+/*      $OpenBSD: rcmdsh.c,v 1.5 1998/04/25 16:23:58 millert Exp $      */ 
+
+/*
+ * This is an rcmd() replacement originally by 
+ * Chris Siebenmann <cks@utcc.utoronto.ca>.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: rcmdsh.c,v 1.5 1998/04/25 16:23:58 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include      <sys/types.h>
+#include      <sys/socket.h>
+#include      <sys/wait.h>
+#include      <signal.h>
+#include      <errno.h>
+#include      <netdb.h>
+#include      <stdio.h>
+#include      <string.h>
+#include      <pwd.h>
+#include      <paths.h>
+#include      <unistd.h>
+
+/*
+ * This is a replacement rcmd() function that uses the rsh(1)
+ * program in place of a direct rcmd(3) function call so as to
+ * avoid having to be root.  Note that rport is ignored.
+ */
+/* ARGSUSED */
+int
+rcmdsh(ahost, rport, locuser, remuser, cmd, rshprog)
+        char **ahost;
+        int rport;
+        const char *locuser, *remuser, *cmd;
+        char *rshprog;
+{
+        struct hostent *hp;
+        int cpid, sp[2];
+        char *p;
+        struct passwd *pw;
+
+        /* What rsh/shell to use. */
+        if (rshprog == NULL)
+                rshprog = _PATH_RSH;
+
+        /* locuser must exist on this host. */
+        if ((pw = getpwnam(locuser)) == NULL) {
+                (void) fprintf(stderr, "rcmdsh: unknown user: %s\n", locuser);
+                return(-1);
+        }
+
+        /* Validate remote hostname. */
+        if (strcmp(*ahost, "localhost") != 0) {
+                if ((hp = gethostbyname(*ahost)) == NULL) {
+                        herror(*ahost);
+                        return(-1);
+                }
+                *ahost = hp->h_name;
+        }
+
+        /* Get a socketpair we'll use for stdin and stdout. */
+        if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, sp) < 0) {
+                perror("rcmdsh: socketpair");
+                return(-1);
+        }
+
+        cpid = fork();
+        if (cpid < 0) {
+                perror("rcmdsh: fork failed");
+                return(-1);
+        } else if (cpid == 0) {
+                /*
+                 * Child.  We use sp[1] to be stdin/stdout, and close sp[0].
+                 */
+                (void) close(sp[0]);
+                if (dup2(sp[1], 0) < 0 || dup2(0, 1) < 0) {
+                        perror("rcmdsh: dup2 failed");
+                        _exit(255);
+                }
+                /* Fork again to lose parent. */
+                cpid = fork();
+                if (cpid < 0) {
+                        perror("rcmdsh: fork to lose parent failed");
+                        _exit(255);
+                }
+                if (cpid > 0)
+                        _exit(0);
+
+                /* In grandchild here.  Become local user for rshprog. */
+                if (setuid(pw->pw_uid)) {
+                        (void) fprintf(stderr, "rcmdsh: setuid(%u): %s\n",
+                                       pw->pw_uid, strerror(errno));
+                        _exit(255);
+                }
+
+                /*
+                 * If remote host is "localhost" and local and remote user
+                 * are the same, avoid running remote shell for efficiency.
+                 */
+                if (!strcmp(*ahost, "localhost") && !strcmp(locuser, remuser)) {
+                        if (pw->pw_shell[0] == '\0')
+                                rshprog = _PATH_BSHELL;
+                        else
+                                rshprog = pw->pw_shell;
+                        p = strrchr(rshprog, '/');
+                        execlp(rshprog, p ? p+1 : rshprog, "-c", cmd,
+                               (char *) NULL);
+                } else {
+                        p = strrchr(rshprog, '/');
+                        execlp(rshprog, p ? p+1 : rshprog, *ahost, "-l",
+                               remuser, cmd, (char *) NULL);
+                }
+                (void) fprintf(stderr, "rcmdsh: execlp %s failed: %s\n",
+                               rshprog, strerror(errno));
+                _exit(255);
+        } else {
+                /* Parent. close sp[1], return sp[0]. */
+                (void) close(sp[1]);
+                /* Reap child. */
+                (void) wait(NULL);
+                return(sp[0]);
+        }
+        /* NOTREACHED */
+}
diff --git a/src/lib/libc/net/recv.c b/src/lib/libc/net/recv.c
index 44296378cb..d209a07213 100644
--- a/src/lib/libc/net/recv.c
+++ b/src/lib/libc/net/recv.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: recv.c,v 1.6 1995/02/25 06:20:54 cgd Exp $     */
-
 /*
  * Copyright (c) 1988, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)recv.c      8.2 (Berkeley) 2/21/94";
-#else
-static char rcsid[] = "$NetBSD: recv.c,v 1.6 1995/02/25 06:20:54 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: recv.c,v 1.2 1996/08/19 08:29:40 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
diff --git a/src/lib/libc/net/res_comp.c b/src/lib/libc/net/res_comp.c
index 9d7bbecdda..f7a0358967 100644
--- a/src/lib/libc/net/res_comp.c
+++ b/src/lib/libc/net/res_comp.c
@@ -1,9 +1,11 @@
-/*      $NetBSD: res_comp.c,v 1.6 1995/02/25 06:20:55 cgd Exp $ */
+/*      $OpenBSD: res_comp.c,v 1.8 1997/07/09 01:08:49 millert Exp $    */
 
-/*-
+/*
+ * ++Copyright++ 1985, 1993
+ * -
  * Copyright (c) 1985, 1993
- *      The Regents of the University of California.  All rights reserved.
- *
+ *    The Regents of the University of California.  All rights reserved.
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -14,12 +16,12 @@
  *    documentation and/or other materials provided with the distribution.
  * 3. All advertising materials mentioning features or use of this software
  *    must display the following acknowledgement:
- *      This product includes software developed by the University of
- *      California, Berkeley and its contributors.
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
  * 4. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -56,19 +58,26 @@
 #if defined(LIBC_SCCS) && !defined(lint)
 #if 0
 static char sccsid[] = "@(#)res_comp.c  8.1 (Berkeley) 6/4/93";
-static char rcsid[] = "$Id: res_comp.c,v 4.9.1.1 1993/05/02 22:43:03 vixie Rel ";
+static char rcsid[] = "$From: res_comp.c,v 8.11 1996/12/02 09:17:22 vixie Exp $";
 #else
-static char rcsid[] = "$NetBSD: res_comp.c,v 1.6 1995/02/25 06:20:55 cgd Exp $";
+static char rcsid[] = "$OpenBSD: res_comp.c,v 1.8 1997/07/09 01:08:49 millert Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
+#include <sys/types.h>
 #include <sys/param.h>
-#include <arpa/nameser.h>
 #include <netinet/in.h>
-#include <resolv.h>
+#include <arpa/nameser.h>
+
 #include <stdio.h>
+#include <resolv.h>
+#include <ctype.h>
 
-static int dn_find();
+#include <unistd.h>
+#include <string.h>
+
+static int      dn_find __P((u_char *exp_dn, u_char *msg,
+                             u_char **dnptrs, u_char **lastdnptr));
 
 /*
  * Expand compressed domain name 'comp_dn' to full domain name.
@@ -77,23 +86,27 @@ static int dn_find();
  * 'exp_dn' is a pointer to a buffer of size 'length' for the result.
  * Return size of compressed name or -1 if there was an error.
  */
+int
 dn_expand(msg, eomorig, comp_dn, exp_dn, length)
         const u_char *msg, *eomorig, *comp_dn;
-        u_char *exp_dn;
+        char *exp_dn;
         int length;
 {
-        register u_char *cp, *dn;
+        register const u_char *cp;
+        register char *dn;
         register int n, c;
-        u_char *eom;
+        char *eom;
         int len = -1, checked = 0;
 
         dn = exp_dn;
-        cp = (u_char *)comp_dn;
+        cp = comp_dn;
+        if (length > MAXHOSTNAMELEN-1)
+                length = MAXHOSTNAMELEN-1;
         eom = exp_dn + length;
         /*
          * fetch next label in domain name
          */
-        while (n = *cp++) {
+        while ((n = *cp++)) {
                 /*
                  * Check for indirection
                  */
@@ -108,23 +121,23 @@ dn_expand(msg, eomorig, comp_dn, exp_dn, length)
                                 return (-1);
                         checked += n + 1;
                         while (--n >= 0) {
-                                if ((c = *cp++) == '.') {
+                                if (((c = *cp++) == '.') || (c == '\\')) {
                                         if (dn + n + 2 >= eom)
                                                 return (-1);
                                         *dn++ = '\\';
                                 }
                                 *dn++ = c;
                                 if (cp >= eomorig)      /* out of range */
-                                        return(-1);
+                                        return (-1);
                         }
                         break;
 
                 case INDIR_MASK:
                         if (len < 0)
                                 len = cp - comp_dn + 1;
-                        cp = (u_char *)msg + (((n & 0x3f) << 8) | (*cp & 0xff));
+                        cp = msg + (((n & 0x3f) << 8) | (*cp & 0xff));
                         if (cp < msg || cp >= eomorig)  /* out of range */
-                                return(-1);
+                                return (-1);
                         checked += 2;
                         /*
                          * Check for loops in the compressed name;
@@ -157,8 +170,9 @@ dn_expand(msg, eomorig, comp_dn, exp_dn, length)
  * If 'dnptr' is NULL, we don't try to compress names. If 'lastdnptr'
  * is NULL, we don't update the list.
  */
+int
 dn_comp(exp_dn, comp_dn, length, dnptrs, lastdnptr)
-        const u_char *exp_dn;
+        const char *exp_dn;
         u_char *comp_dn, **dnptrs, **lastdnptr;
         int length;
 {
@@ -170,6 +184,7 @@ dn_comp(exp_dn, comp_dn, length, dnptrs, lastdnptr)
         dn = (u_char *)exp_dn;
         cp = comp_dn;
         eob = cp + length;
+        lpp = cpp = NULL;
         if (dnptrs != NULL) {
                 if ((msg = *dnptrs++) != NULL) {
                         for (cpp = dnptrs; *cpp != NULL; cpp++)
@@ -235,13 +250,14 @@ dn_comp(exp_dn, comp_dn, length, dnptrs, lastdnptr)
 /*
  * Skip over a compressed domain name. Return the size or -1.
  */
+int
 __dn_skipname(comp_dn, eom)
         const u_char *comp_dn, *eom;
 {
-        register u_char *cp;
+        register const u_char *cp;
         register int n;
 
-        cp = (u_char *)comp_dn;
+        cp = comp_dn;
         while (cp < eom && (n = *cp++)) {
                 /*
                  * check for indirection
@@ -259,10 +275,19 @@ __dn_skipname(comp_dn, eom)
                 break;
         }
         if (cp > eom)
-                return -1;
+                return (-1);
         return (cp - comp_dn);
 }
 
+static int
+mklower(ch)
+        register int ch;
+{
+        if (isascii(ch) && isupper(ch))
+                return (tolower(ch));
+        return (ch);
+}
+
 /*
  * Search for expanded name from a list of previously compressed names.
  * Return the offset from msg if found or -1.
@@ -281,7 +306,7 @@ dn_find(exp_dn, msg, dnptrs, lastdnptr)
         for (cpp = dnptrs; cpp < lastdnptr; cpp++) {
                 dn = exp_dn;
                 sp = cp = *cpp;
-                while (n = *cp++) {
+                while ((n = *cp++)) {
                         /*
                          * check for indirection
                          */
@@ -292,7 +317,7 @@ dn_find(exp_dn, msg, dnptrs, lastdnptr)
                                                 goto next;
                                         if (*dn == '\\')
                                                 dn++;
-                                        if (*dn++ != *cp++)
+                                        if (mklower(*dn++) != mklower(*cp++))
                                                 goto next;
                                 }
                                 if ((n = *dn++) == '\0' && *cp == '\0')
@@ -301,11 +326,12 @@ dn_find(exp_dn, msg, dnptrs, lastdnptr)
                                         continue;
                                 goto next;
 
-                        default:        /* illegal type */
-                                return (-1);
-
                         case INDIR_MASK:        /* indirection */
                                 cp = msg + (((n & 0x3f) << 8) | *cp);
+                                break;
+
+                        default:        /* illegal type */
+                                return (-1);
                         }
                 }
                 if (*dn == '\0')
@@ -316,16 +342,124 @@ dn_find(exp_dn, msg, dnptrs, lastdnptr)
 }
 
 /*
- * Routines to insert/extract short/long's. Must account for byte
- * order and non-alignment problems. This code at least has the
- * advantage of being portable.
- *
- * used by sendmail.
+ * Verify that a domain name uses an acceptable character set.
+ */
+
+/*
+ * Note the conspicuous absence of ctype macros in these definitions.  On
+ * non-ASCII hosts, we can't depend on string literals or ctype macros to
+ * tell us anything about network-format data.  The rest of the BIND system
+ * is not careful about this, but for some reason, we're doing it right here.
+ */
+#define PERIOD 0x2e
+#define hyphenchar(c) ((c) == 0x2d)
+#define bslashchar(c) ((c) == 0x5c)
+#define periodchar(c) ((c) == PERIOD)
+#define asterchar(c) ((c) == 0x2a)
+#define alphachar(c) (((c) >= 0x41 && (c) <= 0x5a) \
+                   || ((c) >= 0x61 && (c) <= 0x7a))
+#define digitchar(c) ((c) >= 0x30 && (c) <= 0x39)
+
+#define borderchar(c) (alphachar(c) || digitchar(c))
+#define middlechar(c) (borderchar(c) || hyphenchar(c))
+#define domainchar(c) ((c) > 0x20 && (c) < 0x7f)
+
+int
+res_hnok(dn)
+        const char *dn;
+{
+        int pch = PERIOD, ch = *dn++;
+
+        while (ch != '\0') {
+                int nch = *dn++;
+
+                if (periodchar(ch)) {
+                        ;
+                } else if (periodchar(pch)) {
+                        if (!borderchar(ch))
+                                return (0);
+                } else if (periodchar(nch) || nch == '\0') {
+                        if (!borderchar(ch))
+                                return (0);
+                } else {
+                        if (!middlechar(ch))
+                                return (0);
+                }
+                pch = ch, ch = nch;
+        }
+        return (1);
+}
+
+/*
+ * hostname-like (A, MX, WKS) owners can have "*" as their first label
+ * but must otherwise be as a host name.
+ */
+int
+res_ownok(dn)
+        const char *dn;
+{
+        if (asterchar(dn[0])) {
+                if (periodchar(dn[1]))
+                        return (res_hnok(dn+2));
+                if (dn[1] == '\0')
+                        return (1);
+        }
+        return (res_hnok(dn));
+}
+
+/*
+ * SOA RNAMEs and RP RNAMEs can have any printable character in their first
+ * label, but the rest of the name has to look like a host name.
  */
+int
+res_mailok(dn)
+        const char *dn;
+{
+        int ch, escaped = 0;
+
+        /* "." is a valid missing representation */
+        if (*dn == '\0')
+                return(1);
+
+        /* otherwise <label>.<hostname> */
+        while ((ch = *dn++) != '\0') {
+                if (!domainchar(ch))
+                        return (0);
+                if (!escaped && periodchar(ch))
+                        break;
+                if (escaped)
+                        escaped = 0;
+                else if (bslashchar(ch))
+                        escaped = 1;
+        }
+        if (periodchar(ch))
+                return (res_hnok(dn));
+        return(0);
+}
 
-u_short
+/*
+ * This function is quite liberal, since RFC 1034's character sets are only
+ * recommendations.
+ */
+int
+res_dnok(dn)
+        const char *dn;
+{
+        int ch;
+
+        while ((ch = *dn++) != '\0')
+                if (!domainchar(ch))
+                        return (0);
+        return (1);
+}
+
+/*
+ * Routines to insert/extract short/long's.
+ */
+
+u_int16_t
 _getshort(msgp)
-        register u_char *msgp;
+        register const u_char *msgp;
 {
         register u_int16_t u;
 
@@ -333,9 +467,21 @@ _getshort(msgp)
         return (u);
 }
 
+#ifdef NeXT
+/*
+ * nExt machines have some funky library conventions, which we must maintain.
+ */
+u_int16_t
+res_getshort(msgp)
+        register const u_char *msgp;
+{
+        return (_getshort(msgp));
+}
+#endif
+
 u_int32_t
 _getlong(msgp)
-        register u_char *msgp;
+        register const u_char *msgp;
 {
         register u_int32_t u;
 
@@ -345,7 +491,7 @@ _getlong(msgp)
 
 void
 #if defined(__STDC__) || defined(__cplusplus)
-__putshort(register u_int16_t s, register u_char *msgp)
+__putshort(register u_int16_t s, register u_char *msgp) /* must match proto */
 #else
 __putshort(s, msgp)
         register u_int16_t s;
diff --git a/src/lib/libc/net/res_data.c b/src/lib/libc/net/res_data.c
new file mode 100644
index 0000000000..b0d19c36bb
--- /dev/null
+++ b/src/lib/libc/net/res_data.c
@@ -0,0 +1,117 @@
+/*      $OpenBSD: res_data.c,v 1.1 1997/03/13 19:07:36 downsj Exp $     */
+
+/*
+ * ++Copyright++ 1995
+ * -
+ * Copyright (c) 1995
+ *    The Regents of the University of California.  All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * -
+ * Portions Copyright (c) 1993 by Digital Equipment Corporation.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies, and that
+ * the name of Digital Equipment Corporation not be used in advertising or
+ * publicity pertaining to distribution of the document or software without
+ * specific, written prior permission.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
+ * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ * -
+ * --Copyright--
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char rcsid[] = "$From: res_data.c,v 8.2 1996/08/05 08:31:35 vixie Exp $";
+#else
+static char rcsid[] = "$OpenBSD: res_data.c,v 1.1 1997/03/13 19:07:36 downsj Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+
+#include <stdio.h>
+#include <ctype.h>
+#include <resolv.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+
+const char *_res_opcodes[] = {
+        "QUERY",
+        "IQUERY",
+        "CQUERYM",
+        "CQUERYU",      /* experimental */
+        "NOTIFY",       /* experimental */
+        "5",
+        "6",
+        "7",
+        "8",
+        "UPDATEA",
+        "UPDATED",
+        "UPDATEDA",
+        "UPDATEM",
+        "UPDATEMA",
+        "ZONEINIT",
+        "ZONEREF",
+};
+
+const char *_res_resultcodes[] = {
+        "NOERROR",
+        "FORMERR",
+        "SERVFAIL",
+        "NXDOMAIN",
+        "NOTIMP",
+        "REFUSED",
+        "6",
+        "7",
+        "8",
+        "9",
+        "10",
+        "11",
+        "12",
+        "13",
+        "14",
+        "NOCHANGE",
+};
diff --git a/src/lib/libc/net/res_debug.c b/src/lib/libc/net/res_debug.c
index d841293f18..c2725395a0 100644
--- a/src/lib/libc/net/res_debug.c
+++ b/src/lib/libc/net/res_debug.c
@@ -1,9 +1,11 @@
-/*      $NetBSD: res_debug.c,v 1.7 1995/02/25 06:20:56 cgd Exp $        */
+/*      $OpenBSD: res_debug.c,v 1.9 1998/03/19 00:30:06 millert Exp $   */
 
-/*-
+/*
+ * ++Copyright++ 1985, 1990, 1993
+ * -
  * Copyright (c) 1985, 1990, 1993
- *      The Regents of the University of California.  All rights reserved.
- *
+ *    The Regents of the University of California.  All rights reserved.
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -50,174 +52,185 @@
  * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
  * SOFTWARE.
  * -
+ * Portions Copyright (c) 1995 by International Business Machines, Inc.
+ *
+ * International Business Machines, Inc. (hereinafter called IBM) grants
+ * permission under its copyrights to use, copy, modify, and distribute this
+ * Software with or without fee, provided that the above copyright notice and
+ * all paragraphs of this notice appear in all copies, and that the name of IBM
+ * not be used in connection with the marketing of any product incorporating
+ * the Software or modifications thereof, without specific, written prior
+ * permission.
+ *
+ * To the extent it has a right to do so, IBM grants an immunity from suit
+ * under its patents, if any, for the use, sale or manufacture of products to
+ * the extent that such products are used for performing Domain Name System
+ * dynamic updates in TCP/IP networks by means of the Software.  No immunity is
+ * granted for any product per se or for any other function of any product.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE.  IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
+ * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
+ * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
  * --Copyright--
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
 #if 0
 static char sccsid[] = "@(#)res_debug.c 8.1 (Berkeley) 6/4/93";
+static char rcsid[] = "$From: res_debug.c,v 8.19 1996/11/26 10:11:23 vixie Exp $";
 #else
-static char rcsid[] = "$NetBSD: res_debug.c,v 1.7 1995/02/25 06:20:56 cgd Exp $";
+static char rcsid[] = "$OpenBSD: res_debug.c,v 1.9 1998/03/19 00:30:06 millert Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
+#include <sys/types.h>
+#include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <arpa/nameser.h>
+
+#include <ctype.h>
+#include <netdb.h>
 #include <resolv.h>
 #include <stdio.h>
-#include <string.h>
+#include <time.h>
 
-void __fp_query();
-char *__p_class(), *__p_time(), *__p_type();
-char *p_cdname(), *p_fqname(), *p_rr();
-static char *p_option __P((u_int32_t));
-
-char *_res_opcodes[] = {
-        "QUERY",
-        "IQUERY",
-        "CQUERYM",
-        "CQUERYU",
-        "4",
-        "5",
-        "6",
-        "7",
-        "8",
-        "UPDATEA",
-        "UPDATED",
-        "UPDATEDA",
-        "UPDATEM",
-        "UPDATEMA",
-        "ZONEINIT",
-        "ZONEREF",
-};
-
-char *_res_resultcodes[] = {
-        "NOERROR",
-        "FORMERR",
-        "SERVFAIL",
-        "NXDOMAIN",
-        "NOTIMP",
-        "REFUSED",
-        "6",
-        "7",
-        "8",
-        "9",
-        "10",
-        "11",
-        "12",
-        "13",
-        "14",
-        "NOCHANGE",
-};
+#include <stdlib.h>
+#include <string.h>
 
-static char retbuf[16];
+extern const char *_res_opcodes[];
+extern const char *_res_resultcodes[];
 
-static char *
+/* XXX: we should use getservbyport() instead. */
+static const char *
 dewks(wks)
         int wks;
 {
+        static char nbuf[20];
+
         switch (wks) {
-        case 5: return("rje");
-        case 7: return("echo");
-        case 9: return("discard");
-        case 11: return("systat");
-        case 13: return("daytime");
-        case 15: return("netstat");
-        case 17: return("qotd");
-        case 19: return("chargen");
-        case 20: return("ftp-data");
-        case 21: return("ftp");
-        case 23: return("telnet");
-        case 25: return("smtp");
-        case 37: return("time");
-        case 39: return("rlp");
-        case 42: return("name");
-        case 43: return("whois");
-        case 53: return("domain");
-        case 57: return("apts");
-        case 59: return("apfs");
-        case 67: return("bootps");
-        case 68: return("bootpc");
-        case 69: return("tftp");
-        case 77: return("rje");
-        case 79: return("finger");
-        case 87: return("link");
-        case 95: return("supdup");
-        case 100: return("newacct");
-        case 101: return("hostnames");
-        case 102: return("iso-tsap");
-        case 103: return("x400");
-        case 104: return("x400-snd");
-        case 105: return("csnet-ns");
-        case 109: return("pop-2");
-        case 111: return("sunrpc");
-        case 113: return("auth");
-        case 115: return("sftp");
-        case 117: return("uucp-path");
-        case 119: return("nntp");
-        case 121: return("erpc");
-        case 123: return("ntp");
-        case 133: return("statsrv");
-        case 136: return("profile");
-        case 144: return("NeWS");
-        case 161: return("snmp");
-        case 162: return("snmp-trap");
-        case 170: return("print-srv");
-        default: (void) sprintf(retbuf, "%d", wks); return(retbuf);
+        case 5: return "rje";
+        case 7: return "echo";
+        case 9: return "discard";
+        case 11: return "systat";
+        case 13: return "daytime";
+        case 15: return "netstat";
+        case 17: return "qotd";
+        case 19: return "chargen";
+        case 20: return "ftp-data";
+        case 21: return "ftp";
+        case 23: return "telnet";
+        case 25: return "smtp";
+        case 37: return "time";
+        case 39: return "rlp";
+        case 42: return "name";
+        case 43: return "whois";
+        case 53: return "domain";
+        case 57: return "apts";
+        case 59: return "apfs";
+        case 67: return "bootps";
+        case 68: return "bootpc";
+        case 69: return "tftp";
+        case 77: return "rje";
+        case 79: return "finger";
+        case 87: return "link";
+        case 95: return "supdup";
+        case 100: return "newacct";
+        case 101: return "hostnames";
+        case 102: return "iso-tsap";
+        case 103: return "x400";
+        case 104: return "x400-snd";
+        case 105: return "csnet-ns";
+        case 109: return "pop-2";
+        case 111: return "sunrpc";
+        case 113: return "auth";
+        case 115: return "sftp";
+        case 117: return "uucp-path";
+        case 119: return "nntp";
+        case 121: return "erpc";
+        case 123: return "ntp";
+        case 133: return "statsrv";
+        case 136: return "profile";
+        case 144: return "NeWS";
+        case 161: return "snmp";
+        case 162: return "snmp-trap";
+        case 170: return "print-srv";
+        default: (void) sprintf(nbuf, "%d", wks); return (nbuf);
         }
 }
 
-static char *
+/* XXX: we should use getprotobynumber() instead. */
+static const char *
 deproto(protonum)
         int protonum;
 {
+        static char nbuf[20];
+
         switch (protonum) {
-        case 1: return("icmp");
-        case 2: return("igmp");
-        case 3: return("ggp");
-        case 5: return("st");
-        case 6: return("tcp");
-        case 7: return("ucl");
-        case 8: return("egp");
-        case 9: return("igp");
-        case 11: return("nvp-II");
-        case 12: return("pup");
-        case 16: return("chaos");
-        case 17: return("udp");
-        default: (void) sprintf(retbuf, "%d", protonum); return(retbuf);
+        case 1: return "icmp";
+        case 2: return "igmp";
+        case 3: return "ggp";
+        case 5: return "st";
+        case 6: return "tcp";
+        case 7: return "ucl";
+        case 8: return "egp";
+        case 9: return "igp";
+        case 11: return "nvp-II";
+        case 12: return "pup";
+        case 16: return "chaos";
+        case 17: return "udp";
+        default: (void) sprintf(nbuf, "%d", protonum); return (nbuf);
         }
 }
 
-static char *
-do_rrset(msg, cp, cnt, pflag, file, hs)
-        int cnt, pflag;
-        char *cp,*msg, *hs;
+static const u_char *
+do_rrset(msg, len, cp, cnt, pflag, file, hs)
+        int cnt, pflag, len;
+        const u_char *cp, *msg;
+        const char *hs;
         FILE *file;
 {
         int n;
         int sflag;
+
         /*
-         * Print  answer records
+         * Print answer records.
          */
         sflag = (_res.pfcode & pflag);
-        if (n = ntohs(cnt)) {
-                if ((!_res.pfcode) || ((sflag) && (_res.pfcode & RES_PRF_HEAD1)))
+        if ((n = ntohs(cnt))) {
+                if ((!_res.pfcode) ||
+                    ((sflag) && (_res.pfcode & RES_PRF_HEAD1)))
                         fprintf(file, hs);
                 while (--n >= 0) {
-                        cp = p_rr(cp, msg, file);
-                        if ((cp-msg) > PACKETSZ)
+                        if ((!_res.pfcode) || sflag) {
+                                cp = p_rr(cp, msg, file);
+                        } else {
+                                unsigned int dlen;
+                                cp += __dn_skipname(cp, cp + MAXCDNAME);
+                                cp += INT16SZ;
+                                cp += INT16SZ;
+                                cp += INT32SZ;
+                                dlen = _getshort((u_char*)cp);
+                                cp += INT16SZ;
+                                cp += dlen;
+                        }
+                        if ((cp - msg) > len)
                                 return (NULL);
                 }
-                if ((!_res.pfcode) || ((sflag) && (_res.pfcode & RES_PRF_HEAD1)))
+                if ((!_res.pfcode) ||
+                    ((sflag) && (_res.pfcode & RES_PRF_HEAD1)))
                         putc('\n', file);
         }
-        return(cp);
+        return (cp);
 }
 
+void
 __p_query(msg)
-        char *msg;
+        const u_char *msg;
 {
         __fp_query(msg, stdout);
 }
@@ -231,15 +244,14 @@ __fp_resstat(statp, file)
         struct __res_state *statp;
         FILE *file;
 {
-        int bit;
+        register u_long mask;
 
         fprintf(file, ";; res options:");
         if (!statp)
                 statp = &_res;
-        for (bit = 0;  bit < 32;  bit++) {      /* XXX 32 - bad assumption! */
-                if (statp->options & (1<<bit))
-                        fprintf(file, " %s", p_option(1<<bit));
-        }
+        for (mask = 1;  mask != 0;  mask <<= 1)
+                if (statp->options & mask)
+                        fprintf(file, " %s", p_option(mask));
         putc('\n', file);
 }
 
@@ -248,109 +260,151 @@ __fp_resstat(statp, file)
  * This is intended to be primarily a debugging routine.
  */
 void
-__fp_query(msg,file)
-        char *msg;
+__fp_nquery(msg, len, file)
+        const u_char *msg;
+        int len;
         FILE *file;
 {
-        register char *cp;
-        register HEADER *hp;
+        register const u_char *cp, *endMark;
+        register const HEADER *hp;
         register int n;
 
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1)
+                return;
+
+#define TruncTest(x) if (x > endMark) goto trunc
+#define ErrorTest(x) if (x == NULL) goto error
+
         /*
          * Print header fields.
          */
         hp = (HEADER *)msg;
-        cp = msg + sizeof(HEADER);
+        cp = msg + HFIXEDSZ;
+        endMark = msg + len;
         if ((!_res.pfcode) || (_res.pfcode & RES_PRF_HEADX) || hp->rcode) {
-                fprintf(file,";; ->>HEADER<<- opcode: %s, status: %s, id: %d",
+                fprintf(file, ";; ->>HEADER<<- opcode: %s, status: %s, id: %d",
                         _res_opcodes[hp->opcode],
                         _res_resultcodes[hp->rcode],
                         ntohs(hp->id));
                 putc('\n', file);
         }
-        putc(';', file);
+        if ((!_res.pfcode) || (_res.pfcode & RES_PRF_HEADX))
+                putc(';', file);
         if ((!_res.pfcode) || (_res.pfcode & RES_PRF_HEAD2)) {
-                fprintf(file,"; flags:");
+                fprintf(file, "; flags:");
                 if (hp->qr)
-                        fprintf(file," qr");
+                        fprintf(file, " qr");
                 if (hp->aa)
-                        fprintf(file," aa");
+                        fprintf(file, " aa");
                 if (hp->tc)
-                        fprintf(file," tc");
+                        fprintf(file, " tc");
                 if (hp->rd)
-                        fprintf(file," rd");
+                        fprintf(file, " rd");
                 if (hp->ra)
-                        fprintf(file," ra");
-                if (hp->pr)
-                        fprintf(file," pr");
+                        fprintf(file, " ra");
+                if (hp->unused)
+                        fprintf(file, " UNUSED-BIT-ON");
+                if (hp->ad)
+                        fprintf(file, " ad");
+                if (hp->cd)
+                        fprintf(file, " cd");
         }
         if ((!_res.pfcode) || (_res.pfcode & RES_PRF_HEAD1)) {
-                fprintf(file,"; Ques: %d", ntohs(hp->qdcount));
-                fprintf(file,", Ans: %d", ntohs(hp->ancount));
-                fprintf(file,", Auth: %d", ntohs(hp->nscount));
-                fprintf(file,", Addit: %d\n", ntohs(hp->arcount));
+                fprintf(file, "; Ques: %d", ntohs(hp->qdcount));
+                fprintf(file, ", Ans: %d", ntohs(hp->ancount));
+                fprintf(file, ", Auth: %d", ntohs(hp->nscount));
+                fprintf(file, ", Addit: %d", ntohs(hp->arcount));
         }
-#if 0
-        if (_res.pfcode & (RES_PRF_HEADX | RES_PRF_HEAD2 | RES_PRF_HEAD1)) {
+        if ((!_res.pfcode) || (_res.pfcode & 
+                (RES_PRF_HEADX | RES_PRF_HEAD2 | RES_PRF_HEAD1))) {
                 putc('\n',file);
         }
-#endif
         /*
          * Print question records.
          */
-        if (n = ntohs(hp->qdcount)) {
+        if ((n = ntohs(hp->qdcount))) {
                 if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES))
-                        fprintf(file,";; QUESTIONS:\n");
+                        fprintf(file, ";; QUESTIONS:\n");
                 while (--n >= 0) {
-                        fprintf(file,";;\t");
-                        cp = p_cdname(cp, msg, file);
-                        if (cp == NULL)
-                                return;
+                        if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES))
+                                fprintf(file, ";;\t");
+                        TruncTest(cp);
+                        if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES))
+                                cp = p_cdnname(cp, msg, len, file);
+                        else {
+                                int n;
+                                char name[MAXDNAME];
+
+                                if ((n = dn_expand(msg, msg+len, cp, name,
+                                                sizeof name)) < 0)
+                                        cp = NULL;
+                                else
+                                        cp += n;
+                        }
+                        ErrorTest(cp);
+                        TruncTest(cp);
                         if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES))
                                 fprintf(file, ", type = %s",
-                                        __p_type(_getshort(cp)));
-                        cp += sizeof(u_int16_t);
+                                        __p_type(_getshort((u_char*)cp)));
+                        cp += INT16SZ;
+                        TruncTest(cp);
                         if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES))
-                                fprintf(file, ", class = %s\n\n",
-                                        __p_class(_getshort(cp)));
-                        cp += sizeof(u_int16_t);
+                                fprintf(file, ", class = %s\n",
+                                        __p_class(_getshort((u_char*)cp)));
+                        cp += INT16SZ;
+                        if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES))
+                                putc('\n', file);
                 }
         }
         /*
          * Print authoritative answer records
          */
-        cp = do_rrset(msg, cp, hp->ancount, RES_PRF_ANS, file,
+        TruncTest(cp);
+        cp = do_rrset(msg, len, cp, hp->ancount, RES_PRF_ANS, file,
                       ";; ANSWERS:\n");
-        if (cp == NULL)
-                return;
+        ErrorTest(cp);
 
         /*
          * print name server records
          */
-        cp = do_rrset(msg, cp, hp->nscount, RES_PRF_AUTH, file,
+        TruncTest(cp);
+        cp = do_rrset(msg, len, cp, hp->nscount, RES_PRF_AUTH, file,
                       ";; AUTHORITY RECORDS:\n");
-        if (!cp)
-                return;
+        ErrorTest(cp);
 
+        TruncTest(cp);
         /*
          * print additional records
          */
-        cp = do_rrset(msg, cp, hp->arcount, RES_PRF_ADD, file,
+        cp = do_rrset(msg, len, cp, hp->arcount, RES_PRF_ADD, file,
                       ";; ADDITIONAL RECORDS:\n");
-        if (!cp)
-                return;
+        ErrorTest(cp);
+        return;
+ trunc:
+        fprintf(file, "\n;; ...truncated\n");
+        return;
+ error:
+        fprintf(file, "\n;; ...malformed\n");
 }
 
-char *
-p_cdname(cp, msg, file)
-        char *cp, *msg;
+void
+__fp_query(msg, file)
+        const u_char *msg;
+        FILE *file;
+{
+        fp_nquery(msg, PACKETSZ, file);
+}
+
+const u_char *
+__p_cdnname(cp, msg, len, file)
+        const u_char *cp, *msg;
+        int len;
         FILE *file;
 {
         char name[MAXDNAME];
         int n;
 
-        if ((n = dn_expand((u_char *)msg, (u_char *)cp + MAXCDNAME,
-            (u_char *)cp, (u_char *)name, sizeof(name))) < 0)
+        if ((n = dn_expand(msg, msg + len, cp, name, sizeof name)) < 0)
                 return (NULL);
         if (name[0] == '\0')
                 putc('.', file);
@@ -359,54 +413,94 @@ p_cdname(cp, msg, file)
         return (cp + n);
 }
 
-char *
-p_fqname(cp, msg, file)
-        char *cp, *msg;
+const u_char *
+__p_cdname(cp, msg, file)
+        const u_char *cp, *msg;
         FILE *file;
 {
-        char name[MAXDNAME];
-        int n, len;
+        return (p_cdnname(cp, msg, PACKETSZ, file));
+}
 
-        if ((n = dn_expand((u_char *)msg, (u_char *)cp + MAXCDNAME,
-            (u_char *)cp, (u_char *)name, sizeof(name))) < 0)
+
+/* Return a fully-qualified domain name from a compressed name (with
+   length supplied).  */
+
+const u_char *
+__p_fqnname(cp, msg, msglen, name, namelen)
+        const u_char *cp, *msg;
+        int msglen;
+        char *name;
+        int namelen;
+{
+        int n, newlen;
+
+        if ((n = dn_expand(msg, cp + msglen, cp, name, namelen)) < 0)
                 return (NULL);
-        if (name[0] == '\0') {
-                putc('.', file);
-        } else {
-                fputs(name, file);
-                if (name[strlen(name) - 1] != '.')
-                        putc('.', file);
+        newlen = strlen (name);
+        if (newlen == 0 || name[newlen - 1] != '.') {
+                if (newlen+1 >= namelen)        /* Lack space for final dot */
+                        return (NULL);
+                else
+                        strcpy(name + newlen, ".");
         }
         return (cp + n);
 }
 
+/* XXX: the rest of these functions need to become length-limited, too. (vix)
+ */
+
+const u_char *
+__p_fqname(cp, msg, file)
+        const u_char *cp, *msg;
+        FILE *file;
+{
+        char name[MAXDNAME];
+        const u_char *n;
+
+        n = __p_fqnname(cp, msg, MAXCDNAME, name, sizeof name);
+        if (n == NULL)
+                return (NULL);
+        fputs(name, file);
+        return (n);
+}
+
 /*
  * Print resource record fields in human readable form.
  */
-char *
-p_rr(cp, msg, file)
-        char *cp, *msg;
+const u_char *
+__p_rr(cp, msg, file)
+        const u_char *cp, *msg;
         FILE *file;
 {
         int type, class, dlen, n, c;
         struct in_addr inaddr;
-        char *cp1, *cp2;
+        const u_char *cp1, *cp2;
         u_int32_t tmpttl, t;
         int lcnt;
+        u_int16_t keyflags;
+        char rrname[MAXDNAME];          /* The fqdn of this RR */
+        char base64_key[MAX_KEY_BASE64];
 
-        if ((cp = p_fqname(cp, msg, file)) == NULL)
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+                h_errno = NETDB_INTERNAL;
+                return (NULL);
+        }
+        cp = __p_fqnname(cp, msg, MAXCDNAME, rrname, sizeof rrname);
+        if (!cp)
                 return (NULL);                  /* compression error */
-        type = _getshort(cp);
-        cp += sizeof(u_int16_t);
-        class = _getshort(cp);
-        cp += sizeof(u_int16_t);
-        tmpttl = _getlong(cp);
-        cp += sizeof(u_int32_t);
-        dlen = _getshort(cp);
-        cp += sizeof(u_int16_t);
+        fputs(rrname, file);
+        
+        type = _getshort((u_char*)cp);
+        cp += INT16SZ;
+        class = _getshort((u_char*)cp);
+        cp += INT16SZ;
+        tmpttl = _getlong((u_char*)cp);
+        cp += INT32SZ;
+        dlen = _getshort((u_char*)cp);
+        cp += INT16SZ;
         cp1 = cp;
         if ((!_res.pfcode) || (_res.pfcode & RES_PRF_TTLID))
-                fprintf(file, "\t%lu", tmpttl);
+                fprintf(file, "\t%lu", (u_long)tmpttl);
         if ((!_res.pfcode) || (_res.pfcode & RES_PRF_CLASS))
                 fprintf(file, "\t%s", __p_class(class));
         fprintf(file, "\t%s", __p_type(type));
@@ -418,21 +512,21 @@ p_rr(cp, msg, file)
                 switch (class) {
                 case C_IN:
                 case C_HS:
-                        bcopy(cp, (char *)&inaddr, sizeof(inaddr));
+                        bcopy(cp, (char *)&inaddr, INADDRSZ);
                         if (dlen == 4) {
-                                fprintf(file,"\t%s", inet_ntoa(inaddr));
+                                fprintf(file, "\t%s", inet_ntoa(inaddr));
                                 cp += dlen;
                         } else if (dlen == 7) {
                                 char *address;
                                 u_char protocol;
-                                u_short port;
+                                in_port_t port;
 
                                 address = inet_ntoa(inaddr);
-                                cp += sizeof(inaddr);
+                                cp += INADDRSZ;
                                 protocol = *(u_char*)cp;
-                                cp += sizeof(u_char);
-                                port = _getshort(cp);
-                                cp += sizeof(u_int16_t);
+                                cp += sizeof (u_char);
+                                port = _getshort((u_char*)cp);
+                                cp += INT16SZ;
                                 fprintf(file, "\t%s\t; proto %d, port %d",
                                         address, protocol, port);
                         }
@@ -448,98 +542,205 @@ p_rr(cp, msg, file)
         case T_NS:
         case T_PTR:
                 putc('\t', file);
-                cp = p_fqname(cp, msg, file);
+                if ((cp = p_fqname(cp, msg, file)) == NULL)
+                        return (NULL);
                 break;
 
         case T_HINFO:
-                if (n = *cp++) {
-                        fprintf(file,"\t%.*s", n, cp);
-                        cp += n;
+        case T_ISDN:
+                cp2 = cp + dlen;
+                (void) fputs("\t\"", file);
+                if ((n = (unsigned char) *cp++) != 0) {
+                        for (c = n; c > 0 && cp < cp2; c--) {
+                                if (strchr("\n\"\\", *cp))
+                                        (void) putc('\\', file);
+                                (void) putc(*cp++, file);
+                        }
                 }
-                if (n = *cp++) {
-                        fprintf(file,"\t%.*s", n, cp);
-                        cp += n;
+                putc('"', file);
+                if (cp < cp2 && (n = (unsigned char) *cp++) != 0) {
+                        (void) fputs ("\t\"", file);
+                        for (c = n; c > 0 && cp < cp2; c--) {
+                                if (strchr("\n\"\\", *cp))
+                                        (void) putc('\\', file);
+                                (void) putc(*cp++, file);
+                        }
+                        putc('"', file);
+                } else if (type == T_HINFO) {
+                        (void) fputs("\"?\"", file);
+                        fprintf(file, "\n;; *** Warning *** OS-type missing");
                 }
                 break;
 
         case T_SOA:
                 putc('\t', file);
-                cp = p_fqname(cp, msg, file);   /* origin */
+                if ((cp = p_fqname(cp, msg, file)) == NULL)
+                        return (NULL);
                 putc(' ', file);
-                cp = p_fqname(cp, msg, file);   /* mail addr */
+                if ((cp = p_fqname(cp, msg, file)) == NULL)
+                        return (NULL);
                 fputs(" (\n", file);
-                t = _getlong(cp);  cp += sizeof(u_int32_t);
-                fprintf(file,"\t\t\t%lu\t; serial\n", t);
-                t = _getlong(cp);  cp += sizeof(u_int32_t);
-                fprintf(file,"\t\t\t%lu\t; refresh (%s)\n", t, __p_time(t));
-                t = _getlong(cp);  cp += sizeof(u_int32_t);
-                fprintf(file,"\t\t\t%lu\t; retry (%s)\n", t, __p_time(t));
-                t = _getlong(cp);  cp += sizeof(u_int32_t);
-                fprintf(file,"\t\t\t%lu\t; expire (%s)\n", t, __p_time(t));
-                t = _getlong(cp);  cp += sizeof(u_int32_t);
-                fprintf(file,"\t\t\t%lu )\t; minimum (%s)", t, __p_time(t));
+                t = _getlong((u_char*)cp);  cp += INT32SZ;
+                fprintf(file, "\t\t\t%lu\t; serial\n", (u_long)t);
+                t = _getlong((u_char*)cp);  cp += INT32SZ;
+                fprintf(file, "\t\t\t%lu\t; refresh (%s)\n",
+                        (u_long)t, __p_time(t));
+                t = _getlong((u_char*)cp);  cp += INT32SZ;
+                fprintf(file, "\t\t\t%lu\t; retry (%s)\n",
+                        (u_long)t, __p_time(t));
+                t = _getlong((u_char*)cp);  cp += INT32SZ;
+                fprintf(file, "\t\t\t%lu\t; expire (%s)\n",
+                        (u_long)t, __p_time(t));
+                t = _getlong((u_char*)cp);  cp += INT32SZ;
+                fprintf(file, "\t\t\t%lu )\t; minimum (%s)",
+                        (u_long)t, __p_time(t));
                 break;
 
         case T_MX:
         case T_AFSDB:
-                fprintf(file,"\t%d ", _getshort(cp));
-                cp += sizeof(u_int16_t);
-                cp = p_fqname(cp, msg, file);
+        case T_RT:
+                fprintf(file, "\t%d ", _getshort((u_char*)cp));
+                cp += INT16SZ;
+                if ((cp = p_fqname(cp, msg, file)) == NULL)
+                        return (NULL);
+                break;
+
+        case T_PX:
+                fprintf(file, "\t%d ", _getshort((u_char*)cp));
+                cp += INT16SZ;
+                if ((cp = p_fqname(cp, msg, file)) == NULL)
+                        return (NULL);
+                putc(' ', file);
+                if ((cp = p_fqname(cp, msg, file)) == NULL)
+                        return (NULL);
                 break;
 
-        case T_TXT:
+        case T_X25:
+                cp2 = cp + dlen;
                 (void) fputs("\t\"", file);
+                if ((n = (unsigned char) *cp++) != 0) {
+                        for (c = n; c > 0 && cp < cp2; c--) {
+                                if (strchr("\n\"\\", *cp))
+                                        (void) putc('\\', file);
+                                (void) putc(*cp++, file);
+                        }
+                }
+                putc('"', file);
+                break;
+
+        case T_TXT:
+                (void) putc('\t', file);
                 cp2 = cp1 + dlen;
                 while (cp < cp2) {
-                        if (n = (unsigned char) *cp++) {
-                                for (c = n; c > 0 && cp < cp2; c--)
-                                        if (*cp == '\n') {
-                                            (void) putc('\\', file);
-                                            (void) putc(*cp++, file);
-                                        } else
-                                            (void) putc(*cp++, file);
+                        putc('"', file);
+                        if ((n = (unsigned char) *cp++)) {
+                                for (c = n; c > 0 && cp < cp2; c--) {
+                                        if (strchr("\n\"\\", *cp))
+                                                (void) putc('\\', file);
+                                        (void) putc(*cp++, file);
+                                }
                         }
+                        putc('"', file);
+                        if (cp < cp2)
+                                putc(' ', file);
                 }
-                putc('"', file);
-                break;
+                break;
+
+        case T_NSAP:
+                (void) fprintf(file, "\t%s", inet_nsap_ntoa(dlen, cp, NULL));
+                cp += dlen;
+                break;
+
+        case T_AAAA: {
+                char t[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"];
+
+                fprintf(file, "\t%s", inet_ntop(AF_INET6, cp, t, sizeof t));
+                cp += dlen;
+                break;
+            }
+
+        case T_LOC: {
+                char t[255];
+
+                fprintf(file, "\t%s", loc_ntoa(cp, t));
+                cp += dlen;
+                break;
+            }
+
+        case T_NAPTR: {
+                u_int order, preference;
+
+                order = _getshort(cp);  cp += INT16SZ;
+                preference   = _getshort(cp);  cp += INT16SZ;
+                fprintf(file, "\t%u %u ",order, preference);
+                /* Flags */
+                n = *cp++;
+                fprintf(file,"\"%.*s\" ", (int)n, cp);
+                cp += n;
+                /* Service */
+                n = *cp++;
+                fprintf(file,"\"%.*s\" ", (int)n, cp);
+                cp += n;
+                /* Regexp */
+                n = *cp++;
+                fprintf(file,"\"%.*s\" ", (int)n, cp);
+                cp += n;
+                if ((cp = p_fqname(cp, msg, file)) == NULL)
+                        return (NULL);
+                break;
+            }
+
+        case T_SRV: {
+                u_int priority, weight, port;
+
+                priority = _getshort(cp);  cp += INT16SZ;
+                weight   = _getshort(cp);  cp += INT16SZ;
+                port     = _getshort(cp);  cp += INT16SZ;
+                fprintf(file, "\t%u %u %u ", priority, weight, port);
+                if ((cp = p_fqname(cp, msg, file)) == NULL)
+                        return (NULL);
+                break;
+            }
 
         case T_MINFO:
         case T_RP:
                 putc('\t', file);
-                cp = p_fqname(cp, msg, file);
+                if ((cp = p_fqname(cp, msg, file)) == NULL)
+                        return (NULL);
                 putc(' ', file);
-                cp = p_fqname(cp, msg, file);
+                if ((cp = p_fqname(cp, msg, file)) == NULL)
+                        return (NULL);
                 break;
 
         case T_UINFO:
                 putc('\t', file);
-                fputs(cp, file);
+                fputs((char *)cp, file);
                 cp += dlen;
                 break;
 
         case T_UID:
         case T_GID:
                 if (dlen == 4) {
-                        fprintf(file,"\t%u", _getlong(cp));
-                        cp += sizeof(int32_t);
+                        fprintf(file, "\t%u", _getlong((u_char*)cp));
+                        cp += INT32SZ;
                 }
                 break;
 
         case T_WKS:
-                if (dlen < sizeof(u_int32_t) + 1)
+                if (dlen < INT32SZ + 1)
                         break;
-                bcopy(cp, (char *)&inaddr, sizeof(inaddr));
-                cp += sizeof(u_int32_t);
+                bcopy(cp, (char *)&inaddr, INADDRSZ);
+                cp += INT32SZ;
                 fprintf(file, "\t%s %s ( ",
                         inet_ntoa(inaddr),
                         deproto((int) *cp));
-                cp += sizeof(u_char);
+                cp += sizeof (u_char);
                 n = 0;
                 lcnt = 0;
                 while (cp < cp1 + dlen) {
                         c = *cp++;
                         do {
-                                if (c & 0200) {
+                                if (c & 0200) {
                                         if (lcnt == 0) {
                                                 fputs("\n\t\t\t", file);
                                                 lcnt = 5;
@@ -548,17 +749,83 @@ p_rr(cp, msg, file)
                                         putc(' ', file);
                                         lcnt--;
                                 }
-                                c <<= 1;
+                                c <<= 1;
                         } while (++n & 07);
                 }
                 putc(')', file);
                 break;
 
+        case T_KEY:
+                putc('\t', file);
+                keyflags = _getshort(cp);
+                cp += 2;
+                fprintf(file,"0x%04x", keyflags );      /* flags */
+                fprintf(file," %u", *cp++);     /* protocol */
+                fprintf(file," %u (", *cp++);   /* algorithm */
+
+                n = b64_ntop(cp, (cp1 + dlen) - cp,
+                             base64_key, sizeof base64_key);
+                for (c = 0; c < n; ++c) {
+                        if (0 == (c & 0x3F))
+                                fprintf(file, "\n\t");
+                        putc(base64_key[c], file);  /* public key data */
+                }
+
+                fprintf(file, " )");
+                if (n < 0)
+                        fprintf(file, "\t; BAD BASE64");
+                fflush(file);
+                cp = cp1 + dlen;
+                break;
+
+        case T_SIG:
+                type = _getshort((u_char*)cp);
+                cp += INT16SZ;
+                fprintf(file, " %s", p_type(type));
+                fprintf(file, "\t%d", *cp++);   /* algorithm */
+                /* Check label value and print error if wrong. */
+                n = *cp++;
+                c = dn_count_labels (rrname);
+                if (n != c)
+                        fprintf(file, "\t; LABELS WRONG (%d should be %d)\n\t",
+                                n, c);
+                /* orig ttl */
+                n = _getlong((u_char*)cp);
+                if (n != tmpttl)
+                        fprintf(file, " %u", n);
+                cp += INT32SZ;
+                /* sig expire */
+                fprintf(file, " (\n\t%s",
+                                     __p_secstodate(_getlong((u_char*)cp)));
+                cp += INT32SZ;
+                /* time signed */
+                fprintf(file, " %s", __p_secstodate(_getlong((u_char*)cp)));
+                cp += INT32SZ;
+                /* sig footprint */
+                fprintf(file," %u ", _getshort((u_char*)cp));
+                cp += INT16SZ;
+                /* signer's name */
+                cp = p_fqname(cp, msg, file);
+                n = b64_ntop(cp, (cp1 + dlen) - cp,
+                             base64_key, sizeof base64_key);
+                for (c = 0; c < n; c++) {
+                        if (0 == (c & 0x3F))
+                                fprintf (file, "\n\t");
+                        putc(base64_key[c], file);              /* signature */
+                }
+                /* Clean up... */
+                fprintf(file, " )");
+                if (n < 0)
+                        fprintf(file, "\t; BAD BASE64");
+                fflush(file);
+                cp = cp1+dlen;
+                break;
+
 #ifdef ALLOW_T_UNSPEC
         case T_UNSPEC:
                 {
                         int NumBytes = 8;
-                        char *DataPtr;
+                        u_char *DataPtr;
                         int i;
 
                         if (dlen < NumBytes) NumBytes = dlen;
@@ -572,7 +839,7 @@ p_rr(cp, msg, file)
 #endif /* ALLOW_T_UNSPEC */
 
         default:
-                fprintf(file,"\t?%d?", type);
+                fprintf(file, "\t?%d?", type);
                 cp += dlen;
         }
 #if 0
@@ -581,136 +848,205 @@ p_rr(cp, msg, file)
         putc('\n', file);
 #endif
         if (cp - cp1 != dlen) {
-                fprintf(file,";; packet size error (found %d, dlen was %d)\n",
-                        cp - cp1, dlen);
+                fprintf(file, ";; packet size error (found %ld, dlen was %d)\n",
+                        (long)(cp - cp1), dlen);
                 cp = NULL;
         }
         return (cp);
 }
 
-static  char nbuf[40];
+/*
+ * Names of RR classes and qclasses.  Classes and qclasses are the same, except
+ * that C_ANY is a qclass but not a class.  (You can ask for records of class
+ * C_ANY, but you can't have any records of that class in the database.)
+ */
+const struct res_sym __p_class_syms[] = {
+        {C_IN,          "IN"},
+        {C_CHAOS,       "CHAOS"},
+        {C_HS,          "HS"},
+        {C_HS,          "HESIOD"},
+        {C_ANY,         "ANY"},
+        {C_IN,          (char *)0}
+};
 
 /*
- * Return a string for the type
+ * Names of RR types and qtypes.  Types and qtypes are the same, except
+ * that T_ANY is a qtype but not a type.  (You can ask for records of type
+ * T_ANY, but you can't have any records of that type in the database.)
  */
-char *
-__p_type(type)
-        int type;
-{
-        switch (type) {
-        case T_A:
-                return("A");
-        case T_NS:              /* authoritative server */
-                return("NS");
-        case T_CNAME:           /* canonical name */
-                return("CNAME");
-        case T_SOA:             /* start of authority zone */
-                return("SOA");
-        case T_MB:              /* mailbox domain name */
-                return("MB");
-        case T_MG:              /* mail group member */
-                return("MG");
-        case T_MR:              /* mail rename name */
-                return("MR");
-        case T_NULL:            /* null resource record */
-                return("NULL");
-        case T_WKS:             /* well known service */
-                return("WKS");
-        case T_PTR:             /* domain name pointer */
-                return("PTR");
-        case T_HINFO:           /* host information */
-                return("HINFO");
-        case T_MINFO:           /* mailbox information */
-                return("MINFO");
-        case T_MX:              /* mail routing info */
-                return("MX");
-        case T_TXT:             /* text */
-                return("TXT");
-        case T_RP:              /* responsible person */
-                return("RP");
-        case T_AFSDB:           /* AFS cell database */
-                return("AFSDB");
-        case T_AXFR:            /* zone transfer */
-                return("AXFR");
-        case T_MAILB:           /* mail box */
-                return("MAILB");
-        case T_MAILA:           /* mail address */
-                return("MAILA");
-        case T_ANY:             /* matches any type */
-                return("ANY");
-        case T_UINFO:
-                return("UINFO");
-        case T_UID:
-                return("UID");
-        case T_GID:
-                return("GID");
+const struct res_sym __p_type_syms[] = {
+        {T_A,           "A",            "address"},
+        {T_NS,          "NS",           "name server"},
+        {T_MD,          "MD",           "mail destination (deprecated)"},
+        {T_MF,          "MF",           "mail forwarder (deprecated)"},
+        {T_CNAME,       "CNAME",        "canonical name"},
+        {T_SOA,         "SOA",          "start of authority"},
+        {T_MB,          "MB",           "mailbox"},
+        {T_MG,          "MG",           "mail group member"},
+        {T_MR,          "MR",           "mail rename"},
+        {T_NULL,        "NULL",         "null"},
+        {T_WKS,         "WKS",          "well-known service (deprecated)"},
+        {T_PTR,         "PTR",          "domain name pointer"},
+        {T_HINFO,       "HINFO",        "host information"},
+        {T_MINFO,       "MINFO",        "mailbox information"},
+        {T_MX,          "MX",           "mail exchanger"},
+        {T_TXT,         "TXT",          "text"},
+        {T_RP,          "RP",           "responsible person"},
+        {T_AFSDB,       "AFSDB",        "DCE or AFS server"},
+        {T_X25,         "X25",          "X25 address"},
+        {T_ISDN,        "ISDN",         "ISDN address"},
+        {T_RT,          "RT",           "router"},
+        {T_NSAP,        "NSAP",         "nsap address"},
+        {T_NSAP_PTR,    "NSAP_PTR",     "domain name pointer"},
+        {T_SIG,         "SIG",          "signature"},
+        {T_KEY,         "KEY",          "key"},
+        {T_PX,          "PX",           "mapping information"},
+        {T_GPOS,        "GPOS",         "geographical position (withdrawn)"},
+        {T_AAAA,        "AAAA",         "IPv6 address"},
+        {T_LOC,         "LOC",          "location"},
+        {T_NXT,         "NXT",          "next valid name (unimplemented)"},
+        {T_EID,         "EID",          "endpoint identifier (unimplemented)"},
+        {T_NIMLOC,      "NIMLOC",       "NIMROD locator (unimplemented)"},
+        {T_SRV,         "SRV",          "server selection"},
+        {T_ATMA,        "ATMA",         "ATM address (unimplemented)"},
+        {T_IXFR,        "IXFR",         "incremental zone transfer"},
+        {T_AXFR,        "AXFR",         "zone transfer"},
+        {T_MAILB,       "MAILB",        "mailbox-related data (deprecated)"},
+        {T_MAILA,       "MAILA",        "mail agent (deprecated)"},
+        {T_UINFO,       "UINFO",        "user information (nonstandard)"},
+        {T_UID,         "UID",          "user ID (nonstandard)"},
+        {T_GID,         "GID",          "group ID (nonstandard)"},
+        {T_NAPTR,       "NAPTR",        "URN Naming Authority"},
 #ifdef ALLOW_T_UNSPEC
-        case T_UNSPEC:
-                return("UNSPEC");
+        {T_UNSPEC,      "UNSPEC",       "unspecified data (nonstandard)"},
 #endif /* ALLOW_T_UNSPEC */
+        {T_ANY,         "ANY",          "\"any\""},
+        {0,             NULL,           NULL}
+};
 
-        default:
-                (void)sprintf(nbuf, "%d", type);
-                return(nbuf);
+int
+__sym_ston(syms, name, success)
+        const struct res_sym *syms;
+        char *name;
+        int *success;
+{
+        for (; syms->name != 0; syms++) {
+                if (strcasecmp (name, syms->name) == 0) {
+                        if (success)
+                                *success = 1;
+                        return (syms->number);
+                }
+        }
+        if (success)
+                *success = 0;
+        return (syms->number);          /* The default value. */
+}
+
+const char *
+__sym_ntos(syms, number, success)
+        const struct res_sym *syms;
+        int number;
+        int *success;
+{
+        static char unname[20];
+
+        for (; syms->name != 0; syms++) {
+                if (number == syms->number) {
+                        if (success)
+                                *success = 1;
+                        return (syms->name);
+                }
+        }
+
+        sprintf (unname, "%d", number);
+        if (success)
+                *success = 0;
+        return (unname);
+}
+
+
+const char *
+__sym_ntop(syms, number, success)
+        const struct res_sym *syms;
+        int number;
+        int *success;
+{
+        static char unname[20];
+
+        for (; syms->name != 0; syms++) {
+                if (number == syms->number) {
+                        if (success)
+                                *success = 1;
+                        return (syms->humanname);
+                }
         }
+        sprintf(unname, "%d", number);
+        if (success)
+                *success = 0;
+        return (unname);
+}
+
+/*
+ * Return a string for the type
+ */
+const char *
+__p_type(type)
+        int type;
+{
+        return (__sym_ntos (__p_type_syms, type, (int *)0));
 }
 
 /*
  * Return a mnemonic for class
  */
-char *
+const char *
 __p_class(class)
         int class;
 {
-
-        switch (class) {
-        case C_IN:              /* internet class */
-                return("IN");
-        case C_HS:              /* hesiod class */
-                return("HS");
-        case C_ANY:             /* matches any class */
-                return("ANY");
-        default:
-                (void)sprintf(nbuf, "%d", class);
-                return(nbuf);
-        }
+        return (__sym_ntos (__p_class_syms, class, (int *)0));
 }
 
 /*
  * Return a mnemonic for an option
  */
-static char *
-p_option(option)
-        u_int32_t option;
+const char *
+__p_option(option)
+        u_long option;
 {
+        static char nbuf[40];
+
         switch (option) {
         case RES_INIT:          return "init";
         case RES_DEBUG:         return "debug";
-        case RES_AAONLY:        return "aaonly";
+        case RES_AAONLY:        return "aaonly(unimpl)";
         case RES_USEVC:         return "usevc";
-        case RES_PRIMARY:       return "primry";
+        case RES_PRIMARY:       return "primry(unimpl)";
         case RES_IGNTC:         return "igntc";
         case RES_RECURSE:       return "recurs";
         case RES_DEFNAMES:      return "defnam";
         case RES_STAYOPEN:      return "styopn";
         case RES_DNSRCH:        return "dnsrch";
-        default:                sprintf(nbuf, "?0x%x?", option); return nbuf;
+        case RES_INSECURE1:     return "insecure1";
+        case RES_INSECURE2:     return "insecure2";
+        default:                sprintf(nbuf, "?0x%lx?", (u_long)option);
+                                return (nbuf);
         }
 }
 
 /*
  * Return a mnemonic for a time to live
  */
-char *
-__p_time(value)
+const char *
+p_time(value)
         u_int32_t value;
 {
+        static char nbuf[40];
         int secs, mins, hours, days;
         register char *p;
 
         if (value == 0) {
                 strcpy(nbuf, "0 secs");
-                return(nbuf);
+                return (nbuf);
         }
 
         secs = value % 60;
@@ -745,5 +1081,438 @@ __p_time(value)
                         *p++ = ' ';
                 (void)sprintf(p, "%d sec%s", PLURALIZE(secs));
         }
-        return(nbuf);
+        return (nbuf);
+}
+
+/*
+ * routines to convert between on-the-wire RR format and zone file format.
+ * Does not contain conversion to/from decimal degrees; divide or multiply
+ * by 60*60*1000 for that.
+ */
+
+static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000,
+                                      1000000,10000000,100000000,1000000000};
+
+/* takes an XeY precision/size value, returns a string representation. */
+static const char *
+precsize_ntoa(prec)
+        u_int8_t prec;
+{
+        static char retbuf[sizeof "90000000.00"];
+        unsigned long val;
+        int mantissa, exponent;
+
+        mantissa = (int)((prec >> 4) & 0x0f) % 10;
+        exponent = (int)((prec >> 0) & 0x0f) % 10;
+
+        val = mantissa * poweroften[exponent];
+
+        (void) sprintf(retbuf, "%ld.%.2ld", val/100, val%100);
+        return (retbuf);
+}
+
+/* converts ascii size/precision X * 10**Y(cm) to 0xXY.  moves pointer. */
+static u_int8_t
+precsize_aton(strptr)
+        char **strptr;
+{
+        unsigned int mval = 0, cmval = 0;
+        u_int8_t retval = 0;
+        register char *cp;
+        register int exponent;
+        register int mantissa;
+
+        cp = *strptr;
+
+        while (isdigit(*cp))
+                mval = mval * 10 + (*cp++ - '0');
+
+        if (*cp == '.') {               /* centimeters */
+                cp++;
+                if (isdigit(*cp)) {
+                        cmval = (*cp++ - '0') * 10;
+                        if (isdigit(*cp)) {
+                                cmval += (*cp++ - '0');
+                        }
+                }
+        }
+        cmval = (mval * 100) + cmval;
+
+        for (exponent = 0; exponent < 9; exponent++)
+                if (cmval < poweroften[exponent+1])
+                        break;
+
+        mantissa = cmval / poweroften[exponent];
+        if (mantissa > 9)
+                mantissa = 9;
+
+        retval = (mantissa << 4) | exponent;
+
+        *strptr = cp;
+
+        return (retval);
+}
+
+/* converts ascii lat/lon to unsigned encoded 32-bit number.  moves pointer. */
+static u_int32_t
+latlon2ul(latlonstrptr,which)
+        char **latlonstrptr;
+        int *which;
+{
+        register char *cp;
+        u_int32_t retval;
+        int deg = 0, min = 0, secs = 0, secsfrac = 0;
+
+        cp = *latlonstrptr;
+
+        while (isdigit(*cp))
+                deg = deg * 10 + (*cp++ - '0');
+
+        while (isspace(*cp))
+                cp++;
+
+        if (!(isdigit(*cp)))
+                goto fndhemi;
+
+        while (isdigit(*cp))
+                min = min * 10 + (*cp++ - '0');
+
+        while (isspace(*cp))
+                cp++;
+
+        if (!(isdigit(*cp)))
+                goto fndhemi;
+
+        while (isdigit(*cp))
+                secs = secs * 10 + (*cp++ - '0');
+
+        if (*cp == '.') {               /* decimal seconds */
+                cp++;
+                if (isdigit(*cp)) {
+                        secsfrac = (*cp++ - '0') * 100;
+                        if (isdigit(*cp)) {
+                                secsfrac += (*cp++ - '0') * 10;
+                                if (isdigit(*cp)) {
+                                        secsfrac += (*cp++ - '0');
+                                }
+                        }
+                }
+        }
+
+        while (!isspace(*cp))   /* if any trailing garbage */
+                cp++;
+
+        while (isspace(*cp))
+                cp++;
+
+ fndhemi:
+        switch (*cp) {
+        case 'N': case 'n':
+        case 'E': case 'e':
+                retval = ((unsigned)1<<31)
+                        + (((((deg * 60) + min) * 60) + secs) * 1000)
+                        + secsfrac;
+                break;
+        case 'S': case 's':
+        case 'W': case 'w':
+                retval = ((unsigned)1<<31)
+                        - (((((deg * 60) + min) * 60) + secs) * 1000)
+                        - secsfrac;
+                break;
+        default:
+                retval = 0;     /* invalid value -- indicates error */
+                break;
+        }
+
+        switch (*cp) {
+        case 'N': case 'n':
+        case 'S': case 's':
+                *which = 1;     /* latitude */
+                break;
+        case 'E': case 'e':
+        case 'W': case 'w':
+                *which = 2;     /* longitude */
+                break;
+        default:
+                *which = 0;     /* error */
+                break;
+        }
+
+        cp++;                   /* skip the hemisphere */
+
+        while (!isspace(*cp))   /* if any trailing garbage */
+                cp++;
+
+        while (isspace(*cp))    /* move to next field */
+                cp++;
+
+        *latlonstrptr = cp;
+
+        return (retval);
+}
+
+/* converts a zone file representation in a string to an RDATA on-the-wire
+ * representation. */
+int
+loc_aton(ascii, binary)
+        const char *ascii;
+        u_char *binary;
+{
+        const char *maxcp;
+        u_char *bcp;
+        char *cp;
+
+        u_int32_t latit = 0, longit = 0, alt = 0;
+        u_int32_t lltemp1 = 0, lltemp2 = 0;
+        int altmeters = 0, altfrac = 0, altsign = 1;
+        u_int8_t hp = 0x16;     /* default = 1e6 cm = 10000.00m = 10km */
+        u_int8_t vp = 0x13;     /* default = 1e3 cm = 10.00m */
+        u_int8_t siz = 0x12;    /* default = 1e2 cm = 1.00m */
+        int which1 = 0, which2 = 0;
+
+        cp = (char *)ascii;
+        maxcp = cp + strlen(ascii);
+
+        lltemp1 = latlon2ul(&cp, &which1);
+
+        lltemp2 = latlon2ul(&cp, &which2);
+
+        switch (which1 + which2) {
+        case 3:                 /* 1 + 2, the only valid combination */
+                if ((which1 == 1) && (which2 == 2)) { /* normal case */
+                        latit = lltemp1;
+                        longit = lltemp2;
+                } else if ((which1 == 2) && (which2 == 1)) { /* reversed */
+                        longit = lltemp1;
+                        latit = lltemp2;
+                } else {        /* some kind of brokenness */
+                        return (0);
+                }
+                break;
+        default:                /* we didn't get one of each */
+                return (0);
+        }
+
+        /* altitude */
+        if (*cp == '-') {
+                altsign = -1;
+                cp++;
+        }
+    
+        if (*cp == '+')
+                cp++;
+
+        while (isdigit(*cp))
+                altmeters = altmeters * 10 + (*cp++ - '0');
+
+        if (*cp == '.') {               /* decimal meters */
+                cp++;
+                if (isdigit(*cp)) {
+                        altfrac = (*cp++ - '0') * 10;
+                        if (isdigit(*cp)) {
+                                altfrac += (*cp++ - '0');
+                        }
+                }
+        }
+
+        alt = (10000000 + (altsign * (altmeters * 100 + altfrac)));
+
+        while (!isspace(*cp) && (cp < maxcp)) /* if trailing garbage or m */
+                cp++;
+
+        while (isspace(*cp) && (cp < maxcp))
+                cp++;
+
+        if (cp >= maxcp)
+                goto defaults;
+
+        siz = precsize_aton(&cp);
+        
+        while (!isspace(*cp) && (cp < maxcp))   /* if trailing garbage or m */
+                cp++;
+
+        while (isspace(*cp) && (cp < maxcp))
+                cp++;
+
+        if (cp >= maxcp)
+                goto defaults;
+
+        hp = precsize_aton(&cp);
+
+        while (!isspace(*cp) && (cp < maxcp))   /* if trailing garbage or m */
+                cp++;
+
+        while (isspace(*cp) && (cp < maxcp))
+                cp++;
+
+        if (cp >= maxcp)
+                goto defaults;
+
+        vp = precsize_aton(&cp);
+
+ defaults:
+
+        bcp = binary;
+        *bcp++ = (u_int8_t) 0;  /* version byte */
+        *bcp++ = siz;
+        *bcp++ = hp;
+        *bcp++ = vp;
+        PUTLONG(latit,bcp);
+        PUTLONG(longit,bcp);
+        PUTLONG(alt,bcp);
+    
+        return (16);            /* size of RR in octets */
+}
+
+/* takes an on-the-wire LOC RR and formats it in a human readable format. */
+const char *
+loc_ntoa(binary, ascii)
+        const u_char *binary;
+        char *ascii;
+{
+        static char *error = "?";
+        register const u_char *cp = binary;
+
+        int latdeg, latmin, latsec, latsecfrac;
+        int longdeg, longmin, longsec, longsecfrac;
+        char northsouth, eastwest;
+        int altmeters, altfrac, altsign;
+
+        const int referencealt = 100000 * 100;
+
+        int32_t latval, longval, altval;
+        u_int32_t templ;
+        u_int8_t sizeval, hpval, vpval, versionval;
+    
+        char *sizestr, *hpstr, *vpstr;
+
+        versionval = *cp++;
+
+        if (versionval) {
+                sprintf(ascii, "; error: unknown LOC RR version");
+                return (ascii);
+        }
+
+        sizeval = *cp++;
+
+        hpval = *cp++;
+        vpval = *cp++;
+
+        GETLONG(templ, cp);
+        latval = (templ - ((unsigned)1<<31));
+
+        GETLONG(templ, cp);
+        longval = (templ - ((unsigned)1<<31));
+
+        GETLONG(templ, cp);
+        if (templ < referencealt) { /* below WGS 84 spheroid */
+                altval = referencealt - templ;
+                altsign = -1;
+        } else {
+                altval = templ - referencealt;
+                altsign = 1;
+        }
+
+        if (latval < 0) {
+                northsouth = 'S';
+                latval = -latval;
+        } else
+                northsouth = 'N';
+
+        latsecfrac = latval % 1000;
+        latval = latval / 1000;
+        latsec = latval % 60;
+        latval = latval / 60;
+        latmin = latval % 60;
+        latval = latval / 60;
+        latdeg = latval;
+
+        if (longval < 0) {
+                eastwest = 'W';
+                longval = -longval;
+        } else
+                eastwest = 'E';
+
+        longsecfrac = longval % 1000;
+        longval = longval / 1000;
+        longsec = longval % 60;
+        longval = longval / 60;
+        longmin = longval % 60;
+        longval = longval / 60;
+        longdeg = longval;
+
+        altfrac = altval % 100;
+        altmeters = (altval / 100) * altsign;
+
+        if ((sizestr = strdup(precsize_ntoa(sizeval))) == NULL)
+                sizestr = error;
+        if ((hpstr = strdup(precsize_ntoa(hpval))) == NULL)
+                hpstr = error;
+        if ((vpstr = strdup(precsize_ntoa(vpval))) == NULL)
+                vpstr = error;
+
+        sprintf(ascii,
+              "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %d.%.2dm %sm %sm %sm",
+                latdeg, latmin, latsec, latsecfrac, northsouth,
+                longdeg, longmin, longsec, longsecfrac, eastwest,
+                altmeters, altfrac, sizestr, hpstr, vpstr);
+
+        if (sizestr != error)
+                free(sizestr);
+        if (hpstr != error)
+                free(hpstr);
+        if (vpstr != error)
+                free(vpstr);
+
+        return (ascii);
+}
+
+
+/* Return the number of DNS hierarchy levels in the name. */
+int
+__dn_count_labels(name)
+        char *name;
+{
+        int i, len, count;
+
+        len = strlen(name);
+
+        for(i = 0, count = 0; i < len; i++) {
+                if (name[i] == '.')
+                        count++;
+        }
+
+        /* don't count initial wildcard */
+        if (name[0] == '*')
+                if (count)
+                        count--;
+
+        /* don't count the null label for root. */
+        /* if terminating '.' not found, must adjust */
+        /* count to include last label */
+        if (len > 0 && name[len-1] != '.')
+                count++;
+        return (count);
+}
+
+
+/* 
+ * Make dates expressed in seconds-since-Jan-1-1970 easy to read.  
+ * SIG records are required to be printed like this, by the Secure DNS RFC.
+ */
+char *
+__p_secstodate (secs)
+        unsigned long secs;
+{
+        static char output[15];         /* YYYYMMDDHHMMSS and null */
+        time_t clock = secs;
+        struct tm *time;
+        
+        time = gmtime(&clock);
+        time->tm_year += 1900;
+        time->tm_mon += 1;
+        sprintf(output, "%04d%02d%02d%02d%02d%02d",
+                time->tm_year, time->tm_mon, time->tm_mday,
+                time->tm_hour, time->tm_min, time->tm_sec);
+        return (output);
 }
diff --git a/src/lib/libc/net/res_init.c b/src/lib/libc/net/res_init.c
index 33cc8d39f1..df176b7fa1 100644
--- a/src/lib/libc/net/res_init.c
+++ b/src/lib/libc/net/res_init.c
@@ -1,9 +1,11 @@
-/*      $NetBSD: res_init.c,v 1.8 1995/06/03 22:33:36 mycroft Exp $     */
+/*      $OpenBSD: res_init.c,v 1.16 1998/03/16 05:07:01 millert Exp $   */
 
-/*-
+/*
+ * ++Copyright++ 1985, 1989, 1993
+ * -
  * Copyright (c) 1985, 1989, 1993
- *      The Regents of the University of California.  All rights reserved.
- *
+ *    The Regents of the University of California.  All rights reserved.
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -14,12 +16,12 @@
  *    documentation and/or other materials provided with the distribution.
  * 3. All advertising materials mentioning features or use of this software
  *    must display the following acknowledgement:
- *      This product includes software developed by the University of
- *      California, Berkeley and its contributors.
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
  * 4. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -56,77 +58,150 @@
 #if defined(LIBC_SCCS) && !defined(lint)
 #if 0
 static char sccsid[] = "@(#)res_init.c  8.1 (Berkeley) 6/7/93";
-static char rcsid[] = "$Id: res_init.c,v 4.9.1.1 1993/05/02 22:43:03 vixie Rel ";
+static char rcsid[] = "$From: res_init.c,v 8.7 1996/09/28 06:51:07 vixie Exp $";
 #else
-static char rcsid[] = "$NetBSD: res_init.c,v 1.8 1995/06/03 22:33:36 mycroft Exp $";
+static char rcsid[] = "$OpenBSD: res_init.c,v 1.16 1998/03/16 05:07:01 millert Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
+#include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
+#include <sys/time.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <arpa/nameser.h>
+
+#include <stdio.h>
+#include <ctype.h>
 #include <resolv.h>
 #include <unistd.h>
-#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
+/*-------------------------------------- info about "sortlist" --------------
+ * Marc Majka           1994/04/16
+ * Allan Nathanson      1994/10/29 (BIND 4.9.3.x)
+ *
+ * NetInfo resolver configuration directory support.
+ *
+ * Allow a NetInfo directory to be created in the hierarchy which
+ * contains the same information as the resolver configuration file.
+ *
+ * - The local domain name is stored as the value of the "domain" property.
+ * - The Internet address(es) of the name server(s) are stored as values
+ *   of the "nameserver" property.
+ * - The name server addresses are stored as values of the "nameserver"
+ *   property.
+ * - The search list for host-name lookup is stored as values of the
+ *   "search" property.
+ * - The sortlist comprised of IP address netmask pairs are stored as
+ *   values of the "sortlist" property. The IP address and optional netmask
+ *   should be seperated by a slash (/) or ampersand (&) character.
+ * - Internal resolver variables can be set from the value of the "options"
+ *   property.
+ */
+
 static void res_setoptions __P((char *, char *));
+
+#ifdef RESOLVSORT
+static const char sort_mask[] = "/&";
+#define ISSORTMASK(ch) (strchr(sort_mask, ch) != NULL)
 static u_int32_t net_mask __P((struct in_addr));
+#endif
 
 /*
- * Resolver state default settings
+ * Resolver state default settings.
  */
 
-struct __res_state _res = {
-        RES_TIMEOUT,                    /* retransmition time interval */
-        4,                              /* number of times to retransmit */
-        RES_DEFAULT,                    /* options flags */
-        1,                              /* number of name servers */
-};
+struct __res_state _res
+# if defined(__BIND_RES_TEXT)
+        = { RES_TIMEOUT, }      /* Motorola, et al. */
+# endif
+        ;
 
 /*
  * Set up default settings.  If the configuration file exist, the values
  * there will have precedence.  Otherwise, the server address is set to
  * INADDR_ANY and the default domain name comes from the gethostname().
  *
- * The configuration file should only be used if you want to redefine your
- * domain or run without a server on your machine.
+ * An interrim version of this code (BIND 4.9, pre-4.4BSD) used 127.0.0.1
+ * rather than INADDR_ANY ("0.0.0.0") as the default name server address
+ * since it was noted that INADDR_ANY actually meant ``the first interface
+ * you "ifconfig"'d at boot time'' and if this was a SLIP or PPP interface,
+ * it had to be "up" in order for you to reach your own name server.  It
+ * was later decided that since the recommended practice is to always 
+ * install local static routes through 127.0.0.1 for all your network
+ * interfaces, that we could solve this problem without a code change.
+ *
+ * The configuration file should always be used, since it is the only way
+ * to specify a default domain.  If you are running a server on your local
+ * machine, you should say "nameserver 0.0.0.0" or "nameserver 127.0.0.1"
+ * in the configuration file.
  *
  * Return 0 if completes successfully, -1 on error
  */
+int
 res_init()
 {
         register FILE *fp;
-        register char *cp, **pp, *net;
+        register char *cp, **pp;
         register int n;
-        char buf[BUFSIZ], buf2[BUFSIZ];
+        char buf[BUFSIZ];
         int nserv = 0;    /* number of nameserver records read from file */
         int haveenv = 0;
         int havesearch = 0;
+        size_t len;
+#ifdef RESOLVSORT
         int nsort = 0;
-        u_long mask;
+        char *net;
+#endif
+#ifndef RFC1535
+        int dots;
+#endif
+
+        /*
+         * These three fields used to be statically initialized.  This made
+         * it hard to use this code in a shared library.  It is necessary,
+         * now that we're doing dynamic initialization here, that we preserve
+         * the old semantics: if an application modifies one of these three
+         * fields of _res before res_init() is called, res_init() will not
+         * alter them.  Of course, if an application is setting them to
+         * _zero_ before calling res_init(), hoping to override what used
+         * to be the static default, we can't detect it and unexpected results
+         * will follow.  Zero for any of these fields would make no sense,
+         * so one can safely assume that the applications were already getting
+         * unexpected results.
+         *
+         * _res.options is tricky since some apps were known to diddle the bits
+         * before res_init() was first called. We can't replicate that semantic
+         * with dynamic initialization (they may have turned bits off that are
+         * set in RES_DEFAULT).  Our solution is to declare such applications
+         * "broken".  They could fool us by setting RES_INIT but none do (yet).
+         */
+        if (!_res.retrans)
+                _res.retrans = RES_TIMEOUT;
+        if (!_res.retry)
+                _res.retry = 4;
+        if (!(_res.options & RES_INIT))
+                _res.options = RES_DEFAULT;
 
-        _res.nsaddr.sin_len = sizeof(struct sockaddr_in);
-        _res.nsaddr.sin_family = AF_INET;
-        _res.nsaddr.sin_port = htons(NAMESERVER_PORT);
 #ifdef USELOOPBACK
         _res.nsaddr.sin_addr = inet_makeaddr(IN_LOOPBACKNET, 1);
 #else
         _res.nsaddr.sin_addr.s_addr = INADDR_ANY;
 #endif
+        _res.nsaddr.sin_family = AF_INET;
+        _res.nsaddr.sin_port = htons(NAMESERVER_PORT);
         _res.nscount = 1;
         _res.ndots = 1;
         _res.pfcode = 0;
         strncpy(_res.lookups, "f", sizeof _res.lookups);
 
         /* Allow user to override the local domain definition */
-        if ((cp = getenv("LOCALDOMAIN")) != NULL) {
+        if (issetugid() == 0 && (cp = getenv("LOCALDOMAIN")) != NULL) {
                 (void)strncpy(_res.defdname, cp, sizeof(_res.defdname) - 1);
-                if ((cp = strpbrk(_res.defdname, " \t\n")) != NULL)
-                        *cp = '\0';
+                _res.defdname[sizeof(_res.defdname) - 1] = '\0';
                 haveenv++;
 
                 /*
@@ -140,7 +215,7 @@ res_init()
                 pp = _res.dnsrch;
                 *pp++ = cp;
                 for (n = 0; *cp && pp < _res.dnsrch + MAXDNSRCH; cp++) {
-                        if (*cp == '\n')        /* silly backwards compat */
+                        if (*cp == '\n')        /* silly backwards compat */
                                 break;
                         else if (*cp == ' ' || *cp == '\t') {
                                 *cp = 0;
@@ -158,16 +233,29 @@ res_init()
                 *pp++ = 0;
         }
 
+#define MATCH(line, name) \
+        (!strncmp(line, name, sizeof(name) - 1) && \
+        (line[sizeof(name) - 1] == ' ' || \
+         line[sizeof(name) - 1] == '\t'))
+
         if ((fp = fopen(_PATH_RESCONF, "r")) != NULL) {
             strncpy(_res.lookups, "bf", sizeof _res.lookups);
 
             /* read the config file */
-            while (fgets(buf, sizeof(buf), fp) != NULL) {
+            buf[0] = '\0';
+            while ((cp = fgetln(fp, &len)) != NULL) {
+                /* skip lines that are too long or zero length */
+                if (len >= sizeof(buf) || len == 0)
+                    continue;
+                (void)memcpy(buf, cp, len);
+                buf[len] = '\0';
                 /* skip comments */
-                if ((*buf == ';') || (*buf == '#'))
+                if ((cp = strpbrk(buf, ";#")) != NULL)
+                        *cp = '\0';
+                if (buf[0] == '\0')
                         continue;
                 /* read default domain name */
-                if (!strncmp(buf, "domain", sizeof("domain") - 1)) {
+                if (MATCH(buf, "domain")) {
                     if (haveenv)        /* skip if have from environ */
                             continue;
                     cp = buf + sizeof("domain") - 1;
@@ -175,15 +263,15 @@ res_init()
                             cp++;
                     if ((*cp == '\0') || (*cp == '\n'))
                             continue;
-                    (void)strncpy(_res.defdname, cp,
-                                  sizeof(_res.defdname) - 1);
+                    strncpy(_res.defdname, cp, sizeof(_res.defdname) - 1);
+                    _res.defdname[sizeof(_res.defdname) - 1] = '\0';
                     if ((cp = strpbrk(_res.defdname, " \t\n")) != NULL)
                             *cp = '\0';
                     havesearch = 0;
                     continue;
                 }
                 /* lookup types */
-                if (!strncmp(buf, "lookup", sizeof("lookup") -1)) {
+                if (MATCH(buf, "lookup")) {
                     char *sp = NULL;
 
                     bzero(_res.lookups, sizeof _res.lookups);
@@ -210,7 +298,7 @@ res_init()
                     continue;
                 }
                 /* set search list */
-                if (!strncmp(buf, "search", sizeof("search") - 1)) {
+                if (MATCH(buf, "search")) {
                     if (haveenv)        /* skip if have from environ */
                             continue;
                     cp = buf + sizeof("search") - 1;
@@ -218,8 +306,8 @@ res_init()
                             cp++;
                     if ((*cp == '\0') || (*cp == '\n'))
                             continue;
-                    (void)strncpy(_res.defdname, cp,
-                                  sizeof(_res.defdname) - 1);
+                    strncpy(_res.defdname, cp, sizeof(_res.defdname) - 1);
+                    _res.defdname[sizeof(_res.defdname) - 1] = '\0';
                     if ((cp = strchr(_res.defdname, '\n')) != NULL)
                             *cp = '\0';
                     /*
@@ -247,92 +335,125 @@ res_init()
                     continue;
                 }
                 /* read nameservers to query */
-                if (!strncmp(buf, "nameserver", sizeof("nameserver") - 1) &&
-                   nserv < MAXNS) {
-                   struct in_addr a;
+                if (MATCH(buf, "nameserver") && nserv < MAXNS) {
+                    struct in_addr a;
 
                     cp = buf + sizeof("nameserver") - 1;
                     while (*cp == ' ' || *cp == '\t')
                         cp++;
                     if ((*cp != '\0') && (*cp != '\n') && inet_aton(cp, &a)) {
-                        _res.nsaddr_list[nserv].sin_len = sizeof(struct sockaddr_in);
+                        _res.nsaddr_list[nserv].sin_addr = a;
                         _res.nsaddr_list[nserv].sin_family = AF_INET;
                         _res.nsaddr_list[nserv].sin_port =
                                 htons(NAMESERVER_PORT);
-                        _res.nsaddr_list[nserv].sin_addr = a;
                         nserv++;
                     }
                     continue;
                 }
-                if (!strncmp(buf, "sortlist", sizeof("sortlist") - 1)) {
+#ifdef RESOLVSORT
+                if (MATCH(buf, "sortlist")) {
                     struct in_addr a;
 
                     cp = buf + sizeof("sortlist") - 1;
-                    while (*cp == ' ' || *cp == '\t')
-                        cp++;
-                    while (sscanf(cp,"%[0-9./]s", buf2) && nsort < MAXRESOLVSORT) {
-                        if (net = strchr(buf2, '/'))
-                            *net = '\0';
-                        if (inet_aton(buf2, &a)) {
+                    while (nsort < MAXRESOLVSORT) {
+                        while (*cp == ' ' || *cp == '\t')
+                            cp++;
+                        if (*cp == '\0' || *cp == '\n' || *cp == ';')
+                            break;
+                        net = cp;
+                        while (*cp && !ISSORTMASK(*cp) && *cp != ';' &&
+                               isascii(*cp) && !isspace(*cp))
+                                cp++;
+                        n = *cp;
+                        *cp = 0;
+                        if (inet_aton(net, &a)) {
                             _res.sort_list[nsort].addr = a;
-                            if (net && inet_aton(net+1, &a)) {
-                                _res.sort_list[nsort].mask = a.s_addr;
-                            } else {
-                                _res.sort_list[nsort].mask =
+                            if (ISSORTMASK(n)) {
+                                *cp++ = n;
+                                net = cp;
+                                while (*cp && *cp != ';' &&
+                                        isascii(*cp) && !isspace(*cp))
+                                    cp++;
+                                n = *cp;
+                                *cp = 0;
+                                if (inet_aton(net, &a)) {
+                                    _res.sort_list[nsort].mask = a.s_addr;
+                                } else {
+                                    _res.sort_list[nsort].mask = 
                                         net_mask(_res.sort_list[nsort].addr);
+                                }
+                            } else {
+                                _res.sort_list[nsort].mask = 
+                                    net_mask(_res.sort_list[nsort].addr);
                             }
                             nsort++;
                         }
-                        if (net)
-                                *net = '/';
-                        cp += strlen(buf2);
-                        while (*cp == ' ' || *cp == '\t')
-                            cp++;
+                        *cp = n;
                     }
                     continue;
                 }
-                if (!strncmp(buf, "options", sizeof("options") -1)) {
+#endif
+                if (MATCH(buf, "options")) {
                     res_setoptions(buf + sizeof("options") - 1, "conf");
                     continue;
                 }
             }
             if (nserv > 1) 
                 _res.nscount = nserv;
+#ifdef RESOLVSORT
             _res.nsort = nsort;
+#endif
             (void) fclose(fp);
         }
-        if (_res.defdname[0] == 0) {
-                if (gethostname(buf, sizeof(_res.defdname) - 1) == 0 &&
-                   (cp = strchr(buf, '.')))
-                        (void)strcpy(_res.defdname, cp + 1);
+        if (_res.defdname[0] == 0 &&
+            gethostname(buf, sizeof(_res.defdname) - 1) == 0 &&
+            (cp = strchr(buf, '.')) != NULL)
+        {
+                strncpy(_res.defdname, cp + 1,
+                        sizeof(_res.defdname) - 1);
+                _res.defdname[sizeof(_res.defdname) - 1] = '\0';
         }
 
         /* find components of local domain that might be searched */
         if (havesearch == 0) {
                 pp = _res.dnsrch;
                 *pp++ = _res.defdname;
-#ifndef SEARCH_LOCAL_DOMAINS
                 *pp = NULL;
-#else
-                for (cp = _res.defdname, n = 0; *cp; cp++)
-                        if (*cp == '.')
-                                n++;
+
+#ifndef RFC1535
+                dots = 0;
+                for (cp = _res.defdname; *cp; cp++)
+                        dots += (*cp == '.');
+
                 cp = _res.defdname;
-                for (; n >= LOCALDOMAINPARTS && pp < _res.dnsrch + MAXDFLSRCH;
-                    n--) {
-                        cp = strchr(cp, '.');
-                        *pp++ = ++cp;
+                while (pp < _res.dnsrch + MAXDFLSRCH) {
+                        if (dots < LOCALDOMAINPARTS)
+                                break;
+                        cp = strchr(cp, '.') + 1;    /* we know there is one */
+                        *pp++ = cp;
+                        dots--;
                 }
-                *pp++ = 0;
-#endif
+                *pp = NULL;
+#ifdef DEBUG
+                if (_res.options & RES_DEBUG) {
+                        printf(";; res_init()... default dnsrch list:\n");
+                        for (pp = _res.dnsrch; *pp; pp++)
+                                printf(";;\t%s\n", *pp);
+                        printf(";;\t..END..\n");
+                }
+#endif /* DEBUG */
+#endif /* !RFC1535 */
         }
 
-        if ((cp = getenv("RES_OPTIONS")) != NULL)
+        if (issetugid())
+                _res.options |= RES_NOALIASES;
+        else if ((cp = getenv("RES_OPTIONS")) != NULL)
                 res_setoptions(cp, "env");
         _res.options |= RES_INIT;
         return (0);
 }
 
+/* ARGSUSED */
 static void
 res_setoptions(options, source)
         char *options, *source;
@@ -341,28 +462,26 @@ res_setoptions(options, source)
         int i;
 
 #ifdef DEBUG
-        if (_res.options & RES_DEBUG) {
+        if (_res.options & RES_DEBUG)
                 printf(";; res_setoptions(\"%s\", \"%s\")...\n",
                        options, source);
-        }
 #endif
         while (*cp) {
                 /* skip leading and inner runs of spaces */
                 while (*cp == ' ' || *cp == '\t')
                         cp++;
                 /* search for and process individual options */
-                if (!strncmp(cp, "ndots:", sizeof("ndots:")-1)) {
+                if (!strncmp(cp, "ndots:", sizeof("ndots:") - 1)) {
                         i = atoi(cp + sizeof("ndots:") - 1);
                         if (i <= RES_MAXNDOTS)
                                 _res.ndots = i;
                         else
                                 _res.ndots = RES_MAXNDOTS;
 #ifdef DEBUG
-                        if (_res.options & RES_DEBUG) {
+                        if (_res.options & RES_DEBUG)
                                 printf(";;\tndots=%d\n", _res.ndots);
-                        }
 #endif
-                } else if (!strncmp(cp, "debug", sizeof("debug")-1)) {
+                } else if (!strncmp(cp, "debug", sizeof("debug") - 1)) {
 #ifdef DEBUG
                         if (!(_res.options & RES_DEBUG)) {
                                 printf(";; res_setoptions(\"%s\", \"%s\")..\n",
@@ -371,6 +490,8 @@ res_setoptions(options, source)
                         }
                         printf(";;\tdebug\n");
 #endif
+                } else if (!strncmp(cp, "inet6", sizeof("inet6") - 1)) {
+                        _res.options |= RES_USE_INET6;
                 } else {
                         /* XXX - print a warning here? */
                 }
@@ -380,6 +501,8 @@ res_setoptions(options, source)
         }
 }
 
+#ifdef RESOLVSORT
+/* XXX - should really support CIDR which means explicit masks always. */
 static u_int32_t
 net_mask(in)            /* XXX - should really use system's version of this */
         struct in_addr in;
@@ -388,7 +511,8 @@ net_mask(in)		/* XXX - should really use system's version of this */
 
         if (IN_CLASSA(i))
                 return (htonl(IN_CLASSA_NET));
-        if (IN_CLASSB(i))
+        else if (IN_CLASSB(i))
                 return (htonl(IN_CLASSB_NET));
         return (htonl(IN_CLASSC_NET));
 }
+#endif
diff --git a/src/lib/libc/net/res_mkquery.c b/src/lib/libc/net/res_mkquery.c
index 25f025e147..3e7e2ae5d3 100644
--- a/src/lib/libc/net/res_mkquery.c
+++ b/src/lib/libc/net/res_mkquery.c
@@ -1,9 +1,11 @@
-/*      $NetBSD: res_mkquery.c,v 1.5 1995/02/25 06:20:58 cgd Exp $      */
+/*      $OpenBSD: res_mkquery.c,v 1.8 1997/04/13 22:37:21 provos Exp $  */
 
-/*-
+/*
+ * ++Copyright++ 1985, 1993
+ * -
  * Copyright (c) 1985, 1993
- *      The Regents of the University of California.  All rights reserved.
- *
+ *    The Regents of the University of California.  All rights reserved.
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -14,12 +16,12 @@
  *    documentation and/or other materials provided with the distribution.
  * 3. All advertising materials mentioning features or use of this software
  *    must display the following acknowledgement:
- *      This product includes software developed by the University of
- *      California, Berkeley and its contributors.
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
  * 4. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -56,39 +58,47 @@
 #if defined(LIBC_SCCS) && !defined(lint)
 #if 0
 static char sccsid[] = "@(#)res_mkquery.c       8.1 (Berkeley) 6/4/93";
-static char rcsid[] = "$Id: res_mkquery.c,v 4.9.1.2 1993/05/17 10:00:01 vixie Exp ";
+static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $";
 #else
-static char rcsid[] = "$NetBSD: res_mkquery.c,v 1.5 1995/02/25 06:20:58 cgd Exp $";
+static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.8 1997/04/13 22:37:21 provos Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
+#include <sys/types.h>
 #include <sys/param.h>
 #include <netinet/in.h>
 #include <arpa/nameser.h>
-#include <resolv.h>
+
 #include <stdio.h>
+#include <netdb.h>
+#include <resolv.h>
 #include <string.h>
 
 /*
  * Form all types of queries.
  * Returns the size of the result or -1.
  */
+/* ARGSUSED */
+int
 res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
         int op;                 /* opcode of query */
-        const char *dname;              /* domain name */
+        const char *dname;      /* domain name */
         int class, type;        /* class and type of query */
-        const char *data;               /* resource record data */
+        const u_char *data;     /* resource record data */
         int datalen;            /* length of data */
-        const char *newrr_in;   /* new rr for modify or append */
-        char *buf;              /* buffer to put query */
+        const u_char *newrr_in; /* new rr for modify or append */
+        u_char *buf;            /* buffer to put query */
         int buflen;             /* size of buffer */
 {
         register HEADER *hp;
-        register char *cp;
+        register u_char *cp;
         register int n;
-        struct rrec *newrr = (struct rrec *) newrr_in;
-        char *dnptrs[10], **dpp, **lastdnptr;
+        u_char *dnptrs[20], **dpp, **lastdnptr;
 
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+                h_errno = NETDB_INTERNAL;
+                return (-1);
+        }
 #ifdef DEBUG
         if (_res.options & RES_DEBUG)
                 printf(";; res_mkquery(%d, %s, %d, %d)\n",
@@ -96,38 +106,43 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
 #endif
         /*
          * Initialize header fields.
+         *
+         * A special random number generator is used to create non predictable
+         * and non repeating ids over a long period. It also avoids reuse
+         * by switching between two distinct number cycles.
          */
-        if ((buf == NULL) || (buflen < sizeof(HEADER)))
-                return(-1);
-        bzero(buf, sizeof(HEADER));
+
+        if ((buf == NULL) || (buflen < HFIXEDSZ))
+                return (-1);
+        bzero(buf, HFIXEDSZ);
         hp = (HEADER *) buf;
-        hp->id = htons(++_res.id);
+        _res.id = res_randomid();
+        hp->id = htons(_res.id);
         hp->opcode = op;
-        hp->pr = (_res.options & RES_PRIMARY) != 0;
         hp->rd = (_res.options & RES_RECURSE) != 0;
         hp->rcode = NOERROR;
-        cp = buf + sizeof(HEADER);
-        buflen -= sizeof(HEADER);
+        cp = buf + HFIXEDSZ;
+        buflen -= HFIXEDSZ;
         dpp = dnptrs;
         *dpp++ = buf;
         *dpp++ = NULL;
-        lastdnptr = dnptrs + sizeof(dnptrs)/sizeof(dnptrs[0]);
+        lastdnptr = dnptrs + sizeof dnptrs / sizeof dnptrs[0];
         /*
          * perform opcode specific processing
          */
         switch (op) {
-        case QUERY:
+        case QUERY:     /*FALLTHROUGH*/
+        case NS_NOTIFY_OP:
                 if ((buflen -= QFIXEDSZ) < 0)
-                        return(-1);
-                if ((n = dn_comp((u_char *)dname, (u_char *)cp, buflen,
-                    (u_char **)dnptrs, (u_char **)lastdnptr)) < 0)
+                        return (-1);
+                if ((n = dn_comp(dname, cp, buflen, dnptrs, lastdnptr)) < 0)
                         return (-1);
                 cp += n;
                 buflen -= n;
-                __putshort(type, (u_char *)cp);
-                cp += sizeof(u_int16_t);
-                __putshort(class, (u_char *)cp);
-                cp += sizeof(u_int16_t);
+                __putshort(type, cp);
+                cp += INT16SZ;
+                __putshort(class, cp);
+                cp += INT16SZ;
                 hp->qdcount = htons(1);
                 if (op == QUERY || data == NULL)
                         break;
@@ -135,19 +150,19 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
                  * Make an additional record for completion domain.
                  */
                 buflen -= RRFIXEDSZ;
-                if ((n = dn_comp((u_char *)data, (u_char *)cp, buflen,
-                    (u_char **)dnptrs, (u_char **)lastdnptr)) < 0)
+                n = dn_comp((char *)data, cp, buflen, dnptrs, lastdnptr);
+                if (n < 0)
                         return (-1);
                 cp += n;
                 buflen -= n;
-                __putshort(T_NULL, (u_char *)cp);
-                cp += sizeof(u_int16_t);
-                __putshort(class, (u_char *)cp);
-                cp += sizeof(u_int16_t);
-                __putlong(0, (u_char *)cp);
-                cp += sizeof(u_int32_t);
-                __putshort(0, (u_char *)cp);
-                cp += sizeof(u_int16_t);
+                __putshort(T_NULL, cp);
+                cp += INT16SZ;
+                __putshort(class, cp);
+                cp += INT16SZ;
+                __putlong(0, cp);
+                cp += INT32SZ;
+                __putshort(0, cp);
+                cp += INT16SZ;
                 hp->arcount = htons(1);
                 break;
 
@@ -158,79 +173,23 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
                 if (buflen < 1 + RRFIXEDSZ + datalen)
                         return (-1);
                 *cp++ = '\0';   /* no domain name */
-                __putshort(type, (u_char *)cp);
-                cp += sizeof(u_int16_t);
-                __putshort(class, (u_char *)cp);
-                cp += sizeof(u_int16_t);
-                __putlong(0, (u_char *)cp);
-                cp += sizeof(u_int32_t);
-                __putshort(datalen, (u_char *)cp);
-                cp += sizeof(u_int16_t);
-                if (datalen) {
-                        bcopy(data, cp, datalen);
-                        cp += datalen;
-                }
-                hp->ancount = htons(1);
-                break;
-
-#ifdef ALLOW_UPDATES
-        /*
-         * For UPDATEM/UPDATEMA, do UPDATED/UPDATEDA followed by UPDATEA
-         * (Record to be modified is followed by its replacement in msg.)
-         */
-        case UPDATEM:
-        case UPDATEMA:
-
-        case UPDATED:
-                /*
-                 * The res code for UPDATED and UPDATEDA is the same; user
-                 * calls them differently: specifies data for UPDATED; server
-                 * ignores data if specified for UPDATEDA.
-                 */
-        case UPDATEDA:
-                buflen -= RRFIXEDSZ + datalen;
-                if ((n = dn_comp(dname, cp, buflen, dnptrs, lastdnptr)) < 0)
-                        return (-1);
-                cp += n;
                 __putshort(type, cp);
-                cp += sizeof(u_int16_t);
-                __putshort(class, cp);
-                cp += sizeof(u_int16_t);
+                cp += INT16SZ;
+                __putshort(class, cp);
+                cp += INT16SZ;
                 __putlong(0, cp);
-                cp += sizeof(u_int32_t);
+                cp += INT32SZ;
                 __putshort(datalen, cp);
-                cp += sizeof(u_int16_t);
+                cp += INT16SZ;
                 if (datalen) {
                         bcopy(data, cp, datalen);
                         cp += datalen;
                 }
-                if ( (op == UPDATED) || (op == UPDATEDA) ) {
-                        hp->ancount = htons(0);
-                        break;
-                }
-                /* Else UPDATEM/UPDATEMA, so drop into code for UPDATEA */
-
-        case UPDATEA:   /* Add new resource record */
-                buflen -= RRFIXEDSZ + datalen;
-                if ((n = dn_comp(dname, cp, buflen, dnptrs, lastdnptr)) < 0)
-                        return (-1);
-                cp += n;
-                __putshort(newrr->r_type, cp);
-                cp += sizeof(u_int16_t);
-                __putshort(newrr->r_class, cp);
-                cp += sizeof(u_int16_t);
-                __putlong(0, cp);
-                cp += sizeof(u_int32_t);
-                __putshort(newrr->r_size, cp);
-                cp += sizeof(u_int16_t);
-                if (newrr->r_size) {
-                        bcopy(newrr->r_data, cp, newrr->r_size);
-                        cp += newrr->r_size;
-                }
-                hp->ancount = htons(0);
+                hp->ancount = htons(1);
                 break;
 
-#endif /* ALLOW_UPDATES */
+        default:
+                return (-1);
         }
         return (cp - buf);
 }
diff --git a/src/lib/libc/net/res_query.c b/src/lib/libc/net/res_query.c
index 7649462e56..a08897b45a 100644
--- a/src/lib/libc/net/res_query.c
+++ b/src/lib/libc/net/res_query.c
@@ -1,9 +1,11 @@
-/*      $NetBSD: res_query.c,v 1.9 1995/02/25 06:58:58 cgd Exp $        */
+/*      $OpenBSD: res_query.c,v 1.12 1998/08/31 18:15:29 deraadt Exp $  */
 
-/*-
+/*
+ * ++Copyright++ 1988, 1993
+ * -
  * Copyright (c) 1988, 1993
- *      The Regents of the University of California.  All rights reserved.
- *
+ *    The Regents of the University of California.  All rights reserved.
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -14,12 +16,12 @@
  *    documentation and/or other materials provided with the distribution.
  * 3. All advertising materials mentioning features or use of this software
  *    must display the following acknowledgement:
- *      This product includes software developed by the University of
- *      California, Berkeley and its contributors.
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
  * 4. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -56,23 +58,26 @@
 #if defined(LIBC_SCCS) && !defined(lint)
 #if 0
 static char sccsid[] = "@(#)res_query.c 8.1 (Berkeley) 6/4/93";
-static char rcsid[] = "$Id: res_query.c,v 1.1 1993/06/01 09:42:14 vixie Exp vixie ";
+static char rcsid[] = "$From: res_query.c,v 8.9 1996/09/22 00:13:28 vixie Exp $";
 #else
-static char rcsid[] = "$NetBSD: res_query.c,v 1.9 1995/02/25 06:58:58 cgd Exp $";
+static char rcsid[] = "$OpenBSD: res_query.c,v 1.12 1998/08/31 18:15:29 deraadt Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
+#include <sys/types.h>
 #include <sys/param.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <arpa/nameser.h>
+
+#include <stdio.h>
 #include <netdb.h>
 #include <resolv.h>
-#include <stdio.h>
 #include <ctype.h>
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 
 #if PACKETSZ > 1024
 #define MAXPACKET       PACKETSZ
@@ -80,7 +85,7 @@ static char rcsid[] = "$NetBSD: res_query.c,v 1.9 1995/02/25 06:58:58 cgd Exp $"
 #define MAXPACKET       1024
 #endif
 
-char *__hostalias __P((const char *));
+const char *hostalias __P((const char *));
 int h_errno;
 
 /*
@@ -90,27 +95,33 @@ int h_errno;
  * if no error is indicated and the answer count is nonzero.
  * Return the size of the response on success, -1 on error.
  * Error number is left in h_errno.
+ *
  * Caller must parse answer and determine whether it answers the question.
  */
+int
 res_query(name, class, type, answer, anslen)
-        char *name;             /* domain name */
+        const char *name;       /* domain name */
         int class, type;        /* class and type of query */
         u_char *answer;         /* buffer to put answer */
         int anslen;             /* size of answer buffer */
 {
-        char buf[MAXPACKET];
-        HEADER *hp;
+        u_char buf[MAXPACKET];
+        register HEADER *hp = (HEADER *) answer;
         int n;
 
-        if ((_res.options & RES_INIT) == 0 && res_init() == -1)
+        hp->rcode = NOERROR;    /* default */
+
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+                h_errno = NETDB_INTERNAL;
                 return (-1);
+        }
 #ifdef DEBUG
         if (_res.options & RES_DEBUG)
                 printf(";; res_query(%s, %d, %d)\n", name, class, type);
 #endif
-        n = res_mkquery(QUERY, name, class, type, (char *)NULL, 0, NULL,
-            buf, sizeof(buf));
 
+        n = res_mkquery(QUERY, name, class, type, NULL, 0, NULL,
+                        buf, sizeof(buf));
         if (n <= 0) {
 #ifdef DEBUG
                 if (_res.options & RES_DEBUG)
@@ -119,7 +130,7 @@ res_query(name, class, type, answer, anslen)
                 h_errno = NO_RECOVERY;
                 return (n);
         }
-        n = res_send(buf, n, (char *)answer, anslen);
+        n = res_send(buf, n, answer, anslen);
         if (n < 0) {
 #ifdef DEBUG
                 if (_res.options & RES_DEBUG)
@@ -129,7 +140,6 @@ res_query(name, class, type, answer, anslen)
                 return (n);
         }
 
-        hp = (HEADER *) answer;
         if (hp->rcode != NOERROR || ntohs(hp->ancount) == 0) {
 #ifdef DEBUG
                 if (_res.options & RES_DEBUG)
@@ -137,21 +147,21 @@ res_query(name, class, type, answer, anslen)
                             ntohs(hp->ancount));
 #endif
                 switch (hp->rcode) {
-                        case NXDOMAIN:
-                                h_errno = HOST_NOT_FOUND;
-                                break;
-                        case SERVFAIL:
-                                h_errno = TRY_AGAIN;
-                                break;
-                        case NOERROR:
-                                h_errno = NO_DATA;
-                                break;
-                        case FORMERR:
-                        case NOTIMP:
-                        case REFUSED:
-                        default:
-                                h_errno = NO_RECOVERY;
-                                break;
+                case NXDOMAIN:
+                        h_errno = HOST_NOT_FOUND;
+                        break;
+                case SERVFAIL:
+                        h_errno = TRY_AGAIN;
+                        break;
+                case NOERROR:
+                        h_errno = NO_DATA;
+                        break;
+                case FORMERR:
+                case NOTIMP:
+                case REFUSED:
+                default:
+                        h_errno = NO_RECOVERY;
+                        break;
                 }
                 return (-1);
         }
@@ -162,9 +172,7 @@ res_query(name, class, type, answer, anslen)
  * Formulate a normal query, send, and retrieve answer in supplied buffer.
  * Return the size of the response on success, -1 on error.
  * If enabled, implement search rules until answer or unrecoverable failure
- * is detected.  Error number is left in h_errno.
- * Only useful for queries in the same name hierarchy as the local host
- * (not, for example, for host address-to-name lookups in domain in-addr.arpa).
+ * is detected.  Error code, if any, is left in h_errno.
  */
 int
 res_search(name, class, type, answer, anslen)
@@ -173,28 +181,29 @@ res_search(name, class, type, answer, anslen)
         u_char *answer;         /* buffer to put answer */
         int anslen;             /* size of answer */
 {
-        register char *cp, **domain;
-        int dots, trailing_dot, ret, got_nodata, saved_herrno, tried_as_is;
+        register const char *cp, * const *domain;
+        HEADER *hp = (HEADER *) answer;
+        u_int dots;
+        int trailing_dot, ret, saved_herrno;
+        int got_nodata = 0, got_servfail = 0, tried_as_is = 0;
 
-        if ((_res.options & RES_INIT) == 0 && res_init() == -1)
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+                h_errno = NETDB_INTERNAL;
                 return (-1);
-
-        got_nodata = 0;
+        }
         errno = 0;
         h_errno = HOST_NOT_FOUND;       /* default, if we never query */
         dots = 0;
-        for (cp = (char *)name; *cp; cp++) {
-                if (*cp == '.')
-                        dots++;
-        }
+        for (cp = name; *cp; cp++)
+                dots += (*cp == '.');
         trailing_dot = 0;
-        if ((cp > name) && (*--cp == '.'))
+        if (cp > name && *--cp == '.')
                 trailing_dot++;
 
         /*
          * if there aren't any dots, it could be a user-level alias
          */
-        if (!dots && (cp = __hostalias(name)))
+        if (!dots && (cp = __hostalias(name)) != NULL)
                 return (res_query(cp, class, type, answer, anslen));
 
         /*
@@ -202,7 +211,6 @@ res_search(name, class, type, answer, anslen)
          * 'as is'.  The threshold can be set with the "ndots" option.
          */
         saved_herrno = -1;
-        tried_as_is = 0;
         if (dots >= _res.ndots) {
                 ret = res_querydomain(name, NULL, class, type, answer, anslen);
                 if (ret > 0)
@@ -219,13 +227,17 @@ res_search(name, class, type, answer, anslen)
          */
         if ((!dots && (_res.options & RES_DEFNAMES)) ||
             (dots && !trailing_dot && (_res.options & RES_DNSRCH))) {
-                for (domain = _res.dnsrch; *domain; domain++) {
-                        int done = 0;
+                int done = 0;
+
+                for (domain = (const char * const *)_res.dnsrch;
+                     *domain && !done;
+                     domain++) {
 
                         ret = res_querydomain(name, *domain, class, type,
-                            answer, anslen);
+                                              answer, anslen);
                         if (ret > 0)
                                 return (ret);
+
                         /*
                          * If no server present, give up.
                          * If name isn't found in this domain,
@@ -251,24 +263,27 @@ res_search(name, class, type, answer, anslen)
                         case HOST_NOT_FOUND:
                                 /* keep trying */
                                 break;
+                        case TRY_AGAIN:
+                                if (hp->rcode == SERVFAIL) {
+                                        /* try next search element, if any */
+                                        got_servfail++;
+                                        break;
+                                }
+                                /* FALLTHROUGH */
                         default:
                                 /* anything else implies that we're done */
                                 done++;
                         }
-                        /*
-                         * if we got here for some reason other than DNSRCH,
+
+                        /* if we got here for some reason other than DNSRCH,
                          * we only wanted one iteration of the loop, so stop.
                          */
                         if (!(_res.options & RES_DNSRCH))
-                                done++;
-
-                        if (done)
-                                break;
+                                done++;
                 }
         }
 
-        /*
-         * if we have not already tried the name "as is", do that now.
+        /* if we have not already tried the name "as is", do that now.
          * note that we do this regardless of how many dots were in the
          * name or whether it ends with a dot.
          */
@@ -276,11 +291,9 @@ res_search(name, class, type, answer, anslen)
                 ret = res_querydomain(name, NULL, class, type, answer, anslen);
                 if (ret > 0)
                         return (ret);
-                saved_herrno = h_errno;
         }
 
-        /*
-         * if we got here, we didn't satisfy the search.
+        /* if we got here, we didn't satisfy the search.
          * if we did an initial full query, return that query's h_errno
          * (note that we wouldn't be here if that query had succeeded).
          * else if we ever got a nodata, send that back as the reason.
@@ -291,6 +304,8 @@ res_search(name, class, type, answer, anslen)
                 h_errno = saved_herrno;
         else if (got_nodata)
                 h_errno = NO_DATA;
+        else if (got_servfail)
+                h_errno = TRY_AGAIN;
         return (-1);
 }
 
@@ -298,20 +313,25 @@ res_search(name, class, type, answer, anslen)
  * Perform a call on res_query on the concatenation of name and domain,
  * removing a trailing dot from name if domain is NULL.
  */
+int
 res_querydomain(name, domain, class, type, answer, anslen)
-        char *name, *domain;
+        const char *name, *domain;
         int class, type;        /* class and type of query */
         u_char *answer;         /* buffer to put answer */
         int anslen;             /* size of answer */
 {
-        char nbuf[2*MAXDNAME+2];
-        char *longname = nbuf;
+        char nbuf[MAXDNAME*2+1];
+        const char *longname = nbuf;
         int n;
 
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+                h_errno = NETDB_INTERNAL;
+                return (-1);
+        }
 #ifdef DEBUG
         if (_res.options & RES_DEBUG)
                 printf(";; res_querydomain(%s, %s, %d, %d)\n",
-                    name, domain, class, type);
+                       name, domain?domain:"<Nil>", class, type);
 #endif
         if (domain == NULL) {
                 /*
@@ -325,38 +345,50 @@ res_querydomain(name, domain, class, type, answer, anslen)
                 } else
                         longname = name;
         } else
-                (void)sprintf(nbuf, "%.*s.%.*s",
-                    MAXDNAME, name, MAXDNAME, domain);
+                sprintf(nbuf, "%.*s.%.*s", MAXDNAME, name, MAXDNAME, domain);
 
         return (res_query(longname, class, type, answer, anslen));
 }
 
-char *
-__hostalias(name)
+const char *
+hostalias(name)
         register const char *name;
 {
         register char *cp1, *cp2;
         FILE *fp;
-        char *file, *getenv(), *strcpy(), *strncpy();
+        char *file;
         char buf[BUFSIZ];
         static char abuf[MAXDNAME];
+        size_t len;
 
+        if (_res.options & RES_NOALIASES)
+                return (NULL);
         file = getenv("HOSTALIASES");
-        if (file == NULL || (fp = fopen(file, "r")) == NULL)
+        if (issetugid() != 0 || file == NULL || (fp = fopen(file, "r")) == NULL)
                 return (NULL);
-        buf[sizeof(buf) - 1] = '\0';
-        while (fgets(buf, sizeof(buf), fp)) {
-                for (cp1 = buf; *cp1 && !isspace(*cp1); ++cp1);
+        setbuf(fp, NULL);
+        while ((cp1 = fgetln(fp, &len)) != NULL) {
+                if (cp1[len-1] == '\n')
+                        len--;
+                if (len >= sizeof(buf) || len == 0)
+                        continue;
+                (void)memcpy(buf, cp1, len);
+                buf[len] = '\0';
+                
+                for (cp1 = buf; *cp1 && !isspace(*cp1); ++cp1)
+                        ;
                 if (!*cp1)
                         break;
                 *cp1 = '\0';
                 if (!strcasecmp(buf, name)) {
-                        while (isspace(*++cp1));
+                        while (isspace(*++cp1))
+                                ;
                         if (!*cp1)
                                 break;
-                        for (cp2 = cp1 + 1; *cp2 && !isspace(*cp2); ++cp2);
+                        for (cp2 = cp1 + 1; *cp2 && !isspace(*cp2); ++cp2)
+                                ;
+                        strncpy(abuf, cp1, sizeof(abuf) - 1);
                         abuf[sizeof(abuf) - 1] = *cp2 = '\0';
-                        (void)strncpy(abuf, cp1, sizeof(abuf) - 1);
                         fclose(fp);
                         return (abuf);
                 }
diff --git a/src/lib/libc/net/res_random.c b/src/lib/libc/net/res_random.c
new file mode 100644
index 0000000000..bd32a50c33
--- /dev/null
+++ b/src/lib/libc/net/res_random.c
@@ -0,0 +1,233 @@
+/* $OpenBSD: res_random.c,v 1.7 1997/07/25 20:30:08 mickey Exp $ */
+
+/*
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Theo de Raadt <deraadt@openbsd.org> came up with the idea of using
+ * such a mathematical system to generate more random (yet non-repeating)
+ * ids to solve the resolver/named problem.  But Niels designed the
+ * actual system based on the constraints.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* 
+ * seed = random 15bit
+ * n = prime, g0 = generator to n,
+ * j = random so that gcd(j,n-1) == 1
+ * g = g0^j mod n will be a generator again.
+ *
+ * X[0] = random seed.
+ * X[n] = a*X[n-1]+b mod m is a Linear Congruential Generator
+ * with a = 7^(even random) mod m, 
+ *      b = random with gcd(b,m) == 1
+ *      m = 31104 and a maximal period of m-1.
+ *
+ * The transaction id is determined by:
+ * id[n] = seed xor (g^X[n] mod n)
+ *
+ * Effectivly the id is restricted to the lower 15 bits, thus
+ * yielding two different cycles by toggling the msb on and off.
+ * This avoids reuse issues caused by reseeding.
+ *
+ * The 16 bit space is very small and brute force attempts are
+ * entirly feasible, we skip a random number of transaction ids
+ * so that an attacker will not get sequential ids.
+ */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <sys/time.h>
+#include <resolv.h>
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define RU_OUT  180             /* Time after wich will be reseeded */
+#define RU_MAX  30000           /* Uniq cycle, avoid blackjack prediction */
+#define RU_GEN  2               /* Starting generator */
+#define RU_N    32749           /* RU_N-1 = 2*2*3*2729 */
+#define RU_AGEN 7               /* determine ru_a as RU_AGEN^(2*rand) */
+#define RU_M    31104           /* RU_M = 2^7*3^5 - don't change */
+
+#define PFAC_N 3
+const static u_int16_t pfacts[PFAC_N] = {
+        2, 
+        3,
+        2729
+};
+
+static u_int16_t ru_x;
+static u_int16_t ru_seed;
+static u_int16_t ru_a, ru_b;
+static u_int16_t ru_g;
+static u_int16_t ru_counter = 0;
+static u_int16_t ru_msb = 0;
+static long ru_reseed;
+static u_int32_t tmp;                /* Storage for unused random */
+static struct timeval tv;
+
+static u_int16_t pmod __P((u_int16_t, u_int16_t, u_int16_t));
+static void res_initid __P((void));
+
+/*
+ * Do a fast modular exponation, returned value will be in the range
+ * of 0 - (mod-1)
+ */
+
+#ifdef __STDC__
+static u_int16_t
+pmod(u_int16_t gen, u_int16_t exp, u_int16_t mod)
+#else
+static u_int16_t
+pmod(gen, exp, mod)
+        u_int16_t gen, exp, mod;
+#endif
+{
+        u_int16_t s, t, u;
+
+        s = 1;
+        t = gen;
+        u = exp;
+
+        while (u) {
+                if (u & 1)
+                        s = (s*t) % mod;
+                u >>= 1;
+                t = (t*t) % mod;
+        }
+        return (s);
+}
+
+/* 
+ * Initalizes the seed and chooses a suitable generator. Also toggles 
+ * the msb flag. The msb flag is used to generate two distinct
+ * cycles of random numbers and thus avoiding reuse of ids.
+ *
+ * This function is called from res_randomid() when needed, an 
+ * application does not have to worry about it.
+ */
+static void 
+res_initid()
+{
+        u_int16_t j, i;
+        int noprime = 1;
+
+        tmp = arc4random();
+        ru_x = (tmp & 0xFFFF) % RU_M;
+
+        /* 15 bits of random seed */
+        ru_seed = (tmp >> 16) & 0x7FFF;
+
+        tmp = arc4random();
+
+        /* Determine the LCG we use */
+        ru_b = (tmp & 0xfffe) | 1;
+        ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M);
+        while (ru_b % 3 == 0)
+          ru_b += 2;
+        
+        tmp = arc4random();
+        j = tmp % RU_N;
+        tmp = tmp >> 16;
+
+        /* 
+         * Do a fast gcd(j,RU_N-1), so we can find a j with
+         * gcd(j, RU_N-1) == 1, giving a new generator for
+         * RU_GEN^j mod RU_N
+         */
+
+        while (noprime) {
+                for (i=0; i<PFAC_N; i++)
+                        if (j%pfacts[i] == 0)
+                                break;
+
+                if (i>=PFAC_N)
+                        noprime = 0;
+                else 
+                        j = (j+1) % RU_N;
+        }
+
+        ru_g = pmod(RU_GEN,j,RU_N);
+        ru_counter = 0;
+
+        gettimeofday(&tv, NULL);
+        ru_reseed = tv.tv_sec + RU_OUT;
+        ru_msb = ru_msb == 0x8000 ? 0 : 0x8000; 
+}
+
+u_int
+res_randomid()
+{
+        int i, n;
+
+        gettimeofday(&tv, NULL);
+        if (ru_counter >= RU_MAX || tv.tv_sec > ru_reseed)
+                res_initid();
+
+        if (!tmp)
+                tmp = arc4random();
+
+        /* Skip a random number of ids */
+        n = tmp & 0x7; tmp = tmp >> 3;
+        if (ru_counter + n >= RU_MAX)
+                res_initid();
+
+        for (i=0; i<=n; i++)
+                /* Linear Congruential Generator */
+                ru_x = (ru_a*ru_x + ru_b) % RU_M;
+
+        ru_counter += i;
+
+        return (ru_seed ^ pmod(ru_g,ru_x,RU_N)) | ru_msb;
+}
+
+#if 0
+void
+main(int argc, char **argv)
+{
+        int i, n;
+        u_int16_t wert;
+
+        res_initid();
+
+        printf("Generator: %d\n", ru_g);
+        printf("Seed: %d\n", ru_seed);
+        printf("Reseed at %ld\n", ru_reseed);
+        printf("Ru_X: %d\n", ru_x);
+        printf("Ru_A: %d\n", ru_a);
+        printf("Ru_B: %d\n", ru_b);
+
+        n = atoi(argv[1]);
+        for (i=0;i<n;i++) {
+                wert = res_randomid();
+                printf("%06d\n", wert);
+        }
+}
+#endif
+
diff --git a/src/lib/libc/net/res_send.c b/src/lib/libc/net/res_send.c
index e608358180..0cda3510eb 100644
--- a/src/lib/libc/net/res_send.c
+++ b/src/lib/libc/net/res_send.c
@@ -1,9 +1,11 @@
-/*      $NetBSD: res_send.c,v 1.4 1995/02/25 06:21:01 cgd Exp $ */
+/*      $OpenBSD: res_send.c,v 1.8 1998/03/19 00:30:08 millert Exp $    */
 
-/*-
+/*
+ * ++Copyright++ 1985, 1989, 1993
+ * -
  * Copyright (c) 1985, 1989, 1993
- *      The Regents of the University of California.  All rights reserved.
- *
+ *    The Regents of the University of California.  All rights reserved.
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -14,12 +16,12 @@
  *    documentation and/or other materials provided with the distribution.
  * 3. All advertising materials mentioning features or use of this software
  *    must display the following acknowledgement:
- *      This product includes software developed by the University of
- *      California, Berkeley and its contributors.
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
  * 4. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -56,16 +58,24 @@
 #if defined(LIBC_SCCS) && !defined(lint)
 #if 0
 static char sccsid[] = "@(#)res_send.c  8.1 (Berkeley) 6/4/93";
-static char rcsid[] = "$Id: res_send.c,v 4.9.1.1 1993/05/02 22:43:03 vixie Rel ";
+static char rcsid[] = "$From: res_send.c,v 8.12 1996/10/08 04:51:06 vixie Exp $";
 #else
-static char rcsid[] = "$NetBSD: res_send.c,v 1.4 1995/02/25 06:21:01 cgd Exp $";
+static char rcsid[] = "$OpenBSD: res_send.c,v 1.8 1998/03/19 00:30:08 millert Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
+        /* change this to "0"
+         * if you talk to a lot
+         * of multi-homed SunOS
+         * ("broken") name servers.
+         */
+#define CHECK_SRVR_ADDR 1       /* XXX - should be in options.h */
+
 /*
  * Send query to name server and wait for reply.
  */
 
+#include <sys/types.h>
 #include <sys/param.h>
 #include <sys/time.h>
 #include <sys/socket.h>
@@ -73,16 +83,21 @@ static char rcsid[] = "$NetBSD: res_send.c,v 1.4 1995/02/25 06:21:01 cgd Exp $";
 #include <netinet/in.h>
 #include <arpa/nameser.h>
 #include <arpa/inet.h>
+
 #include <stdio.h>
+#include <netdb.h>
 #include <errno.h>
 #include <resolv.h>
-#include <unistd.h>
+#include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 
 static int s = -1;      /* socket used for communications */
-static struct sockaddr no_addr;
+static int connected = 0;       /* is the socket connected */
+static int vc = 0;      /* is the socket a virtual ciruit? */
 
 #ifndef FD_SET
+/* XXX - should be in portability.h */
 #define NFDBITS         32
 #define FD_SETSIZE      32
 #define FD_SET(n, p)    ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS)))
@@ -91,121 +106,313 @@ static struct sockaddr no_addr;
 #define FD_ZERO(p)      bzero((char *)(p), sizeof(*(p)))
 #endif
 
-res_send(buf, buflen, answer, anslen)
-        const char *buf;
+#define CAN_RECONNECT 1
+
+#ifndef DEBUG
+#   define Dprint(cond, args) /*empty*/
+#   define DprintQ(cond, args, query, size) /*empty*/
+#   define Aerror(file, string, error, address) /*empty*/
+#   define Perror(file, string, error) /*empty*/
+#else
+#   define Dprint(cond, args) if (cond) {fprintf args;} else {}
+#   define DprintQ(cond, args, query, size) if (cond) {\
+                        fprintf args;\
+                        __fp_nquery(query, size, stdout);\
+                } else {}
+    static void
+    Aerror(file, string, error, address)
+        FILE *file;
+        char *string;
+        int error;
+        struct sockaddr_in address;
+    {
+        int save = errno;
+
+        if (_res.options & RES_DEBUG) {
+                fprintf(file, "res_send: %s ([%s].%u): %s\n",
+                        string,
+                        inet_ntoa(address.sin_addr),
+                        ntohs(address.sin_port),
+                        strerror(error));
+        }
+        errno = save;
+    }
+    static void
+    Perror(file, string, error)
+        FILE *file;
+        char *string;
+        int error;
+    {
+        int save = errno;
+
+        if (_res.options & RES_DEBUG) {
+                fprintf(file, "res_send: %s: %s\n",
+                        string, strerror(error));
+        }
+        errno = save;
+    }
+#endif
+
+static res_send_qhook Qhook = NULL;
+static res_send_rhook Rhook = NULL;
+
+void
+res_send_setqhook(hook)
+        res_send_qhook hook;
+{
+
+        Qhook = hook;
+}
+
+void
+res_send_setrhook(hook)
+        res_send_rhook hook;
+{
+
+        Rhook = hook;
+}
+
+/* int
+ * res_isourserver(ina)
+ *      looks up "ina" in _res.ns_addr_list[]
+ * returns:
+ *      0  : not found
+ *      >0 : found
+ * author:
+ *      paul vixie, 29may94
+ */
+int
+res_isourserver(inp)
+        const struct sockaddr_in *inp;
+{
+        struct sockaddr_in ina;
+        register int ns, ret;
+
+        ina = *inp;
+        ret = 0;
+        for (ns = 0;  ns < _res.nscount;  ns++) {
+                register const struct sockaddr_in *srv = &_res.nsaddr_list[ns];
+
+                if (srv->sin_family == ina.sin_family &&
+                    srv->sin_port == ina.sin_port &&
+                    (srv->sin_addr.s_addr == INADDR_ANY ||
+                     srv->sin_addr.s_addr == ina.sin_addr.s_addr)) {
+                        ret++;
+                        break;
+                }
+        }
+        return (ret);
+}
+
+/* int
+ * res_nameinquery(name, type, class, buf, eom)
+ *      look for (name,type,class) in the query section of packet (buf,eom)
+ * returns:
+ *      -1 : format error
+ *      0  : not found
+ *      >0 : found
+ * author:
+ *      paul vixie, 29may94
+ */
+int
+res_nameinquery(name, type, class, buf, eom)
+        const char *name;
+        register int type, class;
+        const u_char *buf, *eom;
+{
+        register const u_char *cp = buf + HFIXEDSZ;
+        int qdcount = ntohs(((HEADER*)buf)->qdcount);
+
+        while (qdcount-- > 0) {
+                char tname[MAXDNAME+1];
+                register int n, ttype, tclass;
+
+                n = dn_expand(buf, eom, cp, tname, sizeof tname);
+                if (n < 0)
+                        return (-1);
+                cp += n;
+                ttype = _getshort(cp); cp += INT16SZ;
+                tclass = _getshort(cp); cp += INT16SZ;
+                if (ttype == type &&
+                    tclass == class &&
+                    strcasecmp(tname, name) == 0)
+                        return (1);
+        }
+        return (0);
+}
+
+/* int
+ * res_queriesmatch(buf1, eom1, buf2, eom2)
+ *      is there a 1:1 mapping of (name,type,class)
+ *      in (buf1,eom1) and (buf2,eom2)?
+ * returns:
+ *      -1 : format error
+ *      0  : not a 1:1 mapping
+ *      >0 : is a 1:1 mapping
+ * author:
+ *      paul vixie, 29may94
+ */
+int
+res_queriesmatch(buf1, eom1, buf2, eom2)
+        const u_char *buf1, *eom1;
+        const u_char *buf2, *eom2;
+{
+        register const u_char *cp = buf1 + HFIXEDSZ;
+        int qdcount = ntohs(((HEADER*)buf1)->qdcount);
+
+        if (qdcount != ntohs(((HEADER*)buf2)->qdcount))
+                return (0);
+        while (qdcount-- > 0) {
+                char tname[MAXDNAME+1];
+                register int n, ttype, tclass;
+
+                n = dn_expand(buf1, eom1, cp, tname, sizeof tname);
+                if (n < 0)
+                        return (-1);
+                cp += n;
+                ttype = _getshort(cp);  cp += INT16SZ;
+                tclass = _getshort(cp); cp += INT16SZ;
+                if (!res_nameinquery(tname, ttype, tclass, buf2, eom2))
+                        return (0);
+        }
+        return (1);
+}
+
+int
+res_send(buf, buflen, ans, anssiz)
+        const u_char *buf;
         int buflen;
-        char *answer;
-        int anslen;
+        u_char *ans;
+        int anssiz;
 {
-        register int n;
-        int try, v_circuit, resplen, ns;
-        int gotsomewhere = 0, connected = 0;
-        int connreset = 0;
-        u_short id, len;
-        char *cp;
-        fd_set dsmask;
-        struct timeval timeout;
         HEADER *hp = (HEADER *) buf;
-        HEADER *anhp = (HEADER *) answer;
-        u_int badns;            /* XXX NSMAX can't exceed #/bits per this */
-        struct iovec iov[2];
-        int terrno = ETIMEDOUT;
-        char junk[512];
-
-#ifdef DEBUG
-        if ((_res.options & RES_DEBUG) || (_res.pfcode & RES_PRF_QUERY)) {
-                printf(";; res_send()\n");
-                __p_query(buf);
+        HEADER *anhp = (HEADER *) ans;
+        int gotsomewhere, connreset, terrno, try, v_circuit, resplen, ns;
+        register int n;
+        u_int badns;    /* XXX NSMAX can't exceed #/bits in this var */
+
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+                /* errno should have been set by res_init() in this case. */
+                return (-1);
         }
-#endif
-        if (!(_res.options & RES_INIT))
-                if (res_init() == -1) {
-                        return(-1);
-                }
+        DprintQ((_res.options & RES_DEBUG) || (_res.pfcode & RES_PRF_QUERY),
+                (stdout, ";; res_send()\n"), buf, buflen);
         v_circuit = (_res.options & RES_USEVC) || buflen > PACKETSZ;
-        id = hp->id;
+        gotsomewhere = 0;
+        connreset = 0;
+        terrno = ETIMEDOUT;
         badns = 0;
+
         /*
          * Send request, RETRY times, or until successful
          */
         for (try = 0; try < _res.retry; try++) {
             for (ns = 0; ns < _res.nscount; ns++) {
-                if (badns & (1<<ns))
-                        continue;
-#ifdef DEBUG
-                if (_res.options & RES_DEBUG)
-                        printf(";; Querying server (# %d) address = %s\n",
-                               ns+1,
-                               inet_ntoa(_res.nsaddr_list[ns].sin_addr));
-#endif
-        usevc:
+                struct sockaddr_in *nsap = &_res.nsaddr_list[ns];
+    same_ns:
+                if (badns & (1 << ns)) {
+                        res_close();
+                        goto next_ns;
+                }
+
+                if (Qhook) {
+                        int done = 0, loops = 0;
+
+                        do {
+                                res_sendhookact act;
+
+                                act = (*Qhook)(&nsap, &buf, &buflen,
+                                               ans, anssiz, &resplen);
+                                switch (act) {
+                                case res_goahead:
+                                        done = 1;
+                                        break;
+                                case res_nextns:
+                                        res_close();
+                                        goto next_ns;
+                                case res_done:
+                                        return (resplen);
+                                case res_modified:
+                                        /* give the hook another try */
+                                        if (++loops < 42) /*doug adams*/
+                                                break;
+                                        /*FALLTHROUGH*/
+                                case res_error:
+                                        /*FALLTHROUGH*/
+                                default:
+                                        return (-1);
+                                }
+                        } while (!done);
+                }
+
+                Dprint(_res.options & RES_DEBUG,
+                       (stdout, ";; Querying server (# %d) address = %s\n",
+                        ns + 1, inet_ntoa(nsap->sin_addr)));
+
                 if (v_circuit) {
-                        int truncated = 0;
+                        int truncated;
+                        struct iovec iov[2];
+                        u_short len;
+                        u_char *cp;
 
                         /*
                          * Use virtual circuit;
                          * at most one attempt per server.
                          */
                         try = _res.retry;
-                        if (s < 0) {
-                                s = socket(AF_INET, SOCK_STREAM, 0);
+                        truncated = 0;
+                        if ((s < 0) || (!vc)) {
+                                if (s >= 0)
+                                        res_close();
+
+                                s = socket(PF_INET, SOCK_STREAM, 0);
                                 if (s < 0) {
                                         terrno = errno;
-#ifdef DEBUG
-                                        if (_res.options & RES_DEBUG)
-                                            perror("socket (vc) failed");
-#endif
-                                        continue;
+                                        Perror(stderr, "socket(vc)", errno);
+                                        return (-1);
                                 }
-                                if (connect(s,
-                                    (struct sockaddr *)&(_res.nsaddr_list[ns]),
-                                    sizeof(struct sockaddr)) < 0) {
+                                errno = 0;
+                                if (connect(s, (struct sockaddr *)nsap,
+                                            sizeof(struct sockaddr)) < 0) {
                                         terrno = errno;
-#ifdef DEBUG
-                                        if (_res.options & RES_DEBUG)
-                                            perror("connect failed");
-#endif
-                                        (void) close(s);
-                                        s = -1;
-                                        continue;
+                                        Aerror(stderr, "connect/vc",
+                                               errno, *nsap);
+                                        badns |= (1 << ns);
+                                        res_close();
+                                        goto next_ns;
                                 }
+                                vc = 1;
                         }
                         /*
                          * Send length & message
                          */
-                        len = htons((u_short)buflen);
+                        putshort((u_short)buflen, (u_char*)&len);
                         iov[0].iov_base = (caddr_t)&len;
-                        iov[0].iov_len = sizeof(len);
-                        iov[1].iov_base = (char *)buf;
+                        iov[0].iov_len = INT16SZ;
+                        iov[1].iov_base = (caddr_t)buf;
                         iov[1].iov_len = buflen;
-                        if (writev(s, iov, 2) != sizeof(len) + buflen) {
+                        if (writev(s, iov, 2) != (INT16SZ + buflen)) {
                                 terrno = errno;
-#ifdef DEBUG
-                                if (_res.options & RES_DEBUG)
-                                        perror("write failed");
-#endif
-                                (void) close(s);
-                                s = -1;
-                                continue;
+                                Perror(stderr, "write failed", errno);
+                                badns |= (1 << ns);
+                                res_close();
+                                goto next_ns;
                         }
                         /*
                          * Receive length & response
                          */
-                        cp = answer;
-                        len = sizeof(short);
-                        while (len != 0 &&
-                            (n = read(s, (char *)cp, (int)len)) > 0) {
+read_len:
+                        cp = ans;
+                        len = INT16SZ;
+                        while ((n = read(s, (char *)cp, (int)len)) > 0) {
                                 cp += n;
-                                len -= n;
+                                if ((len -= n) <= 0)
+                                        break;
                         }
                         if (n <= 0) {
                                 terrno = errno;
-#ifdef DEBUG
-                                if (_res.options & RES_DEBUG)
-                                        perror("read failed");
-#endif
-                                (void) close(s);
-                                s = -1;
+                                Perror(stderr, "read failed", errno);
+                                res_close();
                                 /*
                                  * A long running process might get its TCP
                                  * connection reset if the remote server was
@@ -217,35 +424,32 @@ res_send(buf, buflen, answer, anslen)
                                  */
                                 if (terrno == ECONNRESET && !connreset) {
                                         connreset = 1;
-                                        ns--;
+                                        res_close();
+                                        goto same_ns;
                                 }
-                                continue;
+                                res_close();
+                                goto next_ns;
                         }
-                        cp = answer;
-                        if ((resplen = ntohs(*(u_short *)cp)) > anslen) {
-#ifdef DEBUG
-                                if (_res.options & RES_DEBUG)
-                                        fprintf(stderr,
-                                                ";; response truncated\n");
-#endif
-                                len = anslen;
+                        resplen = _getshort(ans);
+                        if (resplen > anssiz) {
+                                Dprint(_res.options & RES_DEBUG,
+                                       (stdout, ";; response truncated\n")
+                                       );
                                 truncated = 1;
+                                len = anssiz;
                         } else
                                 len = resplen;
+                        cp = ans;
                         while (len != 0 &&
-                           (n = read(s, (char *)cp, (int)len)) > 0) {
+                               (n = read(s, (char *)cp, (int)len)) > 0) {
                                 cp += n;
                                 len -= n;
                         }
                         if (n <= 0) {
                                 terrno = errno;
-#ifdef DEBUG
-                                if (_res.options & RES_DEBUG)
-                                        perror("read failed");
-#endif
-                                (void) close(s);
-                                s = -1;
-                                continue;
+                                Perror(stderr, "read(vc)", errno);
+                                res_close();
+                                goto next_ns;
                         }
                         if (truncated) {
                                 /*
@@ -253,33 +457,57 @@ res_send(buf, buflen, answer, anslen)
                                  * so connection stays in synch.
                                  */
                                 anhp->tc = 1;
-                                len = resplen - anslen;
+                                len = resplen - anssiz;
                                 while (len != 0) {
-                                        n = (len > sizeof(junk) ?
-                                            sizeof(junk) : len);
+                                        char junk[PACKETSZ];
+
+                                        n = (len > sizeof(junk)
+                                             ? sizeof(junk)
+                                             : len);
                                         if ((n = read(s, junk, n)) > 0)
                                                 len -= n;
                                         else
                                                 break;
                                 }
                         }
+                        /*
+                         * The calling applicating has bailed out of
+                         * a previous call and failed to arrange to have
+                         * the circuit closed or the server has got
+                         * itself confused. Anyway drop the packet and
+                         * wait for the correct one.
+                         */
+                        if (hp->id != anhp->id) {
+                                DprintQ((_res.options & RES_DEBUG) ||
+                                        (_res.pfcode & RES_PRF_REPLY),
+                                        (stdout, ";; old answer (unexpected):\n"),
+                                        ans, (resplen>anssiz)?anssiz:resplen);
+                                goto read_len;
+                        }
                 } else {
                         /*
                          * Use datagrams.
                          */
-                        if (s < 0) {
-                                s = socket(AF_INET, SOCK_DGRAM, 0);
+                        struct timeval timeout;
+                        fd_set *dsmaskp;
+                        struct sockaddr_in from;
+                        int fromlen;
+
+                        if ((s < 0) || vc) {
+                                if (vc)
+                                        res_close();
+                                s = socket(PF_INET, SOCK_DGRAM, 0);
                                 if (s < 0) {
-                                        terrno = errno;
-#ifdef DEBUG
-                                        if (_res.options & RES_DEBUG)
-                                            perror("socket (dg) failed");
+#if !CAN_RECONNECT
+ bad_dg_sock:
 #endif
-                                        continue;
+                                        terrno = errno;
+                                        Perror(stderr, "socket(dg)", errno);
+                                        return (-1);
                                 }
+                                connected = 0;
                         }
                         /*
-                         * I'm tired of answering this question, so:
                          * On a 4.3BSD+ machine (client and server,
                          * actually), sending to a nameserver datagram
                          * port with no nameserver will cause an
@@ -296,29 +524,27 @@ res_send(buf, buflen, answer, anslen)
                          */
                         if (_res.nscount == 1 || (try == 0 && ns == 0)) {
                                 /*
-                                 * Don't use connect if we might
-                                 * still receive a response
-                                 * from another server.
+                                 * Connect only if we are sure we won't
+                                 * receive a response from another server.
                                  */
-                                if (connected == 0) {
-                                        if (connect(s,
-                                            (struct sockaddr *)
-                                            &_res.nsaddr_list[ns],
-                                            sizeof(struct sockaddr)) < 0) {
-#ifdef DEBUG
-                                                if (_res.options & RES_DEBUG)
-                                                        perror("connect");
-#endif
-                                                continue;
+                                if (!connected) {
+                                        if (connect(s, (struct sockaddr *)nsap,
+                                                    sizeof(struct sockaddr)
+                                                    ) < 0) {
+                                                Aerror(stderr,
+                                                       "connect(dg)",
+                                                       errno, *nsap);
+                                                badns |= (1 << ns);
+                                                res_close();
+                                                goto next_ns;
                                         }
                                         connected = 1;
                                 }
-                                if (send(s, buf, buflen, 0) != buflen) {
-#ifdef DEBUG
-                                        if (_res.options & RES_DEBUG)
-                                                perror("send");
-#endif
-                                        continue;
+                                if (send(s, (char*)buf, buflen, 0) != buflen) {
+                                        Perror(stderr, "send", errno);
+                                        badns |= (1 << ns);
+                                        res_close();
+                                        goto next_ns;
                                 }
                         } else {
                                 /*
@@ -326,18 +552,36 @@ res_send(buf, buflen, answer, anslen)
                                  * for responses from more than one server.
                                  */
                                 if (connected) {
-                                        (void) connect(s, &no_addr,
-                                            sizeof(no_addr));
+#if CAN_RECONNECT
+                                        struct sockaddr_in no_addr;
+
+                                        no_addr.sin_family = AF_INET;
+                                        no_addr.sin_addr.s_addr = INADDR_ANY;
+                                        no_addr.sin_port = 0;
+                                        (void) connect(s,
+                                                       (struct sockaddr *)
+                                                        &no_addr,
+                                                       sizeof(no_addr));
+#else
+                                        int s1 = socket(PF_INET, SOCK_DGRAM,0);
+                                        if (s1 < 0)
+                                                goto bad_dg_sock;
+                                        (void) dup2(s1, s);
+                                        (void) close(s1);
+                                        Dprint(_res.options & RES_DEBUG,
+                                               (stdout, ";; new DG socket\n"))
+#endif
                                         connected = 0;
+                                        errno = 0;
                                 }
-                                if (sendto(s, buf, buflen, 0,
-                                    (struct sockaddr *)&_res.nsaddr_list[ns],
-                                    sizeof(struct sockaddr)) != buflen) {
-#ifdef DEBUG
-                                        if (_res.options & RES_DEBUG)
-                                                perror("sendto");
-#endif
-                                        continue;
+                                if (sendto(s, (char*)buf, buflen, 0,
+                                           (struct sockaddr *)nsap,
+                                           sizeof(struct sockaddr))
+                                    != buflen) {
+                                        Aerror(stderr, "sendto", errno, *nsap);
+                                        badns |= (1 << ns);
+                                        res_close();
+                                        goto next_ns;
                                 }
                         }
 
@@ -350,110 +594,169 @@ res_send(buf, buflen, answer, anslen)
                         if ((long) timeout.tv_sec <= 0)
                                 timeout.tv_sec = 1;
                         timeout.tv_usec = 0;
-wait:
-                        FD_ZERO(&dsmask);
-                        FD_SET(s, &dsmask);
-                        n = select(s+1, &dsmask, (fd_set *)NULL,
-                                (fd_set *)NULL, &timeout);
+    wait:
+                        dsmaskp = (fd_set *)calloc(howmany(s+1, NFDBITS),
+                                                   sizeof(fd_mask));
+                        if (dsmaskp == NULL) {
+                                res_close();
+                                goto next_ns;
+                        }
+                        FD_SET(s, dsmaskp);
+                        n = select(s+1, dsmaskp, (fd_set *)NULL,
+                                   (fd_set *)NULL, &timeout);
+                        free(dsmaskp);
                         if (n < 0) {
-#ifdef DEBUG
-                                if (_res.options & RES_DEBUG)
-                                        perror("select");
-#endif
-                                continue;
+                                if (errno == EINTR)
+                                        goto wait;
+                                Perror(stderr, "select", errno);
+                                res_close();
+                                goto next_ns;
                         }
                         if (n == 0) {
                                 /*
                                  * timeout
                                  */
-#ifdef DEBUG
-                                if (_res.options & RES_DEBUG)
-                                        printf(";; timeout\n");
-#endif
+                                Dprint(_res.options & RES_DEBUG,
+                                       (stdout, ";; timeout\n"));
                                 gotsomewhere = 1;
-                                continue;
+                                res_close();
+                                goto next_ns;
                         }
-                        if ((resplen = recv(s, answer, anslen, 0)) <= 0) {
-#ifdef DEBUG
-                                if (_res.options & RES_DEBUG)
-                                        perror("recvfrom");
-#endif
-                                continue;
+                        errno = 0;
+                        fromlen = sizeof(struct sockaddr_in);
+                        resplen = recvfrom(s, (char*)ans, anssiz, 0,
+                                           (struct sockaddr *)&from, &fromlen);
+                        if (resplen <= 0) {
+                                Perror(stderr, "recvfrom", errno);
+                                res_close();
+                                goto next_ns;
                         }
                         gotsomewhere = 1;
-                        if (id != anhp->id) {
+                        if (hp->id != anhp->id) {
                                 /*
-                                 * response from old query, ignore it
+                                 * response from old query, ignore it.
+                                 * XXX - potential security hazard could
+                                 *       be detected here.
                                  */
-#ifdef DEBUG
-                                if ((_res.options & RES_DEBUG) ||
-                                    (_res.pfcode & RES_PRF_REPLY)) {
-                                        printf(";; old answer:\n");
-                                        __p_query(answer);
-                                }
+                                DprintQ((_res.options & RES_DEBUG) ||
+                                        (_res.pfcode & RES_PRF_REPLY),
+                                        (stdout, ";; old answer:\n"),
+                                        ans, (resplen>anssiz)?anssiz:resplen);
+                                goto wait;
+                        }
+#if CHECK_SRVR_ADDR
+                        if (!(_res.options & RES_INSECURE1) &&
+                            !res_isourserver(&from)) {
+                                /*
+                                 * response from wrong server? ignore it.
+                                 * XXX - potential security hazard could
+                                 *       be detected here.
+                                 */
+                                DprintQ((_res.options & RES_DEBUG) ||
+                                        (_res.pfcode & RES_PRF_REPLY),
+                                        (stdout, ";; not our server:\n"),
+                                        ans, (resplen>anssiz)?anssiz:resplen);
+                                goto wait;
+                        }
 #endif
+                        if (!(_res.options & RES_INSECURE2) &&
+                            !res_queriesmatch(buf, buf + buflen,
+                                              ans, ans + anssiz)) {
+                                /*
+                                 * response contains wrong query? ignore it.
+                                 * XXX - potential security hazard could
+                                 *       be detected here.
+                                 */
+                                DprintQ((_res.options & RES_DEBUG) ||
+                                        (_res.pfcode & RES_PRF_REPLY),
+                                        (stdout, ";; wrong query name:\n"),
+                                        ans, (resplen>anssiz)?anssiz:resplen);
                                 goto wait;
                         }
-                        if (anhp->rcode == SERVFAIL || anhp->rcode == NOTIMP ||
+                        if (anhp->rcode == SERVFAIL ||
+                            anhp->rcode == NOTIMP ||
                             anhp->rcode == REFUSED) {
-#ifdef DEBUG
-                                if (_res.options & RES_DEBUG) {
-                                        printf("server rejected query:\n");
-                                        __p_query(answer);
-                                }
-#endif
-                                badns |= (1<<ns);
-                                continue;
+                                DprintQ(_res.options & RES_DEBUG,
+                                        (stdout, "server rejected query:\n"),
+                                        ans, (resplen>anssiz)?anssiz:resplen);
+                                badns |= (1 << ns);
+                                res_close();
+                                /* don't retry if called from dig */
+                                if (!_res.pfcode)
+                                        goto next_ns;
                         }
                         if (!(_res.options & RES_IGNTC) && anhp->tc) {
                                 /*
                                  * get rest of answer;
                                  * use TCP with same server.
                                  */
-#ifdef DEBUG
-                                if (_res.options & RES_DEBUG)
-                                        printf(";; truncated answer\n");
-#endif
-                                (void) close(s);
-                                s = -1;
+                                Dprint(_res.options & RES_DEBUG,
+                                       (stdout, ";; truncated answer\n"));
                                 v_circuit = 1;
-                                goto usevc;
+                                res_close();
+                                goto same_ns;
                         }
-                }
-#ifdef DEBUG
-                if (_res.options & RES_DEBUG)
-                        printf(";; got answer:\n");
-                if ((_res.options & RES_DEBUG) ||
-                    (_res.pfcode & RES_PRF_REPLY))
-                        __p_query(answer);
-#endif
+                } /*if vc/dg*/
+                Dprint((_res.options & RES_DEBUG) ||
+                       ((_res.pfcode & RES_PRF_REPLY) &&
+                        (_res.pfcode & RES_PRF_HEAD1)),
+                       (stdout, ";; got answer:\n"));
+                DprintQ((_res.options & RES_DEBUG) ||
+                        (_res.pfcode & RES_PRF_REPLY),
+                        (stdout, ""),
+                        ans, (resplen>anssiz)?anssiz:resplen);
                 /*
                  * If using virtual circuits, we assume that the first server
-                 * is preferred * over the rest (i.e. it is on the local
+                 * is preferred over the rest (i.e. it is on the local
                  * machine) and only keep that one open.
                  * If we have temporarily opened a virtual circuit,
                  * or if we haven't been asked to keep a socket open,
                  * close the socket.
                  */
-                if ((v_circuit &&
-                    ((_res.options & RES_USEVC) == 0 || ns != 0)) ||
-                    (_res.options & RES_STAYOPEN) == 0) {
-                        (void) close(s);
-                        s = -1;
+                if ((v_circuit && (!(_res.options & RES_USEVC) || ns != 0)) ||
+                    !(_res.options & RES_STAYOPEN)) {
+                        res_close();
+                }
+                if (Rhook) {
+                        int done = 0, loops = 0;
+
+                        do {
+                                res_sendhookact act;
+
+                                act = (*Rhook)(nsap, buf, buflen,
+                                               ans, anssiz, &resplen);
+                                switch (act) {
+                                case res_goahead:
+                                case res_done:
+                                        done = 1;
+                                        break;
+                                case res_nextns:
+                                        res_close();
+                                        goto next_ns;
+                                case res_modified:
+                                        /* give the hook another try */
+                                        if (++loops < 42) /*doug adams*/
+                                                break;
+                                        /*FALLTHROUGH*/
+                                case res_error:
+                                        /*FALLTHROUGH*/
+                                default:
+                                        return (-1);
+                                }
+                        } while (!done);
+
                 }
                 return (resplen);
-           }
-        }
-        if (s >= 0) {
-                (void) close(s);
-                s = -1;
-        }
-        if (v_circuit == 0)
-                if (gotsomewhere == 0)
+    next_ns: ;
+           } /*foreach ns*/
+        } /*foreach retry*/
+        res_close();
+        if (!v_circuit) {
+                if (!gotsomewhere)
                         errno = ECONNREFUSED;   /* no nameservers found */
                 else
                         errno = ETIMEDOUT;      /* no answer obtained */
-        else
+        } else
                 errno = terrno;
         return (-1);
 }
@@ -465,10 +768,13 @@ wait:
  *
  * This routine is not expected to be user visible.
  */
-_res_close()
+void
+res_close()
 {
-        if (s != -1) {
+        if (s >= 0) {
                 (void) close(s);
                 s = -1;
+                connected = 0;
+                vc = 0;
         }
 }
diff --git a/src/lib/libc/net/resolver.3 b/src/lib/libc/net/resolver.3
index 99abe17f03..98718d448a 100644
--- a/src/lib/libc/net/resolver.3
+++ b/src/lib/libc/net/resolver.3
@@ -1,4 +1,4 @@
-.\"     $NetBSD: resolver.3,v 1.5 1995/02/25 06:21:02 cgd Exp $
+.\"     $OpenBSD: resolver.3,v 1.5 1998/09/05 17:41:44 deraadt Exp $
 .\"
 .\" Copyright (c) 1985, 1991, 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -31,8 +31,6 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)resolver.3  8.1 (Berkeley) 6/4/93
-.\"
 .Dd June 4, 1993
 .Dt RESOLVER 3
 .Os BSD 4.3
@@ -112,7 +110,7 @@ are defined in
 and are as follows.
 Options are stored as a simple bit mask containing the bitwise ``or''
 of the options enabled.
-.Bl -tag -width RES_DEFNAMES
+.Bl -tag -width RES_USE_INET6
 .It Dv RES_INIT
 True if the initial name server address and default domain name are
 initialized (i.e.,
@@ -165,6 +163,8 @@ will search for host names in the current domain and in parent domains; see
 This is used by the standard host lookup routine
 .Xr gethostbyname 3 .
 This option is enabled by default.
+.It Dv RES_USE_INET6
+Enable support for IPv6 addresses.
 .El
 .Pp
 The
@@ -282,7 +282,7 @@ The compression uses
 an array of pointers
 .Fa dnptrs
 to previously-compressed names in the current message.
-The first pointer points to
+The first pointer points
 to the beginning of the message and the list ends with
 .Dv NULL .
 The limit to the array is specified by
@@ -333,6 +333,7 @@ see
 .%T RFC1033 ,
 .%T RFC1034 ,
 .%T RFC1035 ,
+.%T RFC1535 ,
 .%T RFC974
 .Rs
 .%T "Name Server Operations Guide for BIND"
diff --git a/src/lib/libc/net/send.c b/src/lib/libc/net/send.c
index 88f3550ec6..8495931ca3 100644
--- a/src/lib/libc/net/send.c
+++ b/src/lib/libc/net/send.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: send.c,v 1.6 1995/02/25 06:21:02 cgd Exp $     */
-
 /*
  * Copyright (c) 1988, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)send.c      8.2 (Berkeley) 2/21/94";
-#else
-static char rcsid[] = "$NetBSD: send.c,v 1.6 1995/02/25 06:21:02 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: send.c,v 1.2 1996/08/19 08:29:52 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
diff --git a/src/lib/libc/net/sethostent.c b/src/lib/libc/net/sethostent.c
index 00f6499695..5392a2f11b 100644
--- a/src/lib/libc/net/sethostent.c
+++ b/src/lib/libc/net/sethostent.c
@@ -1,5 +1,3 @@
-/*      $NetBSD: sethostent.c,v 1.4 1995/02/25 06:21:03 cgd Exp $       */
-
 /*
  * Copyright (c) 1985, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -34,11 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)sethostent.c        8.1 (Berkeley) 6/4/93";
-#else
-static char rcsid[] = "$NetBSD: sethostent.c,v 1.4 1995/02/25 06:21:03 cgd Exp $";
-#endif
+static char rcsid[] = "$OpenBSD: sethostent.c,v 1.4 1997/03/15 21:53:50 pefo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -49,7 +43,11 @@ static char rcsid[] = "$NetBSD: sethostent.c,v 1.4 1995/02/25 06:21:03 cgd Exp $
 
 void
 sethostent(stayopen)
+        int stayopen;
 {
+
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1)
+                return;
         if (stayopen)
                 _res.options |= RES_STAYOPEN | RES_USEVC;
 }
@@ -58,5 +56,5 @@ void
 endhostent()
 {
         _res.options &= ~(RES_STAYOPEN | RES_USEVC);
-        _res_close();
+        res_close();
 }
diff --git a/src/lib/libc/stdlib/Makefile.inc b/src/lib/libc/stdlib/Makefile.inc
index 782a4ab022..e75fc0d8bf 100644
--- a/src/lib/libc/stdlib/Makefile.inc
+++ b/src/lib/libc/stdlib/Makefile.inc
@@ -1,24 +1,28 @@
-#       from: @(#)Makefile.inc  5.6 (Berkeley) 6/4/91
-#       $Id: Makefile.inc,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $
+#       $OpenBDS: Makefile.inc,v 1.6 1996/08/21 03:47:21 tholo Exp $
 
 # stdlib sources
 .PATH: ${.CURDIR}/arch/${MACHINE_ARCH}/stdlib ${.CURDIR}/stdlib
 
 SRCS+=  a64l.c abort.c atexit.c atoi.c atof.c atol.c bsearch.c calloc.c \
-        exit.c getenv.c getopt.c heapsort.c l64a.c malloc.c merge.c \
-        multibyte.c putenv.c qsort.c radixsort.c rand.c random.c realpath.c \
-        setenv.c strtod.c strtol.c strtoq.c strtoul.c strtouq.c system.c \
+        cfree.c exit.c getenv.c getopt.c getsubopt.c heapsort.c l64a.c \
+        malloc.c merge.c multibyte.c putenv.c qsort.c radixsort.c rand.c \
+        random.c realpath.c setenv.c strtod.c strtol.c strtoq.c strtoul.c \
+        strtouq.c system.c tfind.c tsearch.c \
         _rand48.c drand48.c erand48.c jrand48.c lcong48.c lrand48.c \
         mrand48.c nrand48.c seed48.c srand48.c qabs.c qdiv.c
 
 .if   (${MACHINE_ARCH} == "m68k")
 SRCS+=  abs.S div.c labs.c ldiv.c
+LSRCS+= abs.c
 .elif (${MACHINE_ARCH} == "i386")
 SRCS+=  abs.S div.S labs.S ldiv.S
+LSRCS+= abs.c div.c labs.c ldiv.c
 .elif (${MACHINE_ARCH} == "ns32k")
 SRCS+=  abs.S div.c labs.c ldiv.c
+LSRCS+= abs.c
 .elif (${MACHINE_ARCH} == "tahoe")
 SRCS+=  abs.S div.c labs.c ldiv.c
+LSRCS+= abs.c
 .elif (${MACHINE_ARCH} == "vax")
 SRCS+=  abs.c div.c labs.c ldiv.c
 .elif (${MACHINE_ARCH} == "alpha")
@@ -28,18 +32,23 @@ SRCS+=	abs.c div.c labs.c ldiv.c
 SRCS+=  abs.c div.c labs.c ldiv.c
 .endif
 
-MAN+=   abort.3 abs.3 alloca.3 atexit.3 atof.3 atoi.3 atol.3 bsearch.3 \
-        calloc.3 div.3 exit.3 free.3 getenv.3 getopt.3 labs.3 ldiv.3 \
-        malloc.3 memory.3 qabs.3 qdiv.3 qsort.3 radixsort.3 rand48.3 \
-        rand.3 random.3 realloc.3 realpath.3 strtod.3 strtol.3 strtoul.3 \
-        system.3
+MAN+=   a64l.3 abort.3 abs.3 alloca.3 atexit.3 atof.3 atoi.3 atol.3 bsearch.3 \
+        calloc.3 div.3 exit.3 getenv.3 getopt.3 getsubopt.3 labs.3 ldiv.3 \
+        malloc.3 memory.3 qabs.3 qdiv.3 qsort.3 radixsort.3 rand48.3 rand.3 \
+        random.3 realpath.3 strtod.3 strtol.3 strtoul.3 system.3 tsearch.3
 
 MLINKS+=getenv.3 setenv.3 getenv.3 unsetenv.3 getenv.3 putenv.3
+MLINKS+=malloc.3 free.3 malloc.3 realloc.3
+MLINKS+=malloc.3 cfree.3
 MLINKS+=qsort.3 heapsort.3 qsort.3 mergesort.3
 MLINKS+=rand.3 srand.3
-MLINKS+=strtol.3 strtoq.3
-MLINKS+=strtoul.3 strtouq.3
 MLINKS+=random.3 initstate.3 random.3 setstate.3 random.3 srandom.3
 MLINKS+=rand48.3 drand48.3 rand48.3 erand48.3 rand48.3 lrand48.3
 MLINKS+=rand48.3 mrand48.3 rand48.3 nrand48.3 rand48.3 jrand48.3
 MLINKS+=rand48.3 srand48.3 rand48.3 seed48.3 rand48.3 lcong48.3
+MLINKS+=strtol.3 strtoq.3
+MLINKS+=strtoul.3 strtouq.3
+MLINKS+=tsearch.3 tfind.3
+MLINKS+=tsearch.3 tdelete.3
+MLINKS+=tsearch.3 twalk.3
+MLINKS+=a64l.3 l64a.3
diff --git a/src/lib/libc/stdlib/_rand48.c b/src/lib/libc/stdlib/_rand48.c
index 83ade4645a..fed7372f68 100644
--- a/src/lib/libc/stdlib/_rand48.c
+++ b/src/lib/libc/stdlib/_rand48.c
@@ -11,6 +11,10 @@
  * to anyone/anything when using this software.
  */
 
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: _rand48.c,v 1.2 1996/08/19 08:33:19 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
 #include "rand48.h"
 
 unsigned short __rand48_seed[3] = {
diff --git a/src/lib/libc/stdlib/a64l.3 b/src/lib/libc/stdlib/a64l.3
new file mode 100644
index 0000000000..4ec707adf1
--- /dev/null
+++ b/src/lib/libc/stdlib/a64l.3
@@ -0,0 +1,122 @@
+.\"
+.\" Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $OpenBSD: a64l.3,v 1.2 1998/06/21 22:13:48 millert Exp $
+.\"
+.Dd August 17, 1997
+.Dt A64L 3
+.Os
+.Sh NAME
+.Nm a64l ,
+.Nm l64a
+.Nd convert between 32-bit integer and radix-64 ASCII string
+.Sh SYNOPSIS
+.Fd #include <stdlib.h>
+.Ft long
+.Fn a64l "const char *s"
+.Ft char *
+.Fn l64a "long l"
+.Sh DESCRIPTION
+The
+.Fn a64l
+and
+.Fn l64a
+functions are used to maintain numbers stored in radix-64
+ASCII characters.  This is a notation by which 32-bit integers
+can be represented by up to six characters; each character
+represents a "digit" in a radix-64 notation.
+.Pp
+The characters used to represent "digits" are '.' for 0, '/' for 1,
+'0' through '9' for 2-11, 'A' through 'Z' for 12-37, and 'a' through
+'z' for 38-63.
+.Pp
+The
+.Fn a64l
+function takes a pointer to a null-terminated radix-64 representation
+and returns a corresponding 32-bit value.  If the string pointed to by
+.Ar s
+contains more than six characters,
+.Fn a64l
+will use the first six.
+.Fn A64l
+scans the character string from left to right, decoding
+each character as a 6-bit radix-64 number.  If a long integer is
+larger than 32 bits, the return value will be sign-extended.
+.Pp
+.Fn l64a
+takes a long integer argument
+.Ar l
+and returns a pointer to the corresponding radix-64 representation.
+.Sh RETURN VALUES
+On success,
+.Fn a64l
+returns a 32-bit representation of
+.Ar s .
+If
+.Ar s
+is a NULL pointer or if it contains "digits" other than those described above,
+.Fn a64l
+returns -1L and sets the global variable errno to
+.Va EINVAL .
+.Pp
+On success,
+.Fn l64a
+returns a pointer to a string containing the radix-64 representation of
+.Ar l .
+If
+.Ar l
+is 0,
+.Fn l64a
+returns a pointer to the empty string.
+If
+.Ar l
+is negative,
+.Fn l64a
+returns a NULL pointer and sets the global variable errno to
+.Va EINVAL .
+.Sh WARNINGS
+The value returned by
+.Fn l64a
+is a pointer into a static buffer, the contents of which
+will be overwritten by subsequent calls.
+.Pp
+The value returned by
+.Fn a64l
+may be incorrect if the value is too large; for that reason, only strings
+that resulted from a call to
+.Fn l64a
+should be used to call
+.Fn a64l .
+.Pp
+If a long integer is larger than 32 bits, only the low-order
+32 bits are used.
+.Sh STANDARDS
+The
+.Fn a64l                                                           
+and
+.Fn l64a
+functions conform to
+.St -xpg4.2 .
diff --git a/src/lib/libc/stdlib/a64l.c b/src/lib/libc/stdlib/a64l.c
index 03fc77e034..a68f0a6dcd 100644
--- a/src/lib/libc/stdlib/a64l.c
+++ b/src/lib/libc/stdlib/a64l.c
@@ -4,8 +4,11 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$NetBSD: a64l.c,v 1.3 1995/05/11 23:04:47 jtc Exp $";
-#endif
+static char *rcsid = "$OpenBSD: a64l.c,v 1.3 1997/08/17 22:58:34 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <errno.h>
+#include <stdlib.h>
 
 long
 a64l(s)
@@ -14,21 +17,30 @@ a64l(s)
         long value, digit, shift;
         int i;
 
+        if (s == NULL) {
+                errno = EINVAL;
+                return(-1L);
+        }
+
         value = 0;
         shift = 0;
         for (i = 0; *s && i < 6; i++, s++) {
-                if (*s <= '/')
+                if (*s >= '.' && *s <= '/')
                         digit = *s - '.';
-                else if (*s <= '9')
+                else if (*s >= '0' && *s <= '9')
                         digit = *s - '0' + 2;
-                else if (*s <= 'Z')
+                else if (*s >= 'A' && *s <= 'Z')
                         digit = *s - 'A' + 12;
-                else
-                        digit = *s - 'a' + 38; 
+                else if (*s >= 'a' && *s <= 'z')
+                        digit = *s - 'a' + 38;
+                else {
+                        errno = EINVAL;
+                        return(-1L);
+                }
 
                 value |= digit << shift;
                 shift += 6;
         }
 
-        return (long) value;
+        return(value);
 }
diff --git a/src/lib/libc/stdlib/abort.3 b/src/lib/libc/stdlib/abort.3
index ab57327585..92c9a354d0 100644
--- a/src/lib/libc/stdlib/abort.3
+++ b/src/lib/libc/stdlib/abort.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)abort.3       6.7 (Berkeley) 6/29/91
-.\"     $Id: abort.3,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $
+.\"     $OpenBSD: abort.3,v 1.4 1997/07/17 07:39:41 deraadt Exp $
 .\"
 .Dd June 29, 1991
 .Dt ABORT 3
@@ -54,7 +53,7 @@ signal
 .Dv SIGABRT
 is being caught and the signal handler does not return.
 .Pp
-No open streams are closed or flushed.
+Any open streams are flushed and closed.
 .Sh RETURN VALUES
 The
 .Nm abort
@@ -62,10 +61,10 @@ function
 never returns.
 .Sh SEE ALSO
 .Xr sigaction 2 ,
-.Xr exit 2
+.Xr exit 3
 .Sh STANDARDS
 The
 .Fn abort
 function
 conforms to
-.St -ansiC .
+.St -p1003.1-90 .
diff --git a/src/lib/libc/stdlib/abort.c b/src/lib/libc/stdlib/abort.c
index c298e016b4..4ea8a2ca4b 100644
--- a/src/lib/libc/stdlib/abort.c
+++ b/src/lib/libc/stdlib/abort.c
@@ -32,19 +32,22 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)abort.c      5.11 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: abort.c,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $";
+static char *rcsid = "$OpenBSD: abort.c,v 1.5 1997/06/22 20:21:25 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <signal.h>
 #include <stdlib.h>
 #include <unistd.h>
 
+void (*__cleanup)();
+
 void
 abort()
 {
+        static int cleanup_called = 0;
         sigset_t mask;
 
+
         sigfillset(&mask);
         /*
          * don't block SIGABRT to give any handler a chance; we ignore
@@ -52,6 +55,15 @@ abort()
          */
         sigdelset(&mask, SIGABRT);
         (void)sigprocmask(SIG_SETMASK, &mask, (sigset_t *)NULL);
+
+        /*
+         * POSIX requires we flush stdio buffers on abort
+         */
+        if (cleanup_called == 0 && __cleanup != NULL) {
+                cleanup_called = 1;
+                (*__cleanup)();
+        }
+
         (void)kill(getpid(), SIGABRT);
 
         /*
diff --git a/src/lib/libc/stdlib/abs.3 b/src/lib/libc/stdlib/abs.3
index 4748d89e77..77f82b9402 100644
--- a/src/lib/libc/stdlib/abs.3
+++ b/src/lib/libc/stdlib/abs.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)abs.3 6.4 (Berkeley) 6/29/91
-.\"     $Id: abs.3,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $
+.\"     $OpenBSD: abs.3,v 1.2 1996/08/19 08:33:21 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt ABS 3
diff --git a/src/lib/libc/stdlib/abs.c b/src/lib/libc/stdlib/abs.c
index 64468e0224..7c79e4073c 100644
--- a/src/lib/libc/stdlib/abs.c
+++ b/src/lib/libc/stdlib/abs.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)abs.c        5.2 (Berkeley) 5/17/90";*/
-static char *rcsid = "$Id: abs.c,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $";
+static char *rcsid = "$OpenBSD: abs.c,v 1.2 1996/08/19 08:33:21 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
diff --git a/src/lib/libc/stdlib/alloca.3 b/src/lib/libc/stdlib/alloca.3
index dcb97ab11c..ef87220772 100644
--- a/src/lib/libc/stdlib/alloca.3
+++ b/src/lib/libc/stdlib/alloca.3
@@ -29,8 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)alloca.3      5.1 (Berkeley) 5/2/91
-.\"     $Id: alloca.3,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $
+.\"     $OpenBSD: alloca.3,v 1.3 1996/08/19 08:33:22 tholo Exp $
 .\"
 .Dd May 2, 1991
 .Dt ALLOCA 3
@@ -55,9 +54,6 @@ return.
 The
 .Fn alloca
 function returns a pointer to the beginning of the allocated space.
-If the allocation failed, a
-.Dv NULL
-pointer is returned.
 .Sh SEE ALSO
 .Xr brk 2 ,
 .Xr pagesize 2
diff --git a/src/lib/libc/stdlib/atexit.3 b/src/lib/libc/stdlib/atexit.3
index 07de054d3c..0b10f010fa 100644
--- a/src/lib/libc/stdlib/atexit.3
+++ b/src/lib/libc/stdlib/atexit.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)atexit.3      5.3 (Berkeley) 6/29/91
-.\"     $Id: atexit.3,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $
+.\"     $OpenBSD: atexit.3,v 1.2 1996/08/19 08:33:22 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt ATEXIT 3
diff --git a/src/lib/libc/stdlib/atexit.c b/src/lib/libc/stdlib/atexit.c
index 4da1eb0d9c..c0fb624141 100644
--- a/src/lib/libc/stdlib/atexit.c
+++ b/src/lib/libc/stdlib/atexit.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)atexit.c     5.2 (Berkeley) 11/14/90";*/
-static char *rcsid = "$Id: atexit.c,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $";
+static char *rcsid = "$OpenBSD: atexit.c,v 1.2 1996/08/19 08:33:22 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
diff --git a/src/lib/libc/stdlib/atexit.h b/src/lib/libc/stdlib/atexit.h
index 8b756e8fe2..e41a7cb86c 100644
--- a/src/lib/libc/stdlib/atexit.h
+++ b/src/lib/libc/stdlib/atexit.h
@@ -30,8 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *      from: @(#)atexit.h      5.1 (Berkeley) 5/15/90
- *      $Id: atexit.h,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $
+ *      $OpenBSD: atexit.h,v 1.2 1996/08/19 08:33:23 tholo Exp $
  */
 
 /* must be at least 32 to guarantee ANSI conformance */
diff --git a/src/lib/libc/stdlib/atof.3 b/src/lib/libc/stdlib/atof.3
index 53e04f71c5..cc1b500b0f 100644
--- a/src/lib/libc/stdlib/atof.3
+++ b/src/lib/libc/stdlib/atof.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)atof.3        6.4 (Berkeley) 6/29/91
-.\"     $Id: atof.3,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $
+.\"     $OpenBSD: atof.3,v 1.2 1996/08/19 08:33:23 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt ATOF 3
diff --git a/src/lib/libc/stdlib/atof.c b/src/lib/libc/stdlib/atof.c
index 9202de50bb..30bac19899 100644
--- a/src/lib/libc/stdlib/atof.c
+++ b/src/lib/libc/stdlib/atof.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)atof.c       5.3 (Berkeley) 1/8/93";*/
-static char *rcsid = "$Id: atof.c,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $";
+static char *rcsid = "$OpenBSD: atof.c,v 1.2 1996/08/19 08:33:24 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
diff --git a/src/lib/libc/stdlib/atoi.3 b/src/lib/libc/stdlib/atoi.3
index 219ba73c00..280a989e8e 100644
--- a/src/lib/libc/stdlib/atoi.3
+++ b/src/lib/libc/stdlib/atoi.3
@@ -1,5 +1,5 @@
-.\" Copyright (c) 1990, 1991 The Regents of the University of California.
-.\" All rights reserved.
+.\" Copyright (c) 1990, 1991, 1993
+.\"    The Regents of the University of California.  All rights reserved.
 .\"
 .\" This code is derived from software contributed to Berkeley by
 .\" the American National Standards Committee X3, on Information
@@ -33,10 +33,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)atoi.3        5.3 (Berkeley) 6/29/91
-.\"     $Id: atoi.3,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $
+.\"     $OpenBSD: atoi.3,v 1.2 1996/08/10 04:51:31 tholo Exp $
 .\"
-.Dd June 29, 1991
+.Dd June 4, 1993
 .Dt ATOI 3
 .Os
 .Sh NAME
@@ -58,7 +57,6 @@ to
 representation.
 .Pp
 It is equivalent to:
-.Pp
 .Bd -literal -offset indent
 (int)strtol(nptr, (char **)NULL, 10);
 .Ed
diff --git a/src/lib/libc/stdlib/atoi.c b/src/lib/libc/stdlib/atoi.c
index df7845f90c..a74d6e1351 100644
--- a/src/lib/libc/stdlib/atoi.c
+++ b/src/lib/libc/stdlib/atoi.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)atoi.c       5.7 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: atoi.c,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $";
+static char *rcsid = "$OpenBSD: atoi.c,v 1.2 1996/08/19 08:33:24 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
diff --git a/src/lib/libc/stdlib/atol.3 b/src/lib/libc/stdlib/atol.3
index 86e3d324a3..2b49bd1f2c 100644
--- a/src/lib/libc/stdlib/atol.3
+++ b/src/lib/libc/stdlib/atol.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)atol.3        5.3 (Berkeley) 6/29/91
-.\"     $Id: atol.3,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $
+.\"     $OpenBSD: atol.3,v 1.2 1996/08/19 08:33:25 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt ATOL 3
diff --git a/src/lib/libc/stdlib/atol.c b/src/lib/libc/stdlib/atol.c
index 31ed06298b..528a932214 100644
--- a/src/lib/libc/stdlib/atol.c
+++ b/src/lib/libc/stdlib/atol.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)atol.c       5.7 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: atol.c,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $";
+static char *rcsid = "$OpenBSD: atol.c,v 1.2 1996/08/19 08:33:26 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
diff --git a/src/lib/libc/stdlib/bsearch.3 b/src/lib/libc/stdlib/bsearch.3
index 1622c96c6b..570a4227b4 100644
--- a/src/lib/libc/stdlib/bsearch.3
+++ b/src/lib/libc/stdlib/bsearch.3
@@ -1,5 +1,5 @@
-.\" Copyright (c) 1990, 1991 The Regents of the University of California.
-.\" All rights reserved.
+.\" Copyright (c) 1990, 1991, 1993, 1994
+.\"    The Regents of the University of California.  All rights reserved.
 .\"
 .\" This code is derived from software contributed to Berkeley by
 .\" the American National Standards Committee X3, on Information
@@ -33,10 +33,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)bsearch.3     5.6 (Berkeley) 6/29/91
-.\"     $Id: bsearch.3,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $
+.\"     $OpenBSD: bsearch.3,v 1.3 1997/06/13 23:41:35 deraadt Exp $
 .\"
-.Dd June 29, 1991
+.Dd April 19, 1994
 .Dt BSEARCH 3
 .Os
 .Sh NAME
@@ -65,7 +64,7 @@ to the comparison function referenced by
 The
 .Fa compar
 routine
-is expected to have two
+is expected to have
 two arguments which point to the
 .Fa key
 object and to an array member, in that order, and should return an integer
@@ -83,7 +82,7 @@ If two members compare as equal, which member is matched is unspecified.
 .Xr db 3 ,
 .Xr lsearch 3 ,
 .Xr qsort 3 ,
-.\" .Xr tsearch 3
+.Xr tsearch 3
 .Sh STANDARDS
 The
 .Fn bsearch
diff --git a/src/lib/libc/stdlib/bsearch.c b/src/lib/libc/stdlib/bsearch.c
index fac03f694f..eeef9bffc6 100644
--- a/src/lib/libc/stdlib/bsearch.c
+++ b/src/lib/libc/stdlib/bsearch.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)bsearch.c    5.4 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: bsearch.c,v 1.1.1.1 1995/10/18 08:42:16 deraadt Exp $";
+static char *rcsid = "$OpenBSD: bsearch.c,v 1.2 1996/08/19 08:33:26 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
diff --git a/src/lib/libc/stdlib/calloc.3 b/src/lib/libc/stdlib/calloc.3
index d0754b46a0..13a912169c 100644
--- a/src/lib/libc/stdlib/calloc.3
+++ b/src/lib/libc/stdlib/calloc.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)calloc.3      5.2 (Berkeley) 6/29/91
-.\"     $Id: calloc.3,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $
+.\"     $OpenBSD: calloc.3,v 1.3 1996/12/10 09:06:10 deraadt Exp $
 .\"
 .Dd June 29, 1991
 .Dt CALLOC 3
@@ -58,7 +57,7 @@ The space is initialized to all bits zero.
 The
 .Fn calloc
 function returns
-a pointer to the
+a pointer to
 the allocated space if successful; otherwise a null pointer is returned.
 .Sh SEE ALSO
 .Xr malloc 3 ,
diff --git a/src/lib/libc/stdlib/calloc.c b/src/lib/libc/stdlib/calloc.c
index 3353fab052..a2c4f84493 100644
--- a/src/lib/libc/stdlib/calloc.c
+++ b/src/lib/libc/stdlib/calloc.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)calloc.c     5.6 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: calloc.c,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $";
+static char *rcsid = "$OpenBSD: calloc.c,v 1.3 1996/08/20 17:42:33 downsj Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
@@ -47,7 +46,8 @@ calloc(num, size)
         register void *p;
 
         size *= num;
-        if (p = malloc(size))
+        p = malloc(size);
+        if (p)
                 memset(p, '\0', size);
         return(p);
 }
diff --git a/src/lib/libc/stdlib/cfree.c b/src/lib/libc/stdlib/cfree.c
new file mode 100644
index 0000000000..3af32039a9
--- /dev/null
+++ b/src/lib/libc/stdlib/cfree.c
@@ -0,0 +1,49 @@
+/*      $OpenBSD: cfree.c,v 1.1 1996/08/21 03:47:22 tholo Exp $ */
+
+/*
+ * Copyright (c) 1996 SigmaSoft, Th. Lockert <tholo@sigmasoft.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by SigmaSoft, Th.  Lockert.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: cfree.c,v 1.1 1996/08/21 03:47:22 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/cdefs.h>
+
+#ifdef __indr_reference
+__indr_reference(free, cfree);
+#else
+
+void
+cfree(p)
+        void *p;
+{
+    free(p);
+}
+#endif
diff --git a/src/lib/libc/stdlib/div.3 b/src/lib/libc/stdlib/div.3
index a4730694a5..0d8c56d86b 100644
--- a/src/lib/libc/stdlib/div.3
+++ b/src/lib/libc/stdlib/div.3
@@ -31,8 +31,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)div.3 5.2 (Berkeley) 4/19/91
-.\"     $Id: div.3,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $
+.\"     $OpenBSD: div.3,v 1.2 1996/08/19 08:33:28 tholo Exp $
 .\"
 .Dd April 19, 1991
 .Dt DIV 3
diff --git a/src/lib/libc/stdlib/div.c b/src/lib/libc/stdlib/div.c
index 122ac0deec..c1fae29008 100644
--- a/src/lib/libc/stdlib/div.c
+++ b/src/lib/libc/stdlib/div.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)div.c        5.2 (Berkeley) 4/16/91";*/
-static char *rcsid = "$Id: div.c,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $";
+static char *rcsid = "$OpenBSD: div.c,v 1.2 1996/08/19 08:33:29 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>             /* div_t */
diff --git a/src/lib/libc/stdlib/drand48.c b/src/lib/libc/stdlib/drand48.c
index ae1a8634dc..02886d5b62 100644
--- a/src/lib/libc/stdlib/drand48.c
+++ b/src/lib/libc/stdlib/drand48.c
@@ -11,6 +11,10 @@
  * to anyone/anything when using this software.
  */
 
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: drand48.c,v 1.2 1996/08/19 08:33:29 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
 #include "rand48.h"
 
 extern unsigned short __rand48_seed[3];
diff --git a/src/lib/libc/stdlib/erand48.c b/src/lib/libc/stdlib/erand48.c
index cc9fbf770c..b92dacffcc 100644
--- a/src/lib/libc/stdlib/erand48.c
+++ b/src/lib/libc/stdlib/erand48.c
@@ -11,6 +11,10 @@
  * to anyone/anything when using this software.
  */
 
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: erand48.c,v 1.2 1996/08/19 08:33:29 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
 #include "rand48.h"
 
 double
diff --git a/src/lib/libc/stdlib/exit.3 b/src/lib/libc/stdlib/exit.3
index adb81ffcb4..6dd2affef9 100644
--- a/src/lib/libc/stdlib/exit.3
+++ b/src/lib/libc/stdlib/exit.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)exit.3        6.6 (Berkeley) 6/29/91
-.\"     $Id: exit.3,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $
+.\"     $OpenBSD: exit.3,v 1.2 1996/08/19 08:33:30 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt EXIT 3
diff --git a/src/lib/libc/stdlib/exit.c b/src/lib/libc/stdlib/exit.c
index b1412f42bb..e358c94fd6 100644
--- a/src/lib/libc/stdlib/exit.c
+++ b/src/lib/libc/stdlib/exit.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)exit.c       5.4 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: exit.c,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $";
+static char *rcsid = "$OpenBSD: exit.c,v 1.2 1996/08/19 08:33:30 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
diff --git a/src/lib/libc/stdlib/free.3 b/src/lib/libc/stdlib/free.3
deleted file mode 100644
index 3d0131d7de..0000000000
--- a/src/lib/libc/stdlib/free.3
+++ /dev/null
@@ -1,82 +0,0 @@
-.\" Copyright (c) 1991 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" This code is derived from software contributed to Berkeley by
-.\" the American National Standards Committee X3, on Information
-.\" Processing Systems.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"     This product includes software developed by the University of
-.\"     California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"     from: @(#)free.3        5.2 (Berkeley) 6/29/91
-.\"     $Id: free.3,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $
-.\"
-.Dd June 29, 1991
-.Dt FREE 3
-.Os
-.Sh NAME
-.Nm free
-.Nd free up memory allocated with malloc, calloc or realloc
-.Sh SYNOPSIS
-.Fd #include <stdlib.h>
-.Ft void
-.Fn free "void *ptr"
-.Sh DESCRIPTION
-The
-.Fn free
-function causes the space pointed to by
-.Fa ptr
-to be deallocated, that is, made available
-for further allocation.
-If
-.Fa ptr
-is a null pointer, no action occurs.
-Otherwise, if the argument does not match a pointer earlier
-returned by the
-.Xr calloc ,
-.Xr malloc ,
-or
-.Xr realloc
-function, or if the space has been deallocated by a call to
-.Fn free
-or
-.Xr realloc ,
-general havoc may occur.
-.Sh RETURN VALUES
-The
-.Fn free
-function returns no value.
-.Sh SEE ALSO
-.Xr calloc 3 ,
-.Xr malloc 3 ,
-.Xr realloc 3
-.Sh STANDARDS
-The
-.Fn free
-function conforms to
-.St -ansiC .
diff --git a/src/lib/libc/stdlib/getenv.3 b/src/lib/libc/stdlib/getenv.3
index 411eb35da4..24a8d3d095 100644
--- a/src/lib/libc/stdlib/getenv.3
+++ b/src/lib/libc/stdlib/getenv.3
@@ -1,5 +1,5 @@
-.\" Copyright (c) 1988, 1991 The Regents of the University of California.
-.\" All rights reserved.
+.\" Copyright (c) 1988, 1991, 1993
+.\"    The Regents of the University of California.  All rights reserved.
 .\"
 .\" This code is derived from software contributed to Berkeley by
 .\" the American National Standards Committee X3, on Information
@@ -33,10 +33,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)getenv.3      6.11 (Berkeley) 6/29/91
-.\"     $Id: getenv.3,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $
+.\"     $OpenBSD: getenv.3,v 1.2 1996/08/10 05:03:00 tholo Exp $
 .\"
-.Dd June 29, 1991
+.Dd December 11, 1993
 .Dt GETENV 3
 .Os
 .Sh NAME
@@ -75,7 +74,7 @@ function obtains the current value of the environment variable,
 .Ar name .
 If the variable
 .Ar name
-is not in the current environment ,
+is not in the current environment,
 a null pointer is returned.
 .Pp
 The
@@ -121,7 +120,7 @@ return zero if successful; otherwise the global variable
 is set to indicate the error and a
 \-1 is returned.
 .Sh ERRORS
-.Bl -tag -width Er
+.Bl -tag -width [ENOMEM]
 .It Bq Er ENOMEM
 The function
 .Fn setenv
diff --git a/src/lib/libc/stdlib/getenv.c b/src/lib/libc/stdlib/getenv.c
index 09d47f2149..4db86df915 100644
--- a/src/lib/libc/stdlib/getenv.c
+++ b/src/lib/libc/stdlib/getenv.c
@@ -1,6 +1,6 @@
 /*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
+ * Copyright (c) 1987, 1993
+ *      The Regents of the University of California.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -32,28 +32,13 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)getenv.c     5.8 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: getenv.c,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $";
+static char *rcsid = "$OpenBSD: getenv.c,v 1.4 1998/07/16 18:02:33 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
 #include <string.h>
 
 /*
- * getenv --
- *      Returns ptr to value associated with name, if any, else NULL.
- */
-char *
-getenv(name)
-        const char *name;
-{
-        int offset;
-        char *__findenv();
-
-        return(__findenv(name, &offset));
-}
-
-/*
  * __findenv --
  *      Returns pointer to value associated with name, if any, else NULL.
  *      Sets offset to be the offset of the name/value combination in the
@@ -64,19 +49,41 @@ getenv(name)
  */
 char *
 __findenv(name, offset)
-        register char *name;
+        register const char *name;
         int *offset;
 {
         extern char **environ;
-        register int len;
-        register char **P, *C;
+        register int len, i;
+        register const char *np;
+        register char **p, *cp;
 
-        for (C = name, len = 0; *C && *C != '='; ++C, ++len);
-        for (P = environ; *P; ++P)
-                if (!strncmp(*P, name, len))
-                        if (*(C = *P + len) == '=') {
-                                *offset = P - environ;
-                                return(++C);
-                        }
-        return(NULL);
+        if (name == NULL || environ == NULL)
+                return (NULL);
+        for (np = name; *np && *np != '='; ++np)
+                ;
+        len = np - name;
+        for (p = environ; (cp = *p) != NULL; ++p) {
+                for (np = name, i = len; i && *cp; i--)
+                        if (*cp++ != *np++)
+                                break;
+                if (i == 0 && *cp++ == '=') {
+                        *offset = p - environ;
+                        return (cp);
+                }
+        }
+        return (NULL);
+}
+
+/*
+ * getenv --
+ *      Returns ptr to value associated with name, if any, else NULL.
+ */
+char *
+getenv(name)
+        const char *name;
+{
+        int offset;
+        char *__findenv();
+
+        return(__findenv(name, &offset));
 }
diff --git a/src/lib/libc/stdlib/getopt.3 b/src/lib/libc/stdlib/getopt.3
index f843881afd..4340ff54fd 100644
--- a/src/lib/libc/stdlib/getopt.3
+++ b/src/lib/libc/stdlib/getopt.3
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)getopt.3    8.4 (Berkeley) 4/19/94
+.\"     $OpenBSD: getopt.3,v 1.6 1998/05/05 19:36:03 deraadt Exp $
 .\"
 .Dd April 19, 1994
 .Dt GETOPT 3
@@ -137,12 +137,12 @@ returns \-1.
 If the
 .Fn getopt
 function encounters a character not found in the string
-.Va optarg
+.Va optstring
 or detects
-a missing option argument it writes an error message and returns
-.Ql ?
-to the
-.Em stderr .
+a missing option argument it writes an error message to 
+.Em stderr 
+and returns
+.Ql ? .
 Setting
 .Va opterr
 to a zero will disable these error messages.
@@ -174,8 +174,8 @@ extern int optind;
 int bflag, ch, fd;
 
 bflag = 0;
-while ((ch = getopt(argc, argv, "bf:")) != -1)
-        switch(ch) {
+while ((ch = getopt(argc, argv, "bf:")) != -1) {
+        switch (ch) {
         case 'b':
                 bflag = 1;
                 break;
@@ -189,6 +189,7 @@ while ((ch = getopt(argc, argv, "bf:")) != -1)
         case '?':
         default:
                 usage();
+        }
 }
 argc -= optind;
 argv += optind;
@@ -213,7 +214,7 @@ from
 .Pp
 A single dash
 .Dq Li -
-may be specified as an character in
+may be specified as a character in
 .Fa optstring ,
 however it should
 .Em never
diff --git a/src/lib/libc/stdlib/getopt.c b/src/lib/libc/stdlib/getopt.c
index 63c5e6a479..b7f6163662 100644
--- a/src/lib/libc/stdlib/getopt.c
+++ b/src/lib/libc/stdlib/getopt.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/* static char sccsid[] = "from: @(#)getopt.c   8.2 (Berkeley) 4/2/94"; */
-static char *rcsid = "$Id: getopt.c,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $";
+static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdio.h>
diff --git a/src/lib/libc/stdlib/getsubopt.3 b/src/lib/libc/stdlib/getsubopt.3
new file mode 100644
index 0000000000..8acc91bdd1
--- /dev/null
+++ b/src/lib/libc/stdlib/getsubopt.3
@@ -0,0 +1,148 @@
+.\" $OpenBSD: getsubopt.3,v 1.2 1998/06/15 17:55:07 mickey Exp $
+.\"
+.\" Copyright (c) 1990, 1991, 1993
+.\"     The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"     This product includes software developed by the University of
+.\"     California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)getsubopt.3 8.1 (Berkeley) 6/9/93
+.\"
+.Dd June 9, 1993
+.Dt GETSUBOPT 3
+.Os
+.Sh NAME
+.Nm getsubopt
+.Nd get sub options from an argument
+.Sh SYNOPSIS
+.Fd #include <stdlib.h>
+.Vt extern char *suboptarg
+.Ft int
+.Fn getsubopt "char **optionp" "char * const *tokens" "char **valuep"
+.Sh DESCRIPTION
+The
+.Fn getsubopt
+function
+parses a string containing tokens delimited by one or more tab, space or
+comma
+.Pq Ql \&,
+characters.
+It is intended for use in parsing groups of option arguments provided
+as part of a utility command line.
+.Pp
+The argument
+.Fa optionp
+is a pointer to a pointer to the string.
+The argument
+.Fa tokens
+is a pointer to a
+.Dv NULL Ns -terminated
+array of pointers to strings.
+.Pp
+The
+.Fn getsubopt
+function
+returns the zero-based offset of the pointer in the
+.Fa tokens
+array referencing a string which matches the first token
+in the string, or, \-1 if the string contains no tokens or
+.Fa tokens
+does not contain a matching string.
+.Pp
+If the token is of the form ``name=value'', the location referenced by
+.Fa valuep
+will be set to point to the start of the ``value'' portion of the token.
+.Pp
+On return from
+.Fn getsubopt ,
+.Fa optionp
+will be set to point to the start of the next token in the string,
+or the null at the end of the string if no more tokens are present.
+The external variable
+.Fa suboptarg
+will be set to point to the start of the current token, or
+.Dv NULL
+if no
+tokens were present.
+The argument
+.Fa valuep
+will be set to point to the ``value'' portion of the token, or
+.Dv NULL
+if no ``value'' portion was present.
+.Sh EXAMPLE
+.Bd -literal -compact
+char *tokens[] = {
+        #define ONE     0
+                "one",
+        #define TWO     1
+                "two",
+        NULL
+};
+
+\&...
+
+extern char *optarg, *suboptarg;
+char *options, *value;
+
+while ((ch = getopt(argc, argv, "ab:")) != \-1) {
+        switch(ch) {
+        case 'a':
+                /* process ``a'' option */
+                break;
+        case 'b':
+                options = optarg;
+                while (*options) {
+                        switch(getsubopt(&options, tokens, &value)) {
+                        case ONE:
+                                /* process ``one'' sub option */
+                                break;
+                        case TWO:
+                                /* process ``two'' sub option */
+                                if (!value)
+                                        error("no value for two");
+                                i = atoi(value);
+                                break;
+                        case \-1:
+                                if (suboptarg)
+                                        error("illegal sub option %s",
+                                          suboptarg);
+                                else
+                                        error("missing sub option");
+                                break;
+                }
+                break;
+        }
+.Ed
+.Sh SEE ALSO
+.Xr getopt 3 ,
+.Xr strsep 3
+.Sh HISTORY
+The
+.Fn getsubopt
+function first appeared in
+.Bx 4.4 .
diff --git a/src/lib/libc/stdlib/getsubopt.c b/src/lib/libc/stdlib/getsubopt.c
new file mode 100644
index 0000000000..1667a31d7d
--- /dev/null
+++ b/src/lib/libc/stdlib/getsubopt.c
@@ -0,0 +1,106 @@
+/*      $OpenBSD: getsubopt.c,v 1.1 1997/08/20 04:02:17 millert Exp $   */
+
+/*-
+ * Copyright (c) 1990, 1993
+ *      The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+#if 0
+static char sccsid[] = "@(#)getsubopt.c 8.1 (Berkeley) 6/4/93";
+#else
+static char rcsid[] = "$OpenBSD: getsubopt.c,v 1.1 1997/08/20 04:02:17 millert Exp $";
+#endif
+#endif /* not lint */
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * The SVID interface to getsubopt provides no way of figuring out which
+ * part of the suboptions list wasn't matched.  This makes error messages
+ * tricky...  The extern variable suboptarg is a pointer to the token
+ * which didn't match.
+ */
+char *suboptarg;
+
+int
+getsubopt(optionp, tokens, valuep)
+        register char **optionp, **valuep;
+        register char * const *tokens;
+{
+        register int cnt;
+        register char *p;
+
+        suboptarg = *valuep = NULL;
+
+        if (!optionp || !*optionp)
+                return(-1);
+
+        /* skip leading white-space, commas */
+        for (p = *optionp; *p && (*p == ',' || *p == ' ' || *p == '\t'); ++p);
+
+        if (!*p) {
+                *optionp = p;
+                return(-1);
+        }
+
+        /* save the start of the token, and skip the rest of the token. */
+        for (suboptarg = p;
+            *++p && *p != ',' && *p != '=' && *p != ' ' && *p != '\t';);
+
+        if (*p) {
+                /*
+                 * If there's an equals sign, set the value pointer, and
+                 * skip over the value part of the token.  Terminate the
+                 * token.
+                 */
+                if (*p == '=') {
+                        *p = '\0';
+                        for (*valuep = ++p;
+                            *p && *p != ',' && *p != ' ' && *p != '\t'; ++p);
+                        if (*p) 
+                                *p++ = '\0';
+                } else
+                        *p++ = '\0';
+                /* Skip any whitespace or commas after this token. */
+                for (; *p && (*p == ',' || *p == ' ' || *p == '\t'); ++p);
+        }
+
+        /* set optionp for next round. */
+        *optionp = p;
+
+        for (cnt = 0; *tokens; ++tokens, ++cnt)
+                if (!strcmp(suboptarg, *tokens))
+                        return(cnt);
+        return(-1);
+}
diff --git a/src/lib/libc/stdlib/heapsort.c b/src/lib/libc/stdlib/heapsort.c
index bd998fa357..e3e4392e05 100644
--- a/src/lib/libc/stdlib/heapsort.c
+++ b/src/lib/libc/stdlib/heapsort.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char sccsid[] = "from: @(#)heapsort.c  8.1 (Berkeley) 6/4/93";*/
-static char *rcsid = "$Id: heapsort.c,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $";
+static char *rcsid = "$OpenBSD: heapsort.c,v 1.2 1996/08/19 08:33:32 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
diff --git a/src/lib/libc/stdlib/jrand48.c b/src/lib/libc/stdlib/jrand48.c
index 205781e0ee..99cddb71e5 100644
--- a/src/lib/libc/stdlib/jrand48.c
+++ b/src/lib/libc/stdlib/jrand48.c
@@ -11,6 +11,10 @@
  * to anyone/anything when using this software.
  */
 
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: jrand48.c,v 1.2 1996/08/19 08:33:33 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
 #include "rand48.h"
 
 long
diff --git a/src/lib/libc/stdlib/l64a.c b/src/lib/libc/stdlib/l64a.c
index 3069b31bf6..4e99391254 100644
--- a/src/lib/libc/stdlib/l64a.c
+++ b/src/lib/libc/stdlib/l64a.c
@@ -4,13 +4,14 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$NetBSD: l64a.c,v 1.4 1995/05/11 23:04:52 jtc Exp $";
-#endif
+static char *rcsid = "$OpenBSD: l64a.c,v 1.3 1997/08/17 22:58:34 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
 
+#include <errno.h>
 #include <stdlib.h>
 
 char *
-l64a (value)
+l64a(value)
         long value;
 {
         static char buf[8];
@@ -18,8 +19,10 @@ l64a (value)
         int digit;
         int i;
 
-        if (!value) 
-                return NULL;
+        if (value < 0) {
+                errno = EINVAL;
+                return(NULL);
+        }
 
         for (i = 0; value != 0 && i < 6; i++) {
                 digit = value & 0x3f;
@@ -39,5 +42,5 @@ l64a (value)
 
         *s = '\0';
 
-        return buf;
+        return(buf);
 }
diff --git a/src/lib/libc/stdlib/labs.3 b/src/lib/libc/stdlib/labs.3
index 28e4d2053c..05eae329df 100644
--- a/src/lib/libc/stdlib/labs.3
+++ b/src/lib/libc/stdlib/labs.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)labs.3        5.3 (Berkeley) 6/29/91
-.\"     $Id: labs.3,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $
+.\"     $OpenBSD: labs.3,v 1.2 1996/08/19 08:33:34 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt LABS 3
diff --git a/src/lib/libc/stdlib/labs.c b/src/lib/libc/stdlib/labs.c
index ccf1415792..f20e2c29be 100644
--- a/src/lib/libc/stdlib/labs.c
+++ b/src/lib/libc/stdlib/labs.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)labs.c       5.2 (Berkeley) 5/17/90";*/
-static char *rcsid = "$Id: labs.c,v 1.1.1.1 1995/10/18 08:42:17 deraadt Exp $";
+static char *rcsid = "$OpenBSD: labs.c,v 1.2 1996/08/19 08:33:34 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
diff --git a/src/lib/libc/stdlib/lcong48.c b/src/lib/libc/stdlib/lcong48.c
index 965d46b17a..44bd74e48a 100644
--- a/src/lib/libc/stdlib/lcong48.c
+++ b/src/lib/libc/stdlib/lcong48.c
@@ -11,6 +11,10 @@
  * to anyone/anything when using this software.
  */
 
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: lcong48.c,v 1.2 1996/08/19 08:33:35 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
 #include "rand48.h"
 
 extern unsigned short __rand48_seed[3];
diff --git a/src/lib/libc/stdlib/ldiv.3 b/src/lib/libc/stdlib/ldiv.3
index a7b5ccf878..8757f4ddd5 100644
--- a/src/lib/libc/stdlib/ldiv.3
+++ b/src/lib/libc/stdlib/ldiv.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)ldiv.3        5.3 (Berkeley) 6/29/91
-.\"     $Id: ldiv.3,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $
+.\"     $OpenBSD: ldiv.3,v 1.2 1996/08/19 08:33:35 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt LDIV 3
diff --git a/src/lib/libc/stdlib/ldiv.c b/src/lib/libc/stdlib/ldiv.c
index f7074507e5..908c2bf0aa 100644
--- a/src/lib/libc/stdlib/ldiv.c
+++ b/src/lib/libc/stdlib/ldiv.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)ldiv.c       5.2 (Berkeley) 4/16/91";*/
-static char *rcsid = "$Id: ldiv.c,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $";
+static char *rcsid = "$OpenBSD: ldiv.c,v 1.2 1996/08/19 08:33:35 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>             /* ldiv_t */
diff --git a/src/lib/libc/stdlib/lrand48.c b/src/lib/libc/stdlib/lrand48.c
index 8e7f26237f..6b7524a51b 100644
--- a/src/lib/libc/stdlib/lrand48.c
+++ b/src/lib/libc/stdlib/lrand48.c
@@ -11,6 +11,10 @@
  * to anyone/anything when using this software.
  */
 
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: lrand48.c,v 1.2 1996/08/19 08:33:36 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
 #include "rand48.h"
 
 extern unsigned short __rand48_seed[3];
diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3
index 3bbf2bf65e..d5f8837ec2 100644
--- a/src/lib/libc/stdlib/malloc.3
+++ b/src/lib/libc/stdlib/malloc.3
@@ -1,5 +1,5 @@
-.\" Copyright (c) 1980, 1991 Regents of the University of California.
-.\" All rights reserved.
+.\" Copyright (c) 1980, 1991, 1993
+.\"     The Regents of the University of California.  All rights reserved.
 .\"
 .\" This code is derived from software contributed to Berkeley by
 .\" the American National Standards Committee X3, on Information
@@ -33,19 +33,33 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)malloc.3      6.7 (Berkeley) 6/29/91
-.\"     $Id: malloc.3,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $
+.\"     $OpenBSD: malloc.3,v 1.9 1998/08/15 20:32:02 deraadt Exp $
 .\"
-.Dd June 29, 1991
+.Dd August 27, 1996
 .Dt MALLOC 3
-.Os BSD 4
+.Os OpenBSD
 .Sh NAME
-.Nm malloc
+.Nm malloc ,
 .Nd general memory allocation function
+.Pp
+.Nm free ,
+.Nm cfree
+.Nd free up memory allocated with malloc, calloc or realloc
+.Pp
+.Nm realloc
+.Nd reallocation of memory function
 .Sh SYNOPSIS
 .Fd #include <stdlib.h>
 .Ft void *
 .Fn malloc "size_t size"
+.Ft void
+.Fn free "void *ptr"
+.Ft void
+.Fn cfree "void *ptr"
+.Ft void *
+.Fn realloc "void *ptr" "size_t size"
+.Ft char *
+.Va malloc_options
 .Sh DESCRIPTION
 The
 .Fn malloc
@@ -62,30 +76,275 @@ suitably aligned (after possible pointer
 coercion) for storage of any type of object. If the space is of
 .Em pagesize
 or larger, the memory returned will be page-aligned.
+.Pp
+Allocation of a zero size object returns a pointer to a zero size object.
+.Pp
+The
+.Fn free
+function causes the space pointed to by
+.Fa ptr
+to be deallocated, that is, at least made available for further allocation,
+but if possible, it will passed back to the kernel with
+.Xr sbrk 2 .
+If
+.Fa ptr
+is a null pointer, no action occurs.
+.Pp
+A
+.Fn cfree
+function is also provided for compatibility with old systems and other
+.Nm malloc
+libraries; it is simply an alias for
+.Fn free .
+.Pp
+The
+.Fn realloc
+function changes the size of the object pointed to by
+.Fa ptr
+to the size specified by
+.Fa size .
+The contents of the object are unchanged up to the lesser
+of the new and old sizes.
+If the new size is larger, the value of the newly allocated portion
+of the object is indeterminate and uninitialized.
+If
+.Fa ptr
+is a null pointer, the
+.Fn realloc
+function behaves like the
+.Fn malloc 
+function for the specified size.
+If the space cannot be allocated, the object 
+pointed to by
+.Fa ptr
+is unchanged.
+If
+.Fa size
+is zero and
+.Fa ptr
+is not a null pointer, the object it points to is freed and a new zero size
+object is returned.
+.Pp
+When using
+.Fn realloc
+one must be careful to avoid the following idiom:
+.Pp
+.Bd -literal -offset indent
+if ((p = realloc(p, nsize)) == NULL)
+        return NULL;
+.Ed
+.Pp
+In most cases, this will result in a leak of memory.
+As stated earlier, a return value of
+.Fa NULL
+indicates that the old object still remains allocated.
+Better code looks like this:
+.Bd -literal -offset indent
+if ((p2 = realloc(p, nsize)) == NULL) {
+        if (p)
+                free(p);
+        p = NULL;
+        return NULL;
+}
+p = p2;
+.Ed
+.Pp
+Malloc will first look for a symbolic link called
+.Pa /etc/malloc.conf
+and next check the environment for a variable called
+.Ev MALLOC_OPTIONS
+and finally for the global variable
+.Va malloc_options
+and scan them for flags in that order.
+Flags are single letters, uppercase means on, lowercase means off.
+.Bl -tag -width indent
+.It A
+``abort'' malloc will coredump the process, rather than tolerate failure.
+This is a very handy debugging aid, since the core file will represent the
+time of failure,
+rather than when the NULL pointer was accessed.
+
+.It D
+``dump'' malloc will dump statistics in a file called ``malloc.out'' at exit.
+This option requires the library to have been compiled with -DMALLOC_STATS in
+order to have any effect.
+
+.It J
+``junk'' fill some junk into the area allocated.
+Currently junk is bytes of 0xd0, this is pronounced ``Duh'' :-)
+
+.It H
+``hint'' pass a hint to the kernel about pages we don't use.  If the
+machine is paging a lot this may help a bit.
+
+.It N
+Do not output warning messages when encountering possible corruption
+or bad pointers.
+
+.It R
+``realloc'' always reallocate when
+.Fn realloc
+is called, even if the initial allocation was big enough.
+This can substantially aid in compacting memory.
+
+.It U
+``utrace'' generate entries for
+.Xr ktrace 1
+for all operations.
+Consult the source for this one.
+
+.It X
+``xmalloc'' 
+rather than return failure,
+.Xr abort 3
+the program with a diagnostic message on stderr.
+It is the intention that this option be set at compile time by
+including in the source:
+.Bd -literal -offset indent
+extern char *malloc_options;
+malloc_options = "X";
+.Ed
+
+.It Z
+``zero'' fill some junk into the area allocated (see ``J''),
+except for the exact length the user asked for, which is zeroed.
+
+.It <
+``Half the cache size'' Reduce the size of the cache by a factor of two.
+
+.It >
+``Double the cache size'' Double the size of the cache by a factor of two.
+.El
+.Pp
+So to set a systemwide reduction of cache size and coredumps on problems
+one would:
+.Li ln -s 'A<' /etc/malloc.conf
+.Pp
+The ``J'' and ``Z'' is mostly for testing and debugging,
+if a program changes behavior if either of these options are used,
+it is buggy.
+.Pp
+The default cache size is 16 pages.
+.Sh ENVIRONMENT
+See above.
 .Sh RETURN VALUES
 The
 .Fn malloc
 function returns
 a pointer to the allocated space if successful; otherwise
 a null pointer is returned.
+.Pp
+The
+.Fn free
+function returns no value.
+.Pp
+The
+.Fn realloc
+function a pointer to the possibly moved allocated space;
+otherwise a null pointer is returned.
+.Sh MESSAGES
+If 
+.Fn malloc ,
+.Fn free
+or 
+.Fn realloc
+detects an error or warning condition,
+a message will be printed to filedescriptor
+2 (not using stdio).
+Errors will always result in the process being 
+.Xr abort 2 'ed,
+If the ``A'' option has been specified, also warnings will
+.Xr abort 2 
+the process.
+.Pp
+Here is a brief description of the error messages and what they mean:
+.Pp
+``(ES): mumble mumble mumble'':
+malloc have been compiled with -DEXTRA_SANITY and something looks
+fishy in there.  Consult sources and or wizards.
+.Pp
+``allocation failed''
+if the ``A'' option is specified it is an error for
+.Fn malloc
+or 
+.Fn realloc
+to return NULL.
+.Pp
+``mmap(2) failed, check limits.''
+This is a rather weird condition that is most likely to mean that
+the system is seriously overloaded or that your ulimits are sick.
+.Pp
+``freelist is destroyed.''
+mallocs internal freelist has been stomped on.
+.Pp
+Here is a brief description of the warning messages and what they mean:
+.Pp
+``chunk/page is already free.''
+A pointer to a free chunk is attempted freed again.
+.Pp
+``junk pointer, too high to make sense.''
+The pointer doesn't make sense.  It's above the area of memory that
+malloc knows something about.
+This could be a pointer from some
+.Xr mmap 2 'ed 
+memory.
+.Pp
+``junk pointer, too low to make sense.''
+The pointer doesn't make sense.  It's below the area of memory that
+malloc knows something about.
+This pointer probably came from your data or bss segments.
+.Pp
+``malloc() has never been called.''
+Nothing has ever been allocated, yet something is being freed or
+realloc'ed.
+.Pp
+``modified (chunk-/page-) pointer.''
+The pointer passed to free or realloc has been modified.
+.Pp
+``pointer to wrong page.''
+The pointer that malloc is trying to free is not pointing to
+a sensible page.
+.Pp
+``recursive call.''
+You have tried to call recursively into these functions.
+I can only imagine this as happening if you call one of these
+functions from a signal function, which happens to be called
+while you're already in here.
+Well, sorry to say: that's not supported.
+If this is a problem for you I'd like to hear about it.  It
+would be possible to add a sigblock() around this package,
+but it would have a performance penalty that is not acceptable
+as the default.
+.Pp
+``unknown char in MALLOC_OPTIONS''
+we found something we didn't understand.
 .Sh SEE ALSO
 .Xr brk 2 ,
-.Xr getpagesize 2 ,
-.Xr free 3 ,
-.Xr calloc 3 ,
 .Xr alloca 3 ,
-.Xr realloc 3 ,
+.Xr calloc 3 ,
+.Xr getpagesize 3 ,
 .Xr memory 3
+.Pa /usr/share/doc/papers/malloc.ascii.gz
 .Sh STANDARDS
 The
 .Fn malloc
 function conforms to
 .St -ansiC .
-.Sh BUGS
-The current implementation of
-.Xr malloc
-does not always fail gracefully when system
-memory limits are approached.
-It may fail to allocate memory when larger free blocks could be broken
-up, or when limits are exceeded because the size is rounded up.
-It is optimized for sizes that are powers of two.
+.Sh HISTORY
+The present implementation of malloc started out as a filesystem on a drum
+attached to a 20bit binary challenged computer built with discrete germanium
+transistors, and it has since graduated to handle primary storage rather than
+secondary.
+.Pp
+The main difference from other malloc implementations are believed to be that
+the free pages are not accessed until allocated.
+Most malloc implementations will store a data structure containing a, 
+possibly double-, linked list in the free chunks of memory, used to tie
+all the free memory together.
+That is a quite suboptimal thing to do.
+Every time the free-list is traversed, all the otherwise unused, and very
+likely paged out, pages get faulted into primary memory, just to see what
+lies after them in the list.
+.Pp
+On systems which are paging, this can make a factor five in difference on the
+page-faults of a process.
diff --git a/src/lib/libc/stdlib/malloc.c b/src/lib/libc/stdlib/malloc.c
index 3c57fad024..d1d8759791 100644
--- a/src/lib/libc/stdlib/malloc.c
+++ b/src/lib/libc/stdlib/malloc.c
@@ -1,421 +1,1242 @@
 /*
- * Copyright (c) 1983 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *      This product includes software developed by the University of
- *      California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@FreeBSD.ORG> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)malloc.c     5.11 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: malloc.c,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: malloc.c,v 1.32 1998/08/06 16:26:32 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /*
- * malloc.c (Caltech) 2/21/82
- * Chris Kingsley, kingsley@cit-20.
- *
- * This is a very fast storage allocator.  It allocates blocks of a small 
- * number of different sizes, and keeps free lists of each size.  Blocks that
- * don't exactly fit are passed up to the next larger size.  In this 
- * implementation, the available sizes are 2^n-4 (or 2^n-10) bytes long.
- * This is designed for use in a virtual memory environment.
+ * Defining MALLOC_EXTRA_SANITY will enable extra checks which are
+ * related to internal conditions and consistency in malloc.c. This has
+ * a noticeable runtime performance hit, and generally will not do you
+ * any good unless you fiddle with the internals of malloc or want
+ * to catch random pointer corruption as early as possible.
  */
+#ifndef MALLOC_EXTRA_SANITY
+#undef MALLOC_EXTRA_SANITY
+#endif
 
-#include <sys/types.h>
+/*
+ * Defining MALLOC_STATS will enable you to call malloc_dump() and set
+ * the [dD] options in the MALLOC_OPTIONS environment variable.
+ * It has no run-time performance hit, but does pull in stdio...
+ */
+#ifndef MALLOC_STATS
+#undef MALLOC_STATS
+#endif
+
+/*
+ * What to use for Junk.  This is the byte value we use to fill with
+ * when the 'J' option is enabled.
+ */
+#define SOME_JUNK       0xd0            /* as in "Duh" :-) */
+
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/mman.h>
+
+/*
+ * The basic parameters you can tweak.
+ *
+ * malloc_pageshift     pagesize = 1 << malloc_pageshift
+ *                      It's probably best if this is the native
+ *                      page size, but it shouldn't have to be.
+ *
+ * malloc_minsize       minimum size of an allocation in bytes.
+ *                      If this is too small it's too much work
+ *                      to manage them.  This is also the smallest
+ *                      unit of alignment used for the storage
+ *                      returned by malloc/realloc.
+ *
+ */
+
+#if defined(__i386__) && defined(__FreeBSD__)
+#   define malloc_pageshift             12U
+#   define malloc_minsize               16U
+#endif /* __i386__ && __FreeBSD__ */
 
-#define NULL 0
+#if defined(__sparc__) && !defined(__OpenBSD__)
+#   define malloc_pageshirt             12U
+#   define malloc_minsize               16U
+#   define MAP_ANON                     (0)
+#   define USE_DEV_ZERO
+#   define MADV_FREE                    MADV_DONTNEED
+#endif /* __sparc__ */
 
-static void morecore();
-static int findbucket();
+/* Insert your combination here... */
+#if defined(__FOOCPU__) && defined(__BAROS__)
+#   define malloc_pageshift             12U
+#   define malloc_minsize               16U
+#endif /* __FOOCPU__ && __BAROS__ */
+
+#if defined(__OpenBSD__) && !defined(__sparc__)
+#   define      malloc_pageshift        (PGSHIFT)
+#   define      malloc_minsize          16U
+#endif /* __OpenBSD__ */
+
+#ifdef _THREAD_SAFE
+#include <pthread.h>
+static pthread_mutex_t malloc_lock;
+#define THREAD_LOCK()           pthread_mutex_lock(&malloc_lock)
+#define THREAD_UNLOCK()         pthread_mutex_unlock(&malloc_lock)
+#define THREAD_LOCK_INIT()      pthread_mutex_init(&malloc_lock, 0);
+#else
+#define THREAD_LOCK()
+#define THREAD_UNLOCK()
+#define THREAD_LOCK_INIT()
+#endif
 
 /*
- * The overhead on a block is at least 4 bytes.  When free, this space
- * contains a pointer to the next free block, and the bottom two bits must
- * be zero.  When in use, the first byte is set to MAGIC, and the second
- * byte is the size index.  The remaining bytes are for alignment.
- * If range checking is enabled then a second word holds the size of the
- * requested block, less 1, rounded up to a multiple of sizeof(RMAGIC).
- * The order of elements is critical: ov_magic must overlay the low order
- * bits of ov_next, and ov_magic can not be a valid ov_next bit pattern.
+ * No user serviceable parts behind this point.
+ *
+ * This structure describes a page worth of chunks.
  */
-union   overhead {
-        union   overhead *ov_next;      /* when free */
-        struct {
-                u_char  ovu_magic;      /* magic number */
-                u_char  ovu_index;      /* bucket # */
-#ifdef RCHECK
-                u_short ovu_rmagic;     /* range magic number */
-                u_long  ovu_size;       /* actual block size */
-#endif
-        } ovu;
-#define ov_magic        ovu.ovu_magic
-#define ov_index        ovu.ovu_index
-#define ov_rmagic       ovu.ovu_rmagic
-#define ov_size         ovu.ovu_size
+
+struct pginfo {
+    struct pginfo       *next;  /* next on the free list */
+    void                *page;  /* Pointer to the page */
+    u_short             size;   /* size of this page's chunks */
+    u_short             shift;  /* How far to shift for this size chunks */
+    u_short             free;   /* How many free chunks */
+    u_short             total;  /* How many chunk */
+    u_long              bits[1]; /* Which chunks are free */
+};
+
+/*
+ * This structure describes a number of free pages.
+ */
+
+struct pgfree {
+    struct pgfree       *next;  /* next run of free pages */
+    struct pgfree       *prev;  /* prev run of free pages */
+    void                *page;  /* pointer to free pages */
+    void                *end;   /* pointer to end of free pages */
+    u_long              size;   /* number of bytes free */
 };
 
-#define MAGIC           0xef            /* magic # on accounting info */
-#define RMAGIC          0x5555          /* magic # on range info */
+/*
+ * How many bits per u_long in the bitmap.
+ * Change only if not 8 bits/byte
+ */
+#define MALLOC_BITS     (8*sizeof(u_long))
+
+/*
+ * Magic values to put in the page_directory
+ */
+#define MALLOC_NOT_MINE ((struct pginfo*) 0)
+#define MALLOC_FREE     ((struct pginfo*) 1)
+#define MALLOC_FIRST    ((struct pginfo*) 2)
+#define MALLOC_FOLLOW   ((struct pginfo*) 3)
+#define MALLOC_MAGIC    ((struct pginfo*) 4)
+
+#ifndef malloc_pageshift
+#define malloc_pageshift                12U
+#endif
+
+#ifndef malloc_minsize
+#define malloc_minsize                  16U
+#endif
+
+#ifndef malloc_pageshift
+#error  "malloc_pageshift undefined"
+#endif
+
+#if !defined(malloc_pagesize)
+#define malloc_pagesize                 (1UL<<malloc_pageshift)
+#endif
+
+#if ((1UL<<malloc_pageshift) != malloc_pagesize)
+#error  "(1UL<<malloc_pageshift) != malloc_pagesize"
+#endif
+
+#ifndef malloc_maxsize
+#define malloc_maxsize                  ((malloc_pagesize)>>1)
+#endif
+
+/* A mask for the offset inside a page.  */
+#define malloc_pagemask ((malloc_pagesize)-1)
+
+#define pageround(foo) (((foo) + (malloc_pagemask))&(~(malloc_pagemask)))
+#define ptr2index(foo) (((u_long)(foo) >> malloc_pageshift)-malloc_origo)
 
-#ifdef RCHECK
-#define RSLOP           sizeof (u_short)
+/* fd of /dev/zero */
+#ifdef USE_DEV_ZERO
+static int fdzero;
+#define MMAP_FD fdzero
+#define INIT_MMAP() \
+        { if ((fdzero=open("/dev/zero", O_RDWR, 0000)) == -1) \
+            wrterror("open of /dev/zero"); }
 #else
-#define RSLOP           0
+#define MMAP_FD (-1)
+#define INIT_MMAP()
 #endif
 
+/* Set when initialization has been done */
+static unsigned malloc_started; 
+
+/* Number of free pages we cache */
+static unsigned malloc_cache = 16;
+
+/* The offset from pagenumber to index into the page directory */
+static u_long malloc_origo;
+
+/* The last index in the page directory we care about */
+static u_long last_index;
+
+/* Pointer to page directory. Allocated "as if with" malloc */
+static struct   pginfo **page_dir;
+
+/* How many slots in the page directory */
+static size_t   malloc_ninfo;
+
+/* Free pages line up here */
+static struct pgfree free_list;
+
+/* Abort(), user doesn't handle problems.  */
+static int malloc_abort;
+
+/* Are we trying to die ?  */
+static int suicide;
+
+#ifdef MALLOC_STATS
+/* dump statistics */
+static int malloc_stats;
+#endif
+
+/* avoid outputting warnings?  */
+static int malloc_silent;
+
+/* always realloc ?  */
+static int malloc_realloc;
+
+#ifdef __FreeBSD__
+/* pass the kernel a hint on free pages ?  */
+static int malloc_hint;
+#endif
+
+/* xmalloc behaviour ?  */
+static int malloc_xmalloc;
+
+/* zero fill ?  */
+static int malloc_zero;
+
+/* junk fill ?  */
+static int malloc_junk;
+
+#ifdef __FreeBSD__
+/* utrace ?  */
+static int malloc_utrace;
+
+struct ut { void *p; size_t s; void *r; };
+
+void utrace __P((struct ut *, int));
+
+#define UTRACE(a, b, c) \
+        if (malloc_utrace) \
+                {struct ut u; u.p=a; u.s = b; u.r=c; utrace(&u, sizeof u);}
+#else /* !__FreeBSD__ */
+#define UTRACE(a,b,c)
+#endif
+
+/* my last break. */
+static void *malloc_brk;
+
+/* one location cache for free-list holders */
+static struct pgfree *px;
+
+/* compile-time options */
+char *malloc_options;
+
+/* Name of the current public function */
+static char *malloc_func;
+
+/* Macro for mmap */
+#define MMAP(size) \
+        mmap((void *)0, (size), PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, \
+            MMAP_FD, (off_t)0);
+
 /*
- * nextf[i] is the pointer to the next free block of size 2^(i+3).  The
- * smallest allocatable block is 8 bytes.  The overhead information
- * precedes the data area returned to the user.
+ * Necessary function declarations
  */
-#define NBUCKETS 30
-static  union overhead *nextf[NBUCKETS];
-extern  char *sbrk();
+static int extend_pgdir(u_long index);
+static void *imalloc(size_t size);
+static void ifree(void *ptr);
+static void *irealloc(void *ptr, size_t size);
+static void *malloc_bytes(size_t size);
+
+#ifdef MALLOC_STATS
+void
+malloc_dump(fd)
+    FILE *fd;
+{
+    struct pginfo **pd;
+    struct pgfree *pf;
+    int j;
+
+    pd = page_dir;
+
+    /* print out all the pages */
+    for(j=0;j<=last_index;j++) {
+        fprintf(fd, "%08lx %5d ", (j+malloc_origo) << malloc_pageshift, j);
+        if (pd[j] == MALLOC_NOT_MINE) {
+            for(j++;j<=last_index && pd[j] == MALLOC_NOT_MINE;j++)
+                ;
+            j--;
+            fprintf(fd, ".. %5d not mine\n",    j);
+        } else if (pd[j] == MALLOC_FREE) {
+            for(j++;j<=last_index && pd[j] == MALLOC_FREE;j++)
+                ;
+            j--;
+            fprintf(fd, ".. %5d free\n", j);
+        } else if (pd[j] == MALLOC_FIRST) {
+            for(j++;j<=last_index && pd[j] == MALLOC_FOLLOW;j++)
+                ;
+            j--;
+            fprintf(fd, ".. %5d in use\n", j);
+        } else if (pd[j] < MALLOC_MAGIC) {
+            fprintf(fd, "(%p)\n", pd[j]);
+        } else {
+            fprintf(fd, "%p %d (of %d) x %d @ %p --> %p\n",
+                pd[j], pd[j]->free, pd[j]->total,
+                pd[j]->size, pd[j]->page, pd[j]->next);
+        }
+    }
+
+    for(pf=free_list.next; pf; pf=pf->next) {
+        fprintf(fd, "Free: @%p [%p...%p[ %ld ->%p <-%p\n",
+                pf, pf->page, pf->end, pf->size, pf->prev, pf->next);
+        if (pf == pf->next) {
+                fprintf(fd, "Free_list loops.\n");
+                break;
+        }
+    }
+
+    /* print out various info */
+    fprintf(fd, "Minsize\t%d\n", malloc_minsize);
+    fprintf(fd, "Maxsize\t%d\n", malloc_maxsize);
+    fprintf(fd, "Pagesize\t%lu\n", (u_long)malloc_pagesize);
+    fprintf(fd, "Pageshift\t%d\n", malloc_pageshift);
+    fprintf(fd, "FirstPage\t%ld\n", malloc_origo);
+    fprintf(fd, "LastPage\t%ld %lx\n", last_index+malloc_pageshift,
+        (last_index + malloc_pageshift) << malloc_pageshift);
+    fprintf(fd, "Break\t%ld\n", (u_long)sbrk(0) >> malloc_pageshift);
+}
+#endif /* MALLOC_STATS */
+
+extern char *__progname;
+
+static void
+wrterror(p)
+    char *p;
+{
+    char *q = " error: ";
+    write(2, __progname, strlen(__progname));
+    write(2, malloc_func, strlen(malloc_func));
+    write(2, q, strlen(q));
+    write(2, p, strlen(p));
+    suicide = 1;
+#ifdef MALLOC_STATS
+    if (malloc_stats)
+        malloc_dump(stderr);
+#endif /* MALLOC_STATS */
+    abort();
+}
+
+static void
+wrtwarning(p)
+    char *p;
+{
+    char *q = " warning: ";
+    if (malloc_abort)
+        wrterror(p);
+    else if (malloc_silent)
+        return;
+    write(2, __progname, strlen(__progname));
+    write(2, malloc_func, strlen(malloc_func));
+    write(2, q, strlen(q));
+    write(2, p, strlen(p));
+}
+
+#ifdef MALLOC_STATS
+static void
+malloc_exit()
+{
+    FILE *fd = fopen("malloc.out", "a");
+    char *q = "malloc() warning: Couldn't dump stats.\n";
+    if (fd) {
+        malloc_dump(fd);
+        fclose(fd);
+    } else
+        write(2, q, strlen(q));
+}
+#endif /* MALLOC_STATS */
 
-static  int pagesz;                     /* page size */
-static  int pagebucket;                 /* page size bucket */
 
-#ifdef MSTATS
 /*
- * nmalloc[i] is the difference between the number of mallocs and frees
- * for a given block size.
+ * Allocate a number of pages from the OS
  */
-static  u_int nmalloc[NBUCKETS];
-#include <stdio.h>
-#endif
+static void *
+map_pages(pages)
+    int pages;
+{
+    caddr_t result, tail;
 
-#if defined(DEBUG) || defined(RCHECK)
-#define ASSERT(p)   if (!(p)) botch("p")
-#include <stdio.h>
-static
-botch(s)
-        char *s;
+    result = (caddr_t)pageround((u_long)sbrk(0));
+    tail = result + (pages << malloc_pageshift);
+
+    if (brk(tail)) {
+#ifdef MALLOC_EXTRA_SANITY
+        wrterror("(ES): map_pages fails\n");
+#endif /* MALLOC_EXTRA_SANITY */
+        return 0;
+    }
+
+    last_index = ptr2index(tail) - 1;
+    malloc_brk = tail;
+
+    if ((last_index+1) >= malloc_ninfo && !extend_pgdir(last_index))
+        return 0;
+
+    return result;
+}
+
+/*
+ * Extend page directory
+ */
+static int
+extend_pgdir(index)
+    u_long index;
 {
-        fprintf(stderr, "\r\nassertion botched: %s\r\n", s);
-        (void) fflush(stderr);          /* just in case user buffered it */
-        abort();
+    struct  pginfo **new, **old;
+    size_t i, oldlen;
+
+    /* Make it this many pages */
+    i = index * sizeof *page_dir;
+    i /= malloc_pagesize;
+    i += 2;
+
+    /* remember the old mapping size */
+    oldlen = malloc_ninfo * sizeof *page_dir;
+
+    /*
+     * NOTE: we allocate new pages and copy the directory rather than tempt
+     * fate by trying to "grow" the region.. There is nothing to prevent
+     * us from accidently re-mapping space that's been allocated by our caller
+     * via dlopen() or other mmap().
+     *
+     * The copy problem is not too bad, as there is 4K of page index per
+     * 4MB of malloc arena.
+     *
+     * We can totally avoid the copy if we open a file descriptor to associate
+     * the anon mappings with.  Then, when we remap the pages at the new
+     * address, the old pages will be "magically" remapped..  But this means
+     * keeping open a "secret" file descriptor.....
+     */
+
+    /* Get new pages */
+    new = (struct pginfo**) MMAP(i * malloc_pagesize);
+    if (new == (struct pginfo **)-1)
+        return 0;
+
+    /* Copy the old stuff */
+    memcpy(new, page_dir,
+            malloc_ninfo * sizeof *page_dir);
+
+    /* register the new size */
+    malloc_ninfo = i * malloc_pagesize / sizeof *page_dir;
+
+    /* swap the pointers */
+    old = page_dir;
+    page_dir = new;
+
+    /* Now free the old stuff */
+    munmap(old, oldlen);
+    return 1;
 }
-#else
-#define ASSERT(p)
-#endif
 
-void *
-malloc(nbytes)
-        size_t nbytes;
+/*
+ * Initialize the world
+ */
+static void
+malloc_init ()
 {
-        register union overhead *op;
-        register long bucket, n;
-        register unsigned amt;
+    char *p, b[64];
+    int i, j;
+    int save_errno = errno;
 
-        /*
-         * First time malloc is called, setup page size and
-         * align break pointer so all data will be page aligned.
-         */
-        if (pagesz == 0) {
-                pagesz = n = getpagesize();
-                op = (union overhead *)sbrk(0);
-                n = n - sizeof (*op) - ((long)op & (n - 1));
-                if (n < 0)
-                        n += pagesz;
-                if (n) {
-                        if (sbrk(n) == (char *)-1)
-                                return (NULL);
-                }
-                bucket = 0;
-                amt = 8;
-                while (pagesz > amt) {
-                        amt <<= 1;
-                        bucket++;
-                }
-                pagebucket = bucket;
+    THREAD_LOCK_INIT();
+
+    INIT_MMAP();
+
+#ifdef MALLOC_EXTRA_SANITY
+    malloc_junk = 1;
+#endif /* MALLOC_EXTRA_SANITY */
+
+    for (i = 0; i < 3; i++) {
+        if (i == 0) {
+            j = readlink("/etc/malloc.conf", b, sizeof b - 1);
+            if (j <= 0)
+                continue;
+            b[j] = '\0';
+            p = b;
+        } else if (i == 1) {
+            if (issetugid() == 0)
+                p = getenv("MALLOC_OPTIONS");
+            else
+                continue;
+        } else if (i == 2) {
+            p = malloc_options;
         }
-        /*
-         * Convert amount of memory requested into closest block size
-         * stored in hash buckets which satisfies request.
-         * Account for space used per block for accounting.
-         */
-        if (nbytes <= (n = pagesz - sizeof (*op) - RSLOP)) {
-#ifndef RCHECK
-                amt = 8;        /* size of first bucket */
-                bucket = 0;
-#else
-                amt = 16;       /* size of first bucket */
-                bucket = 1;
-#endif
-                n = -((long)sizeof (*op) + RSLOP);
-        } else {
-                amt = pagesz;
-                bucket = pagebucket;
+        for (; p && *p; p++) {
+            switch (*p) {
+                case '>': malloc_cache   <<= 1; break;
+                case '<': malloc_cache   >>= 1; break;
+                case 'a': malloc_abort   = 0; break;
+                case 'A': malloc_abort   = 1; break;
+#ifdef MALLOC_STATS
+                case 'd': malloc_stats   = 0; break;
+                case 'D': malloc_stats   = 1; break;
+#endif /* MALLOC_STATS */
+#ifdef __FreeBSD__
+                case 'h': malloc_hint    = 0; break;
+                case 'H': malloc_hint    = 1; break;
+#endif /* __FreeBSD__ */
+                case 'r': malloc_realloc = 0; break;
+                case 'R': malloc_realloc = 1; break;
+                case 'j': malloc_junk    = 0; break;
+                case 'J': malloc_junk    = 1; break;
+                case 'n': malloc_silent  = 0; break;
+                case 'N': malloc_silent  = 1; break;
+#ifdef __FreeBSD__
+                case 'u': malloc_utrace  = 0; break;
+                case 'U': malloc_utrace  = 1; break;
+#endif /* __FreeBSD__ */
+                case 'x': malloc_xmalloc = 0; break;
+                case 'X': malloc_xmalloc = 1; break;
+                case 'z': malloc_zero    = 0; break;
+                case 'Z': malloc_zero    = 1; break;
+                default:
+                    j = malloc_abort;
+                    malloc_abort = 0;
+                    wrtwarning("unknown char in MALLOC_OPTIONS\n");
+                    malloc_abort = j;
+                    break;
+            }
         }
-        while (nbytes > amt + n) {
-                amt <<= 1;
-                if (amt == 0)
-                        return (NULL);
-                bucket++;
+    }
+
+    UTRACE(0, 0, 0);
+
+    /*
+     * We want junk in the entire allocation, and zero only in the part
+     * the user asked for.
+     */
+    if (malloc_zero)
+        malloc_junk=1;
+
+#ifdef MALLOC_STATS
+    if (malloc_stats)
+        atexit(malloc_exit);
+#endif /* MALLOC_STATS */
+
+    /* Allocate one page for the page directory */
+    page_dir = (struct pginfo **) MMAP(malloc_pagesize);
+
+    if (page_dir == (struct pginfo **) -1)
+        wrterror("mmap(2) failed, check limits.\n");
+
+    /*
+     * We need a maximum of malloc_pageshift buckets, steal these from the
+     * front of the page_directory;
+     */
+    malloc_origo = ((u_long)pageround((u_long)sbrk(0))) >> malloc_pageshift;
+    malloc_origo -= malloc_pageshift;
+
+    malloc_ninfo = malloc_pagesize / sizeof *page_dir;
+
+    /* Been here, done that */
+    malloc_started++;
+
+    /* Recalculate the cache size in bytes, and make sure it's nonzero */
+
+    if (!malloc_cache)
+        malloc_cache++;
+
+    malloc_cache <<= malloc_pageshift;
+
+    /*
+     * This is a nice hack from Kaleb Keithly (kaleb@x.org).
+     * We can sbrk(2) further back when we keep this on a low address.
+     */
+    px = (struct pgfree *) imalloc (sizeof *px);
+    errno = save_errno;
+}
+
+/*
+ * Allocate a number of complete pages
+ */
+static void *
+malloc_pages(size)
+    size_t size;
+{
+    void *p, *delay_free = 0;
+    int i;
+    struct pgfree *pf;
+    u_long index;
+
+    size = pageround(size);
+
+    p = 0;
+    /* Look for free pages before asking for more */
+    for(pf = free_list.next; pf; pf = pf->next) {
+
+#ifdef MALLOC_EXTRA_SANITY
+        if (pf->size & malloc_pagemask)
+            wrterror("(ES): junk length entry on free_list\n");
+        if (!pf->size)
+            wrterror("(ES): zero length entry on free_list\n");
+        if (pf->page == pf->end)
+            wrterror("(ES): zero entry on free_list\n");
+        if (pf->page > pf->end) 
+            wrterror("(ES): sick entry on free_list\n");
+        if ((void*)pf->page >= (void*)sbrk(0))
+            wrterror("(ES): entry on free_list past brk\n");
+        if (page_dir[ptr2index(pf->page)] != MALLOC_FREE) 
+            wrterror("(ES): non-free first page on free-list\n");
+        if (page_dir[ptr2index(pf->end)-1] != MALLOC_FREE)
+            wrterror("(ES): non-free last page on free-list\n");
+#endif /* MALLOC_EXTRA_SANITY */
+
+        if (pf->size < size)
+            continue;
+
+        if (pf->size == size) {
+            p = pf->page;
+            if (pf->next)
+                    pf->next->prev = pf->prev;
+            pf->prev->next = pf->next;
+            delay_free = pf;
+            break;
+        } 
+
+        p = pf->page;
+        pf->page = (char *)pf->page + size;
+        pf->size -= size;
+        break;
+    }
+
+#ifdef MALLOC_EXTRA_SANITY
+    if (p && page_dir[ptr2index(p)] != MALLOC_FREE)
+        wrterror("(ES): allocated non-free page on free-list\n");
+#endif /* MALLOC_EXTRA_SANITY */
+
+    size >>= malloc_pageshift;
+
+    /* Map new pages */
+    if (!p)
+        p = map_pages(size);
+
+    if (p) {
+
+        index = ptr2index(p);
+        page_dir[index] = MALLOC_FIRST;
+        for (i=1;i<size;i++)
+            page_dir[index+i] = MALLOC_FOLLOW;
+
+        if (malloc_junk)
+            memset(p, SOME_JUNK, size << malloc_pageshift);
+    }
+
+    if (delay_free) {
+        if (!px)
+            px = delay_free;
+        else
+            ifree(delay_free);
+    }
+
+    return p;
+}
+
+/*
+ * Allocate a page of fragments
+ */
+
+static __inline__ int
+malloc_make_chunks(bits)
+    int bits;
+{
+    struct  pginfo *bp;
+    void *pp;
+    int i, k, l;
+
+    /* Allocate a new bucket */
+    pp = malloc_pages((size_t)malloc_pagesize);
+    if (!pp)
+        return 0;
+
+    /* Find length of admin structure */
+    l = sizeof *bp - sizeof(u_long);
+    l += sizeof(u_long) *
+        (((malloc_pagesize >> bits)+MALLOC_BITS-1) / MALLOC_BITS);
+
+    /* Don't waste more than two chunks on this */
+    if ((1UL<<(bits)) <= l+l) {
+        bp = (struct  pginfo *)pp;
+    } else {
+        bp = (struct  pginfo *)imalloc(l);
+        if (!bp) {
+            ifree(pp);
+            return 0;
         }
-        /*
-         * If nothing in hash bucket right now,
-         * request more memory from the system.
-         */
-        if ((op = nextf[bucket]) == NULL) {
-                morecore(bucket);
-                if ((op = nextf[bucket]) == NULL)
-                        return (NULL);
+    }
+
+    bp->size = (1UL<<bits);
+    bp->shift = bits;
+    bp->total = bp->free = malloc_pagesize >> bits;
+    bp->page = pp;
+
+    /* set all valid bits in the bitmap */
+    k = bp->total;
+    i = 0;
+
+    /* Do a bunch at a time */
+    for(;k-i >= MALLOC_BITS; i += MALLOC_BITS)
+        bp->bits[i / MALLOC_BITS] = ~0UL;
+
+    for(; i < k; i++)
+        bp->bits[i/MALLOC_BITS] |= 1UL<<(i%MALLOC_BITS);
+
+    if (bp == bp->page) {
+        /* Mark the ones we stole for ourselves */
+        for(i=0;l > 0;i++) {
+            bp->bits[i/MALLOC_BITS] &= ~(1UL<<(i%MALLOC_BITS));
+            bp->free--;
+            bp->total--;
+            l -= (1 << bits);
         }
-        /* remove from linked list */
-        nextf[bucket] = op->ov_next;
-        op->ov_magic = MAGIC;
-        op->ov_index = bucket;
-#ifdef MSTATS
-        nmalloc[bucket]++;
-#endif
-#ifdef RCHECK
-        /*
-         * Record allocated size of block and
-         * bound space with magic numbers.
-         */
-        op->ov_size = (nbytes + RSLOP - 1) & ~(RSLOP - 1);
-        op->ov_rmagic = RMAGIC;
-        *(u_short *)((caddr_t)(op + 1) + op->ov_size) = RMAGIC;
-#endif
-        return ((char *)(op + 1));
+    }
+
+    /* MALLOC_LOCK */
+
+    page_dir[ptr2index(pp)] = bp;
+
+    bp->next = page_dir[bits];
+    page_dir[bits] = bp;
+
+    /* MALLOC_UNLOCK */
+
+    return 1;
 }
 
 /*
- * Allocate more memory to the indicated bucket.
+ * Allocate a fragment
  */
-static void
-morecore(bucket)
-        int bucket;
+static void *
+malloc_bytes(size)
+    size_t size;
 {
-        register union overhead *op;
-        register long sz;               /* size of desired block */
-        long amt;                       /* amount to allocate */
-        int nblks;                      /* how many blocks we get */
+    int i,j;
+    u_long u;
+    struct  pginfo *bp;
+    int k;
+    u_long *lp;
 
-        /*
-         * sbrk_size <= 0 only for big, FLUFFY, requests (about
-         * 2^30 bytes on a VAX, I think) or for a negative arg.
-         */
-        sz = 1 << (bucket + 3);
-#ifdef DEBUG
-        ASSERT(sz > 0);
-#else
-        if (sz <= 0)
-                return;
-#endif
-        if (sz < pagesz) {
-                amt = pagesz;
-                nblks = amt / sz;
-        } else {
-                amt = sz + pagesz;
-                nblks = 1;
-        }
-        op = (union overhead *)sbrk(amt);
-        /* no more room! */
-        if ((long)op == -1)
-                return;
-        /*
-         * Add new memory allocated to that on
-         * free list for this hash bucket.
-         */
-        nextf[bucket] = op;
-        while (--nblks > 0) {
-                op->ov_next = (union overhead *)((caddr_t)op + sz);
-                op = (union overhead *)((caddr_t)op + sz);
-        }
+    /* Don't bother with anything less than this */
+    if (size < malloc_minsize)
+        size = malloc_minsize;
+
+    /* Find the right bucket */
+    j = 1;
+    i = size-1;
+    while (i >>= 1)
+        j++;
+
+    /* If it's empty, make a page more of that size chunks */
+    if (!page_dir[j] && !malloc_make_chunks(j))
+        return 0;
+
+    bp = page_dir[j];
+
+    /* Find first word of bitmap which isn't empty */
+    for (lp = bp->bits; !*lp; lp++)
+        ;
+
+    /* Find that bit, and tweak it */
+    u = 1;
+    k = 0;
+    while (!(*lp & u)) {
+        u += u;
+        k++;
+    }
+    *lp ^= u;
+
+    /* If there are no more free, remove from free-list */
+    if (!--bp->free) {
+        page_dir[j] = bp->next;
+        bp->next = 0;
+    }
+
+    /* Adjust to the real offset of that chunk */
+    k += (lp-bp->bits)*MALLOC_BITS;
+    k <<= bp->shift;
+
+    if (malloc_junk)
+        memset((char *)bp->page + k, SOME_JUNK, bp->size);
+
+    return (u_char *)bp->page + k;
 }
 
-void
-free(cp)
-        void *cp;
-{   
-        register long size;
-        register union overhead *op;
-
-        if (cp == NULL)
-                return;
-        op = (union overhead *)((caddr_t)cp - sizeof (union overhead));
-#ifdef DEBUG
-        ASSERT(op->ov_magic == MAGIC);          /* make sure it was in use */
-#else
-        if (op->ov_magic != MAGIC)
-                return;                         /* sanity */
-#endif
-#ifdef RCHECK
-        ASSERT(op->ov_rmagic == RMAGIC);
-        ASSERT(*(u_short *)((caddr_t)(op + 1) + op->ov_size) == RMAGIC);
-#endif
-        size = op->ov_index;
-        ASSERT(size < NBUCKETS);
-        op->ov_next = nextf[size];      /* also clobbers ov_magic */
-        nextf[size] = op;
-#ifdef MSTATS
-        nmalloc[size]--;
-#endif
+/*
+ * Allocate a piece of memory
+ */
+static void *
+imalloc(size)
+    size_t size;
+{
+    void *result;
+
+    if (!malloc_started)
+        malloc_init();
+
+    if (suicide)
+        abort();
+
+    if ((size + malloc_pagesize) < size)       /* Check for overflow */
+        result = 0;
+    else if (size <= malloc_maxsize)
+        result =  malloc_bytes(size);
+    else
+        result =  malloc_pages(size);
+
+    if (malloc_abort && !result)
+        wrterror("allocation failed.\n");
+
+    if (malloc_zero && result)
+        memset(result, 0, size);
+
+    return result;
 }
 
 /*
- * When a program attempts "storage compaction" as mentioned in the
- * old malloc man page, it realloc's an already freed block.  Usually
- * this is the last block it freed; occasionally it might be farther
- * back.  We have to search all the free lists for the block in order
- * to determine its bucket: 1st we make one pass thru the lists
- * checking only the first block in each; if that fails we search
- * ``realloc_srchlen'' blocks in each list for a match (the variable
- * is extern so the caller can modify it).  If that fails we just copy
- * however many bytes was given to realloc() and hope it's not huge.
+ * Change the size of an allocation.
  */
-int realloc_srchlen = 4;        /* 4 should be plenty, -1 =>'s whole list */
+static void *
+irealloc(ptr, size)
+    void *ptr;
+    size_t size;
+{
+    void *p;
+    u_long osize, index;
+    struct pginfo **mp;
+    int i;
 
-void *
-realloc(cp, nbytes)
-        void *cp; 
-        size_t nbytes;
-{   
-        register u_long onb;
-        register long i;
-        union overhead *op;
-        char *res;
-        int was_alloced = 0;
-
-        if (cp == NULL)
-                return (malloc(nbytes));
-        op = (union overhead *)((caddr_t)cp - sizeof (union overhead));
-        if (op->ov_magic == MAGIC) {
-                was_alloced++;
-                i = op->ov_index;
-        } else {
-                /*
-                 * Already free, doing "compaction".
-                 *
-                 * Search for the old block of memory on the
-                 * free list.  First, check the most common
-                 * case (last element free'd), then (this failing)
-                 * the last ``realloc_srchlen'' items free'd.
-                 * If all lookups fail, then assume the size of
-                 * the memory block being realloc'd is the
-                 * largest possible (so that all "nbytes" of new
-                 * memory are copied into).  Note that this could cause
-                 * a memory fault if the old area was tiny, and the moon
-                 * is gibbous.  However, that is very unlikely.
-                 */
-                if ((i = findbucket(op, 1)) < 0 &&
-                    (i = findbucket(op, realloc_srchlen)) < 0)
-                        i = NBUCKETS;
+    if (suicide)
+        abort();
+
+    if (!malloc_started) {
+        wrtwarning("malloc() has never been called.\n");
+        return 0;
+    }
+
+    index = ptr2index(ptr);
+
+    if (index < malloc_pageshift) {
+        wrtwarning("junk pointer, too low to make sense.\n");
+        return 0;
+    }
+
+    if (index > last_index) {
+        wrtwarning("junk pointer, too high to make sense.\n");
+        return 0;
+    }
+
+    mp = &page_dir[index];
+
+    if (*mp == MALLOC_FIRST) {                  /* Page allocation */
+
+        /* Check the pointer */
+        if ((u_long)ptr & malloc_pagemask) {
+            wrtwarning("modified (page-) pointer.\n");
+            return 0;
+        }
+
+        /* Find the size in bytes */
+        for (osize = malloc_pagesize; *++mp == MALLOC_FOLLOW;)
+            osize += malloc_pagesize;
+
+        if (!malloc_realloc &&                  /* unless we have to, */
+          size <= osize &&                      /* .. or are too small, */
+          size > (osize - malloc_pagesize)) {   /* .. or can free a page, */
+            return ptr;                         /* don't do anything. */
+        }
+
+    } else if (*mp >= MALLOC_MAGIC) {           /* Chunk allocation */
+
+        /* Check the pointer for sane values */
+        if (((u_long)ptr & ((*mp)->size-1))) {
+            wrtwarning("modified (chunk-) pointer.\n");
+            return 0;
         }
-        onb = 1 << (i + 3);
-        if (onb < pagesz)
-                onb -= sizeof (*op) + RSLOP;
+
+        /* Find the chunk index in the page */
+        i = ((u_long)ptr & malloc_pagemask) >> (*mp)->shift;
+
+        /* Verify that it isn't a free chunk already */
+        if ((*mp)->bits[i/MALLOC_BITS] & (1UL<<(i%MALLOC_BITS))) {
+            wrtwarning("chunk is already free.\n");
+            return 0;
+        }
+
+        osize = (*mp)->size;
+
+        if (!malloc_realloc &&          /* Unless we have to, */
+          size < osize &&               /* ..or are too small, */
+          (size > osize/2 ||            /* ..or could use a smaller size, */
+          osize == malloc_minsize)) {   /* ..(if there is one) */
+            return ptr;                 /* ..Don't do anything */
+        }
+
+    } else {
+        wrtwarning("pointer to wrong page.\n");
+        return 0;
+    }
+
+    p = imalloc(size);
+
+    if (p) {
+        /* copy the lesser of the two sizes, and free the old one */
+        if (osize < size)
+            memcpy(p, ptr, osize);
         else
-                onb += pagesz - sizeof (*op) - RSLOP;
-        /* avoid the copy if same size block */
-        if (was_alloced) {
-                if (i) {
-                        i = 1 << (i + 2);
-                        if (i < pagesz)
-                                i -= sizeof (*op) + RSLOP;
-                        else
-                                i += pagesz - sizeof (*op) - RSLOP;
-                }
-                if (nbytes <= onb && nbytes > i) {
-#ifdef RCHECK
-                        op->ov_size = (nbytes + RSLOP - 1) & ~(RSLOP - 1);
-                        *(u_short *)((caddr_t)(op + 1) + op->ov_size) = RMAGIC;
+            memcpy(p, ptr, size);
+        ifree(ptr);
+    } 
+    return p;
+}
+
+/*
+ * Free a sequence of pages
+ */
+
+static __inline__ void
+free_pages(ptr, index, info)
+    void *ptr;
+    int index;
+    struct pginfo *info;
+{
+    int i;
+    struct pgfree *pf, *pt=0;
+    u_long l;
+    void *tail;
+
+    if (info == MALLOC_FREE) {
+        wrtwarning("page is already free.\n");
+        return;
+    }
+
+    if (info != MALLOC_FIRST) {
+        wrtwarning("pointer to wrong page.\n");
+        return;
+    }
+
+    if ((u_long)ptr & malloc_pagemask) {
+        wrtwarning("modified (page-) pointer.\n");
+        return;
+    }
+
+    /* Count how many pages and mark them free at the same time */
+    page_dir[index] = MALLOC_FREE;
+    for (i = 1; page_dir[index+i] == MALLOC_FOLLOW; i++)
+        page_dir[index + i] = MALLOC_FREE;
+
+    l = i << malloc_pageshift;
+
+    if (malloc_junk)
+        memset(ptr, SOME_JUNK, l);
+
+#ifdef __FreeBSD__
+    if (malloc_hint)
+        madvise(ptr, l, MADV_FREE);
 #endif
-                        return(cp);
-                } else
-                        free(cp);
+
+    tail = (char *)ptr+l;
+
+    /* add to free-list */
+    if (!px)
+        px = imalloc(sizeof *px);       /* This cannot fail... */
+    px->page = ptr;
+    px->end =  tail;
+    px->size = l;
+    if (!free_list.next) {
+
+        /* Nothing on free list, put this at head */
+        px->next = free_list.next;
+        px->prev = &free_list;
+        free_list.next = px;
+        pf = px;
+        px = 0;
+
+    } else {
+
+        /* Find the right spot, leave pf pointing to the modified entry. */
+        tail = (char *)ptr+l;
+
+        for(pf = free_list.next; pf->end < ptr && pf->next; pf = pf->next)
+            ; /* Race ahead here */
+
+        if (pf->page > tail) {
+            /* Insert before entry */
+            px->next = pf;
+            px->prev = pf->prev;
+            pf->prev = px;
+            px->prev->next = px;
+            pf = px;
+            px = 0;
+        } else if (pf->end == ptr ) {
+            /* Append to the previous entry */
+            pf->end = (char *)pf->end + l;
+            pf->size += l;
+            if (pf->next && pf->end == pf->next->page ) {
+                /* And collapse the next too. */
+                pt = pf->next;
+                pf->end = pt->end;
+                pf->size += pt->size;
+                pf->next = pt->next;
+                if (pf->next)
+                    pf->next->prev = pf;
+            }
+        } else if (pf->page == tail) {
+            /* Prepend to entry */
+            pf->size += l;
+            pf->page = ptr;
+        } else if (!pf->next) {
+            /* Append at tail of chain */
+            px->next = 0;
+            px->prev = pf;
+            pf->next = px;
+            pf = px;
+            px = 0;
+        } else {
+            wrterror("freelist is destroyed.\n");
         }
-        if ((res = malloc(nbytes)) == NULL)
-                return (NULL);
-        if (cp != res)          /* common optimization if "compacting" */
-                bcopy(cp, res, (nbytes < onb) ? nbytes : onb);
-        return (res);
+    }
+    
+    /* Return something to OS ? */
+    if (!pf->next &&                            /* If we're the last one, */
+      pf->size > malloc_cache &&                /* ..and the cache is full, */
+      pf->end == malloc_brk &&                  /* ..and none behind us, */
+      malloc_brk == sbrk(0)) {                  /* ..and it's OK to do... */
+
+        /*
+         * Keep the cache intact.  Notice that the '>' above guarantees that
+         * the pf will always have at least one page afterwards.
+         */
+        pf->end = (char *)pf->page + malloc_cache;
+        pf->size = malloc_cache;
+
+        brk(pf->end);
+        malloc_brk = pf->end;
+
+        index = ptr2index(pf->end);
+        last_index = index - 1;
+
+        for(i=index;i <= last_index;)
+            page_dir[i++] = MALLOC_NOT_MINE;
+
+        /* XXX: We could realloc/shrink the pagedir here I guess. */
+    }
+    if (pt)
+        ifree(pt);
 }
 
 /*
- * Search ``srchlen'' elements of each free list for a block whose
- * header starts at ``freep''.  If srchlen is -1 search the whole list.
- * Return bucket number, or -1 if not found.
+ * Free a chunk, and possibly the page it's on, if the page becomes empty.
  */
-static
-findbucket(freep, srchlen)
-        union overhead *freep;
-        int srchlen;
+
+/* ARGSUSED */
+static __inline__ void
+free_bytes(ptr, index, info)
+    void *ptr;
+    int index;
+    struct pginfo *info;
 {
-        register union overhead *p;
-        register int i, j;
-
-        for (i = 0; i < NBUCKETS; i++) {
-                j = 0;
-                for (p = nextf[i]; p && j != srchlen; p = p->ov_next) {
-                        if (p == freep)
-                                return (i);
-                        j++;
-                }
-        }
-        return (-1);
+    int i;
+    struct pginfo **mp;
+    void *vp;
+
+    /* Find the chunk number on the page */
+    i = ((u_long)ptr & malloc_pagemask) >> info->shift;
+
+    if (((u_long)ptr & (info->size-1))) {
+        wrtwarning("modified (chunk-) pointer.\n");
+        return;
+    }
+
+    if (info->bits[i/MALLOC_BITS] & (1UL<<(i%MALLOC_BITS))) {
+        wrtwarning("chunk is already free.\n");
+        return;
+    }
+
+    if (malloc_junk)
+        memset(ptr, SOME_JUNK, info->size);
+
+    info->bits[i/MALLOC_BITS] |= 1UL<<(i%MALLOC_BITS);
+    info->free++;
+
+    mp = page_dir + info->shift;
+
+    if (info->free == 1) {
+
+        /* Page became non-full */
+
+        mp = page_dir + info->shift;
+        /* Insert in address order */
+        while (*mp && (*mp)->next && (*mp)->next->page < info->page)
+            mp = &(*mp)->next;
+        info->next = *mp;
+        *mp = info;
+        return;
+    }
+
+    if (info->free != info->total)
+        return;
+
+    /* Find & remove this page in the queue */
+    while (*mp != info) {
+        mp = &((*mp)->next);
+#ifdef MALLOC_EXTRA_SANITY
+        if (!*mp)
+                wrterror("(ES): Not on queue\n");
+#endif /* MALLOC_EXTRA_SANITY */
+    }
+    *mp = info->next;
+
+    /* Free the page & the info structure if need be */
+    page_dir[ptr2index(info->page)] = MALLOC_FIRST;
+    vp = info->page;            /* Order is important ! */
+    if(vp != (void*)info) 
+        ifree(info);
+    ifree(vp);
+}
+
+static void
+ifree(ptr)
+    void *ptr;
+{
+    struct pginfo *info;
+    int index;
+
+    /* This is legal */
+    if (!ptr)
+        return;
+
+    if (!malloc_started) {
+        wrtwarning("malloc() has never been called.\n");
+        return;
+    }
+
+    /* If we're already sinking, don't make matters any worse. */
+    if (suicide)
+        return;
+
+    index = ptr2index(ptr);
+
+    if (index < malloc_pageshift) {
+        wrtwarning("junk pointer, too low to make sense.\n");
+        return;
+    }
+
+    if (index > last_index) {
+        wrtwarning("junk pointer, too high to make sense.\n");
+        return;
+    }
+
+    info = page_dir[index];
+
+    if (info < MALLOC_MAGIC)
+        free_pages(ptr, index, info);
+    else
+        free_bytes(ptr, index, info);
+    return;
 }
 
-#ifdef MSTATS
 /*
- * mstats - print out statistics about malloc
- * 
- * Prints two lines of numbers, one showing the length of the free list
- * for each size category, the second showing the number of mallocs -
- * frees for each size category.
+ * These are the public exported interface routines.
  */
-mstats(s)
-        char *s;
+
+static int malloc_active;
+
+void *
+malloc(size_t size)
+{
+    register void *r;
+
+    malloc_func = " in malloc():";
+    THREAD_LOCK();
+    if (malloc_active++) {
+        wrtwarning("recursive call.\n");
+        malloc_active--;
+        return (0);
+    }
+    r = imalloc(size);
+    UTRACE(0, size, r);
+    malloc_active--;
+    THREAD_UNLOCK();
+    if (malloc_xmalloc && !r)
+        wrterror("out of memory.\n");
+    return (r);
+}
+
+void
+free(void *ptr)
 {
-        register int i, j;
-        register union overhead *p;
-        int totfree = 0,
-        totused = 0;
-
-        fprintf(stderr, "Memory allocation statistics %s\nfree:\t", s);
-        for (i = 0; i < NBUCKETS; i++) {
-                for (j = 0, p = nextf[i]; p; p = p->ov_next, j++)
-                        ;
-                fprintf(stderr, " %d", j);
-                totfree += j * (1 << (i + 3));
-        }
-        fprintf(stderr, "\nused:\t");
-        for (i = 0; i < NBUCKETS; i++) {
-                fprintf(stderr, " %d", nmalloc[i]);
-                totused += nmalloc[i] * (1 << (i + 3));
-        }
-        fprintf(stderr, "\n\tTotal in use: %d, total free: %d\n",
-            totused, totfree);
+    malloc_func = " in free():";
+    THREAD_LOCK();
+    if (malloc_active++) {
+        wrtwarning("recursive call.\n");
+        malloc_active--;
+        return;
+    }
+    ifree(ptr);
+    UTRACE(ptr, 0, 0);
+    malloc_active--;
+    THREAD_UNLOCK();
+    return;
+}
+
+void *
+realloc(void *ptr, size_t size)
+{
+    register void *r;
+
+    malloc_func = " in realloc():";
+    THREAD_LOCK();
+    if (malloc_active++) {
+        wrtwarning("recursive call.\n");
+        malloc_active--;
+        return (0);
+    }
+    if (!ptr) {
+        r = imalloc(size);
+    } else {
+        r = irealloc(ptr, size);
+    }
+    UTRACE(ptr, size, r);
+    malloc_active--;
+    THREAD_UNLOCK();
+    if (malloc_xmalloc && !r)
+        wrterror("out of memory.\n");
+    return (r);
 }
-#endif
diff --git a/src/lib/libc/stdlib/memory.3 b/src/lib/libc/stdlib/memory.3
index 735252c837..712c7c45d2 100644
--- a/src/lib/libc/stdlib/memory.3
+++ b/src/lib/libc/stdlib/memory.3
@@ -29,8 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)memory.3      5.1 (Berkeley) 5/2/91
-.\"     $Id: memory.3,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $
+.\"     $OpenBSD: memory.3,v 1.2 1996/08/19 08:33:37 tholo Exp $
 .\"
 .Dd May 2, 1991
 .Dt MEMORY 3
diff --git a/src/lib/libc/stdlib/merge.c b/src/lib/libc/stdlib/merge.c
index 381fdc0830..0a1015ad9d 100644
--- a/src/lib/libc/stdlib/merge.c
+++ b/src/lib/libc/stdlib/merge.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char sccsid[] = "from: @(#)merge.c     8.2 (Berkeley) 2/14/94";*/
-static char *rcsid = "$Id: merge.c,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $";
+static char *rcsid = "$OpenBSD: merge.c,v 1.3 1996/09/15 09:31:50 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /*
@@ -148,7 +147,7 @@ mergesort(base, nmemb, size, cmp)
                                 sense = 0;
                         }
                         if (!big) {     /* here i = 0 */
-LINEAR:                         while ((b += size) < t && cmp(q, b) >sense)
+                                while ((b += size) < t && cmp(q, b) >sense)
                                         if (++i == 6) {
                                                 big = 1;
                                                 goto EXPONENTIAL;
@@ -169,7 +168,7 @@ EXPONENTIAL:	    		for (i = size; ; i <<= 1)
                                                 goto FASTCASE;
                                         } else
                                                 b = p;
-SLOWCASE:                       while (t > b+size) {
+                                while (t > b+size) {
                                         i = (((t - b) / size) >> 1) * size;
                                         if ((*cmp)(q, p = b + i) <= sense)
                                                 t = p;
diff --git a/src/lib/libc/stdlib/mrand48.c b/src/lib/libc/stdlib/mrand48.c
index 43356e66b3..cd34260b5c 100644
--- a/src/lib/libc/stdlib/mrand48.c
+++ b/src/lib/libc/stdlib/mrand48.c
@@ -11,6 +11,10 @@
  * to anyone/anything when using this software.
  */
 
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: mrand48.c,v 1.2 1996/08/19 08:33:39 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
 #include "rand48.h"
 
 extern unsigned short __rand48_seed[3];
diff --git a/src/lib/libc/stdlib/multibyte.c b/src/lib/libc/stdlib/multibyte.c
index fe1cd5781b..12e70c4a2c 100644
--- a/src/lib/libc/stdlib/multibyte.c
+++ b/src/lib/libc/stdlib/multibyte.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)multibyte.c  5.1 (Berkeley) 2/18/91";*/
-static char *rcsid = "$Id: multibyte.c,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $";
+static char *rcsid = "$OpenBSD: multibyte.c,v 1.2 1996/08/19 08:33:39 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
diff --git a/src/lib/libc/stdlib/nrand48.c b/src/lib/libc/stdlib/nrand48.c
index 63f839cb05..b1ec2cebb1 100644
--- a/src/lib/libc/stdlib/nrand48.c
+++ b/src/lib/libc/stdlib/nrand48.c
@@ -11,6 +11,10 @@
  * to anyone/anything when using this software.
  */
 
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: nrand48.c,v 1.2 1996/08/19 08:33:40 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
 #include "rand48.h"
 
 long
diff --git a/src/lib/libc/stdlib/putenv.c b/src/lib/libc/stdlib/putenv.c
index 2194c2c608..d8c4886d4b 100644
--- a/src/lib/libc/stdlib/putenv.c
+++ b/src/lib/libc/stdlib/putenv.c
@@ -1,6 +1,6 @@
 /*-
- * Copyright (c) 1988 The Regents of the University of California.
- * All rights reserved.
+ * Copyright (c) 1988, 1993
+ *     The Regents of the University of California.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)putenv.c     5.4 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: putenv.c,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $";
+static char *rcsid = "$OpenBSD: putenv.c,v 1.2 1996/08/10 05:03:00 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
@@ -43,17 +42,17 @@ int
 putenv(str)
         const char *str;
 {
-        register char *p, *equal;
+        char *p, *equal;
         int rval;
 
-        if (!(p = strdup(str)))
-                return(1);
-        if (!(equal = strchr(p, '='))) {
+        if ((p = strdup(str)) == NULL)
+                return (-1);
+        if ((equal = strchr(p, '=')) == NULL) {
                 (void)free(p);
-                return(1);
+                return (-1);
         }
         *equal = '\0';
         rval = setenv(p, equal + 1, 1);
         (void)free(p);
-        return(rval);
+        return (rval);
 }
diff --git a/src/lib/libc/stdlib/qabs.3 b/src/lib/libc/stdlib/qabs.3
index cb1e052191..92a8bdc4b9 100644
--- a/src/lib/libc/stdlib/qabs.3
+++ b/src/lib/libc/stdlib/qabs.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)labs.3        5.3 (Berkeley) 6/29/91
-.\"     $Id: qabs.3,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $
+.\"     $OpenBSD: qabs.3,v 1.2 1996/08/19 08:33:40 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt QABS 3
diff --git a/src/lib/libc/stdlib/qabs.c b/src/lib/libc/stdlib/qabs.c
index 9c51a8baa9..ccc42cbec6 100644
--- a/src/lib/libc/stdlib/qabs.c
+++ b/src/lib/libc/stdlib/qabs.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)labs.c       5.2 (Berkeley) 5/17/90";*/
-static char *rcsid = "$Id: qabs.c,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $";
+static char *rcsid = "$OpenBSD: qabs.c,v 1.2 1996/08/19 08:33:40 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
diff --git a/src/lib/libc/stdlib/qdiv.3 b/src/lib/libc/stdlib/qdiv.3
index 0efcfc96ef..12aca0b1ea 100644
--- a/src/lib/libc/stdlib/qdiv.3
+++ b/src/lib/libc/stdlib/qdiv.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)qdiv.3        5.3 (Berkeley) 6/29/91
-.\"     $Id: qdiv.3,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $
+.\"     $OpenBSD: qdiv.3,v 1.2 1996/08/19 08:33:41 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt QDIV 3
diff --git a/src/lib/libc/stdlib/qdiv.c b/src/lib/libc/stdlib/qdiv.c
index 8f8e3f89c4..07e84cd649 100644
--- a/src/lib/libc/stdlib/qdiv.c
+++ b/src/lib/libc/stdlib/qdiv.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)ldiv.c       5.2 (Berkeley) 4/16/91";*/
-static char *rcsid = "$Id: qdiv.c,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $";
+static char *rcsid = "$OpenBSD: qdiv.c,v 1.2 1996/08/19 08:33:41 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>             /* qdiv_t */
diff --git a/src/lib/libc/stdlib/qsort.3 b/src/lib/libc/stdlib/qsort.3
index eb122cde12..a65c5819d0 100644
--- a/src/lib/libc/stdlib/qsort.3
+++ b/src/lib/libc/stdlib/qsort.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)qsort.3       8.1 (Berkeley) 6/4/93
-.\"     $Id: qsort.3,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $
+.\"     $OpenBSD: qsort.3,v 1.2 1996/08/19 08:33:42 tholo Exp $
 .\"
 .Dd June 4, 1993
 .Dt QSORT 3
diff --git a/src/lib/libc/stdlib/qsort.c b/src/lib/libc/stdlib/qsort.c
index c06bd54054..1c3020b595 100644
--- a/src/lib/libc/stdlib/qsort.c
+++ b/src/lib/libc/stdlib/qsort.c
@@ -32,15 +32,14 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char sccsid[] = "from: @(#)qsort.c     8.1 (Berkeley) 6/4/93";*/
-static char *rcsid = "$Id: qsort.c,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $";
+static char *rcsid = "$OpenBSD: qsort.c,v 1.5 1997/06/20 11:19:38 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
 #include <stdlib.h>
 
-static inline char      *med3 __P((char *, char *, char *, int (*)()));
-static inline void       swapfunc __P((char *, char *, int, int));
+static __inline char    *med3 __P((char *, char *, char *, int (*)()));
+static __inline void     swapfunc __P((char *, char *, int, int));
 
 #define min(a, b)       (a) < (b) ? a : b
 
@@ -61,12 +60,12 @@ static inline void	 swapfunc __P((char *, char *, int, int));
 #define SWAPINIT(a, es) swaptype = ((char *)a - (char *)0) % sizeof(long) || \
         es % sizeof(long) ? 2 : es == sizeof(long)? 0 : 1;
 
-static inline void
+static __inline void
 swapfunc(a, b, n, swaptype)
         char *a, *b;
         int n, swaptype;
 {
-        if(swaptype <= 1) 
+        if (swaptype <= 1) 
                 swapcode(long, a, b, n)
         else
                 swapcode(char, a, b, n)
@@ -82,7 +81,7 @@ swapfunc(a, b, n, swaptype)
 
 #define vecswap(a, b, n)        if ((n) > 0) swapfunc(a, b, n, swaptype)
 
-static inline char *
+static __inline char *
 med3(a, b, c, cmp)
         char *a, *b, *c;
         int (*cmp)();
@@ -93,27 +92,28 @@ med3(a, b, c, cmp)
 }
 
 void
-qsort(a, n, es, cmp)
-        void *a;
+qsort(aa, n, es, cmp)
+        void *aa;
         size_t n, es;
         int (*cmp)();
 {
         char *pa, *pb, *pc, *pd, *pl, *pm, *pn;
         int d, r, swaptype, swap_cnt;
+        register char *a = aa;
 
 loop:   SWAPINIT(a, es);
         swap_cnt = 0;
         if (n < 7) {
-                for (pm = a + es; pm < (char *) a + n * es; pm += es)
+                for (pm = (char *)a + es; pm < (char *) a + n * es; pm += es)
                         for (pl = pm; pl > (char *) a && cmp(pl - es, pl) > 0;
                              pl -= es)
                                 swap(pl, pl - es);
                 return;
         }
-        pm = a + (n / 2) * es;
+        pm = (char *)a + (n / 2) * es;
         if (n > 7) {
-                pl = a;
-                pn = a + (n - 1) * es;
+                pl = (char *)a;
+                pn = (char *)a + (n - 1) * es;
                 if (n > 40) {
                         d = (n / 8) * es;
                         pl = med3(pl, pl + d, pl + 2 * d, cmp);
@@ -123,9 +123,9 @@ loop:	SWAPINIT(a, es);
                 pm = med3(pl, pm, pn, cmp);
         }
         swap(a, pm);
-        pa = pb = a + es;
+        pa = pb = (char *)a + es;
 
-        pc = pd = a + (n - 1) * es;
+        pc = pd = (char *)a + (n - 1) * es;
         for (;;) {
                 while (pb <= pc && (r = cmp(pb, a)) <= 0) {
                         if (r == 0) {
@@ -151,14 +151,14 @@ loop:	SWAPINIT(a, es);
                 pc -= es;
         }
         if (swap_cnt == 0) {  /* Switch to insertion sort */
-                for (pm = a + es; pm < (char *) a + n * es; pm += es)
+                for (pm = (char *) a + es; pm < (char *) a + n * es; pm += es)
                         for (pl = pm; pl > (char *) a && cmp(pl - es, pl) > 0; 
                              pl -= es)
                                 swap(pl, pl - es);
                 return;
         }
 
-        pn = a + n * es;
+        pn = (char *)a + n * es;
         r = min(pa - (char *)a, pb - pa);
         vecswap(a, pb - r, r);
         r = min(pd - pc, pn - pd - es);
diff --git a/src/lib/libc/stdlib/radixsort.3 b/src/lib/libc/stdlib/radixsort.3
index a2af9f17a4..8b0ea89a0f 100644
--- a/src/lib/libc/stdlib/radixsort.3
+++ b/src/lib/libc/stdlib/radixsort.3
@@ -29,8 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)radixsort.3   8.2 (Berkeley) 1/27/94
-.\"     $Id: radixsort.3,v 1.1.1.1 1995/10/18 08:42:18 deraadt Exp $
+.\"     $OpenBSD: radixsort.3,v 1.4 1998/06/15 17:55:08 mickey Exp $
 .\"
 .Dd January 27, 1994
 .Dt RADIXSORT 3
@@ -42,9 +41,9 @@
 .Fd #include <limits.h>
 .Fd #include <stdlib.h>
 .Ft int
-.Fn radixsort "u_char **base" "int nmemb" "u_char *table" "u_int endbyte"
+.Fn radixsort "const u_char **base" "int nmemb" "const u_char *table" "u_int endbyte"
 .Ft int
-.Fn sradixsort "u_char **base" "int nmemb" "u_char *table" "u_int endbyte"
+.Fn sradixsort "const u_char **base" "int nmemb" "const u_char *table" "u_int endbyte"
 .Sh DESCRIPTION
 The
 .Fn radixsort
@@ -158,4 +157,5 @@ for any of the errors specified for the library routine
 .Sh HISTORY
 The
 .Fn radixsort
-function first appeared in 4.4BSD.
+function first appeared in
+.Bx 4.4 .
diff --git a/src/lib/libc/stdlib/radixsort.c b/src/lib/libc/stdlib/radixsort.c
index dd51013c94..41ed962466 100644
--- a/src/lib/libc/stdlib/radixsort.c
+++ b/src/lib/libc/stdlib/radixsort.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char sccsid[] = "from: @(#)radixsort.c 8.1 (Berkeley) 6/4/93";*/
-static char *rcsid = "$Id: radixsort.c,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $";
+static char *rcsid = "$OpenBSD: radixsort.c,v 1.3 1996/08/19 08:33:44 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /*
@@ -61,7 +60,7 @@ typedef struct {
         int sn, si;
 } stack;
 
-static inline void simplesort
+static __inline void simplesort
             __P((const u_char **, int, int, const u_char *, u_int));
 static void r_sort_a __P((const u_char **, int, int, const u_char *, u_int));
 static void r_sort_b __P((const u_char **,
@@ -295,7 +294,7 @@ r_sort_b(a, ta, n, i, tr, endch)
         }
 }
                 
-static inline void
+static __inline void
 simplesort(a, n, b, tr, endch)  /* insertion sort */
         register const u_char **a;
         int n, b;
diff --git a/src/lib/libc/stdlib/rand.3 b/src/lib/libc/stdlib/rand.3
index a0e7740e66..32d32761f1 100644
--- a/src/lib/libc/stdlib/rand.3
+++ b/src/lib/libc/stdlib/rand.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)rand.3        6.7 (Berkeley) 6/29/91
-.\"     $Id: rand.3,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $
+.\"     $OpenBSD: rand.3,v 1.4 1998/07/05 19:54:22 millert Exp $
 .\"
 .Dd June 29, 1991
 .Dt RAND 3
@@ -51,7 +50,8 @@
 .Fn rand void
 .Sh DESCRIPTION
 .Bf -symbolic
-These interfaces are obsoleted by random(3).
+These interfaces are obsoleted by
+.Xr random 3 .
 .Ef
 .Pp
 The
@@ -74,6 +74,8 @@ with the same seed value.
 If no seed value is provided, the functions are automatically
 seeded with a value of 1.
 .Sh SEE ALSO
+.Xr arc4random 3 ,
+.Xr rand48 3 ,
 .Xr random 3
 .Sh STANDARDS
 The
diff --git a/src/lib/libc/stdlib/rand.c b/src/lib/libc/stdlib/rand.c
index 361d473448..f270ffd986 100644
--- a/src/lib/libc/stdlib/rand.c
+++ b/src/lib/libc/stdlib/rand.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)rand.c       5.6 (Berkeley) 6/24/91";*/
-static char *rcsid = "$Id: rand.c,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $";
+static char *rcsid = "$OpenBSD: rand.c,v 1.2 1996/08/19 08:33:44 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
diff --git a/src/lib/libc/stdlib/rand48.3 b/src/lib/libc/stdlib/rand48.3
index 5a772c9a8c..d5236a4779 100644
--- a/src/lib/libc/stdlib/rand48.3
+++ b/src/lib/libc/stdlib/rand48.3
@@ -9,7 +9,7 @@
 .\" of any kind. I shall in no event be liable for anything that happens
 .\" to anyone/anything when using this software.
 .\"
-.\"     $Id: rand48.3,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $
+.\"     $OpenBSD: rand48.3,v 1.3 1998/07/05 19:54:23 millert Exp $
 .\"
 .Dd October 8, 1993
 .Dt RAND48 3
@@ -156,5 +156,6 @@ For a more powerful random number generator, see
 .Sh AUTHOR
 Martin Birgmeier
 .Sh SEE ALSO
+.Xr arc4random 3 ,
 .Xr rand 3 ,
 .Xr random 3 .
diff --git a/src/lib/libc/stdlib/rand48.h b/src/lib/libc/stdlib/rand48.h
index 12496d1c8c..e7cb3e0333 100644
--- a/src/lib/libc/stdlib/rand48.h
+++ b/src/lib/libc/stdlib/rand48.h
@@ -9,6 +9,8 @@
  * This software is provided ``as is'', and comes with no warranties
  * of any kind. I shall in no event be liable for anything that happens
  * to anyone/anything when using this software.
+ *
+ *      $OpenBSD: rand48.h,v 1.2 1996/08/19 08:33:45 tholo Exp $
  */
 
 #ifndef _RAND48_H_
diff --git a/src/lib/libc/stdlib/random.3 b/src/lib/libc/stdlib/random.3
index 38c15a9803..acfbd8cdeb 100644
--- a/src/lib/libc/stdlib/random.3
+++ b/src/lib/libc/stdlib/random.3
@@ -29,8 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)random.3      6.5 (Berkeley) 4/19/91
-.\"     $Id: random.3,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $
+.\"     $OpenBSD: random.3,v 1.6 1998/07/05 19:54:25 millert Exp $
 .\"
 .Dd April 19, 1991
 .Dt RANDOM 3
@@ -46,11 +45,11 @@
 .Ft long 
 .Fn random void
 .Ft void
-.Fn srandom "unsigned seed"
+.Fn srandom "unsigned int seed"
 .Ft char *
-.Fn initstate "unsigned seed" "char *state" "int n"
+.Fn initstate "unsigned int seed" "char *state" "size_t n"
 .Ft char *
-.Fn setstate "char *state"
+.Fn setstate "const char *state"
 .Sh DESCRIPTION
 The
 .Fn random
@@ -60,6 +59,12 @@ default table of size 31 long integers to return successive pseudo-random
 numbers in the range from 0 to
 .if t 2\u\s731\s10\d\(mi1.
 .if n (2**31)\(mi1.
+The maximum value returned by
+.Fn random
+is
+.Dv LONG_MAX
+(as defined by the header file
+.Aq Pa limits.h ) .
 The period of this random number generator is very large, approximately
 .if t 16\(mu(2\u\s731\s10\d\(mi1).
 .if n 16*((2**31)\(mi1).
@@ -157,7 +162,18 @@ is called with less than 8 bytes of state information, or if
 detects that the state information has been garbled, error
 messages are printed on the standard error output.
 .Sh SEE ALSO
+.Xr arc4random 3 ,
+.Xr drand48 3 ,
 .Xr rand 3
+.Sh STANDARDS
+The
+.Fn random ,                                                           
+.Fn srandom ,                                                           
+.Fn initstate ,                                                           
+and
+.Fn setstate
+functions conform to
+.St -xpg4.2 .
 .Sh HISTORY
 These
 functions appeared in 
diff --git a/src/lib/libc/stdlib/random.c b/src/lib/libc/stdlib/random.c
index 469b6d976a..79344f30f1 100644
--- a/src/lib/libc/stdlib/random.c
+++ b/src/lib/libc/stdlib/random.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)random.c     5.9 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: random.c,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $";
+static char *rcsid = "$OpenBSD: random.c,v 1.6 1998/02/07 02:16:25 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdio.h>
@@ -136,12 +135,12 @@ static int seps [MAX_TYPES] =	{ SEP_0, SEP_1, SEP_2, SEP_3, SEP_4 };
 
 static long randtbl[DEG_3 + 1] = {
         TYPE_3,
-        0x9a319039, 0x32d9c024, 0x9b663182, 0x5da1f342, 0xde3b81e0, 0xdf0a6fb5,
-        0xf103bc02, 0x48f340fb, 0x7449e56b, 0xbeb1dbb0, 0xab5c5918, 0x946554fd,
-        0x8c2e680f, 0xeb3d799f, 0xb11ee0b7, 0x2d436b86, 0xda672e2a, 0x1588ca88,
-        0xe369735d, 0x904f35f7, 0xd7158fd6, 0x6fa6f051, 0x616e6b96, 0xac94efdc,
-        0x36413f93, 0xc622c298, 0xf5a42ab8, 0x8a88d77b, 0xf5ad9d0e, 0x8999220b,
-        0x27fb47b9,
+        0x991539b1, 0x16a5bce3, 0x6774a4cd, 0x3e01511e, 0x4e508aaa, 0x61048c05, 
+        0xf5500617, 0x846b7115, 0x6a19892c, 0x896a97af, 0xdb48f936, 0x14898454, 
+        0x37ffd106, 0xb58bff9c, 0x59e17104, 0xcf918a49, 0x09378c83, 0x52c7a471, 
+        0x8d293ea9, 0x1f4fc301, 0xc3db71be, 0x39b44e1c, 0xf8a44ef9, 0x4c8b80b1, 
+        0x19edc328, 0x87bf4bdd, 0xc9b240e5, 0xe9ee4b1b, 0x4382aee7, 0x535b6b41, 
+        0xf3bec5da,
 };
 
 /*
@@ -193,15 +192,26 @@ void
 srandom(x)
         u_int x;
 {
-        register int i, j;
+        register long int test;
+        register int i;
+        ldiv_t val;
 
         if (rand_type == TYPE_0)
                 state[0] = x;
         else {
-                j = 1;
                 state[0] = x;
-                for (i = 1; i < rand_deg; i++)
-                        state[i] = 1103515245 * state[i - 1] + 12345;
+                for (i = 1; i < rand_deg; i++) {
+                        /*
+                         * Implement the following, without overflowing 31 bits:
+                         *
+                         *      state[i] = (16807 * state[i - 1]) % 2147483647;
+                         *
+                         *      2^31-1 (prime) = 2147483647 = 127773*16807+2836
+                         */
+                        val = ldiv(state[i-1], 127773);
+                        test = 16807 * val.rem - 2836 * val.quot;
+                        state[i] = test + (test < 0 ? 2147483647 : 0);
+                }
                 fptr = &state[rand_sep];
                 rptr = &state[0];
                 for (i = 0; i < 10 * rand_deg; i++)
@@ -232,7 +242,7 @@ char *
 initstate(seed, arg_state, n)
         u_int seed;                     /* seed for R.N.G. */
         char *arg_state;                /* pointer to state array */
-        int n;                          /* # bytes of state info */
+        size_t n;                       /* # bytes of state info */
 {
         register char *ostate = (char *)(&state[-1]);
 
@@ -240,11 +250,8 @@ initstate(seed, arg_state, n)
                 state[-1] = rand_type;
         else
                 state[-1] = MAX_TYPES * (rptr - state) + rand_type;
-        if (n < BREAK_0) {
-                (void)fprintf(stderr,
-                    "random: not enough state (%d bytes); ignored.\n", n);
-                return(0);
-        }
+        if (n < BREAK_0)
+                return(NULL);
         if (n < BREAK_1) {
                 rand_type = TYPE_0;
                 rand_deg = DEG_0;
@@ -293,7 +300,7 @@ initstate(seed, arg_state, n)
  */
 char *
 setstate(arg_state)
-        char *arg_state;
+        const char *arg_state;
 {
         register long *new_state = (long *)arg_state;
         register int type = new_state[0] % MAX_TYPES;
@@ -315,8 +322,7 @@ setstate(arg_state)
                 rand_sep = seps[type];
                 break;
         default:
-                (void)fprintf(stderr,
-                    "random: state info corrupted; not changed.\n");
+                return(NULL);
         }
         state = &new_state[1];
         if (rand_type != TYPE_0) {
diff --git a/src/lib/libc/stdlib/realpath.3 b/src/lib/libc/stdlib/realpath.3
index 9d8b1ff2ce..cc140029e4 100644
--- a/src/lib/libc/stdlib/realpath.3
+++ b/src/lib/libc/stdlib/realpath.3
@@ -32,10 +32,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)realpath.3    8.2 (Berkeley) 2/16/94
-.\"     $Id: realpath.3,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $
+.\"     $OpenBSD: realpath.3,v 1.3 1997/05/30 07:48:30 deraadt Exp $
 .\"
-.Dd "February 16, 1994"
+.Dd February, 16, 1994
 .Dt REALPATH 3
 .Os
 .Sh NAME
diff --git a/src/lib/libc/stdlib/realpath.c b/src/lib/libc/stdlib/realpath.c
index e349b7e068..0288601464 100644
--- a/src/lib/libc/stdlib/realpath.c
+++ b/src/lib/libc/stdlib/realpath.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char sccsid[] = "from: @(#)realpath.c  8.1 (Berkeley) 2/16/94";*/
-static char *rcsid = "$Id: realpath.c,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $";
+static char *rcsid = "$OpenBSD: realpath.c,v 1.4 1998/05/18 09:55:19 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -63,6 +62,7 @@ realpath(path, resolved)
         struct stat sb;
         int fd, n, rootd, serrno;
         char *p, *q, wbuf[MAXPATHLEN];
+        int symlinks = 0;
 
         /* Save the starting point. */
         if ((fd = open(".", O_RDONLY)) < 0) {
@@ -101,7 +101,11 @@ loop:
         /* Deal with the last component. */
         if (lstat(p, &sb) == 0) {
                 if (S_ISLNK(sb.st_mode)) {
-                        n = readlink(p, resolved, MAXPATHLEN);
+                        if (++symlinks > MAXSYMLINKS) {
+                                errno = ELOOP;
+                                goto err1;
+                        }
+                        n = readlink(p, resolved, MAXPATHLEN-1);
                         if (n < 0)
                                 goto err1;
                         resolved[n] = '\0';
diff --git a/src/lib/libc/stdlib/seed48.c b/src/lib/libc/stdlib/seed48.c
index e3d31901dd..c4dcd0ead8 100644
--- a/src/lib/libc/stdlib/seed48.c
+++ b/src/lib/libc/stdlib/seed48.c
@@ -11,6 +11,10 @@
  * to anyone/anything when using this software.
  */
 
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: seed48.c,v 1.2 1996/08/19 08:33:48 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
 #include "rand48.h"
 
 extern unsigned short __rand48_seed[3];
diff --git a/src/lib/libc/stdlib/setenv.c b/src/lib/libc/stdlib/setenv.c
index a36669888d..b6f261e61c 100644
--- a/src/lib/libc/stdlib/setenv.c
+++ b/src/lib/libc/stdlib/setenv.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)setenv.c     5.6 (Berkeley) 6/4/91";*/
-static char *rcsid = "$Id: setenv.c,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $";
+static char *rcsid = "$OpenBSD: setenv.c,v 1.3 1998/02/02 22:44:53 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <stdlib.h>
@@ -72,10 +71,11 @@ setenv(name, value, rewrite)
 
                 for (P = environ, cnt = 0; *P; ++P, ++cnt);
                 if (alloced) {                  /* just increase size */
-                        environ = (char **)realloc((char *)environ,
+                        P = (char **)realloc((void *)environ,
                             (size_t)(sizeof(char *) * (cnt + 2)));
-                        if (!environ)
+                        if (!P)
                                 return (-1);
+                        environ = P;
                 }
                 else {                          /* get new space */
                         alloced = 1;            /* copy old entries into it */
diff --git a/src/lib/libc/stdlib/srand48.c b/src/lib/libc/stdlib/srand48.c
index daf733f93e..fcff8a172e 100644
--- a/src/lib/libc/stdlib/srand48.c
+++ b/src/lib/libc/stdlib/srand48.c
@@ -11,6 +11,10 @@
  * to anyone/anything when using this software.
  */
 
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: srand48.c,v 1.2 1996/08/19 08:33:49 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
 #include "rand48.h"
 
 extern unsigned short __rand48_seed[3];
diff --git a/src/lib/libc/stdlib/strtod.3 b/src/lib/libc/stdlib/strtod.3
index 0b7f973857..3476fa41d6 100644
--- a/src/lib/libc/stdlib/strtod.3
+++ b/src/lib/libc/stdlib/strtod.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strtod.3      5.3 (Berkeley) 6/29/91
-.\"     $Id: strtod.3,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $
+.\"     $OpenBSD: strtod.3,v 1.2 1996/08/19 08:33:49 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRTOD 3
diff --git a/src/lib/libc/stdlib/strtod.c b/src/lib/libc/stdlib/strtod.c
index b13fa128f5..55d9e91224 100644
--- a/src/lib/libc/stdlib/strtod.c
+++ b/src/lib/libc/stdlib/strtod.c
@@ -90,12 +90,13 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$Id: strtod.c,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strtod.c,v 1.12 1998/08/28 20:49:24 mickey Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #if defined(__m68k__) || defined(__sparc__) || defined(__i386__) || \
-    defined(__mips__) || defined(__ns32k__) || defined(__alpha__)
-#include <machine/endian.h>
+    defined(__mips__) || defined(__ns32k__) || defined(__alpha__) || \
+    defined(__powerpc__) || defined(__m88k__) || defined(__hppa__)
+#include <sys/types.h>
 #if BYTE_ORDER == BIG_ENDIAN
 #define IEEE_BIG_ENDIAN
 #else
@@ -103,6 +104,15 @@ static char *rcsid = "$Id: strtod.c,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $"
 #endif
 #endif
 
+#ifdef __arm32__
+/*
+ * Although the CPU is little endian the FP has different
+ * byte and word endianness. The byte order is still little endian
+ * but the word order is big endian.
+ */
+#define IEEE_BIG_ENDIAN
+#endif
+
 #ifdef vax
 #define VAX
 #endif
@@ -212,19 +222,24 @@ Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or
 IBM should be defined.
 #endif
 
+typedef union {
+        double d;
+        ULong ul[2];
+} _double;
+#define value(x) ((x).d)
 #ifdef IEEE_LITTLE_ENDIAN
-#define word0(x) ((ULong *)&x)[1]
-#define word1(x) ((ULong *)&x)[0]
+#define word0(x) ((x).ul[1])
+#define word1(x) ((x).ul[0])
 #else
-#define word0(x) ((ULong *)&x)[0]
-#define word1(x) ((ULong *)&x)[1]
+#define word0(x) ((x).ul[0])
+#define word1(x) ((x).ul[1])
 #endif
 
 /* The following definition of Storeinc is appropriate for MIPS processors.
  * An alternative that might be better on some machines is
  * #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff)
  */
-#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX)
+#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(__arm32__)
 #define Storeinc(a,b,c) (((unsigned short *)a)[1] = (unsigned short)b, \
 ((unsigned short *)a)[0] = (unsigned short)c, a++)
 #else
@@ -899,14 +914,16 @@ diff
  static double
 ulp
 #ifdef KR_headers
-        (x) double x;
+        (_x) double _x;
 #else
-        (double x)
+        (double _x)
 #endif
 {
+        _double x;
         register Long L;
-        double a;
+        _double a;
 
+        value(x) = _x;
         L = (word0(x) & Exp_mask) - (P-1)*Exp_msk1;
 #ifndef Sudden_Underflow
         if (L > 0) {
@@ -931,7 +948,7 @@ ulp
                         }
                 }
 #endif
-        return a;
+        return value(a);
         }
 
  static double
@@ -944,7 +961,7 @@ b2d
 {
         ULong *xa, *xa0, w, y, z;
         int k;
-        double d;
+        _double d;
 #ifdef VAX
         ULong d0, d1;
 #else
@@ -1001,22 +1018,27 @@ b2d
 #undef d0
 #undef d1
 #endif
-        return d;
+        return value(d);
         }
 
  static Bigint *
 d2b
 #ifdef KR_headers
-        (d, e, bits) double d; int *e, *bits;
+        (_d, e, bits) double d; int *e, *bits;
 #else
-        (double d, int *e, int *bits)
+        (double _d, int *e, int *bits)
 #endif
 {
         Bigint *b;
         int de, i, k;
         ULong *x, y, z;
+        _double d;
 #ifdef VAX
         ULong d0, d1;
+#endif
+
+        value(d) = _d;
+#ifdef VAX
         d0 = word0(d) >> 16 | word0(d) << 16;
         d1 = word1(d) >> 16 | word1(d) << 16;
 #else
@@ -1141,11 +1163,11 @@ ratio
         (Bigint *a, Bigint *b)
 #endif
 {
-        double da, db;
+        _double da, db;
         int k, ka, kb;
 
-        da = b2d(a, &ka);
-        db = b2d(b, &kb);
+        value(da) = b2d(a, &ka);
+        value(db) = b2d(b, &kb);
 #ifdef Pack_32
         k = ka - kb + 32*(a->wds - b->wds);
 #else
@@ -1171,7 +1193,7 @@ ratio
                 word0(db) += k*Exp_msk1;
                 }
 #endif
-        return da / db;
+        return value(da) / value(db);
         }
 
 static CONST double
@@ -1211,7 +1233,8 @@ strtod
         int bb2, bb5, bbe, bd2, bd5, bbbits, bs2, c, dsign,
                  e, e1, esign, i, j, k, nd, nd0, nf, nz, nz0, sign;
         CONST char *s, *s0, *s1;
-        double aadj, aadj1, adj, rv, rv0;
+        double aadj, aadj1, adj;
+        _double rv, rv0;
         Long L;
         ULong y, z;
         Bigint *bb, *bb1, *bd, *bd0, *bs, *delta;
@@ -1223,10 +1246,10 @@ strtod
 #endif
 
         sign = nz0 = nz = 0;
-        rv = 0.;
+        value(rv) = 0.;
 
 
-        for(s = s00; isspace(*s); s++)
+        for(s = s00; isspace((unsigned char) *s); s++)
                 ;
 
         if (*s == '-') {
@@ -1340,9 +1363,9 @@ strtod
         if (!nd0)
                 nd0 = nd;
         k = nd < DBL_DIG + 1 ? nd : DBL_DIG + 1;
-        rv = y;
+        value(rv) = y;
         if (k > 9)
-                rv = tens[k - 9] * rv + z;
+                value(rv) = tens[k - 9] * value(rv) + z;
         bd0 = 0;
         if (nd <= DBL_DIG
 #ifndef RND_PRODQUOT
@@ -1356,7 +1379,8 @@ strtod
 #ifdef VAX
                                 goto vax_ovfl_check;
 #else
-                                /* rv = */ rounded_product(rv, tens[e]);
+                                /* value(rv) = */ rounded_product(value(rv),
+                                    tens[e]);
                                 goto ret;
 #endif
                                 }
@@ -1366,27 +1390,30 @@ strtod
                                  * this for larger i values.
                                  */
                                 e -= i;
-                                rv *= tens[i];
+                                value(rv) *= tens[i];
 #ifdef VAX
                                 /* VAX exponent range is so narrow we must
                                  * worry about overflow here...
                                  */
  vax_ovfl_check:
                                 word0(rv) -= P*Exp_msk1;
-                                /* rv = */ rounded_product(rv, tens[e]);
+                                /* value(rv) = */ rounded_product(value(rv),
+                                    tens[e]);
                                 if ((word0(rv) & Exp_mask)
                                  > Exp_msk1*(DBL_MAX_EXP+Bias-1-P))
                                         goto ovfl;
                                 word0(rv) += P*Exp_msk1;
 #else
-                                /* rv = */ rounded_product(rv, tens[e]);
+                                /* value(rv) = */ rounded_product(value(rv),
+                                    tens[e]);
 #endif
                                 goto ret;
                                 }
                         }
 #ifndef Inaccurate_Divide
                 else if (e >= -Ten_pmax) {
-                        /* rv = */ rounded_quotient(rv, tens[-e]);
+                        /* value(rv) = */ rounded_quotient(value(rv),
+                            tens[-e]);
                         goto ret;
                         }
 #endif
@@ -1397,13 +1424,13 @@ strtod
 
         if (e1 > 0) {
                 if (i = e1 & 15)
-                        rv *= tens[i];
+                        value(rv) *= tens[i];
                 if (e1 &= ~15) {
                         if (e1 > DBL_MAX_10_EXP) {
  ovfl:
                                 errno = ERANGE;
 #ifdef __STDC__
-                                rv = HUGE_VAL;
+                                value(rv) = HUGE_VAL;
 #else
                                 /* Can't trust HUGE_VAL */
 #ifdef IEEE_Arith
@@ -1421,10 +1448,10 @@ strtod
                         if (e1 >>= 4) {
                                 for(j = 0; e1 > 1; j++, e1 >>= 1)
                                         if (e1 & 1)
-                                                rv *= bigtens[j];
+                                                value(rv) *= bigtens[j];
                         /* The last multiplication could overflow. */
                                 word0(rv) -= P*Exp_msk1;
-                                rv *= bigtens[j];
+                                value(rv) *= bigtens[j];
                                 if ((z = word0(rv) & Exp_mask)
                                  > Exp_msk1*(DBL_MAX_EXP+Bias-P))
                                         goto ovfl;
@@ -1443,23 +1470,23 @@ strtod
         else if (e1 < 0) {
                 e1 = -e1;
                 if (i = e1 & 15)
-                        rv /= tens[i];
+                        value(rv) /= tens[i];
                 if (e1 &= ~15) {
                         e1 >>= 4;
                         if (e1 >= 1 << n_bigtens)
                                 goto undfl;
                         for(j = 0; e1 > 1; j++, e1 >>= 1)
                                 if (e1 & 1)
-                                        rv *= tinytens[j];
+                                        value(rv) *= tinytens[j];
                         /* The last multiplication could underflow. */
-                        rv0 = rv;
-                        rv *= tinytens[j];
-                        if (!rv) {
-                                rv = 2.*rv0;
-                                rv *= tinytens[j];
-                                if (!rv) {
+                        value(rv0) = value(rv);
+                        value(rv) *= tinytens[j];
+                        if (!value(rv)) {
+                                value(rv) = 2.*value(rv0);
+                                value(rv) *= tinytens[j];
+                                if (!value(rv)) {
  undfl:
-                                        rv = 0.;
+                                        value(rv) = 0.;
                                         errno = ERANGE;
                                         if (bd0)
                                                 goto retfree;
@@ -1483,7 +1510,7 @@ strtod
         for(;;) {
                 bd = Balloc(bd0->k);
                 Bcopy(bd, bd0);
-                bb = d2b(rv, &bbe, &bbbits);    /* rv = bb * 2^bbe */
+                bb = d2b(value(rv), &bbe, &bbbits);     /* rv = bb * 2^bbe */
                 bs = i2b(1);
 
                 if (e >= 0) {
@@ -1595,12 +1622,12 @@ strtod
                                 break;
 #endif
                         if (dsign)
-                                rv += ulp(rv);
+                                value(rv) += ulp(value(rv));
 #ifndef ROUND_BIASED
                         else {
-                                rv -= ulp(rv);
+                                value(rv) -= ulp(value(rv));
 #ifndef Sudden_Underflow
-                                if (!rv)
+                                if (!value(rv))
                                         goto undfl;
 #endif
                                 }
@@ -1651,10 +1678,10 @@ strtod
                 /* Check for overflow */
 
                 if (y == Exp_msk1*(DBL_MAX_EXP+Bias-1)) {
-                        rv0 = rv;
+                        value(rv0) = value(rv);
                         word0(rv) -= P*Exp_msk1;
-                        adj = aadj1 * ulp(rv);
-                        rv += adj;
+                        adj = aadj1 * ulp(value(rv));
+                        value(rv) += adj;
                         if ((word0(rv) & Exp_mask) >=
                                         Exp_msk1*(DBL_MAX_EXP+Bias-P)) {
                                 if (word0(rv0) == Big0 && word1(rv0) == Big1)
@@ -1669,10 +1696,10 @@ strtod
                 else {
 #ifdef Sudden_Underflow
                         if ((word0(rv) & Exp_mask) <= P*Exp_msk1) {
-                                rv0 = rv;
+                                value(rv0) = value(rv);
                                 word0(rv) += P*Exp_msk1;
-                                adj = aadj1 * ulp(rv);
-                                rv += adj;
+                                adj = aadj1 * ulp(value(rv));
+                                value(rv) += adj;
 #ifdef IBM
                                 if ((word0(rv) & Exp_mask) <  P*Exp_msk1)
 #else
@@ -1690,8 +1717,8 @@ strtod
                                         word0(rv) -= P*Exp_msk1;
                                 }
                         else {
-                                adj = aadj1 * ulp(rv);
-                                rv += adj;
+                                adj = aadj1 * ulp(value(rv));
+                                value(rv) += adj;
                                 }
 #else
                         /* Compute adj so that the IEEE rounding rules will
@@ -1706,8 +1733,8 @@ strtod
                                 if (!dsign)
                                         aadj1 = -aadj1;
                                 }
-                        adj = aadj1 * ulp(rv);
-                        rv += adj;
+                        adj = aadj1 * ulp(value(rv));
+                        value(rv) += adj;
 #endif
                         }
                 z = word0(rv) & Exp_mask;
@@ -1738,7 +1765,7 @@ strtod
  ret:
         if (se)
                 *se = (char *)s;
-        return sign ? -rv : rv;
+        return sign ? -value(rv) : value(rv);
         }
 
  static int
@@ -1884,10 +1911,10 @@ quorem
  char *
 __dtoa
 #ifdef KR_headers
-        (d, mode, ndigits, decpt, sign, rve)
-        double d; int mode, ndigits, *decpt, *sign; char **rve;
+        (_d, mode, ndigits, decpt, sign, rve)
+        double _d; int mode, ndigits, *decpt, *sign; char **rve;
 #else
-        (double d, int mode, int ndigits, int *decpt, int *sign, char **rve)
+        (double _d, int mode, int ndigits, int *decpt, int *sign, char **rve)
 #endif
 {
  /*     Arguments ndigits, decpt, sign are similar to those
@@ -1933,11 +1960,13 @@ __dtoa
         ULong x;
 #endif
         Bigint *b, *b1, *delta, *mlo, *mhi, *S;
-        double d2, ds, eps;
+        double ds;
         char *s, *s0;
         static Bigint *result;
         static int result_k;
+        _double d, d2, eps;
 
+        value(d) = _d;
         if (result) {
                 result->k = result_k;
                 result->maxwds = 1 << result_k;
@@ -1977,9 +2006,9 @@ __dtoa
                 }
 #endif
 #ifdef IBM
-        d += 0; /* normalize */
+        value(d) += 0; /* normalize */
 #endif
-        if (!d) {
+        if (!value(d)) {
                 *decpt = 1;
                 s = "0";
                 if (rve)
@@ -1987,18 +2016,18 @@ __dtoa
                 return s;
                 }
 
-        b = d2b(d, &be, &bbits);
+        b = d2b(value(d), &be, &bbits);
 #ifdef Sudden_Underflow
         i = (int)(word0(d) >> Exp_shift1 & (Exp_mask>>Exp_shift1));
 #else
         if (i = (int)(word0(d) >> Exp_shift1 & (Exp_mask>>Exp_shift1))) {
 #endif
-                d2 = d;
+                value(d2) = value(d);
                 word0(d2) &= Frac_mask1;
                 word0(d2) |= Exp_11;
 #ifdef IBM
                 if (j = 11 - hi0bits(word0(d2) & Frac_mask))
-                        d2 /= 1 << j;
+                        value(d2) /= 1 << j;
 #endif
 
                 /* log(x)       ~=~ log(1.5) + (x-1.5)/1.5
@@ -2037,19 +2066,20 @@ __dtoa
                 i = bbits + be + (Bias + (P-1) - 1);
                 x = i > 32  ? word0(d) << 64 - i | word1(d) >> i - 32
                             : word1(d) << 32 - i;
-                d2 = x;
+                value(d2) = x;
                 word0(d2) -= 31*Exp_msk1; /* adjust exponent */
                 i -= (Bias + (P-1) - 1) + 1;
                 denorm = 1;
                 }
 #endif
-        ds = (d2-1.5)*0.289529654602168 + 0.1760912590558 + i*0.301029995663981;
+        ds = (value(d2)-1.5)*0.289529654602168 + 0.1760912590558 +
+            i*0.301029995663981;
         k = (int)ds;
         if (ds < 0. && ds != k)
                 k--;    /* want k = floor(ds) */
         k_check = 1;
         if (k >= 0 && k <= Ten_pmax) {
-                if (d < tens[k])
+                if (value(d) < tens[k])
                         k--;
                 k_check = 0;
                 }
@@ -2116,7 +2146,7 @@ __dtoa
                 /* Try to get by with floating-point arithmetic. */
 
                 i = 0;
-                d2 = d;
+                value(d2) = value(d);
                 k0 = k;
                 ilim0 = ilim;
                 ieps = 2; /* conservative */
@@ -2126,7 +2156,7 @@ __dtoa
                         if (j & Bletch) {
                                 /* prevent overflows */
                                 j &= Bletch - 1;
-                                d /= bigtens[n_bigtens-1];
+                                value(d) /= bigtens[n_bigtens-1];
                                 ieps++;
                                 }
                         for(; j; j >>= 1, i++)
@@ -2134,32 +2164,32 @@ __dtoa
                                         ieps++;
                                         ds *= bigtens[i];
                                         }
-                        d /= ds;
+                        value(d) /= ds;
                         }
                 else if (j1 = -k) {
-                        d *= tens[j1 & 0xf];
+                        value(d) *= tens[j1 & 0xf];
                         for(j = j1 >> 4; j; j >>= 1, i++)
                                 if (j & 1) {
                                         ieps++;
-                                        d *= bigtens[i];
+                                        value(d) *= bigtens[i];
                                         }
                         }
-                if (k_check && d < 1. && ilim > 0) {
+                if (k_check && value(d) < 1. && ilim > 0) {
                         if (ilim1 <= 0)
                                 goto fast_failed;
                         ilim = ilim1;
                         k--;
-                        d *= 10.;
+                        value(d) *= 10.;
                         ieps++;
                         }
-                eps = ieps*d + 7.;
+                value(eps) = ieps*value(d) + 7.;
                 word0(eps) -= (P-1)*Exp_msk1;
                 if (ilim == 0) {
                         S = mhi = 0;
-                        d -= 5.;
-                        if (d > eps)
+                        value(d) -= 5.;
+                        if (value(d) > value(eps))
                                 goto one_digit;
-                        if (d < -eps)
+                        if (value(d) < -value(eps))
                                 goto no_digits;
                         goto fast_failed;
                         }
@@ -2168,33 +2198,33 @@ __dtoa
                         /* Use Steele & White method of only
                          * generating digits needed.
                          */
-                        eps = 0.5/tens[ilim-1] - eps;
+                        value(eps) = 0.5/tens[ilim-1] - value(eps);
                         for(i = 0;;) {
-                                L = d;
-                                d -= L;
+                                L = value(d);
+                                value(d) -= L;
                                 *s++ = '0' + (int)L;
-                                if (d < eps)
+                                if (value(d) < value(eps))
                                         goto ret1;
-                                if (1. - d < eps)
+                                if (1. - value(d) < value(eps))
                                         goto bump_up;
                                 if (++i >= ilim)
                                         break;
-                                eps *= 10.;
-                                d *= 10.;
+                                value(eps) *= 10.;
+                                value(d) *= 10.;
                                 }
                         }
                 else {
 #endif
                         /* Generate ilim digits, then fix them up. */
-                        eps *= tens[ilim-1];
-                        for(i = 1;; i++, d *= 10.) {
-                                L = d;
-                                d -= L;
+                        value(eps) *= tens[ilim-1];
+                        for(i = 1;; i++, value(d) *= 10.) {
+                                L = value(d);
+                                value(d) -= L;
                                 *s++ = '0' + (int)L;
                                 if (i == ilim) {
-                                        if (d > 0.5 + eps)
+                                        if (value(d) > 0.5 + value(eps))
                                                 goto bump_up;
-                                        else if (d < 0.5 - eps) {
+                                        else if (value(d) < 0.5 - value(eps)) {
                                                 while(*--s == '0');
                                                 s++;
                                                 goto ret1;
@@ -2207,7 +2237,7 @@ __dtoa
 #endif
  fast_failed:
                 s = s0;
-                d = d2;
+                value(d) = value(d2);
                 k = k0;
                 ilim = ilim0;
                 }
@@ -2219,24 +2249,24 @@ __dtoa
                 ds = tens[k];
                 if (ndigits < 0 && ilim <= 0) {
                         S = mhi = 0;
-                        if (ilim < 0 || d <= 5*ds)
+                        if (ilim < 0 || value(d) <= 5*ds)
                                 goto no_digits;
                         goto one_digit;
                         }
                 for(i = 1;; i++) {
-                        L = d / ds;
-                        d -= L*ds;
+                        L = value(d) / ds;
+                        value(d) -= L*ds;
 #ifdef Check_FLT_ROUNDS
                         /* If FLT_ROUNDS == 2, L will usually be high by 1 */
-                        if (d < 0) {
+                        if (value(d) < 0) {
                                 L--;
-                                d += ds;
+                                value(d) += ds;
                                 }
 #endif
                         *s++ = '0' + (int)L;
                         if (i == ilim) {
-                                d += d;
-                                if (d > ds || d == ds && L & 1) {
+                                value(d) += value(d);
+                                if (value(d) > ds || value(d) == ds && L & 1) {
  bump_up:
                                         while(*--s == '9')
                                                 if (s == s0) {
@@ -2248,7 +2278,7 @@ __dtoa
                                         }
                                 break;
                                 }
-                        if (!(d *= 10.))
+                        if (!(value(d) *= 10.))
                                 break;
                         }
                 goto ret1;
diff --git a/src/lib/libc/stdlib/strtol.3 b/src/lib/libc/stdlib/strtol.3
index 808ba90165..b7d2cd1225 100644
--- a/src/lib/libc/stdlib/strtol.3
+++ b/src/lib/libc/stdlib/strtol.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strtol.3      5.4 (Berkeley) 6/25/92
-.\"     $Id: strtol.3,v 1.1.1.1 1995/10/18 08:42:19 deraadt Exp $
+.\"     $OpenBSD: strtol.3,v 1.3 1996/08/19 08:33:51 tholo Exp $
 .\"
 .Dd June 25, 1992
 .Dt STRTOL 3
@@ -46,13 +45,13 @@
 .Fd #include <stdlib.h>
 .Fd #include <limits.h>
 .Ft long
-.Fn strtol "char *nptr" "char **endptr" "int base"
+.Fn strtol "const char *nptr" "char **endptr" "int base"
 
 .Fd #include <sys/types.h>
 .Fd #include <stdlib.h>
 .Fd #include <limits.h>
 .Ft quad_t
-.Fn strtoq "char *nptr" "char **endptr" "int base"
+.Fn strtoq "const char *nptr" "char **endptr" "int base"
 .Sh DESCRIPTION
 The
 .Fn strtol
diff --git a/src/lib/libc/stdlib/strtol.c b/src/lib/libc/stdlib/strtol.c
index 6f374abd5f..e4ad557fd5 100644
--- a/src/lib/libc/stdlib/strtol.c
+++ b/src/lib/libc/stdlib/strtol.c
@@ -32,13 +32,12 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strtol.c     5.4 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: strtol.c,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strtol.c,v 1.4 1996/08/19 08:33:51 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
-#include <limits.h>
 #include <ctype.h>
 #include <errno.h>
+#include <limits.h>
 #include <stdlib.h>
 
 
@@ -54,25 +53,28 @@ strtol(nptr, endptr, base)
         char **endptr;
         register int base;
 {
-        register const char *s = nptr;
-        register unsigned long acc;
+        register const char *s;
+        register long acc, cutoff;
         register int c;
-        register unsigned long cutoff;
-        register int neg = 0, any, cutlim;
+        register int neg, any, cutlim;
 
         /*
          * Skip white space and pick up leading +/- sign if any.
          * If base is 0, allow 0x for hex and 0 for octal, else
          * assume decimal; if base is already 16, allow 0x.
          */
+        s = nptr;
         do {
-                c = *s++;
+                c = (unsigned char) *s++;
         } while (isspace(c));
         if (c == '-') {
                 neg = 1;
                 c = *s++;
-        } else if (c == '+')
-                c = *s++;
+        } else {
+                neg = 0;
+                if (c == '+')
+                        c = *s++;
+        }
         if ((base == 0 || base == 16) &&
             c == '0' && (*s == 'x' || *s == 'X')) {
                 c = s[1];
@@ -99,10 +101,17 @@ strtol(nptr, endptr, base)
          * Set any if any `digits' consumed; make it negative to indicate
          * overflow.
          */
-        cutoff = neg ? -(unsigned long)LONG_MIN : LONG_MAX;
-        cutlim = cutoff % (unsigned long)base;
-        cutoff /= (unsigned long)base;
-        for (acc = 0, any = 0;; c = *s++) {
+        cutoff = neg ? LONG_MIN : LONG_MAX;
+        cutlim = cutoff % base;
+        cutoff /= base;
+        if (neg) {
+                if (cutlim > 0) {
+                        cutlim -= base;
+                        cutoff += 1;
+                }
+                cutlim = -cutlim;
+        }
+        for (acc = 0, any = 0;; c = (unsigned char) *s++) {
                 if (isdigit(c))
                         c -= '0';
                 else if (isalpha(c))
@@ -111,19 +120,30 @@ strtol(nptr, endptr, base)
                         break;
                 if (c >= base)
                         break;
-                if (any < 0 || acc > cutoff || acc == cutoff && c > cutlim)
-                        any = -1;
-                else {
-                        any = 1;
-                        acc *= base;
-                        acc += c;
+                if (any < 0)
+                        continue;
+                if (neg) {
+                        if (acc < cutoff || acc == cutoff && c > cutlim) {
+                                any = -1;
+                                acc = LONG_MIN;
+                                errno = ERANGE;
+                        } else {
+                                any = 1;
+                                acc *= base;
+                                acc -= c;
+                        }
+                } else {
+                        if (acc > cutoff || acc == cutoff && c > cutlim) {
+                                any = -1;
+                                acc = LONG_MAX;
+                                errno = ERANGE;
+                        } else {
+                                any = 1;
+                                acc *= base;
+                                acc += c;
+                        }
                 }
         }
-        if (any < 0) {
-                acc = neg ? LONG_MIN : LONG_MAX;
-                errno = ERANGE;
-        } else if (neg)
-                acc = -acc;
         if (endptr != 0)
                 *endptr = (char *) (any ? s - 1 : nptr);
         return (acc);
diff --git a/src/lib/libc/stdlib/strtoq.c b/src/lib/libc/stdlib/strtoq.c
index fc559e9d7f..44aabd73f0 100644
--- a/src/lib/libc/stdlib/strtoq.c
+++ b/src/lib/libc/stdlib/strtoq.c
@@ -32,14 +32,14 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)strtoq.c    5.1 (Berkeley) 6/26/92";
+static char rcsid[] = "$OpenBSD: strtoq.c,v 1.4 1996/08/19 08:33:52 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
 
-#include <limits.h>
-#include <errno.h>
 #include <ctype.h>
+#include <errno.h>
+#include <limits.h>
 #include <stdlib.h>
 
 /*
@@ -55,9 +55,8 @@ strtoq(nptr, endptr, base)
         register int base;
 {
         register const char *s;
-        register u_quad_t acc;
+        register quad_t acc, cutoff;
         register int c;
-        register u_quad_t qbase, cutoff;
         register int neg, any, cutlim;
 
         /*
@@ -67,7 +66,7 @@ strtoq(nptr, endptr, base)
          */
         s = nptr;
         do {
-                c = *s++;
+                c = (unsigned char) *s++;
         } while (isspace(c));
         if (c == '-') {
                 neg = 1;
@@ -104,11 +103,17 @@ strtoq(nptr, endptr, base)
          * Set any if any `digits' consumed; make it negative to indicate
          * overflow.
          */
-        qbase = (unsigned)base;
-        cutoff = neg ? -(u_quad_t)QUAD_MIN : QUAD_MAX;
-        cutlim = cutoff % qbase;
-        cutoff /= qbase;
-        for (acc = 0, any = 0;; c = *s++) {
+        cutoff = neg ? QUAD_MIN : QUAD_MAX;
+        cutlim = cutoff % base;
+        cutoff /= base;
+        if (neg) {
+                if (cutlim > 0) {
+                        cutlim -= base;
+                        cutoff += 1;
+                }
+                cutlim = -cutlim;
+        }
+        for (acc = 0, any = 0;; c = (unsigned char) *s++) {
                 if (isdigit(c))
                         c -= '0';
                 else if (isalpha(c))
@@ -117,19 +122,30 @@ strtoq(nptr, endptr, base)
                         break;
                 if (c >= base)
                         break;
-                if (any < 0 || acc > cutoff || acc == cutoff && c > cutlim)
-                        any = -1;
-                else {
-                        any = 1;
-                        acc *= qbase;
-                        acc += c;
+                if (any < 0)
+                        continue;
+                if (neg) {
+                        if (acc < cutoff || acc == cutoff && c > cutlim) {
+                                any = -1;
+                                acc = QUAD_MIN;
+                                errno = ERANGE;
+                        } else {
+                                any = 1;
+                                acc *= base;
+                                acc -= c;
+                        }
+                } else {
+                        if (acc > cutoff || acc == cutoff && c > cutlim) {
+                                any = -1;
+                                acc = QUAD_MAX;
+                                errno = ERANGE;
+                        } else {
+                                any = 1;
+                                acc *= base;
+                                acc += c;
+                        }
                 }
         }
-        if (any < 0) {
-                acc = neg ? QUAD_MIN : QUAD_MAX;
-                errno = ERANGE;
-        } else if (neg)
-                acc = -acc;
         if (endptr != 0)
                 *endptr = (char *) (any ? s - 1 : nptr);
         return (acc);
diff --git a/src/lib/libc/stdlib/strtoul.3 b/src/lib/libc/stdlib/strtoul.3
index db551b0141..b8234122a2 100644
--- a/src/lib/libc/stdlib/strtoul.3
+++ b/src/lib/libc/stdlib/strtoul.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strtoul.3     5.4 (Berkeley) 6/25/92
-.\"     $Id: strtoul.3,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $
+.\"     $OpenBSD: strtoul.3,v 1.2 1996/08/19 08:33:52 tholo Exp $
 .\"
 .Dd June 25, 1992
 .Dt STRTOUL 3
diff --git a/src/lib/libc/stdlib/strtoul.c b/src/lib/libc/stdlib/strtoul.c
index 00f7210fa1..d3b363fa04 100644
--- a/src/lib/libc/stdlib/strtoul.c
+++ b/src/lib/libc/stdlib/strtoul.c
@@ -32,13 +32,12 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strtoul.c    5.3 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: strtoul.c,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strtoul.c,v 1.4 1996/08/19 08:33:52 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
-#include <limits.h>
 #include <ctype.h>
 #include <errno.h>
+#include <limits.h>
 #include <stdlib.h>
 
 /*
@@ -53,23 +52,26 @@ strtoul(nptr, endptr, base)
         char **endptr;
         register int base;
 {
-        register const char *s = nptr;
-        register unsigned long acc;
+        register const char *s;
+        register unsigned long acc, cutoff;
         register int c;
-        register unsigned long cutoff;
-        register int neg = 0, any, cutlim;
+        register int neg, any, cutlim;
 
         /*
          * See strtol for comments as to the logic used.
          */
+        s = nptr;
         do {
-                c = *s++;
+                c = (unsigned char) *s++;
         } while (isspace(c));
         if (c == '-') {
                 neg = 1;
                 c = *s++;
-        } else if (c == '+')
-                c = *s++;
+        } else {
+                neg = 0;
+                if (c == '+')
+                        c = *s++;
+        }
         if ((base == 0 || base == 16) &&
             c == '0' && (*s == 'x' || *s == 'X')) {
                 c = s[1];
@@ -78,9 +80,10 @@ strtoul(nptr, endptr, base)
         }
         if (base == 0)
                 base = c == '0' ? 8 : 10;
-        cutoff = (unsigned long)ULONG_MAX / (unsigned long)base;
-        cutlim = (unsigned long)ULONG_MAX % (unsigned long)base;
-        for (acc = 0, any = 0;; c = *s++) {
+
+        cutoff = ULONG_MAX / (unsigned long)base;
+        cutlim = ULONG_MAX % (unsigned long)base;
+        for (acc = 0, any = 0;; c = (unsigned char) *s++) {
                 if (isdigit(c))
                         c -= '0';
                 else if (isalpha(c))
@@ -89,18 +92,19 @@ strtoul(nptr, endptr, base)
                         break;
                 if (c >= base)
                         break;
-                if (any < 0 || acc > cutoff || acc == cutoff && c > cutlim)
+                if (any < 0)
+                        continue;
+                if (acc > cutoff || acc == cutoff && c > cutlim) {
                         any = -1;
-                else {
+                        acc = ULONG_MAX;
+                        errno = ERANGE;
+                } else {
                         any = 1;
-                        acc *= base;
+                        acc *= (unsigned long)base;
                         acc += c;
                 }
         }
-        if (any < 0) {
-                acc = ULONG_MAX;
-                errno = ERANGE;
-        } else if (neg)
+        if (neg && any > 0)
                 acc = -acc;
         if (endptr != 0)
                 *endptr = (char *) (any ? s - 1 : nptr);
diff --git a/src/lib/libc/stdlib/strtouq.c b/src/lib/libc/stdlib/strtouq.c
index cc647d8d28..1f29a22f33 100644
--- a/src/lib/libc/stdlib/strtouq.c
+++ b/src/lib/libc/stdlib/strtouq.c
@@ -32,14 +32,14 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)strtouq.c   5.1 (Berkeley) 6/26/92";
+static char rcsid[] = "$OpenBSD: strtouq.c,v 1.4 1996/08/19 08:33:53 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
 
-#include <limits.h>
-#include <errno.h>
 #include <ctype.h>
+#include <errno.h>
+#include <limits.h>
 #include <stdlib.h>
 
 /*
@@ -54,10 +54,9 @@ strtouq(nptr, endptr, base)
         char **endptr;
         register int base;
 {
-        register const char *s = nptr;
-        register u_quad_t acc;
+        register const char *s;
+        register u_quad_t acc, cutoff;
         register int c;
-        register u_quad_t qbase, cutoff;
         register int neg, any, cutlim;
 
         /*
@@ -65,7 +64,7 @@ strtouq(nptr, endptr, base)
          */
         s = nptr;
         do {
-                c = *s++;
+                c = (unsigned char) *s++;
         } while (isspace(c));
         if (c == '-') {
                 neg = 1;
@@ -83,10 +82,10 @@ strtouq(nptr, endptr, base)
         }
         if (base == 0)
                 base = c == '0' ? 8 : 10;
-        qbase = (unsigned)base;
-        cutoff = (u_quad_t)UQUAD_MAX / qbase;
-        cutlim = (u_quad_t)UQUAD_MAX % qbase;
-        for (acc = 0, any = 0;; c = *s++) {
+
+        cutoff = UQUAD_MAX / (u_quad_t)base;
+        cutlim = UQUAD_MAX % (u_quad_t)base;
+        for (acc = 0, any = 0;; c = (unsigned char) *s++) {
                 if (isdigit(c))
                         c -= '0';
                 else if (isalpha(c))
@@ -95,18 +94,19 @@ strtouq(nptr, endptr, base)
                         break;
                 if (c >= base)
                         break;
-                if (any < 0 || acc > cutoff || acc == cutoff && c > cutlim)
+                if (any < 0)
+                        continue;
+                if (acc > cutoff || acc == cutoff && c > cutlim) {
                         any = -1;
-                else {
+                        acc = UQUAD_MAX;
+                        errno = ERANGE;
+                } else {
                         any = 1;
-                        acc *= qbase;
+                        acc *= (u_quad_t)base;
                         acc += c;
                 }
         }
-        if (any < 0) {
-                acc = UQUAD_MAX;
-                errno = ERANGE;
-        } else if (neg)
+        if (neg && any > 0)
                 acc = -acc;
         if (endptr != 0)
                 *endptr = (char *) (any ? s - 1 : nptr);
diff --git a/src/lib/libc/stdlib/system.3 b/src/lib/libc/stdlib/system.3
index 520f51db0a..985adb07de 100644
--- a/src/lib/libc/stdlib/system.3
+++ b/src/lib/libc/stdlib/system.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)system.3      6.5 (Berkeley) 6/29/91
-.\"     $Id: system.3,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $
+.\"     $OpenBSD: system.3,v 1.5 1996/12/11 23:09:53 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt SYSTEM 3
@@ -72,7 +71,7 @@ will return non-zero.
 Otherwise,
 .Fn system
 returns the termination status of the shell in the format specified by 
-.Xr waitpid 3 .
+.Xr waitpid 2 .
 .Sh RETURN VALUES 
 If a child process cannot be created, or the termination status of
 the shell cannot be obtained, 
@@ -87,8 +86,8 @@ returns the termination status for a program that terminates with a call of
 .Sh SEE ALSO
 .Xr sh 1 ,
 .Xr execve 2 ,
-.Xr popen 3 ,
-.Xr waitpid 3 ,
+.Xr waitpid 2 ,
+.Xr popen 3
 .Sh STANDARDS
 The
 .Fn system
@@ -96,4 +95,4 @@ function
 conforms to
 .St -ansiC 
 and
-.St -1003.2-92 .
+.St -p1003.2-92 .
diff --git a/src/lib/libc/stdlib/system.c b/src/lib/libc/stdlib/system.c
index c2f39325f6..3e1b047393 100644
--- a/src/lib/libc/stdlib/system.c
+++ b/src/lib/libc/stdlib/system.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)system.c     5.10 (Berkeley) 2/23/91";*/
-static char *rcsid = "$Id: system.c,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $";
+static char *rcsid = "$OpenBSD: system.c,v 1.3 1996/09/15 09:31:52 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
@@ -53,11 +52,13 @@ system(command)
         sig_t intsave, quitsave;
         int omask;
         int pstat;
-        char *argp[] = {"sh", "-c", (char *) command, NULL};
+        char *argp[] = {"sh", "-c", NULL, NULL};
 
         if (!command)           /* just checking... */
                 return(1);
 
+        argp[2] = (char *)command;
+
         omask = sigblock(sigmask(SIGCHLD));
         switch(pid = vfork()) {
         case -1:                        /* error */
diff --git a/src/lib/libc/stdlib/tfind.c b/src/lib/libc/stdlib/tfind.c
new file mode 100644
index 0000000000..9e5bd4b0f2
--- /dev/null
+++ b/src/lib/libc/stdlib/tfind.c
@@ -0,0 +1,41 @@
+/*
+ * Tree search generalized from Knuth (6.2.2) Algorithm T just like
+ * the AT&T man page says.
+ *
+ * The node_t structure is for internal use only, lint doesn't grok it.
+ *
+ * Written by reading the System V Interface Definition, not the code.
+ *
+ * Totally public domain.
+ */
+/*LINTLIBRARY*/
+#include <search.h>
+
+typedef struct node_t
+{
+    char          *key;
+    struct node_t *llink, *rlink;
+} node;
+
+/* find a node, or return 0 */
+void *
+tfind(vkey, vrootp, compar)
+        const void      *vkey;          /* key to be found */
+        void            *const *vrootp; /* address of the tree root */
+        int             (*compar) __P((const void *, const void *));
+{
+    char *key = (char *)vkey;
+    node **rootp = (node **)vrootp;
+
+    if (rootp == (struct node_t **)0)
+        return ((struct node_t *)0);
+    while (*rootp != (struct node_t *)0) {      /* T1: */
+        int r;
+        if ((r = (*compar)(key, (*rootp)->key)) == 0)   /* T2: */
+            return (*rootp);            /* key found */
+        rootp = (r < 0) ?
+            &(*rootp)->llink :          /* T3: follow left branch */
+            &(*rootp)->rlink;           /* T4: follow right branch */
+    }
+    return (node *)0;
+}
diff --git a/src/lib/libc/stdlib/tsearch.3 b/src/lib/libc/stdlib/tsearch.3
new file mode 100644
index 0000000000..dbdae7943c
--- /dev/null
+++ b/src/lib/libc/stdlib/tsearch.3
@@ -0,0 +1,116 @@
+.\" Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\"     $OpenBSD: tsearch.3,v 1.2 1998/06/21 22:13:49 millert Exp $
+.\"
+.Dd June 15, 1997
+.Dt TSEARCH 3
+.Os
+.Sh NAME
+.Nm tsearch, tfind, tdelete, twalk
+.Nd manipulate binary search trees
+.Sh SYNOPSIS
+.Fd #include <search.h>
+.Ft void *
+.Fn tdelete "const void *key" "void **rootp", "int (*compar) (const void *, const void *)"
+.Ft void *
+.Fn tfind "const void *key" "void * const *rootp", "int (*compar) (const void *, const void *)"
+.Ft void *
+.Fn tsearch "const void *key" "void **rootp", "int (*compar) (const void *, const void *)"
+.Ft void
+.Fn twalk "const void *root" "void (*compar) (const void *, VISIT, int)"
+.Sh DESCRIPTION
+The
+.Fn tdelete ,
+.Fn tfind ,
+.Fn tsearch ,
+and
+.Fn twalk
+functions manage binary search trees based on algorithms T and D
+from Knuth (6.2.2).  The comparison function passed in by
+the user has the same style of return values as
+.Xr strcmp 3 .
+.Pp
+.Fn Tfind
+searches for the datum matched by the argument
+.Fa key
+in the binary tree rooted at
+.Fa rootp ,
+returning a pointer to the datum if it is found and NULL
+if it is not.
+.Pp
+.Fn Tsearch
+is identical to
+.Fn tfind
+except that if no match is found,
+.Fa key
+is inserted into the tree and a pointer to it is returned.  If
+.Fa rootp
+points to a NULL value a new binary search tree is created.
+.Pp
+.Fn Tdelete
+deletes a node from the specified binary search tree and returns
+a pointer to the parent of the node to be deleted.
+It takes the same arguments as
+.Fn tfind
+and
+.Fn tsearch .
+If the node to be deleted is the root of the binary search tree,
+.Fa rootp
+will be adjusted.
+.Pp
+.Fn Twalk
+walks the binary search tree rooted in
+.fa root
+and calls the function
+.Fa action
+on each node.
+.Fa Action
+is called with three arguments: a pointer to the current node,
+a value from the enum 
+.Sy "typedef enum { preorder, postorder, endorder, leaf } VISIT;"
+specifying the traversal type, and a node level (where level
+zero is the root of the tree).
+.Sh SEE ALSO
+.Xr bsearch 3 ,
+.Xr hsearch 3 ,
+.Xr lsearch 3
+.Sh RETURN VALUES
+The
+.Fn tsearch
+function returns NULL if allocation of a new node fails (usually
+due to a lack of free memory).
+.Pp
+.Fn Tfind ,
+.Fn tsearch ,
+and
+.Fn tdelete
+return NULL if
+.Fa rootp
+is NULL or the datum cannot be found.
+.Pp
+The
+.Fn twalk
+function returns no value.
diff --git a/src/lib/libc/stdlib/tsearch.c b/src/lib/libc/stdlib/tsearch.c
new file mode 100644
index 0000000000..562ace1845
--- /dev/null
+++ b/src/lib/libc/stdlib/tsearch.c
@@ -0,0 +1,126 @@
+/*
+ * Tree search generalized from Knuth (6.2.2) Algorithm T just like
+ * the AT&T man page says.
+ *
+ * The node_t structure is for internal use only, lint doesn't grok it.
+ *
+ * Written by reading the System V Interface Definition, not the code.
+ *
+ * Totally public domain.
+ */
+/*LINTLIBRARY*/
+
+#include <search.h>
+#include <stdlib.h>
+
+typedef struct node_t {
+    char          *key;
+    struct node_t *left, *right;
+} node;
+
+/* find or insert datum into search tree */
+void *
+tsearch(vkey, vrootp, compar)
+        const void      *vkey;          /* key to be located */
+        void            **vrootp;       /* address of tree root */
+        int             (*compar) __P((const void *, const void *));
+{
+    register node *q;
+    char *key = (char *)vkey;
+    node **rootp = (node **)vrootp;
+
+    if (rootp == (struct node_t **)0)
+        return ((void *)0);
+    while (*rootp != (struct node_t *)0) {      /* Knuth's T1: */
+        int r;
+
+        if ((r = (*compar)(key, (*rootp)->key)) == 0)   /* T2: */
+            return ((void *)*rootp);            /* we found it! */
+        rootp = (r < 0) ?
+            &(*rootp)->left :           /* T3: follow left branch */
+            &(*rootp)->right;           /* T4: follow right branch */
+    }
+    q = (node *) malloc(sizeof(node));  /* T5: key not found */
+    if (q != (struct node_t *)0) {      /* make new node */
+        *rootp = q;                     /* link new node to old */
+        q->key = key;                   /* initialize new node */
+        q->left = q->right = (struct node_t *)0;
+    }
+    return ((void *)q);
+}
+
+/* delete node with given key */
+void *
+tdelete(vkey, vrootp, compar)
+        const void      *vkey;          /* key to be deleted */
+        void            **vrootp;       /* address of the root of tree */
+        int             (*compar) __P((const void *, const void *));
+{
+    node **rootp = (node **)vrootp;
+    char *key = (char *)vkey;
+    node *p;
+    register node *q;
+    register node *r;
+    int cmp;
+
+    if (rootp == (struct node_t **)0 || (p = *rootp) == (struct node_t *)0)
+        return ((struct node_t *)0);
+    while ((cmp = (*compar)(key, (*rootp)->key)) != 0) {
+        p = *rootp;
+        rootp = (cmp < 0) ?
+            &(*rootp)->left :           /* follow left branch */
+            &(*rootp)->right;           /* follow right branch */
+        if (*rootp == (struct node_t *)0)
+            return ((void *)0);         /* key not found */
+    }
+    r = (*rootp)->right;                        /* D1: */
+    if ((q = (*rootp)->left) == (struct node_t *)0)     /* Left (struct node_t *)0? */
+        q = r;
+    else if (r != (struct node_t *)0) {         /* Right link is null? */
+        if (r->left == (struct node_t *)0) {    /* D2: Find successor */
+            r->left = q;
+            q = r;
+        } else {                        /* D3: Find (struct node_t *)0 link */
+            for (q = r->left; q->left != (struct node_t *)0; q = r->left)
+                r = q;
+            r->left = q->right;
+            q->left = (*rootp)->left;
+            q->right = (*rootp)->right;
+        }
+    }
+    free((struct node_t *) *rootp);     /* D4: Free node */
+    *rootp = q;                         /* link parent to new node */
+    return(p);
+}
+
+/* Walk the nodes of a tree */
+static void
+trecurse(root, action, level)
+        register node   *root;          /* Root of the tree to be walked */
+        register void   (*action)();    /* Function to be called at each node */
+        register int    level;
+{
+    if (root->left == (struct node_t *)0 && root->right == (struct node_t *)0)
+        (*action)(root, leaf, level);
+    else {
+        (*action)(root, preorder, level);
+        if (root->left != (struct node_t *)0)
+            trecurse(root->left, action, level + 1);
+        (*action)(root, postorder, level);
+        if (root->right != (struct node_t *)0)
+            trecurse(root->right, action, level + 1);
+        (*action)(root, endorder, level);
+    }
+}
+
+/* Walk the nodes of a tree */
+void
+twalk(vroot, action)
+        const void      *vroot;         /* Root of the tree to be walked */
+        void            (*action) __P((const void *, VISIT, int));
+{
+    node *root = (node *)vroot;
+
+    if (root != (node *)0 && action != (void(*)())0)
+        trecurse(root, action, 0);
+}
diff --git a/src/lib/libc/string/Makefile.inc b/src/lib/libc/string/Makefile.inc
index 2b7ce63a63..076db78945 100644
--- a/src/lib/libc/string/Makefile.inc
+++ b/src/lib/libc/string/Makefile.inc
@@ -1,11 +1,10 @@
-#       from: @(#)Makefile.inc  5.6 (Berkeley) 3/5/91
-#       $Id: Makefile.inc,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $
+#       $OpenBSD: Makefile.inc,v 1.5 1998/07/01 01:29:44 millert Exp $
 
 # string sources
 .PATH: ${.CURDIR}/arch/${MACHINE_ARCH}/string ${.CURDIR}/string
 
 SRCS+=  bm.c memccpy.c strcasecmp.c strcoll.c strdup.c strerror.c \
-        strftime.c strmode.c strsignal.c strtok.c strxfrm.c \
+        strlcat.c strlcpy.c strmode.c strsignal.c strtok.c strxfrm.c \
         __strerror.c __strsignal.c
 
 # machine-dependent net sources
@@ -95,14 +94,35 @@ strrchr.so: rindex.c
             -o ${.TARGET}
 .endif
 
+# build .ln files for memmove, memcpy, strchr and strrchr always from
+# bcopy, index, and rindex
+LOBJS+= memmove.ln memcpy.ln strchr.ln strrchr.ln
+
+memmove.ln: bcopy.c
+        lint ${LINTFLAGS} -DMEMMOVE ${CFLAGS:M-[IDU]*} -i -o ${.TARGET} \
+                ${.CURDIR}/string/bcopy.c
+
+memcpy.ln: bcopy.c
+        lint ${LINTFLAGS} -DMEMCOPY ${CFLAGS:M-[IDU]*} -i -o ${.TARGET} \
+                ${.CURDIR}/string/bcopy.c
+
+strchr.ln: index.c
+        lint ${LINTFLAGS} -DSTRCHR ${CFLAGS:M-[IDU]*} -i -o ${.TARGET} \
+                ${.CURDIR}/string/index.c
+
+strrchr.ln: rindex.c
+        lint ${LINTFLAGS} -DSTRRCHR ${CFLAGS:M-[IDU]*} -i -o ${.TARGET} \
+                ${.CURDIR}/string/rindex.c
+
 MAN+=   bm.3 bcmp.3 bcopy.3 bstring.3 bzero.3 ffs.3 index.3 memccpy.3 memchr.3 \
         memcmp.3 memcpy.3 memmove.3 memset.3 rindex.3 strcasecmp.3 strcat.3 \
-        strchr.3 strcmp.3 strcoll.3 strcpy.3 strcspn.3 strerror.3 strftime.3 \
+        strchr.3 strcmp.3 strcoll.3 strcpy.3 strcspn.3 strerror.3 \
         string.3 strlen.3 strmode.3 strdup.3 strpbrk.3 strrchr.3 strsep.3 \
-        strsignal.3 strspn.3 strstr.3 strtok.3 strxfrm.3 swab.3
+        strsignal.3 strspn.3 strstr.3 strtok.3 strxfrm.3 swab.3 strlcpy.3
 
 MLINKS+=bm.3 bm_comp.3 bm.3 bm_exec.3 bm.3 bm_free.3
 MLINKS+=strcasecmp.3 strncasecmp.3
 MLINKS+=strcat.3 strncat.3
 MLINKS+=strcmp.3 strncmp.3
 MLINKS+=strcpy.3 strncpy.3
+MLINKS+=strlcpy.3 strlcat.3
diff --git a/src/lib/libc/string/__strerror.c b/src/lib/libc/string/__strerror.c
index cd604906db..9c023f8a53 100644
--- a/src/lib/libc/string/__strerror.c
+++ b/src/lib/libc/string/__strerror.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strerror.c   5.6 (Berkeley) 5/4/91";*/
-static char *rcsid = "$Id: __strerror.c,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $";
+static char *rcsid = "$OpenBSD: __strerror.c,v 1.6 1996/09/25 08:17:30 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #ifdef NLS
@@ -46,9 +45,26 @@ static char *rcsid = "$Id: __strerror.c,v 1.1.1.1 1995/10/18 08:42:20 deraadt Ex
 #define sys_errlist     _sys_errlist
 #define sys_nerr        _sys_nerr
 
+#include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <string.h>
 
+static char *itoa(num)
+        int num;
+{
+        static char buffer[11];
+        char *p;
+
+        p = buffer + 4;
+        while (num >= 10) {
+                *--p = (num % 10) + '0';
+                num /= 10;
+        }
+        *p = (num % 10) + '0';
+        return p;
+}
+
 /*
  * Since perror() is not allowed to change the contents of strerror()'s
  * static buffer, both functions supply their own buffers to the
@@ -60,28 +76,31 @@ __strerror(num, buf)
         int num;
         char *buf;
 {
-#define UPREFIX "Unknown error: %u"
+#define UPREFIX "Unknown error: "
         register unsigned int errnum;
 
 #ifdef NLS
-        nl_catd catd ;
+        nl_catd catd;
         catd = catopen("libc", 0);
 #endif
 
         errnum = num;                           /* convert to unsigned */
         if (errnum < sys_nerr) {
 #ifdef NLS
-                strcpy(buf, catgets(catd, 1, errnum,
-                    (char *)sys_errlist[errnum])); 
+                strncpy(buf, catgets(catd, 1, errnum,
+                    (char *)sys_errlist[errnum]), NL_TEXTMAX-1);
+                buf[NL_TEXTMAX - 1] = '\0';
 #else
                 return(sys_errlist[errnum]);
 #endif
         } else {
 #ifdef NLS
-                sprintf(buf, catgets(catd, 1, 0xffff, UPREFIX), errnum);
+                strncpy(buf, catgets(catd, 1, 0xffff, UPREFIX), NL_TEXTMAX-1);
+                buf[NL_TEXTMAX - 1] = '\0';
 #else
-                sprintf(buf, UPREFIX, errnum);
+                strcpy(buf, UPREFIX);
 #endif
+                strncat(buf, itoa(errnum), NL_TEXTMAX-strlen(buf)-1);
         }
 
 #ifdef NLS
diff --git a/src/lib/libc/string/__strsignal.c b/src/lib/libc/string/__strsignal.c
index 1937e2d608..ae0df72cd3 100644
--- a/src/lib/libc/string/__strsignal.c
+++ b/src/lib/libc/string/__strsignal.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strerror.c   5.6 (Berkeley) 5/4/91";*/
-static char *rcsid = "$Id: __strsignal.c,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $";
+static char *rcsid = "$OpenBSD: __strsignal.c,v 1.5 1996/09/25 13:19:01 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #ifdef NLS
@@ -46,15 +45,31 @@ static char *rcsid = "$Id: __strsignal.c,v 1.1.1.1 1995/10/18 08:42:20 deraadt E
 #define sys_siglist     _sys_siglist
 
 #include <stdio.h>
+#include <limits.h>
 #include <signal.h>
 #include <string.h>
 
+static char *itoa(num)
+        int num;
+{
+        static char buffer[11];
+        char *p;
+
+        p = buffer + 4;
+        while (num >= 10) {
+                *--p = (num % 10) + '0';
+                num /= 10;
+        }
+        *p = (num % 10) + '0';
+        return p;
+}
+
 char *
 __strsignal(num, buf)
         int num;
         char *buf;
 {
-#define UPREFIX "Unknown signal: %u"
+#define UPREFIX "Unknown signal: "
         register unsigned int signum;
 
 #ifdef NLS
@@ -65,17 +80,20 @@ __strsignal(num, buf)
         signum = num;                           /* convert to unsigned */
         if (signum < NSIG) {
 #ifdef NLS
-                strcpy(buf, catgets(catd, 2, signum,
-                    (char *)sys_siglist[signum])); 
+                strncpy(buf, catgets(catd, 2, signum,
+                    (char *)sys_siglist[signum]), NL_TEXTMAX-1);
+                buf[NL_TEXTMAX-1] = '\0';
 #else
                 return((char *)sys_siglist[signum]);
 #endif
         } else {
 #ifdef NLS
-                sprintf(buf, catgets(catd, 1, 0xffff, UPREFIX), signum);
+                strncpy(buf, catgets(catd, 1, 0xffff, UPREFIX), NL_TEXTMAX-1);
+                buf[NL_TEXTMAX-1] = '\0';
 #else
-                sprintf(buf, UPREFIX, signum);
+                strcpy(buf, UPREFIX);
 #endif
+                strncat(buf, itoa(signum), NL_TEXTMAX-strlen(buf)-1);
         }
 
 #ifdef NLS
diff --git a/src/lib/libc/string/bcmp.3 b/src/lib/libc/string/bcmp.3
index 118c55c579..9234b5739d 100644
--- a/src/lib/libc/string/bcmp.3
+++ b/src/lib/libc/string/bcmp.3
@@ -31,8 +31,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)bcmp.3        5.4 (Berkeley) 4/19/91
-.\"     $Id: bcmp.3,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $
+.\"     $OpenBSD: bcmp.3,v 1.2 1996/08/19 08:33:56 tholo Exp $
 .\"
 .Dd April 19, 1991
 .Dt BCMP 3
diff --git a/src/lib/libc/string/bcmp.c b/src/lib/libc/string/bcmp.c
index 2cc38baee3..4ed00975a4 100644
--- a/src/lib/libc/string/bcmp.c
+++ b/src/lib/libc/string/bcmp.c
@@ -32,15 +32,19 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)bcmp.c       5.6 (Berkeley) 2/24/91";*/
-static char *rcsid = "$Id: bcmp.c,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $";
+static char *rcsid = "$OpenBSD: bcmp.c,v 1.4 1996/08/19 08:33:57 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
+#ifndef _KERNEL
 #include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
 
 /*
  * bcmp -- vax cmpc3 instruction
  */
+int
 bcmp(b1, b2, length)
         const void *b1, *b2;
         register size_t length;
diff --git a/src/lib/libc/string/bcopy.3 b/src/lib/libc/string/bcopy.3
index 6db3812caf..4e841562e0 100644
--- a/src/lib/libc/string/bcopy.3
+++ b/src/lib/libc/string/bcopy.3
@@ -32,8 +32,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)bcopy.3       5.3 (Berkeley) 4/19/91
-.\"     $Id: bcopy.3,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $
+.\"     $OpenBSD: bcopy.3,v 1.2 1996/08/19 08:33:57 tholo Exp $
 .\"
 .Dd April 19, 1991
 .Dt BCOPY 3
diff --git a/src/lib/libc/string/bcopy.c b/src/lib/libc/string/bcopy.c
index 92feed66ea..023a3b2db2 100644
--- a/src/lib/libc/string/bcopy.c
+++ b/src/lib/libc/string/bcopy.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)bcopy.c      5.11 (Berkeley) 6/21/91";*/
-static char *rcsid = "$Id: bcopy.c,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $";
+static char *rcsid = "$OpenBSD: bcopy.c,v 1.2 1996/08/19 08:33:58 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/bm.3 b/src/lib/libc/string/bm.3
index 2264a6a1c4..c942930163 100644
--- a/src/lib/libc/string/bm.3
+++ b/src/lib/libc/string/bm.3
@@ -32,8 +32,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)bm.3  8.4 (Berkeley) 6/21/94
-.\"     $Id: bm.3,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $
+.\"     $OpenBSD: bm.3,v 1.2 1996/08/19 08:33:58 tholo Exp $
 .\"
 .TH BM 3
 .SH NAME
diff --git a/src/lib/libc/string/bm.c b/src/lib/libc/string/bm.c
index 68eac22ecc..b191d340f6 100644
--- a/src/lib/libc/string/bm.c
+++ b/src/lib/libc/string/bm.c
@@ -34,10 +34,9 @@
  * SUCH DAMAGE.
  */
 
-#ifndef lint
-/* from: static char sccsid[] = "@(#)bm.c       8.7 (Berkeley) 6/21/94"; */
-static char *rcsid = "$Id: bm.c,v 1.1.1.1 1995/10/18 08:42:20 deraadt Exp $";
-#endif /* not lint */
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: bm.c,v 1.3 1996/08/19 08:33:59 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
 
diff --git a/src/lib/libc/string/bstring.3 b/src/lib/libc/string/bstring.3
index 12fcfb0cc1..b553fd0beb 100644
--- a/src/lib/libc/string/bstring.3
+++ b/src/lib/libc/string/bstring.3
@@ -31,8 +31,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)bstring.3     6.8 (Berkeley) 4/19/91
-.\"     $Id: bstring.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     $OpenBSD: bstring.3,v 1.2 1996/08/19 08:33:59 tholo Exp $
 .\"
 .Dd April 19, 1991
 .Dt BSTRING 3
diff --git a/src/lib/libc/string/bzero.3 b/src/lib/libc/string/bzero.3
index 4f0141e051..a8e55a63c1 100644
--- a/src/lib/libc/string/bzero.3
+++ b/src/lib/libc/string/bzero.3
@@ -31,8 +31,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)bzero.3       5.3 (Berkeley) 4/19/91
-.\"     $Id: bzero.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     $OpenBSD: bzero.3,v 1.2 1996/08/19 08:34:00 tholo Exp $
 .\"
 .Dd April 19, 1991
 .Dt BZERO 3
diff --git a/src/lib/libc/string/bzero.c b/src/lib/libc/string/bzero.c
index 4865e396ef..3e660a307f 100644
--- a/src/lib/libc/string/bzero.c
+++ b/src/lib/libc/string/bzero.c
@@ -32,11 +32,14 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)bzero.c      5.7 (Berkeley) 2/24/91";*/
-static char *rcsid = "$Id: bzero.c,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $";
+static char *rcsid = "$OpenBSD: bzero.c,v 1.3 1996/08/19 08:34:00 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
+#ifndef _KERNEL
 #include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
 
 /*
  * bzero -- vax movc5 instruction
diff --git a/src/lib/libc/string/ffs.3 b/src/lib/libc/string/ffs.3
index 6464bea2b1..9ef08aef8e 100644
--- a/src/lib/libc/string/ffs.3
+++ b/src/lib/libc/string/ffs.3
@@ -31,8 +31,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)ffs.3 5.3 (Berkeley) 4/19/91
-.\"     $Id: ffs.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     $OpenBSD: ffs.3,v 1.2 1996/08/19 08:34:01 tholo Exp $
 .\"
 .Dd April 19, 1991
 .Dt FFS 3
diff --git a/src/lib/libc/string/ffs.c b/src/lib/libc/string/ffs.c
index 42bc87ddea..a0767e50ad 100644
--- a/src/lib/libc/string/ffs.c
+++ b/src/lib/libc/string/ffs.c
@@ -32,11 +32,14 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)ffs.c        5.4 (Berkeley) 5/17/90";*/
-static char *rcsid = "$Id: ffs.c,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $";
+static char *rcsid = "$OpenBSD: ffs.c,v 1.3 1996/08/19 08:34:01 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
+#ifndef _KERNEL
 #include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
 
 /*
  * ffs -- vax ffs instruction
diff --git a/src/lib/libc/string/index.3 b/src/lib/libc/string/index.3
index 847b03628b..d236a73a48 100644
--- a/src/lib/libc/string/index.3
+++ b/src/lib/libc/string/index.3
@@ -31,8 +31,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)index.3       5.3 (Berkeley) 4/19/91
-.\"     $Id: index.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     $OpenBSD: index.3,v 1.4 1997/12/30 01:09:49 deraadt Exp $
 .\"
 .Dd April 19, 1991
 .Dt INDEX 3
@@ -55,9 +54,9 @@ locates the first character matching
 in the null-terminated string
 .Fa s .
 .Sh RETURN VALUES
-The character
+If the character
 .Fa c
-is returned if it is found; otherwise
+is found, a pointer to it is returned; otherwise
 .Dv NULL
 is returned.
 If
@@ -77,7 +76,7 @@ locates the terminating '\e0'.
 .Xr strstr 3 ,
 .Xr strtok 3
 .Sh HISTORY
-A
+An
 .Fn index
 function appeared in 
 .At v6 .
diff --git a/src/lib/libc/string/index.c b/src/lib/libc/string/index.c
index 3d9c05f961..86c4e75f12 100644
--- a/src/lib/libc/string/index.c
+++ b/src/lib/libc/string/index.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)index.c      5.7 (Berkeley) 2/24/91";*/
-static char *rcsid = "$Id: index.c,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $";
+static char *rcsid = "$OpenBSD: index.c,v 1.2 1996/08/19 08:34:02 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/memccpy.3 b/src/lib/libc/string/memccpy.3
index 61df704028..c2e15b1405 100644
--- a/src/lib/libc/string/memccpy.3
+++ b/src/lib/libc/string/memccpy.3
@@ -1,5 +1,7 @@
-.\" Copyright (c) 1990, 1991 The Regents of the University of California.
-.\" All rights reserved.
+.\" $OpenBSD: memccpy.3,v 1.4 1998/06/15 17:55:09 mickey Exp $
+.\"
+.\" Copyright (c) 1990, 1991, 1993
+.\"     The Regents of the University of California.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -29,14 +31,14 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)memccpy.3     5.4 (Berkeley) 4/19/91
-.\"     $Id: memccpy.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     @(#)memccpy.3   8.1 (Berkeley) 6/9/93
 .\"
-.Dd April 19, 1991
+.Dd June 9, 1993
 .Dt MEMCCPY 3
 .Os
 .Sh NAME
 .Nm memccpy
+.Nd copy string until character found
 .Sh SYNOPSIS
 .Fd #include <string.h>
 .Ft void *
@@ -69,5 +71,5 @@ bytes are copied, and a NULL pointer is returned.
 .Sh HISTORY
 The
 .Fn memccpy
-function is
-.Ud .
+function first appeared in
+.Bx 4.4 .
diff --git a/src/lib/libc/string/memccpy.c b/src/lib/libc/string/memccpy.c
index 3a1d7bcca1..020e6e5679 100644
--- a/src/lib/libc/string/memccpy.c
+++ b/src/lib/libc/string/memccpy.c
@@ -1,6 +1,8 @@
+/*      $OpenBSD: memccpy.c,v 1.3 1997/08/20 04:09:39 millert Exp $     */
+
 /*-
- * Copyright (c) 1990 The Regents of the University of California.
- * All rights reserved.
+ * Copyright (c) 1990, 1993
+ *      The Regents of the University of California.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -32,8 +34,11 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)memccpy.c    5.8 (Berkeley) 5/30/91";*/
-static char *rcsid = "$Id: memccpy.c,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $";
+#if 0
+static char sccsid[] = "@(#)memccpy.c   8.1 (Berkeley) 6/4/93";
+#else
+static char *rcsid = "$OpenBSD: memccpy.c,v 1.3 1997/08/20 04:09:39 millert Exp $";
+#endif
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/memchr.3 b/src/lib/libc/string/memchr.3
index 265711e3b5..56a2aee9ce 100644
--- a/src/lib/libc/string/memchr.3
+++ b/src/lib/libc/string/memchr.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)memchr.3      5.4 (Berkeley) 6/29/91
-.\"     $Id: memchr.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     $OpenBSD: memchr.3,v 1.2 1996/08/19 08:34:04 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt MEMCHR 3
diff --git a/src/lib/libc/string/memchr.c b/src/lib/libc/string/memchr.c
index 61652c6bb1..2ebb5dab32 100644
--- a/src/lib/libc/string/memchr.c
+++ b/src/lib/libc/string/memchr.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)memchr.c     5.6 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: memchr.c,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $";
+static char *rcsid = "$OpenBSD: memchr.c,v 1.2 1996/08/19 08:34:04 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/memcmp.3 b/src/lib/libc/string/memcmp.3
index 13901c1009..34c5f60861 100644
--- a/src/lib/libc/string/memcmp.3
+++ b/src/lib/libc/string/memcmp.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)memcmp.3      5.5 (Berkeley) 6/29/91
-.\"     $Id: memcmp.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     $OpenBSD: memcmp.3,v 1.3 1996/12/10 09:06:11 deraadt Exp $
 .\"
 .Dd June 29, 1991
 .Dt MEMCMP 3
@@ -61,7 +60,7 @@ bytes long.
 The
 .Fn memcmp
 function
-returns zero if the the two strings are identical,
+returns zero if the two strings are identical,
 otherwise returns the difference between the first two differing bytes
 (treated as unsigned char values, so that
 .Sq Li \e200
diff --git a/src/lib/libc/string/memcmp.c b/src/lib/libc/string/memcmp.c
index 23d2ab2393..5ce33e2998 100644
--- a/src/lib/libc/string/memcmp.c
+++ b/src/lib/libc/string/memcmp.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)memcmp.c     5.6 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: memcmp.c,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $";
+static char *rcsid = "$OpenBSD: memcmp.c,v 1.2 1996/08/19 08:34:05 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/memcpy.3 b/src/lib/libc/string/memcpy.3
index 3f4bb643c9..75eb00b2d5 100644
--- a/src/lib/libc/string/memcpy.3
+++ b/src/lib/libc/string/memcpy.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)memcpy.3      5.5 (Berkeley) 6/29/91
-.\"     $Id: memcpy.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     $OpenBSD: memcpy.3,v 1.2 1996/08/19 08:34:06 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt MEMCPY 3
diff --git a/src/lib/libc/string/memmove.3 b/src/lib/libc/string/memmove.3
index 24422e7971..95f6b7596c 100644
--- a/src/lib/libc/string/memmove.3
+++ b/src/lib/libc/string/memmove.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)memmove.3     5.5 (Berkeley) 6/29/91
-.\"     $Id: memmove.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     $OpenBSD: memmove.3,v 1.2 1996/08/19 08:34:07 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt MEMMOVE 3
diff --git a/src/lib/libc/string/memset.3 b/src/lib/libc/string/memset.3
index 1afc052182..e1d8583732 100644
--- a/src/lib/libc/string/memset.3
+++ b/src/lib/libc/string/memset.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)memset.3      5.4 (Berkeley) 6/29/91
-.\"     $Id: memset.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     $OpenBSD: memset.3,v 1.3 1997/08/24 21:56:45 deraadt Exp $
 .\"
 .Dd June 29, 1991
 .Dt MEMSET 3
@@ -56,6 +55,12 @@ bytes of value
 .Fa c
 (converted to an unsigned char) to the string
 .Fa b .
+.Sh RETURN VALUES
+The
+.Fn memset
+function
+returns the original value of
+.Fa b .
 .Sh SEE ALSO
 .Xr bzero 3 ,
 .Xr swab 3
diff --git a/src/lib/libc/string/memset.c b/src/lib/libc/string/memset.c
index 117de2e80b..c3373a21a9 100644
--- a/src/lib/libc/string/memset.c
+++ b/src/lib/libc/string/memset.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)memset.c     5.6 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: memset.c,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $";
+static char *rcsid = "$OpenBSD: memset.c,v 1.2 1996/08/19 08:34:07 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/rindex.3 b/src/lib/libc/string/rindex.3
index b13b3513e0..db7f8e1cd8 100644
--- a/src/lib/libc/string/rindex.3
+++ b/src/lib/libc/string/rindex.3
@@ -31,8 +31,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)rindex.3      5.2 (Berkeley) 4/19/91
-.\"     $Id: rindex.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     $OpenBSD: rindex.3,v 1.3 1997/12/30 01:09:49 deraadt Exp $
 .\"
 .Dd April 19, 1991
 .Dt RINDEX 3
@@ -55,7 +54,7 @@ matching
 .Em char )
 in the null-terminated string
 .Fa s .
-The character c is returned if it is found; otherwise NULL is returned.
+If the character c is found, a pointer to it is returned; otherwise NULL is returned.
 If
 .Fa c
 is
diff --git a/src/lib/libc/string/rindex.c b/src/lib/libc/string/rindex.c
index 1b84c92072..f18553f667 100644
--- a/src/lib/libc/string/rindex.c
+++ b/src/lib/libc/string/rindex.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)rindex.c     5.9 (Berkeley) 2/24/91";*/
-static char *rcsid = "$Id: rindex.c,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $";
+static char *rcsid = "$OpenBSD: rindex.c,v 1.2 1996/08/19 08:34:08 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/strcasecmp.3 b/src/lib/libc/string/strcasecmp.3
index 46e9010e4f..52a13055ee 100644
--- a/src/lib/libc/string/strcasecmp.3
+++ b/src/lib/libc/string/strcasecmp.3
@@ -1,5 +1,7 @@
-.\" Copyright (c) 1990, 1991 The Regents of the University of California.
-.\" All rights reserved.
+.\" $OpenBSD: strcasecmp.3,v 1.4 1998/06/15 17:55:11 mickey Exp $
+.\"
+.\" Copyright (c) 1990, 1991, 1993
+.\"     The Regents of the University of California.  All rights reserved.
 .\"
 .\" This code is derived from software contributed to Berkeley by
 .\" Chris Torek.
@@ -31,10 +33,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strcasecmp.3  5.4 (Berkeley) 4/19/91
-.\"     $Id: strcasecmp.3,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $
+.\"     @(#)strcasecmp.3        8.1 (Berkeley) 6/9/93
 .\"
-.Dd April 19, 1991
+.Dd June 9, 1993
 .Dt STRCASECMP 3
 .Os
 .Sh NAME
@@ -84,5 +85,5 @@ The
 .Fn strcasecmp
 and
 .Fn strncasecmp
-functions are
-.Ud .
+functions first appeared in
+.Bx 4.4 .
diff --git a/src/lib/libc/string/strcasecmp.c b/src/lib/libc/string/strcasecmp.c
index 79bd0081e3..1f487524aa 100644
--- a/src/lib/libc/string/strcasecmp.c
+++ b/src/lib/libc/string/strcasecmp.c
@@ -1,6 +1,8 @@
+/*      $OpenBSD: strcasecmp.c,v 1.3 1997/08/20 04:13:57 millert Exp $  */
+
 /*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
+ * Copyright (c) 1987, 1993
+ *      The Regents of the University of California.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,13 +33,16 @@
  * SUCH DAMAGE.
  */
 
+#include <string.h>
+
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static const char sccsid[] = "from: @(#)strcasecmp.c  5.10 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strcasecmp.c,v 1.1.1.1 1995/10/18 08:42:21 deraadt Exp $";
+#if 0
+static char sccsid[] = "@(#)strcasecmp.c        8.1 (Berkeley) 6/4/93";
+#else
+static char *rcsid = "$OpenBSD: strcasecmp.c,v 1.3 1997/08/20 04:13:57 millert Exp $";
+#endif
 #endif /* LIBC_SCCS and not lint */
 
-#include <string.h>
-
 typedef unsigned char u_char;
 
 /*
diff --git a/src/lib/libc/string/strcat.3 b/src/lib/libc/string/strcat.3
index 5357d65754..686afd3f2e 100644
--- a/src/lib/libc/string/strcat.3
+++ b/src/lib/libc/string/strcat.3
@@ -33,10 +33,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strcat.3      5.6 (Berkeley) 6/29/91
-.\"     $Id: strcat.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
+.\"     $OpenBSD: strcat.3,v 1.3 1997/07/09 00:19:53 millert Exp $
 .\"
-.Dd June 29, 1991
+.Dd July 8, 1997
 .Dt STRCAT 3
 .Os
 .Sh NAME
@@ -69,7 +68,10 @@ The
 function
 appends not more than
 .Fa count
-characters.
+characters where space for the terminating
+.Ql \e0
+should not be included in
+.Fa count .
 .Sh RETURN VALUES
 The
 .Fn strcat
diff --git a/src/lib/libc/string/strcat.c b/src/lib/libc/string/strcat.c
index e741b84f03..374a2b7464 100644
--- a/src/lib/libc/string/strcat.c
+++ b/src/lib/libc/string/strcat.c
@@ -32,11 +32,14 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strcat.c     5.6 (Berkeley) 2/24/91";*/
-static char *rcsid = "$Id: strcat.c,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strcat.c,v 1.4 1996/08/19 08:34:10 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
+#ifndef _KERNEL
 #include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
 
 char *
 strcat(s, append)
@@ -46,6 +49,6 @@ strcat(s, append)
         char *save = s;
 
         for (; *s; ++s);
-        while (*s++ = *append++);
+        while ((*s++ = *append++) != '\0');
         return(save);
 }
diff --git a/src/lib/libc/string/strchr.3 b/src/lib/libc/string/strchr.3
index 18b50301f3..c3bc2f8817 100644
--- a/src/lib/libc/string/strchr.3
+++ b/src/lib/libc/string/strchr.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strchr.3      5.4 (Berkeley) 6/29/91
-.\"     $Id: strchr.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
+.\"     $OpenBSD: strchr.3,v 1.3 1997/12/29 22:31:50 deraadt Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRCHR 3
@@ -54,7 +53,7 @@ function locates the first occurrence of
 in the string pointed to by
 .Ar s .
 The terminating
-.Dv NULL
+.Dv NUL
 character is considered part of the string.
 If
 .Fa c
diff --git a/src/lib/libc/string/strcmp.3 b/src/lib/libc/string/strcmp.3
index fecaa85410..91e51d68fc 100644
--- a/src/lib/libc/string/strcmp.3
+++ b/src/lib/libc/string/strcmp.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strcmp.3      5.6 (Berkeley) 6/29/91
-.\"     $Id: strcmp.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
+.\"     $OpenBSD: strcmp.3,v 1.2 1996/08/19 08:34:11 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRCMP 3
diff --git a/src/lib/libc/string/strcmp.c b/src/lib/libc/string/strcmp.c
index ae19e2e26e..9a5b208323 100644
--- a/src/lib/libc/string/strcmp.c
+++ b/src/lib/libc/string/strcmp.c
@@ -35,11 +35,14 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strcmp.c     5.5 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strcmp.c,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strcmp.c,v 1.3 1996/08/19 08:34:12 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
+#ifndef _KERNEL
 #include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
 
 /*
  * Compare strings.
diff --git a/src/lib/libc/string/strcoll.3 b/src/lib/libc/string/strcoll.3
index 12f73f98f2..20af998885 100644
--- a/src/lib/libc/string/strcoll.3
+++ b/src/lib/libc/string/strcoll.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strcoll.3     5.6 (Berkeley) 6/29/91
-.\"     $Id: strcoll.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
+.\"     $OpenBSD: strcoll.3,v 1.2 1996/08/19 08:34:12 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRCOLL 3
diff --git a/src/lib/libc/string/strcoll.c b/src/lib/libc/string/strcoll.c
index 86c742cba9..dca0b10d25 100644
--- a/src/lib/libc/string/strcoll.c
+++ b/src/lib/libc/string/strcoll.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strcoll.c    5.2 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strcoll.c,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strcoll.c,v 1.2 1996/08/19 08:34:13 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/strcpy.3 b/src/lib/libc/string/strcpy.3
index 1ca12c2707..33da6e619e 100644
--- a/src/lib/libc/string/strcpy.3
+++ b/src/lib/libc/string/strcpy.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strcpy.3      5.4 (Berkeley) 6/29/91
-.\"     $Id: strcpy.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
+.\"     $OpenBSD: strcpy.3,v 1.2 1996/08/19 08:34:13 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRCPY 3
diff --git a/src/lib/libc/string/strcpy.c b/src/lib/libc/string/strcpy.c
index 669bfde23e..76b063fc10 100644
--- a/src/lib/libc/string/strcpy.c
+++ b/src/lib/libc/string/strcpy.c
@@ -32,11 +32,14 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strcpy.c     5.7 (Berkeley) 2/24/91";*/
-static char *rcsid = "$Id: strcpy.c,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strcpy.c,v 1.4 1996/08/19 08:34:14 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
+#ifndef _KERNEL
 #include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
 
 char *
 strcpy(to, from)
@@ -45,6 +48,6 @@ strcpy(to, from)
 {
         char *save = to;
 
-        for (; *to = *from; ++from, ++to);
+        for (; (*to = *from) != '\0'; ++from, ++to);
         return(save);
 }
diff --git a/src/lib/libc/string/strcspn.3 b/src/lib/libc/string/strcspn.3
index cc9e5c2fe3..93c6d8f84c 100644
--- a/src/lib/libc/string/strcspn.3
+++ b/src/lib/libc/string/strcspn.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strcspn.3     5.3 (Berkeley) 6/29/91
-.\"     $Id: strcspn.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
+.\"     $OpenBSD: strcspn.3,v 1.2 1996/08/19 08:34:14 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRCSPN 3
diff --git a/src/lib/libc/string/strcspn.c b/src/lib/libc/string/strcspn.c
index acb4d2a3af..f7261564a7 100644
--- a/src/lib/libc/string/strcspn.c
+++ b/src/lib/libc/string/strcspn.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strcspn.c    5.6 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strcspn.c,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strcspn.c,v 1.2 1996/08/19 08:34:15 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/strdup.3 b/src/lib/libc/string/strdup.3
index 925cbf3d46..6abbba57cb 100644
--- a/src/lib/libc/string/strdup.3
+++ b/src/lib/libc/string/strdup.3
@@ -1,5 +1,7 @@
-.\" Copyright (c) 1990, 1991 The Regents of the University of California.
-.\" All rights reserved.
+.\" $OpenBSD: strdup.3,v 1.6 1998/08/19 05:51:14 pjanzen Exp $
+.\"
+.\" Copyright (c) 1990, 1991, 1993
+.\"     The Regents of the University of California.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -29,10 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strdup.3      5.3 (Berkeley) 4/19/91
-.\"     $Id: strdup.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
+.\"     @(#)strdup.3    8.1 (Berkeley) 6/9/93
 .\"
-.Dd April 19, 1991
+.Dd June 9, 1993
 .Dt STRDUP 3
 .Os
 .Sh NAME
@@ -53,13 +54,15 @@ does the copy, and returns a pointer to it.
 The pointer may subsequently be used as an
 argument to the function
 .Xr free 3 .
+.Pp
+If insufficient memory is available, NULL is returned.
 .Sh SEE ALSO
 .Xr free 3 ,
 .Xr malloc 3 ,
-.Xt strcpy 3 ,
-.Xt strlen 3
+.Xr strcpy 3 ,
+.Xr strlen 3
 .Sh HISTORY
 The
 .Fn strdup
-function
-.Ud .
+function first appeared in
+.Bx 4.4 .
diff --git a/src/lib/libc/string/strdup.c b/src/lib/libc/string/strdup.c
index 27ede44110..be7f7ad094 100644
--- a/src/lib/libc/string/strdup.c
+++ b/src/lib/libc/string/strdup.c
@@ -1,6 +1,8 @@
+/*      $OpenBSD: strdup.c,v 1.3 1997/08/20 04:18:52 millert Exp $      */
+
 /*
- * Copyright (c) 1988 The Regents of the University of California.
- * All rights reserved.
+ * Copyright (c) 1988, 1993
+ *      The Regents of the University of California.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -32,10 +34,16 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strdup.c     5.4 (Berkeley) 2/24/91";*/
-static char *rcsid = "$Id: strdup.c,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $";
+#if 0
+static char sccsid[] = "@(#)strdup.c    8.1 (Berkeley) 6/4/93";
+#else
+static char *rcsid = "$OpenBSD: strdup.c,v 1.3 1997/08/20 04:18:52 millert Exp $";
+#endif
 #endif /* LIBC_SCCS and not lint */
 
+#include <sys/types.h>
+
+#include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -43,12 +51,12 @@ char *
 strdup(str)
         const char *str;
 {
-        size_t len;
+        size_t siz;
         char *copy;
 
-        len = strlen(str) + 1;
-        if (!(copy = malloc(len)))
-                return((char *)NULL);
-        memcpy(copy, str, len);
+        siz = strlen(str) + 1;
+        if ((copy = malloc(siz)) == NULL)
+                return(NULL);
+        (void)memcpy(copy, str, siz);
         return(copy);
 }
diff --git a/src/lib/libc/string/strerror.3 b/src/lib/libc/string/strerror.3
index c9d8504dbb..487c2b0e9f 100644
--- a/src/lib/libc/string/strerror.3
+++ b/src/lib/libc/string/strerror.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strerror.3    6.9 (Berkeley) 6/29/91
-.\"     $Id: strerror.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
+.\"     $OpenBSD: strerror.3,v 1.2 1996/08/19 08:34:16 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRERROR 3
diff --git a/src/lib/libc/string/strerror.c b/src/lib/libc/string/strerror.c
index c3f5ab5d98..0e2690c3dd 100644
--- a/src/lib/libc/string/strerror.c
+++ b/src/lib/libc/string/strerror.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strerror.c   5.6 (Berkeley) 5/4/91";*/
-static char *rcsid = "$Id: strerror.c,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strerror.c,v 1.2 1996/08/19 08:34:17 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/strftime.3 b/src/lib/libc/string/strftime.3
deleted file mode 100644
index f14db4bb13..0000000000
--- a/src/lib/libc/string/strftime.3
+++ /dev/null
@@ -1,202 +0,0 @@
-.\" Copyright (c) 1989, 1991 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" This code is derived from software contributed to Berkeley by
-.\" the American National Standards Committee X3, on Information
-.\" Processing Systems.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"     This product includes software developed by the University of
-.\"     California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"     from: @(#)strftime.3    5.12 (Berkeley) 6/29/91
-.\"     $Id: strftime.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
-.\"
-.Dd June 29, 1991
-.Dt STRFTIME 3
-.Os
-.Sh NAME
-.Nm strftime
-.Nd format date and time
-.Sh SYNOPSIS
-.Fd #include <time.h>
-.Ft size_t
-.Fn strftime "char *buf" "size_t maxsize" "const char *format" "const struct tm *timeptr"
-.Sh DESCRIPTION
-The
-.Fn strftime
-function formats the information from
-.Fa timeptr
-into the buffer
-.Fa buf
-according to the string pointed to by
-.Fa format .
-.Pp
-The
-.Fa format
-string consists of zero or more conversion specifications and
-ordinary characters.
-All ordinary characters are copied directly into the buffer.
-A conversion specification consists of a percent sign
-.Ql %
-and one other character.
-.Pp
-No more than
-.Fa maxsize
-characters will be placed into the array.
-If the total number of resulting characters, including the terminating
-null character, is not more than
-.Fa maxsize ,
-.Fn strftime
-returns the number of characters in the array, not counting the
-terminating null.
-Otherwise, zero is returned.
-.Pp
-Each conversion specification is replaced by the characters as
-follows which are then copied into the buffer.
-.Bl -tag -width "xxxx"
-.It Cm \&%A
-is replaced by the locale's full weekday name.
-.It Cm %a
-is replaced by the locale's abbreviated weekday name.
-.It Cm \&%B
-is replaced by the locale's full month name.
-.It Cm \&%b No or Cm \&%h
-is replaced by the locale's abbreviated month name.
-.It Cm \&%C
-is replaced by the century (a year divided by 100 and truncated to an integer)
-as a decimal number (00-99).
-.It Cm \&%c
-is replaced by the locale's appropriate date and time representation.
-.It Cm \&%D
-is replaced by the date in the format 
-.Dq Li %m/%d/%y .
-.It Cm \&%d
-is replaced by the day of the month as a decimal number (01-31).
-.It Cm \&%e
-is replaced by the day of month as a decimal number (1-31);
-single digits are preceded by a blank.
-.It Cm \&%H
-is replaced by the hour (24-hour clock) as a decimal number (00-23).
-.It Cm \&%I
-is replaced by the hour (12-hour clock) as a decimal number (01-12).
-.It Cm \&%j
-is replaced by the day of the year as a decimal number (001-366).
-.It Cm \&%k
-is replaced by the hour (24-hour clock) as a decimal number (0-23);
-single digits are preceded by a blank.
-.It Cm \&%l
-is replaced by the hour (12-hour clock) as a decimal number (1-12);
-single digits are preceded by a blank.
-.It Cm \&%M
-is replaced by the minute as a decimal number (00-59).
-.It Cm %m
-is replaced by the month as a decimal number (01-12).
-.It Cm %n
-is replaced by a newline.
-.It Cm %p
-is replaced by the locale's equivalent of either 
-.Dq Tn AM
-or
-.Dq Tn PM .
-.It Cm \&%R
-is replaced by the time in the format
-.Dq Li %H:%M .
-.It Cm \&%r
-is replaced by the locale's representation of 12-hour clock time 
-using AM/PM notation.
-.It Cm \&%T
-is replaced by the time in the format
-.Dq Li %H:%M:%S .
-.It Cm \&%t
-is replaced by a tab.
-.It Cm \&%S
-is replaced by the second as a decimal number (00-60).
-.It Cm %s
-is replaced by the number of seconds since the Epoch, UCT (see
-.Xr mktime 3 ) .
-.It Cm \&%U
-is replaced by the week number of the year (Sunday as the first day of
-the week) as a decimal number (00-53).
-.It Cm \&%u
-is replaced by the weekday (Monday as the first day of the week)
-as a decimal number (1-7).
-.It Cm \&%V
-is replaced by the week number of the year (Monday as the first day of
-the week) as a decimal number (01-53).  If the week containing January
-1 has four or more days in the new year, then it is week 1; otherwise
-it is week 53 of the previous year, and the next week is week 1.
-.It Cm \&%W
-is replaced by the week number of the year (Monday as the first day of
-the week) as a decimal number (00-53).
-.It Cm \&%w
-is replaced by the weekday (Sunday as the first day of the week)
-as a decimal number (0-6).
-.It Cm \&%X
-is replaced by the locale's appropriate date representation.
-.It Cm \&%x
-is replaced by the locale's appropriate time representation.
-.It Cm \&%Y
-is replaced by the year with century as a decimal number.
-.It Cm \&%y
-is replaced by the year without century as a decimal number (00-99).
-.It Cm \&%Z
-is replaced by the time zone name.
-.It Cm %%
-is replaced by
-.Ql % .
-.El
-.Sh SEE ALSO
-.Xr date 1 ,
-.Xr ctime 3 ,
-.Xr printf 1 ,
-.Xr printf 3
-.Sh STANDARDS
-The
-.Fn strftime
-function
-conforms to
-.St -ansiC .
-The
-.Ql \&%C ,
-.Ql \&%D ,
-.Ql \&%e ,
-.Ql \&%h ,
-.Ql \&%k ,
-.Ql \&%l , 
-.Ql \&%n ,
-.Ql \&%r ,
-.Ql \&%R ,
-.Ql \&%s .
-.Ql \&%t , 
-.Ql \&%T , 
-.Ql \&%u ,
-and
-.Ql \&%V
-conversion specifications are extensions.
-.Sh BUGS
-There is no conversion specification for the phase of the moon.
diff --git a/src/lib/libc/string/strftime.c b/src/lib/libc/string/strftime.c
deleted file mode 100644
index fffa9ecbb0..0000000000
--- a/src/lib/libc/string/strftime.c
+++ /dev/null
@@ -1,317 +0,0 @@
-/*
- * Copyright (c) 1989 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *      This product includes software developed by the University of
- *      California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strftime.c   5.11 (Berkeley) 2/24/91";*/
-static char *rcsid = "$Id: strftime.c,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-#include <sys/localedef.h>
-#include <locale.h>
-#include <string.h>
-#include <tzfile.h>
-#include <time.h>
-
-static size_t gsize;
-static char *pt;
-static int _add(), _conv(), _secs();
-static size_t _fmt();
-
-size_t
-strftime(s, maxsize, format, t)
-        char *s;
-        size_t maxsize;
-        const char *format;
-        const struct tm *t;
-{
-        tzset();
-
-        pt = s;
-        if ((gsize = maxsize) < 1)
-                return(0);
-        if (_fmt(format, t)) {
-                *pt = '\0';
-                return(maxsize - gsize);
-        }
-        return(0);
-}
-
-#define SUN_WEEK(t)     (((t)->tm_yday + 7 - \
-                                ((t)->tm_wday)) / 7)
-#define MON_WEEK(t)     (((t)->tm_yday + 7 - \
-                                ((t)->tm_wday ? (t)->tm_wday - 1 : 6)) / 7)
-static size_t
-_fmt(format, t)
-        register char *format;
-        struct tm *t;
-{
-        for (; *format; ++format) {
-                if (*format == '%') {
-                        ++format;
-                        if (*format == 'E') {
-                                /* Alternate Era */
-                                ++format;
-                        } else if (*format == 'O') {
-                                /* Alternate numeric symbols */
-                                ++format;
-                        }
-                        switch(*format) {
-                        case '\0':
-                                --format;
-                                break;
-                        case 'A':
-                                if (t->tm_wday < 0 || t->tm_wday > 6)
-                                        return(0);
-                                if (!_add(_CurrentTimeLocale->day[t->tm_wday]))
-                                        return(0);
-                                continue;
-                        case 'a':
-                                if (t->tm_wday < 0 || t->tm_wday > 6)
-                                        return(0);
-                                if (!_add(_CurrentTimeLocale->abday[t->tm_wday]))
-                                        return(0);
-                                continue;
-                        case 'B':
-                                if (t->tm_mon < 0 || t->tm_mon > 11)
-                                        return(0);
-                                if (!_add(_CurrentTimeLocale->mon[t->tm_mon]))
-                                        return(0);
-                                continue;
-                        case 'b':
-                        case 'h':
-                                if (t->tm_mon < 0 || t->tm_mon > 11)
-                                        return(0);
-                                if (!_add(_CurrentTimeLocale->abmon[t->tm_mon]))
-                                        return(0);
-                                continue;
-                        case 'C':
-                                if (!_conv((t->tm_year + TM_YEAR_BASE) / 100,
-                                    2, '0'))
-                                        return(0);
-                                continue;
-                        case 'c':
-                                if (!_fmt(_CurrentTimeLocale->d_t_fmt, t))
-                                        return(0);
-                                continue;
-                        case 'D':
-                                if (!_fmt("%m/%d/%y", t))
-                                        return(0);
-                                continue;
-                        case 'd':
-                                if (!_conv(t->tm_mday, 2, '0'))
-                                        return(0);
-                                continue;
-                        case 'e':
-                                if (!_conv(t->tm_mday, 2, ' '))
-                                        return(0);
-                                continue;
-                        case 'H':
-                                if (!_conv(t->tm_hour, 2, '0'))
-                                        return(0);
-                                continue;
-                        case 'I':
-                                if (!_conv(t->tm_hour % 12 ?
-                                    t->tm_hour % 12 : 12, 2, '0'))
-                                        return(0);
-                                continue;
-                        case 'j':
-                                if (!_conv(t->tm_yday + 1, 3, '0'))
-                                        return(0);
-                                continue;
-                        case 'k':
-                                if (!_conv(t->tm_hour, 2, ' '))
-                                        return(0);
-                                continue;
-                        case 'l':
-                                if (!_conv(t->tm_hour % 12 ?
-                                    t->tm_hour % 12: 12, 2, ' '))
-                                        return(0);
-                                continue;
-                        case 'M':
-                                if (!_conv(t->tm_min, 2, '0'))
-                                        return(0);
-                                continue;
-                        case 'm':
-                                if (!_conv(t->tm_mon + 1, 2, '0'))
-                                        return(0);
-                                continue;
-                        case 'n':
-                                if (!_add("\n"))
-                                        return(0);
-                                continue;
-                        case 'p':
-                                if (!_add(_CurrentTimeLocale->am_pm[t->tm_hour >= 12]))
-                                        return(0);
-                                continue;
-                        case 'R':
-                                if (!_fmt("%H:%M", t))
-                                        return(0);
-                                continue;
-                        case 'r':
-                                if (!_fmt(_CurrentTimeLocale->t_fmt_ampm, t))
-                                        return(0);
-                                continue;
-                        case 'S':
-                                if (!_conv(t->tm_sec, 2, '0'))
-                                        return(0);
-                                continue;
-                        case 's':
-                                if (!_secs(t))
-                                        return(0);
-                                continue;
-                        case 'T':
-                                if (!_fmt("%H:%M:%S", t))
-                                        return(0);
-                                continue;
-                        case 't':
-                                if (!_add("\t"))
-                                        return(0);
-                                continue;
-                        case 'U':
-                                if (!_conv(SUN_WEEK(t), 2, '0'))
-                                        return(0);
-                                continue;
-                        case 'u':
-                                if (!_conv(t->tm_wday ? t->tm_wday : 7, 2, '0'))
-                                        return(0);
-                                continue;
-                        case 'V':
-                                {
-                                /* ISO 8601 Week Of Year:
-                                   If the week (Monday - Sunday) containing
-                                   January 1 has four or more days in the new 
-                                   year, then it is week 1; otherwise it is 
-                                   week 53 of the previous year and the next
-                                   week is week one. */
-                                 
-                                int week = MON_WEEK(t);
-
-                                if (((t->tm_yday + 7 - (t->tm_wday + 1)) % 7) >= 4) {
-                                        week++;
-                                } else if (week == 0) {
-                                        week = 53;
-                                }
-
-                                if (!_conv(week, 2, '0'))
-                                        return(0);
-                                continue;
-                                }
-                        case 'W':
-                                if (!_conv(MON_WEEK(t), 2, '0'))
-                                        return(0);
-                                continue;
-                        case 'w':
-                                if (!_conv(t->tm_wday, 1, '0'))
-                                        return(0);
-                                continue;
-                        case 'x':
-                                if (!_fmt(_CurrentTimeLocale->d_fmt, t))
-                                        return(0);
-                                continue;
-                        case 'X':
-                                if (!_fmt(_CurrentTimeLocale->t_fmt, t))
-                                        return(0);
-                                continue;
-                        case 'y':
-                                if (!_conv((t->tm_year + TM_YEAR_BASE) % 100,
-                                    2, '0'))
-                                        return(0);
-                                continue;
-                        case 'Y':
-                                if (!_conv((t->tm_year + TM_YEAR_BASE), 4, '0'))
-                                        return(0);
-                                continue;
-                        case 'Z':
-                                if (t->tm_zone && !_add(t->tm_zone))
-                                        return(0);
-                                continue;
-                        case '%':
-                        /*
-                         * X311J/88-090 (4.12.3.5): if conversion char is
-                         * undefined, behavior is undefined.  Print out the
-                         * character itself as printf(3) does.
-                         */
-                        default:
-                                break;
-                        }
-                }
-                if (!gsize--)
-                        return(0);
-                *pt++ = *format;
-        }
-        return(gsize);
-}
-
-static
-_secs(t)
-        struct tm *t;
-{
-        static char buf[15];
-        register time_t s;
-        register char *p;
-        struct tm tmp;
-
-        /* Make a copy, mktime(3) modifies the tm struct. */
-        tmp = *t;
-        s = mktime(&tmp);
-        for (p = buf + sizeof(buf) - 2; s > 0 && p > buf; s /= 10)
-                *p-- = s % 10 + '0';
-        return(_add(++p));
-}
-
-static
-_conv(n, digits, pad)
-        int n, digits;
-        char pad;
-{
-        static char buf[10];
-        register char *p;
-
-        for (p = buf + sizeof(buf) - 2; n > 0 && p > buf; n /= 10, --digits)
-                *p-- = n % 10 + '0';
-        while (p > buf && digits-- > 0)
-                *p-- = pad;
-        return(_add(++p));
-}
-
-static
-_add(str)
-        register char *str;
-{
-        for (;; ++pt, --gsize) {
-                if (!gsize)
-                        return(0);
-                if (!(*pt = *str++))
-                        return(1);
-        }
-}
diff --git a/src/lib/libc/string/string.3 b/src/lib/libc/string/string.3
index aaf97e0321..323d4f3040 100644
--- a/src/lib/libc/string/string.3
+++ b/src/lib/libc/string/string.3
@@ -31,8 +31,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)string.3      6.9 (Berkeley) 4/19/91
-.\"     $Id: string.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
+.\"     $OpenBSD: string.3,v 1.3 1998/09/06 22:23:18 aaron Exp $
 .\"
 .Dd April 19, 1991
 .Dt STRING 3
@@ -103,7 +102,7 @@
 .Fn rindex "const char *s" "int c"
 .Sh DESCRIPTION
 The string functions
-functions manipulate strings terminated by a
+manipulate strings terminated by a
 null byte.
 .Pp
 See the specific manual pages for more information.
diff --git a/src/lib/libc/string/strlcat.c b/src/lib/libc/string/strlcat.c
new file mode 100644
index 0000000000..2e8c56926e
--- /dev/null
+++ b/src/lib/libc/string/strlcat.c
@@ -0,0 +1,71 @@
+/*      $OpenBSD: strlcat.c,v 1.1 1998/07/01 01:29:45 millert Exp $     */
+
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strlcat.c,v 1.1 1998/07/01 01:29:45 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <string.h>
+
+/*
+ * Appends src to string dst of size siz (unlike strncat, siz is the
+ * full size of dst, not space left).  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz == 0).
+ * Returns strlen(src); if retval >= siz, truncation occurred.
+ */
+size_t strlcat(dst, src, siz)
+        char *dst;
+        const char *src;
+        size_t siz;
+{
+        register char *d = dst;
+        register const char *s = src;
+        register size_t n = siz;
+        size_t dlen;
+
+        /* Find the end of dst and adjust bytes left */
+        while (*d != '\0' && n != 0)
+                d++;
+        dlen = d - dst;
+        n -= dlen;
+
+        if (n == 0)
+                return(dlen + strlen(s));
+        while (*s != '\0') {
+                if (n != 1) {
+                        *d++ = *s;
+                        n--;
+                }
+                s++;
+        }
+        *d = '\0';
+
+        return(dlen + (s - src));       /* count does not include NUL */
+}
diff --git a/src/lib/libc/string/strlcpy.3 b/src/lib/libc/string/strlcpy.3
new file mode 100644
index 0000000000..5ce444d6fa
--- /dev/null
+++ b/src/lib/libc/string/strlcpy.3
@@ -0,0 +1,140 @@
+.\" $OpenBSD: strlcpy.3,v 1.2 1998/07/06 19:17:21 millert Exp $
+.\"
+.\" Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd June 22, 1998
+.Dt STRLCPY 3
+.Os
+.Sh NAME
+.Nm strlcpy,
+.Nm strlcat
+.Nd size-bounded string copying and concatenation
+.Sh SYNOPSIS
+.Fd #include <string.h>
+.Ft size_t
+.Fn strlcpy "char *dst" "const char *src" "size_t size"
+.Ft size_t
+.Fn strlcat "char *dst" "const char *src" "size_t size"
+.Sh DESCRIPTION
+The
+.Fn strlcpy
+and
+.Fn strlcat
+functions copy and concatenate strings respectively.  They are designed
+to be safer, more consistent, and less error prone replacements for
+.Xr strncpy 3
+and
+.Xr strncat 3 .
+Unlike those functions,
+.Fn strlcpy
+and
+.Fn strlcat
+take the full size of the buffer (not just the length) and guarantee to
+NUL-terminate the result (as long as
+.Fa size
+is larger than 0).  Note that you should include a byte for the NUL in
+.Fa size .
+.Pp
+The
+.Fn strlcpy
+function copies up to
+.Fa size
+- 1 characters from the NUL-terminated string
+.Fa src
+to
+.Fa dst ,
+NUL-terminating the result.
+.Pp
+The
+.Fn strlcat
+function appends the NUL-terminated string
+.Fa src
+to the end of
+.Fa dst .
+It will append at most
+.Fa size
+- strlen(dst) - 1 bytes, NUL-terminating the result.
+.Sh RETURN VALUES
+The
+.Fn strlcpy
+and
+.Fn strlcat
+functions return the total length of the string they tried to
+create.  For
+.Fn strlcpy
+that means the length of
+.Fa src .
+For
+.Fn strlcat
+that means the initial length of
+.Fa dst
+plus
+the length of
+.Fa src .
+While this may seem somewhat confusing it was done to make
+truncation detection simple.
+.Sh EXAMPLES
+The following code fragment illustrates the simple case:
+.Bd -literal -offset indent
+char *s, *p, buf[BUFSIZ];
+
+.Li ...
+
+(void)strlcpy(buf, s, sizeof(buf));
+(void)strlcat(buf, p, sizeof(buf));
+.Ed
+.Pp
+To detect truncation, perhaps while building a pathname, something
+like the following might be used:
+.Bd -literal -offset indent
+char *dir, *file, pname[MAXPATHNAMELEN];
+
+.Li ...
+
+if (strlcpy(pname, dir, sizeof(pname)) >= sizeof(pname))
+        goto toolong;
+if (strlcat(pname, file, sizeof(pname)) >= sizeof(pname))
+        goto toolong;
+.Ed
+.Pp
+Since we know how many characters we copied the first time, we can
+speed things up a bit by using a copy instead on an append:
+.Bd -literal -offset indent
+char *dir, *file, pname[MAXPATHNAMELEN];
+size_t n;
+
+.Li ...
+
+n = strlcpy(pname, dir, sizeof(pname));
+if (n >= sizeof(pname))
+        goto toolong;
+if (strlcpy(pname + n, file, sizeof(pname)) >= sizeof(pname) - n)
+        goto toolong;
+.Ed
+.Sh SEE ALSO
+.Xr snprintf 3 ,
+.Xr strncpy 3 ,
+.Xr strncat 3
diff --git a/src/lib/libc/string/strlcpy.c b/src/lib/libc/string/strlcpy.c
new file mode 100644
index 0000000000..1a60445599
--- /dev/null
+++ b/src/lib/libc/string/strlcpy.c
@@ -0,0 +1,63 @@
+/*      $OpenBSD: strlcpy.c,v 1.1 1998/07/01 01:29:45 millert Exp $     */
+
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strlcpy.c,v 1.1 1998/07/01 01:29:45 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <string.h>
+
+/*
+ * Copy src to string dst of size siz.  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz == 0).
+ * Returns strlen(src); if retval >= siz, truncation occurred.
+ */
+size_t strlcpy(dst, src, siz)
+        char *dst;
+        char *src;
+        size_t siz;
+{
+        register char *d = dst;
+        register const char *s = src;
+        register size_t n = siz;
+
+        if (n == 0)
+                return(strlen(s));
+        while (*s != '\0') {
+                if (n != 1) {
+                        *d++ = *s;
+                        n--;
+                }
+                s++;
+        }
+        *d = '\0';
+
+        return(s - src);        /* count does not include NUL */
+}
diff --git a/src/lib/libc/string/strlen.3 b/src/lib/libc/string/strlen.3
index f4aff363ee..99e7dd19c3 100644
--- a/src/lib/libc/string/strlen.3
+++ b/src/lib/libc/string/strlen.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strlen.3      5.4 (Berkeley) 6/29/91
-.\"     $Id: strlen.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
+.\"     $OpenBSD: strlen.3,v 1.2 1996/08/19 08:34:19 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRLEN 3
diff --git a/src/lib/libc/string/strlen.c b/src/lib/libc/string/strlen.c
index d23aadafc0..332d5766f9 100644
--- a/src/lib/libc/string/strlen.c
+++ b/src/lib/libc/string/strlen.c
@@ -32,11 +32,14 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strlen.c     5.5 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strlen.c,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strlen.c,v 1.3 1996/08/19 08:34:19 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
+#ifndef _KERNEL
 #include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
 
 size_t
 strlen(str)
diff --git a/src/lib/libc/string/strmode.3 b/src/lib/libc/string/strmode.3
index 1907e7ab03..3db953704d 100644
--- a/src/lib/libc/string/strmode.3
+++ b/src/lib/libc/string/strmode.3
@@ -1,5 +1,7 @@
-.\" Copyright (c) 1990, 1991 The Regents of the University of California.
-.\" All rights reserved.
+.\" $OpenBSD: strmode.3,v 1.6 1998/06/15 17:55:13 mickey Exp $
+.\"
+.\" Copyright (c) 1990, 1991, 1993
+.\"     The Regents of the University of California.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -29,10 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strmode.3     5.4 (Berkeley) 7/31/91
-.\"     $Id: strmode.3,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $
+.\"     @(#)strmode.3   8.3 (Berkeley) 7/28/94
 .\"
-.Dd July 31, 1991
+.Dd July 28, 1994
 .Dt STRMODE 3
 .Os
 .Sh NAME
@@ -53,7 +54,7 @@ converts a file
 into a symbolic string which is stored in the location referenced by
 .Fa bp .
 This stored string is eleven characters in length plus a trailing
-.Dv NULL .
+.Dv NUL .
 .Pp
 The first character is the inode type, and will be one of the following:
 .Pp
@@ -72,6 +73,8 @@ symbolic link
 fifo
 .It s
 socket
+.It w
+whiteout
 .It ?
 unknown inode type
 .El
@@ -98,28 +101,28 @@ The third character is the first of the following characters that apply:
 .Bl -tag -width xxxx
 .It S
 If the character is part of the owner permissions and the file is not
-executable or the directory is not searchable, by the owner, and the
+executable or the directory is not searchable by the owner, and the
 set-user-id bit is set.
 .It S
 If the character is part of the group permissions and the file is not
-executable or the directory is not searchable, by the group, and the
+executable or the directory is not searchable by the group, and the
 set-group-id bit is set.
 .It T
 If the character is part of the other permissions and the file is not
-executable or the directory is not searchable, by others, and the ``sticky''
+executable or the directory is not searchable by others, and the ``sticky''
 .Pq Dv S_ISVTX
 bit is set.
 .It s
 If the character is part of the owner permissions and the file is
-executable or the directory searchable, by the owner, and the set-user-id
+executable or the directory searchable by the owner, and the set-user-id
 bit is set.
 .It s
 If the character is part of the group permissions and the file is
-executable or the directory searchable, by the group, and the set-group-id
+executable or the directory searchable by the group, and the set-group-id
 bit is set.
 .It t
 If the character is part of the other permissions and the file is
-executable or the directory searchable, by others, and the ``sticky''
+executable or the directory searchable by others, and the ``sticky''
 .Pq Dv S_ISVTX
 bit is set.
 .It x
@@ -128,7 +131,7 @@ The file is executable or the directory is searchable.
 None of the above apply.
 .El
 .Pp
-The last character is a plus sign ``+'' if any there are any alternate
+The last character is a plus sign ``+'' if there are any alternate
 or additional access control methods associated with the inode, otherwise
 it will be a space.
 .Sh RETURN VALUES
@@ -145,5 +148,5 @@ always returns 0.
 .Sh HISTORY
 The
 .Fn strmode
-function
-.Ud .
+function first appeared in
+.Bx 4.4 .
diff --git a/src/lib/libc/string/strmode.c b/src/lib/libc/string/strmode.c
index 441fc76e90..5e7f15e857 100644
--- a/src/lib/libc/string/strmode.c
+++ b/src/lib/libc/string/strmode.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strmode.c    5.3 (Berkeley) 5/18/90";*/
-static char *rcsid = "$Id: strmode.c,v 1.1.1.1 1995/10/18 08:42:22 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strmode.c,v 1.3 1997/06/13 13:57:20 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/types.h>
@@ -70,6 +69,11 @@ strmode(mode, p)
                 *p++ = 'p';
                 break;
 #endif
+#ifdef S_IFWHT
+        case S_IFWHT:                   /* whiteout */
+                *p++ = 'w';
+                break;
+#endif
         default:                        /* unknown */
                 *p++ = '?';
                 break;
diff --git a/src/lib/libc/string/strncat.c b/src/lib/libc/string/strncat.c
index 3d96452af4..27ae2ba324 100644
--- a/src/lib/libc/string/strncat.c
+++ b/src/lib/libc/string/strncat.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strncat.c    5.6 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strncat.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strncat.c,v 1.2 1996/08/19 08:34:21 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/strncmp.c b/src/lib/libc/string/strncmp.c
index 0638d4dcf2..0224957f8b 100644
--- a/src/lib/libc/string/strncmp.c
+++ b/src/lib/libc/string/strncmp.c
@@ -32,11 +32,14 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strncmp.c    5.6 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strncmp.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strncmp.c,v 1.3 1996/08/19 08:34:21 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
+#ifndef _KERNEL
 #include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
 
 int
 strncmp(s1, s2, n)
diff --git a/src/lib/libc/string/strncpy.c b/src/lib/libc/string/strncpy.c
index 5215311b75..01bc8a872e 100644
--- a/src/lib/libc/string/strncpy.c
+++ b/src/lib/libc/string/strncpy.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strncpy.c    5.6 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strncpy.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strncpy.c,v 1.2 1996/08/19 08:34:22 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/strpbrk.3 b/src/lib/libc/string/strpbrk.3
index 8578546c05..5876f560a9 100644
--- a/src/lib/libc/string/strpbrk.3
+++ b/src/lib/libc/string/strpbrk.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strpbrk.3     5.4 (Berkeley) 6/29/91
-.\"     $Id: strpbrk.3,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $
+.\"     $OpenBSD: strpbrk.3,v 1.2 1996/08/19 08:34:22 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRPBRK 3
diff --git a/src/lib/libc/string/strpbrk.c b/src/lib/libc/string/strpbrk.c
index f1d542a525..748a3a8c94 100644
--- a/src/lib/libc/string/strpbrk.c
+++ b/src/lib/libc/string/strpbrk.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strpbrk.c    5.8 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strpbrk.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strpbrk.c,v 1.2 1996/08/19 08:34:23 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/strrchr.3 b/src/lib/libc/string/strrchr.3
index 1d98cbff24..6dd00d32fb 100644
--- a/src/lib/libc/string/strrchr.3
+++ b/src/lib/libc/string/strrchr.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strrchr.3     5.3 (Berkeley) 6/29/91
-.\"     $Id: strrchr.3,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $
+.\"     $OpenBSD: strrchr.3,v 1.2 1996/08/19 08:34:23 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRRCHR 3
diff --git a/src/lib/libc/string/strsep.3 b/src/lib/libc/string/strsep.3
index 21aa7376f2..5af262a074 100644
--- a/src/lib/libc/string/strsep.3
+++ b/src/lib/libc/string/strsep.3
@@ -1,8 +1,11 @@
-.\" Copyright (c) 1990, 1991 The Regents of the University of California.
-.\" All rights reserved.
+.\" $OpenBSD: strsep.3,v 1.4 1998/06/15 17:55:14 mickey Exp $
+.\"
+.\" Copyright (c) 1990, 1991, 1993
+.\"     The Regents of the University of California.  All rights reserved.
 .\"
 .\" This code is derived from software contributed to Berkeley by
 .\" Chris Torek.
+.\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
@@ -31,10 +34,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strsep.3      5.3 (Berkeley) 4/19/91
-.\"     $Id: strsep.3,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $
+.\"     @(#)strsep.3    8.1 (Berkeley) 6/9/93
 .\"
-.Dd April 19, 1991
+.Dd June 9, 1993
 .Dt STRSEP 3
 .Os
 .Sh NAME
@@ -47,23 +49,29 @@
 .Sh DESCRIPTION
 The
 .Fn strsep
-locates in the null-terminated string at
-.Fa *stringp
-the first occurrence of any character in
-.Fa delim
-and replaces this with a
-.Ql \e0 ,
-records the location of the immediate following character in
+function locates, in the string referenced by
 .Fa *stringp ,
-then returns the original value of
+the first occurrence of any character in the string
+.Fa delim
+(or the terminating
+.Ql \e0
+character) and replaces it with a
+.Ql \e0 .
+The location of the next character after the delimiter character
+(or NULL, if the end of the string was reached) is stored in
 .Fa *stringp .
-If no delimiter characters are found,
-.Fn strsep
-sets
+The original value of
+.Fa *stringp
+is returned.
+.Pp
+An ``empty'' field, i.e. one caused by two adjacent delimiter characters,
+can be detected by comparing the location referenced by the pointer returned
+in
 .Fa *stringp
 to
-.Dv NULL ;
-if
+.Ql \e0 .
+.Pp
+If
 .Fa *stringp
 is initially
 .Dv NULL ,
@@ -73,20 +81,30 @@ returns
 .Sh EXAMPLES
 The following uses
 .Fn strsep
-to parse strings containing runs of white space,
-making up an argument vector:
+to parse a string, containing tokens delimited by white space, into an
+argument vector:
 .Bd -literal -offset indent
-char inputstring[100];
-char **argv[51], **ap = argv, *p, *val;
-/* set up inputstring */
-for (p = inputstring; p != NULL; ) {
-        while ((val = strsep(&p, " \et")) != NULL && *val == '\e0');
-        *ap++ = val;
-}
-*ap = 0;
+char **ap, *argv[10], *inputstring;
+
+for (ap = argv; (*ap = strsep(&inputstring, " \et")) != NULL;)
+        if (**ap != '\e0')
+                ++ap;
 .Ed
 .Sh HISTORY
 The
 .Fn strsep
-function is
-.Ud .
+function
+is intended as a replacement for the
+.Fn strtok
+function.
+While the
+.Fn strtok
+function should be preferred for portability reasons (it conforms to
+.St -ansiC )
+it is unable to handle empty fields, i.e. detect fields delimited by
+two adjacent delimiter characters, or to be used for more than a single
+string at a time.
+The
+.Fn strsep
+function first appeared in
+.Bx 4.4 .
diff --git a/src/lib/libc/string/strsep.c b/src/lib/libc/string/strsep.c
index 69be7fe046..b69b715fc5 100644
--- a/src/lib/libc/string/strsep.c
+++ b/src/lib/libc/string/strsep.c
@@ -1,6 +1,8 @@
+/*      $OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $      */
+
 /*-
- * Copyright (c) 1990 The Regents of the University of California.
- * All rights reserved.
+ * Copyright (c) 1990, 1993
+ *      The Regents of the University of California.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,15 +33,19 @@
  * SUCH DAMAGE.
  */
 
+#include <string.h>
+#include <stdio.h>
+
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static const char sccsid[] = "from: @(#)strsep.c      5.4 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strsep.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $";
+#if 0
+static char sccsid[] = "@(#)strsep.c    8.1 (Berkeley) 6/4/93";
+#else
+static char *rcsid = "$OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $";
+#endif
 #endif /* LIBC_SCCS and not lint */
 
-#include <string.h>
-
 /*
- * Get next token from string *stringp, where tokens are nonempty
+ * Get next token from string *stringp, where tokens are possibly-empty
  * strings separated by characters from delim.  
  *
  * Writes NULs into the string at *stringp to end tokens.
@@ -47,7 +53,7 @@ static char *rcsid = "$Id: strsep.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $"
  * On return, *stringp points past the last NUL written (if there might
  * be further tokens), or is NULL (if there are definitely no more tokens).
  *
- * If *stringp is NULL, strtoken returns NULL.
+ * If *stringp is NULL, strsep returns NULL.
  */
 char *
 strsep(stringp, delim)
diff --git a/src/lib/libc/string/strsignal.3 b/src/lib/libc/string/strsignal.3
index 3287fef53e..42e433c259 100644
--- a/src/lib/libc/string/strsignal.3
+++ b/src/lib/libc/string/strsignal.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strerror.3    6.9 (Berkeley) 6/29/91
-.\"     $Id: strsignal.3,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $
+.\"     $OpenBSD: strsignal.3,v 1.2 1996/08/19 08:34:25 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRSIGNAL 3
diff --git a/src/lib/libc/string/strsignal.c b/src/lib/libc/string/strsignal.c
index ec4a267edf..cf03af5963 100644
--- a/src/lib/libc/string/strsignal.c
+++ b/src/lib/libc/string/strsignal.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strerror.c   5.6 (Berkeley) 5/4/91";*/
-static char *rcsid = "$Id: strsignal.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strsignal.c,v 1.2 1996/08/19 08:34:25 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/strspn.3 b/src/lib/libc/string/strspn.3
index 4de03aa58b..7d15470dee 100644
--- a/src/lib/libc/string/strspn.3
+++ b/src/lib/libc/string/strspn.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strspn.3      5.3 (Berkeley) 6/29/91
-.\"     $Id: strspn.3,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $
+.\"     $OpenBSD: strspn.3,v 1.3 1996/08/19 08:34:25 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRSPN 3
@@ -48,7 +47,7 @@
 .Fn strspn "const char *s" "const char *charset"
 .Sh DESCRIPTION
 The
-.Xr strcspn
+.Fn strspn
 function
 spans the initial part of the null-terminated string
 .Fa s
diff --git a/src/lib/libc/string/strspn.c b/src/lib/libc/string/strspn.c
index 6224b25c2a..41940f9190 100644
--- a/src/lib/libc/string/strspn.c
+++ b/src/lib/libc/string/strspn.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strspn.c     5.8 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strspn.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strspn.c,v 1.2 1996/08/19 08:34:26 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/strstr.3 b/src/lib/libc/string/strstr.3
index 24fdf540ed..fa455b426a 100644
--- a/src/lib/libc/string/strstr.3
+++ b/src/lib/libc/string/strstr.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strstr.3      5.3 (Berkeley) 6/29/91
-.\"     $Id: strstr.3,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $
+.\"     $OpenBSD: strstr.3,v 1.2 1996/08/19 08:34:26 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRSTR 3
diff --git a/src/lib/libc/string/strstr.c b/src/lib/libc/string/strstr.c
index 1ed59e357b..763c7e29d7 100644
--- a/src/lib/libc/string/strstr.c
+++ b/src/lib/libc/string/strstr.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strstr.c     5.2 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strstr.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strstr.c,v 1.2 1996/08/19 08:34:27 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/strtok.3 b/src/lib/libc/string/strtok.3
index 644bd10aed..876e0eb515 100644
--- a/src/lib/libc/string/strtok.3
+++ b/src/lib/libc/string/strtok.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strtok.3      5.8 (Berkeley) 6/29/91
-.\"     $Id: strtok.3,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $
+.\"     $OpenBSD: strtok.3,v 1.3 1998/04/28 07:36:55 deraadt Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRTOK 3
@@ -49,7 +48,8 @@
 .Fn strtok "char *str" "const char *sep"
 .Sh DESCRIPTION
 .Bf -symbolic
-This interface is obsoleted by strsep(3).
+This interface is obsoleted by 
+.Xr strsep 3 .
 .Ef
 .Pp
 The
diff --git a/src/lib/libc/string/strtok.c b/src/lib/libc/string/strtok.c
index 9f712579bf..2fce04c3ad 100644
--- a/src/lib/libc/string/strtok.c
+++ b/src/lib/libc/string/strtok.c
@@ -32,8 +32,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strtok.c     5.8 (Berkeley) 2/24/91";*/
-static char *rcsid = "$Id: strtok.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strtok.c,v 1.2 1996/08/19 08:34:28 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/strxfrm.3 b/src/lib/libc/string/strxfrm.3
index 84fd945472..3ebdd42c29 100644
--- a/src/lib/libc/string/strxfrm.3
+++ b/src/lib/libc/string/strxfrm.3
@@ -33,8 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)strxfrm.3     5.4 (Berkeley) 6/29/91
-.\"     $Id: strxfrm.3,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $
+.\"     $OpenBSD: strxfrm.3,v 1.2 1996/08/19 08:34:28 tholo Exp $
 .\"
 .Dd June 29, 1991
 .Dt STRXFRM 3
diff --git a/src/lib/libc/string/strxfrm.c b/src/lib/libc/string/strxfrm.c
index d9df77b957..6b258edecc 100644
--- a/src/lib/libc/string/strxfrm.c
+++ b/src/lib/libc/string/strxfrm.c
@@ -35,8 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)strxfrm.c    5.2 (Berkeley) 1/26/91";*/
-static char *rcsid = "$Id: strxfrm.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $";
+static char *rcsid = "$OpenBSD: strxfrm.c,v 1.2 1996/08/19 08:34:29 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <string.h>
diff --git a/src/lib/libc/string/swab.3 b/src/lib/libc/string/swab.3
index 133c487bbd..d1bfc358fb 100644
--- a/src/lib/libc/string/swab.3
+++ b/src/lib/libc/string/swab.3
@@ -29,8 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     from: @(#)swab.3        6.6 (Berkeley) 5/1/91
-.\"     $Id: swab.3,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $
+.\"     $OpenBSD: swab.3,v 1.3 1998/02/10 02:19:48 deraadt Exp $
 .\"
 .Dd May 1, 1991
 .Dt SWAB 3
@@ -39,7 +38,7 @@
 .Nm swab
 .Nd swap adjacent bytes
 .Sh SYNOPSIS
-.Fd #include <string.h>
+.Fd #include <unistd.h>
 .Ft void
 .Fn swab "const void *src" "void *dst" "size_t len"
 .Sh DESCRIPTION
diff --git a/src/lib/libc/string/swab.c b/src/lib/libc/string/swab.c
index f33fc53bd6..311cf13a53 100644
--- a/src/lib/libc/string/swab.c
+++ b/src/lib/libc/string/swab.c
@@ -35,11 +35,10 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-/*static char *sccsid = "from: @(#)swab.c       5.10 (Berkeley) 3/6/91";*/
-static char *rcsid = "$Id: swab.c,v 1.1.1.1 1995/10/18 08:42:23 deraadt Exp $";
+static char *rcsid = "$OpenBSD: swab.c,v 1.3 1998/02/10 02:19:48 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
-#include <string.h>
+#include <unistd.h>
 
 void
 swab(from, to, len)
diff --git a/src/lib/libcrypto/Makefile.ssl b/src/lib/libcrypto/Makefile.ssl
new file mode 100644
index 0000000000..efdbba38ac
--- /dev/null
+++ b/src/lib/libcrypto/Makefile.ssl
@@ -0,0 +1,161 @@
+#
+# SSLeay/crypto/Makefile
+#
+
+DIR=            crypto
+TOP=            ..
+CC=             cc
+INCLUDE=        -I. -I../include
+INCLUDES=       -I.. -I../../include
+CFLAG=          -g
+INSTALLTOP=     /usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+RM=             /bin/rm -f
+AR=             ar r
+
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDE) $(CFLAG) -DCFLAGS=" \"$(CC) $(CFLAG)\" "
+
+ERR=crypto
+ERRC=cpt_err
+
+LIBS=
+
+SDIRS=  md2 md5 sha mdc2 hmac ripemd \
+        des rc2 rc4 rc5 idea bf cast \
+        bn rsa dsa dh \
+        buffer bio stack lhash rand err objects \
+        evp pem x509 \
+        asn1 conf txt_db pkcs7
+
+GENERAL=Makefile README
+
+LIB= $(TOP)/libcrypto.a
+LIBSRC= cryptlib.c mem.c cversion.c ex_data.c $(ERRC).c
+LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= crypto.h cryptall.h
+HEADER= cryptlib.h date.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: date.h lib subdirs
+
+date.h: ../Makefile.ssl ../VERSION
+        echo "#define DATE      \"`date`\"" >date.h
+
+subdirs:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making all in $$i..."; \
+        $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' all ); \
+        done;
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making 'files' in $$i..."; \
+        $(MAKE) files ); \
+        done;
+
+links:
+        /bin/rm -f Makefile 
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../include $(HEADER) ;
+        $(TOP)/util/mklink.sh ../test $(TEST) ;
+        $(TOP)/util/mklink.sh ../apps $(APPS) ;
+        $(TOP)/util/point.sh Makefile.ssl Makefile;
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making links in $$i..."; \
+        $(MAKE) links ); \
+        done;
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+libs:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making libs in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+        done;
+
+tests:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making tests in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
+        done;
+
+install:
+        @for i in $(EXHEADER) ;\
+        do \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making install in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+        done;
+
+lint:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making lint in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
+        done;
+
+depend:
+        $(MAKEDEPEND) $(INCLUDE) $(PROGS) $(LIBSRC)
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making depend in $$i..."; \
+        $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' MAKEDEPEND='${MAKEDEPEND}' depend ); \
+        done;
+
+clean:
+        /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making clean in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
+        done;
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making dclean in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
+        done;
+
+errors:
+        perl ./err/err_code.pl -conf err/ssleay.ec *.c */*.c ../ssl/*.c ../rsaref/*.c
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl err/err_genc.pl -s $(ERR).h $(ERRC).c
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making errors in $$i..."; \
+        $(MAKE) errors ); \
+        done;
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/asn1/Makefile.ssl b/src/lib/libcrypto/asn1/Makefile.ssl
new file mode 100644
index 0000000000..30751bd156
--- /dev/null
+++ b/src/lib/libcrypto/asn1/Makefile.ssl
@@ -0,0 +1,120 @@
+#
+# SSLeay/crypto/asn1/Makefile
+#
+
+DIR=    asn1
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=asn1
+ERRC=asn1_err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c \
+        a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+        a_sign.c a_digest.c a_verify.c \
+        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
+        x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c \
+        d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
+        d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
+        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        t_req.c t_x509.c t_pkey.c \
+        p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
+        p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
+        f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
+        a_hdr.c x_pkey.c a_bool.c x_exten.c \
+        asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c \
+        evp_asn1.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o \
+        a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+        a_sign.o a_digest.o a_verify.o \
+        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
+        x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o \
+        d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
+        d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
+        d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+        t_req.o t_x509.o t_pkey.o \
+        p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
+        p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
+        f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
+        a_hdr.o x_pkey.o a_bool.o x_exten.o \
+        asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o \
+        evp_asn1.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  asn1.h asn1_mac.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:   test.c
+        cc -g -I../../include -c test.c
+        cc -g -I../../include -o test test.o -L../.. -lcrypto
+
+pk:     pk.c
+        cc -g -I../../include -c pk.c
+        cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/asn1/f.c b/src/lib/libcrypto/asn1/f.c
new file mode 100644
index 0000000000..2ab3a262ac
--- /dev/null
+++ b/src/lib/libcrypto/asn1/f.c
@@ -0,0 +1,80 @@
+/* crypto/asn1/f.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "asn1.h"
+#include "err.h"
+
+main()
+        {
+        ASN1_TYPE *at;
+        char buf[512];
+        int n;
+        long l;
+
+        at=ASN1_TYPE_new();
+
+        n=ASN1_TYPE_set_int_octetstring(at,98736,"01234567",8);
+        printf("%d\n",n);
+        n=ASN1_TYPE_get_int_octetstring(at,&l,buf,8);
+        buf[8]='\0';
+        printf("%ld %d %d\n",l,n,buf[8]);
+        buf[8]='\0';
+        printf("%s\n",buf);
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        }
diff --git a/src/lib/libcrypto/asn1/x_cinf.c b/src/lib/libcrypto/asn1/x_cinf.c
new file mode 100644
index 0000000000..4fc2cc9f6e
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_cinf.c
@@ -0,0 +1,197 @@
+/* crypto/asn1/x_cinf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_CINF,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_CINF_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_X509_CINF(a,pp)
+X509_CINF *a;
+unsigned char **pp;
+        {
+        int v1=0,v2=0;
+        M_ASN1_I2D_vars(a);
+
+        M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+        M_ASN1_I2D_len(a->serialNumber,         i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(a->signature,            i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->issuer,               i2d_X509_NAME);
+        M_ASN1_I2D_len(a->validity,             i2d_X509_VAL);
+        M_ASN1_I2D_len(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_len(a->key,                  i2d_X509_PUBKEY);
+        M_ASN1_I2D_len_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_len_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+
+        M_ASN1_I2D_seq_total();
+
+        M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+        M_ASN1_I2D_put(a->serialNumber,         i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(a->signature,            i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->issuer,               i2d_X509_NAME);
+        M_ASN1_I2D_put(a->validity,             i2d_X509_VAL);
+        M_ASN1_I2D_put(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_put(a->key,                  i2d_X509_PUBKEY);
+        M_ASN1_I2D_put_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING,1);
+        M_ASN1_I2D_put_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING,2);
+        M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+
+        M_ASN1_I2D_finish();
+        }
+
+X509_CINF *d2i_X509_CINF(a,pp,length)
+X509_CINF **a;
+unsigned char **pp;
+long length;
+        {
+        int ver=0;
+        M_ASN1_D2I_vars(a,X509_CINF *,X509_CINF_new);
+
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        /* we have the optional version field */
+        if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+                {
+                M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);
+                if (ret->version->data != NULL)
+                        ver=ret->version->data[0];
+                }
+        else
+                {
+                if (ret->version != NULL)
+                        {
+                        ASN1_INTEGER_free(ret->version);
+                        ret->version=NULL;
+                        }
+                }
+        M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
+        M_ASN1_D2I_get(ret->signature,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->validity,d2i_X509_VAL);
+        M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->key,d2i_X509_PUBKEY);
+        if (ver >= 1) /* version 2 extensions */
+                {
+                if (ret->issuerUID != NULL)
+                        {
+                        ASN1_BIT_STRING_free(ret->issuerUID);
+                        ret->issuerUID=NULL;
+                        }
+                if (ret->subjectUID != NULL)
+                        {
+                        ASN1_BIT_STRING_free(ret->subjectUID);
+                        ret->issuerUID=NULL;
+                        }
+                M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING,  1,
+                        V_ASN1_BIT_STRING);
+                M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
+                        V_ASN1_BIT_STRING);
+                }
+        if (ver >= 2) /* version 3 extensions */
+                {
+                if (ret->extensions != NULL)
+                        while (sk_num(ret->extensions))
+                                X509_EXTENSION_free((X509_EXTENSION *)
+                                        sk_pop(ret->extensions));
+                M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,3,
+                        V_ASN1_SEQUENCE);
+                }
+        M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF);
+        }
+
+X509_CINF *X509_CINF_new()
+        {
+        X509_CINF *ret=NULL;
+
+        M_ASN1_New_Malloc(ret,X509_CINF);
+        ret->version=NULL;
+        M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
+        M_ASN1_New(ret->signature,X509_ALGOR_new);
+        M_ASN1_New(ret->issuer,X509_NAME_new);
+        M_ASN1_New(ret->validity,X509_VAL_new);
+        M_ASN1_New(ret->subject,X509_NAME_new);
+        M_ASN1_New(ret->key,X509_PUBKEY_new);
+        ret->issuerUID=NULL;
+        ret->subjectUID=NULL;
+        ret->extensions=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_CINF_NEW);
+        }
+
+void X509_CINF_free(a)
+X509_CINF *a;
+        {
+        if (a == NULL) return;
+        ASN1_INTEGER_free(a->version);
+        ASN1_INTEGER_free(a->serialNumber);
+        X509_ALGOR_free(a->signature);
+        X509_NAME_free(a->issuer);
+        X509_VAL_free(a->validity);
+        X509_NAME_free(a->subject);
+        X509_PUBKEY_free(a->key);
+        ASN1_BIT_STRING_free(a->issuerUID);
+        ASN1_BIT_STRING_free(a->subjectUID);
+        sk_pop_free(a->extensions,X509_EXTENSION_free);
+        Free((char *)a);
+        }
+
diff --git a/src/lib/libcrypto/bf/Makefile.ssl b/src/lib/libcrypto/bf/Makefile.ssl
new file mode 100644
index 0000000000..236671f238
--- /dev/null
+++ b/src/lib/libcrypto/bf/Makefile.ssl
@@ -0,0 +1,107 @@
+#
+# SSLeay/crypto/blowfish/Makefile
+#
+
+DIR=    bf
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+BF_ENC=         bf_enc.o
+# or use
+#DES_ENC=       bx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=bftest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c 
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= blowfish.h
+HEADER= bf_pi.h bf_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/bx86-elf.o: asm/bx86unix.cpp
+        $(CPP) -DELF asm/bx86unix.cpp | as -o asm/bx86-elf.o
+
+# solaris
+asm/bx86-sol.o: asm/bx86unix.cpp
+        $(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+        as -o asm/bx86-sol.o asm/bx86-sol.s
+        rm -f asm/bx86-sol.s
+
+# a.out
+asm/bx86-out.o: asm/bx86unix.cpp
+        $(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o
+
+# bsdi
+asm/bx86bsdi.o: asm/bx86unix.cpp
+        $(CPP) -DBSDI asm/bx86unix.cpp | as -o asm/bx86bsdi.o
+
+asm/bx86unix.cpp:
+        (cd asm; perl bf-586.pl cpp >bx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/point.sh ../../doc/blowfish.doc blowfish.doc ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/bio/Makefile.ssl b/src/lib/libcrypto/bio/Makefile.ssl
new file mode 100644
index 0000000000..42e11e1c94
--- /dev/null
+++ b/src/lib/libcrypto/bio/Makefile.ssl
@@ -0,0 +1,92 @@
+#
+# SSLeay/crypto/bio/Makefile
+#
+
+DIR=    bio
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=bio
+ERRC=bio_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bio_lib.c bio_cb.c $(ERRC).c \
+        bss_mem.c bss_null.c bss_fd.c \
+        bss_file.c bss_sock.c bss_conn.c \
+        bf_null.c bf_buff.c b_print.c b_dump.c \
+        b_sock.c bss_acpt.c bf_nbio.c
+LIBOBJ= bio_lib.o bio_cb.o $(ERRC).o \
+        bss_mem.o bss_null.o bss_fd.o \
+        bss_file.o bss_sock.o bss_conn.o \
+        bf_null.o bf_buff.o b_print.o b_dump.o \
+        b_sock.o bss_acpt.o bf_nbio.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bio.h bss_file.c
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) bss_file.c ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/bn/Makefile.ssl b/src/lib/libcrypto/bn/Makefile.ssl
new file mode 100644
index 0000000000..9809d26cbc
--- /dev/null
+++ b/src/lib/libcrypto/bn/Makefile.ssl
@@ -0,0 +1,133 @@
+#
+# SSLeay/crypto/bn/Makefile
+#
+
+DIR=    bn
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+BN_MULW=        bn_mulw.o
+# or use
+#BN_MULW=       bn86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=bn
+ERRC=bn_err
+GENERAL=Makefile
+TEST=bntest.c exptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c \
+        bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_blind.c \
+        bn_gcd.c bn_prime.c $(ERRC).c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c \
+        bn_mpi.c
+
+LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o \
+        bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o bn_blind.o \
+        bn_gcd.o bn_prime.o $(ERRC).o bn_sqr.o $(BN_MULW) bn_recp.o bn_mont.o \
+        bn_mpi.o
+
+
+SRC= $(LIBSRC)
+
+EXHEADER= bn.h
+HEADER= bn_lcl.h bn_prime.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+knuth: bn_knuth.c
+        cc -pg -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
+
+knuth.fast: bn_knuth.c
+        cc -pg -fast -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
+
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/bn86-elf.o: asm/bn86unix.cpp
+        $(CPP) -DELF asm/bn86unix.cpp | as -o asm/bn86-elf.o
+
+# solaris
+asm/bn86-sol.o: asm/bn86unix.cpp
+        $(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s
+        as -o asm/bn86-sol.o asm/bn86-sol.s
+        rm -f asm/bn86-sol.s
+
+# a.out
+asm/bn86-out.o: asm/bn86unix.cpp
+        $(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o
+
+# bsdi
+asm/bn86bsdi.o: asm/bn86unix.cpp
+        $(CPP) -DBSDI asm/bn86unix.cpp | as -o asm/bn86bsdi.o
+
+asm/bn86unix.cpp:
+        (cd asm; perl bn-586.pl cpp >bn86unix.cpp )
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+exptest:
+        /bin/rm -f exptest
+        gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+
+div:
+        /bin/rm -f a.out
+        gcc -I.. -g div.c ../../libcrypto.a
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_mulw.s
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # special case .org
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/buffer/Makefile.ssl b/src/lib/libcrypto/buffer/Makefile.ssl
new file mode 100644
index 0000000000..a5f150e523
--- /dev/null
+++ b/src/lib/libcrypto/buffer/Makefile.ssl
@@ -0,0 +1,84 @@
+#
+# SSLeay/crypto/buffer/Makefile
+#
+
+DIR=    buffer
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=buffer
+ERRC=buf_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= buffer.c $(ERRC).c
+LIBOBJ= buffer.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= buffer.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/cast/Makefile.ssl b/src/lib/libcrypto/cast/Makefile.ssl
new file mode 100644
index 0000000000..0143827ae5
--- /dev/null
+++ b/src/lib/libcrypto/cast/Makefile.ssl
@@ -0,0 +1,109 @@
+#
+# SSLeay/crypto/cast/Makefile
+#
+
+DIR=    cast
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CAST_ENC=c_enc.o
+# or use
+#CAST_ENC=asm/cx86-elf.o
+#CAST_ENC=asm/cx86-out.o
+#CAST_ENC=asm/cx86-sol.o
+#CAST_ENC=asm/cx86bdsi.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=casttest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c 
+LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= cast.h
+HEADER= cast_s.h cast_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/cx86-elf.o: asm/cx86unix.cpp
+        $(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
+
+# solaris
+asm/cx86-sol.o: asm/cx86unix.cpp
+        $(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+        as -o asm/cx86-sol.o asm/cx86-sol.s
+        rm -f asm/cx86-sol.s
+
+# a.out
+asm/cx86-out.o: asm/cx86unix.cpp
+        $(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+
+# bsdi
+asm/cx86bsdi.o: asm/cx86unix.cpp
+        $(CPP) -DBSDI asm/cx86unix.cpp | as -o asm/cx86bsdi.o
+
+asm/cx86unix.cpp:
+        (cd asm; perl cast-586.pl cpp >cx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/conf/Makefile.ssl b/src/lib/libcrypto/conf/Makefile.ssl
new file mode 100644
index 0000000000..00e917aa44
--- /dev/null
+++ b/src/lib/libcrypto/conf/Makefile.ssl
@@ -0,0 +1,85 @@
+#
+# SSLeay/crypto/conf/Makefile
+#
+
+DIR=    conf
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=conf
+ERRC=conf_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= conf.c $(ERRC).c
+
+LIBOBJ= conf.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= conf.h
+HEADER= conf_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/des/FILES b/src/lib/libcrypto/des/FILES
new file mode 100644
index 0000000000..4c7ea2de7a
--- /dev/null
+++ b/src/lib/libcrypto/des/FILES
@@ -0,0 +1,96 @@
+/* General stuff */
+COPYRIGHT       - Copyright info.
+MODES.DES       - A description of the features of the different modes of DES.
+FILES           - This file.
+INSTALL         - How to make things compile.
+Imakefile       - For use with kerberos.
+README          - What this package is.
+VERSION         - Which version this is and what was changed.
+KERBEROS        - Kerberos version 4 notes.
+Makefile.PL     - An old makefile to build with perl5, not current.
+Makefile.ssl    - The SSLeay makefile
+Makefile.uni    - The normal unix makefile.
+GNUmakefile     - The makefile for use with glibc.
+makefile.bc     - A Borland C makefile
+times           - Some outputs from 'speed' on some machines.
+vms.com         - For use when compiling under VMS
+
+/* My SunOS des(1) replacement */
+des.c           - des(1) source code.
+des.man         - des(1) manual.
+
+/* Testing and timing programs. */
+destest.c       - Source for libdes.a test program.
+speed.c         - Source for libdes.a timing program.
+rpw.c           - Source for libdes.a testing password reading routines.
+
+/* libdes.a source code */
+des_crypt.man   - libdes.a manual page.
+des.h           - Public libdes.a header file.
+ecb_enc.c       - des_ecb_encrypt() source, this contains the basic DES code.
+ecb3_enc.c      - des_ecb3_encrypt() source.
+cbc_ckm.c       - des_cbc_cksum() source.
+cbc_enc.c       - des_cbc_encrypt() source.
+ncbc_enc.c      - des_cbc_encrypt() that is 'normal' in that it copies
+                  the new iv values back in the passed iv vector.
+ede_enc.c       - des_ede3_cbc_encrypt() cbc mode des using triple DES.
+cbc3_enc.c      - des_3cbc_encrypt() source, don't use this function.
+cfb_enc.c       - des_cfb_encrypt() source.
+cfb64enc.c      - des_cfb64_encrypt() cfb in 64 bit mode but setup to be
+                  used as a stream cipher.
+cfb64ede.c      - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
+                  used as a stream cipher and using triple DES.
+ofb_enc.c       - des_cfb_encrypt() source.
+ofb64_enc.c     - des_ofb_encrypt() ofb in 64 bit mode but setup to be
+                  used as a stream cipher.
+ofb64ede.c      - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
+                  used as a stream cipher and using triple DES.
+enc_read.c      - des_enc_read() source.
+enc_writ.c      - des_enc_write() source.
+pcbc_enc.c      - des_pcbc_encrypt() source.
+qud_cksm.c      - quad_cksum() source.
+rand_key.c      - des_random_key() source.
+read_pwd.c      - Source for des_read_password() plus related functions.
+set_key.c       - Source for des_set_key().
+str2key.c       - Covert a string of any length into a key.
+fcrypt.c        - A small, fast version of crypt(3).
+des_locl.h      - Internal libdes.a header file.
+podd.h          - Odd parity tables - used in des_set_key().
+sk.h            - Lookup tables used in des_set_key().
+spr.h           - What is left of the S tables - used in ecb_encrypt().
+des_ver.h       - header file for the external definition of the
+                  version string.
+des.doc         - SSLeay documentation for the library.
+
+/* The perl scripts - you can ignore these files they are only
+ * included for the curious */
+des.pl          - des in perl anyone? des_set_key and des_ecb_encrypt
+                  both done in a perl library.
+testdes.pl      - Testing program for des.pl
+doIP            - Perl script used to develop IP xor/shift code.
+doPC1           - Perl script used to develop PC1 xor/shift code.
+doPC2           - Generates sk.h.
+PC1             - Output of doPC1 should be the same as output from PC1.
+PC2             - used in development of doPC2.
+shifts.pl       - Perl library used by my perl scripts.
+
+/* I started making a perl5 dynamic library for libdes
+ * but did not fully finish, these files are part of that effort. */
+DES.pm
+DES.pod
+DES.xs
+t
+typemap
+
+/* The following are for use with sun RPC implementaions. */
+rpc_des.h
+rpc_enc.c
+
+/* The following are contibuted by Mark Murray <mark@grondar.za>.  They
+ * are not normally built into libdes due to machine specific routines
+ * contained in them.  They are for use in the most recent incarnation of
+ * export kerberos v 4 (eBones). */
+supp.c
+new_rkey.c
+
+
diff --git a/src/lib/libcrypto/des/Makefile.ssl b/src/lib/libcrypto/des/Makefile.ssl
new file mode 100644
index 0000000000..78b5189ee3
--- /dev/null
+++ b/src/lib/libcrypto/des/Makefile.ssl
@@ -0,0 +1,140 @@
+#
+# SSLeay/crypto/des/Makefile
+#
+
+DIR=    des
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+DES_ENC=        des_enc.o fcrypt_b.o
+# or use
+#DES_ENC=       dx86-elf.o yx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile des.org des_locl.org
+TEST=destest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+        ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+        fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+        qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
+        des_enc.c fcrypt_b.c read2pwd.c \
+        fcrypt.c xcbc_enc.c \
+        str2key.c  cfb64ede.c ofb64ede.c supp.c
+
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+        ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+        enc_read.o enc_writ.o ofb64enc.o \
+        ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+        ${DES_ENC} read2pwd.o \
+        fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o supp.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= des.h
+HEADER= des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/dx86-elf.o: asm/dx86unix.cpp
+        $(CPP) -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+
+asm/yx86-elf.o: asm/yx86unix.cpp
+        $(CPP) -DELF asm/yx86unix.cpp | as -o asm/yx86-elf.o
+
+# solaris
+asm/dx86-sol.o: asm/dx86unix.cpp
+        $(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+        as -o asm/dx86-sol.o asm/dx86-sol.s
+        rm -f asm/dx86-sol.s
+
+asm/yx86-sol.o: asm/yx86unix.cpp
+        $(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+        as -o asm/yx86-sol.o asm/yx86-sol.s
+        rm -f asm/yx86-sol.s
+
+# a.out
+asm/dx86-out.o: asm/dx86unix.cpp
+        $(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+
+asm/yx86-out.o: asm/yx86unix.cpp
+        $(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86unix.cpp
+        $(CPP) -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+
+asm/yx86bsdi.o: asm/yx86unix.cpp
+        $(CPP) -DBSDI asm/yx86unix.cpp | as -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp:
+        (cd asm; perl des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp:
+        (cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile
+        /bin/rm -f des.doc
+        /bin/rm -fr asm/perlasm
+        $(TOP)/util/point.sh ../../perlasm asm/perlasm
+        $(TOP)/util/point.sh ../../doc/des.doc des.doc
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install: installs
+
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/dh/Makefile.ssl b/src/lib/libcrypto/dh/Makefile.ssl
new file mode 100644
index 0000000000..dfa7e4525d
--- /dev/null
+++ b/src/lib/libcrypto/dh/Makefile.ssl
@@ -0,0 +1,84 @@
+#
+# SSLeay/crypto/dh/Makefile
+#
+
+DIR=    dh
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=dh
+ERRC=dh_err
+GENERAL=Makefile
+TEST= dhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c $(ERRC).c
+LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dh.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/dsa/Makefile.ssl b/src/lib/libcrypto/dsa/Makefile.ssl
new file mode 100644
index 0000000000..2cc4ddb39e
--- /dev/null
+++ b/src/lib/libcrypto/dsa/Makefile.ssl
@@ -0,0 +1,84 @@
+#
+# SSLeay/crypto/dsa/Makefile
+#
+
+DIR=    dsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=dsa
+ERRC=dsa_err
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c $(ERRC).c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dsa.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/err/Makefile.ssl b/src/lib/libcrypto/err/Makefile.ssl
new file mode 100644
index 0000000000..57c87eb041
--- /dev/null
+++ b/src/lib/libcrypto/err/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/err/Makefile
+#
+
+DIR=    err
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=err.c err_all.c err_prn.c
+LIBOBJ=err.o err_all.o err_prn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= err.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/evp/Makefile.ssl b/src/lib/libcrypto/evp/Makefile.ssl
new file mode 100644
index 0000000000..8bf2516458
--- /dev/null
+++ b/src/lib/libcrypto/evp/Makefile.ssl
@@ -0,0 +1,111 @@
+#
+# SSLeay/crypto/evp/Makefile
+#
+
+DIR=    evp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=evp
+ERRC=evp_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
+        e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c \
+        e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c \
+        e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c \
+        e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c \
+        e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c \
+        e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c \
+        e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c \
+        e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c \
+        m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c \
+        m_ripemd.c \
+        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+        bio_md.c bio_b64.c bio_enc.c $(ERRC).c e_null.c \
+        c_all.c evp_lib.c
+
+LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \
+        e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o \
+        e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o \
+        e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o \
+        e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o \
+        e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o \
+        e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o \
+        e_ecb_c.o e_cbc_c.o e_cfb_c.o e_ofb_c.o \
+        e_ecb_r5.o e_cbc_r5.o e_cfb_r5.o e_ofb_r5.o \
+        m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o \
+        m_ripemd.o \
+        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+        bio_md.o bio_b64.o bio_enc.o $(ERRC).o e_null.o \
+        c_all.o evp_lib.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= evp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/hmac/Makefile.ssl b/src/lib/libcrypto/hmac/Makefile.ssl
new file mode 100644
index 0000000000..7a042b7261
--- /dev/null
+++ b/src/lib/libcrypto/hmac/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+
+DIR=    hmac
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=hmactest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=hmac.c
+LIBOBJ=hmac.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= hmac.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/idea/Makefile.ssl b/src/lib/libcrypto/idea/Makefile.ssl
new file mode 100644
index 0000000000..41b42ce03b
--- /dev/null
+++ b/src/lib/libcrypto/idea/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/idea/Makefile
+#
+
+DIR=    idea
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ideatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= idea.h
+HEADER= idea_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/lhash/Makefile.ssl b/src/lib/libcrypto/lhash/Makefile.ssl
new file mode 100644
index 0000000000..cb08547b4f
--- /dev/null
+++ b/src/lib/libcrypto/lhash/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/lhash/Makefile
+#
+
+DIR=    lhash
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=lhash.c lh_stats.c
+LIBOBJ=lhash.o lh_stats.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= lhash.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/md2/Makefile.ssl b/src/lib/libcrypto/md2/Makefile.ssl
new file mode 100644
index 0000000000..d8e7200c83
--- /dev/null
+++ b/src/lib/libcrypto/md2/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+
+DIR=    md
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md2_dgst.c md5_one.c
+LIBOBJ=md2_dgst.o md2_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= md2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/md5/Makefile.ssl b/src/lib/libcrypto/md5/Makefile.ssl
new file mode 100644
index 0000000000..47e1ce05ca
--- /dev/null
+++ b/src/lib/libcrypto/md5/Makefile.ssl
@@ -0,0 +1,104 @@
+#
+# SSLeay/crypto/md5/Makefile
+#
+
+DIR=    md5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+MD5_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md5test.c
+APPS=md5.c
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md5_dgst.c md5_one.c
+LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= md5.h
+HEADER= md5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/mx86-elf.o: asm/mx86unix.cpp
+        $(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
+
+# solaris
+asm/mx86-sol.o: asm/mx86unix.cpp
+        $(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+        as -o asm/mx86-sol.o asm/mx86-sol.s
+        rm -f asm/mx86-sol.s
+
+# a.out
+asm/mx86-out.o: asm/mx86unix.cpp
+        $(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+
+# bsdi
+asm/mx86bsdi.o: asm/mx86unix.cpp
+        $(CPP) -DBSDI asm/mx86unix.cpp | as -o asm/mx86bsdi.o
+
+asm/mx86unix.cpp:
+        (cd asm; perl md5-586.pl cpp >mx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/mdc2/Makefile.ssl b/src/lib/libcrypto/mdc2/Makefile.ssl
new file mode 100644
index 0000000000..495a2789a0
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/mdc2/Makefile
+#
+
+DIR=    mdc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= mdc2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=mdc2dgst.c mdc2_one.c
+LIBOBJ=mdc2dgst.o mdc2_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= mdc2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/objects/Makefile.ssl b/src/lib/libcrypto/objects/Makefile.ssl
new file mode 100644
index 0000000000..320523cea1
--- /dev/null
+++ b/src/lib/libcrypto/objects/Makefile.ssl
@@ -0,0 +1,87 @@
+#
+# SSLeay/crypto/objects/Makefile
+#
+
+DIR=    objects
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=objects
+ERRC=obj_err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= obj_dat.c obj_lib.c $(ERRC).c
+LIBOBJ= obj_dat.o obj_lib.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= objects.h
+HEADER= $(EXHEADER) obj_dat.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    obj_dat.h lib
+
+obj_dat.h: objects.h obj_dat.pl
+        perl ./obj_dat.pl < objects.h > obj_dat.h
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/pem/Makefile.ssl b/src/lib/libcrypto/pem/Makefile.ssl
new file mode 100644
index 0000000000..fc04a88fd9
--- /dev/null
+++ b/src/lib/libcrypto/pem/Makefile.ssl
@@ -0,0 +1,96 @@
+#
+# SSLeay/crypto/pem/Makefile
+#
+
+DIR=    pem
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=pem
+ERRC=pem_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+CTX_SIZE= ctx_size
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c $(ERRC).c
+
+LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= pem.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    pem.h lib
+
+pem.h: $(CTX_SIZE)
+        ./$(CTX_SIZE) <pem.org >pem.new
+        if [ -f pem.h ]; then mv -f pem.h pem.old; fi
+        mv -f pem.new pem.h
+
+$(CTX_SIZE): $(CTX_SIZE).o
+        $(CC) $(CFLAGS) -o $(CTX_SIZE) $(CTX_SIZE).o
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(CTX_SIZE).c $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f $(CTX_SIZE) *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # SPECIAL CASE .org
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/pkcs7/Makefile.ssl b/src/lib/libcrypto/pkcs7/Makefile.ssl
new file mode 100644
index 0000000000..a88359b320
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/Makefile.ssl
@@ -0,0 +1,86 @@
+#
+# SSLeay/crypto/asn1/Makefile
+#
+
+DIR=    pkcs7
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=pkcs7
+ERRC=pkcs7err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pk7_lib.c pkcs7err.c pk7_doit.c
+LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  pkcs7.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/rand/Makefile.ssl b/src/lib/libcrypto/rand/Makefile.ssl
new file mode 100644
index 0000000000..d04f0a9b43
--- /dev/null
+++ b/src/lib/libcrypto/rand/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/rand/Makefile
+#
+
+DIR=    rand
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= randtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md_rand.c randfile.c
+LIBOBJ=md_rand.o randfile.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rand.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/rc2/Makefile.ssl b/src/lib/libcrypto/rc2/Makefile.ssl
new file mode 100644
index 0000000000..c5138f13e2
--- /dev/null
+++ b/src/lib/libcrypto/rc2/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/rc2/Makefile
+#
+
+DIR=    rc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc2.h
+HEADER= rc2_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/rc4/Makefile.ssl b/src/lib/libcrypto/rc4/Makefile.ssl
new file mode 100644
index 0000000000..19c1e980f3
--- /dev/null
+++ b/src/lib/libcrypto/rc4/Makefile.ssl
@@ -0,0 +1,108 @@
+#
+# SSLeay/crypto/rc4/Makefile
+#
+
+DIR=    rc4
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RC4_ENC=rc4_enc.o
+# or use
+#RC4_ENC=asm/rx86-elf.o
+#RC4_ENC=asm/rx86-out.o
+#RC4_ENC=asm/rx86-sol.o
+#RC4_ENC=asm/rx86bdsi.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc4test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc4_skey.c rc4_enc.c
+LIBOBJ=rc4_skey.o $(RC4_ENC)
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc4.h
+HEADER= $(EXHEADER) rc4_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/rx86-elf.o: asm/rx86unix.cpp
+        $(CPP) -DELF asm/rx86unix.cpp | as -o asm/rx86-elf.o
+
+# solaris
+asm/rx86-sol.o: asm/rx86unix.cpp
+        $(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
+        as -o asm/rx86-sol.o asm/rx86-sol.s
+        rm -f asm/rx86-sol.s
+
+# a.out
+asm/rx86-out.o: asm/rx86unix.cpp
+        $(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+
+# bsdi
+asm/rx86bsdi.o: asm/rx86unix.cpp
+        $(CPP) -DBSDI asm/rx86unix.cpp | as -o asm/rx86bsdi.o
+
+asm/rx86unix.cpp:
+        (cd asm; perl rc4-586.pl cpp >rx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/rc5/Makefile.ssl b/src/lib/libcrypto/rc5/Makefile.ssl
new file mode 100644
index 0000000000..5e98ee2348
--- /dev/null
+++ b/src/lib/libcrypto/rc5/Makefile.ssl
@@ -0,0 +1,107 @@
+#
+# SSLeay/crypto/rc5/Makefile
+#
+
+DIR=    rc5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RC5_ENC=                rc5_enc.o
+# or use
+#DES_ENC=       r586-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc5test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c 
+LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc5.h
+HEADER= rc5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/r586-elf.o: asm/r586unix.cpp
+        $(CPP) -DELF asm/r586unix.cpp | as -o asm/r586-elf.o
+
+# solaris
+asm/r586-sol.o: asm/r586unix.cpp
+        $(CC) -E -DSOL asm/r586unix.cpp | sed 's/^#.*//' > asm/r586-sol.s
+        as -o asm/r586-sol.o asm/r586-sol.s
+        rm -f asm/r586-sol.s
+
+# a.out
+asm/r586-out.o: asm/r586unix.cpp
+        $(CPP) -DOUT asm/r586unix.cpp | as -o asm/r586-out.o
+
+# bsdi
+asm/r586bsdi.o: asm/r586unix.cpp
+        $(CPP) -DBSDI asm/r586unix.cpp | as -o asm/r586bsdi.o
+
+asm/r586unix.cpp:
+        (cd asm; perl rc5-586.pl cpp >r586unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/point.sh ../../doc/rc5.doc rc5.doc ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/rc5/asm/rc5-586.pl b/src/lib/libcrypto/rc5/asm/rc5-586.pl
new file mode 100644
index 0000000000..172bd9ee1b
--- /dev/null
+++ b/src/lib/libcrypto/rc5/asm/rc5-586.pl
@@ -0,0 +1,109 @@
+#!/usr/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"rc5-586.pl");
+
+$RC5_MAX_ROUNDS=16;
+$RC5_32_OFF=($RC5_MAX_ROUNDS+2)*4;
+$A="edi";
+$B="esi";
+$S="ebp";
+$tmp1="eax";
+$r="ebx";
+$tmpc="ecx";
+$tmp4="edx";
+
+&RC5_32_encrypt("RC5_32_encrypt",1);
+&RC5_32_encrypt("RC5_32_decrypt",0);
+&cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1);
+&asm_finish();
+
+sub RC5_32_encrypt
+        {
+        local($name,$enc)=@_;
+
+        &function_begin_B($name,"");
+
+        &comment("");
+
+        &push("ebp");
+         &push("esi");
+        &push("edi");
+         &mov($tmp4,&wparam(0));
+        &mov($S,&wparam(1));
+
+        &comment("Load the 2 words");
+         &mov($A,&DWP(0,$tmp4,"",0));
+        &mov($B,&DWP(4,$tmp4,"",0));
+
+        &push($r);
+         &mov($r,       &DWP(0,$S,"",0));
+
+        # encrypting part
+
+        if ($enc)
+                {
+                 &add($A,       &DWP(4+0,$S,"",0));
+                &add($B,        &DWP(4+4,$S,"",0));
+
+                for ($i=0; $i<$RC5_MAX_ROUNDS; $i++)
+                        {
+                         &xor($A,       $B);
+                        &mov($tmp1,     &DWP(12+$i*8,$S,"",0));
+                         &mov($tmpc,    $B);
+                        &rotl($A,       &LB("ecx"));
+                        &add($A,        $tmp1);
+
+                         &xor($B,       $A);
+                        &mov($tmp1,     &DWP(16+$i*8,$S,"",0));
+                         &mov($tmpc,    $A);
+                        &rotl($B,       &LB("ecx"));
+                        &add($B,        $tmp1);
+                        if (($i == 7) || ($i == 11))
+                                {
+                         &cmp($r,       $i+1);
+                        &je(&label("rc5_exit"));
+                                }
+                        }
+                }
+        else
+                {
+                 &cmp($r,       12);
+                &je(&label("rc5_dec_12"));
+                 &cmp($r,       8);
+                &je(&label("rc5_dec_8"));
+                for ($i=$RC5_MAX_ROUNDS; $i > 0; $i--)
+                        {
+                        &set_label("rc5_dec_$i") if ($i == 12) || ($i == 8);
+                         &mov($tmp1,    &DWP($i*8+8,$S,"",0));
+                        &sub($B,        $tmp1);
+                         &mov($tmpc,    $A);
+                        &rotr($B,       &LB("ecx"));
+                        &xor($B,        $A);
+
+                         &mov($tmp1,    &DWP($i*8+4,$S,"",0));
+                        &sub($A,        $tmp1);
+                         &mov($tmpc,    $B);
+                        &rotr($A,       &LB("ecx"));
+                        &xor($A,        $B);
+                        }
+                 &sub($B,       &DWP(4+4,$S,"",0));
+                &sub($A,        &DWP(4+0,$S,"",0));
+                }
+
+        &set_label("rc5_exit");
+         &mov(&DWP(0,$tmp4,"",0),$A);
+        &mov(&DWP(4,$tmp4,"",0),$B);
+
+         &pop("ebx");
+        &pop("edi");
+         &pop("esi");
+        &pop("ebp");
+         &ret();
+        &function_end_B($name);
+        }
+
+
diff --git a/src/lib/libcrypto/ripemd/Makefile.ssl b/src/lib/libcrypto/ripemd/Makefile.ssl
new file mode 100644
index 0000000000..67d47ceb2c
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/Makefile.ssl
@@ -0,0 +1,104 @@
+#
+# SSLeay/crypto/ripemd/Makefile
+#
+
+DIR=    ripemd
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RIP_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rmdtest.c
+APPS=rmd160.c
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rmd_dgst.c rmd_one.c
+LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= ripemd.h
+HEADER= rmd_locl.h rmdconst.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/rm86-elf.o: asm/rm86unix.cpp
+        $(CPP) -DELF asm/rm86unix.cpp | as -o asm/rm86-elf.o
+
+# solaris
+asm/rm86-sol.o: asm/rm86unix.cpp
+        $(CC) -E -DSOL asm/rm86unix.cpp | sed 's/^#.*//' > asm/rm86-sol.s
+        as -o asm/rm86-sol.o asm/rm86-sol.s
+        rm -f asm/rm86-sol.s
+
+# a.out
+asm/rm86-out.o: asm/rm86unix.cpp
+        $(CPP) -DOUT asm/rm86unix.cpp | as -o asm/rm86-out.o
+
+# bsdi
+asm/rm86bsdi.o: asm/rm86unix.cpp
+        $(CPP) -DBSDI asm/rm86unix.cpp | as -o asm/rm86bsdi.o
+
+asm/rm86unix.cpp:
+        (cd asm; perl rmd-586.pl cpp >rm86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/rsa/Makefile.ssl b/src/lib/libcrypto/rsa/Makefile.ssl
new file mode 100644
index 0000000000..d52f2e609e
--- /dev/null
+++ b/src/lib/libcrypto/rsa/Makefile.ssl
@@ -0,0 +1,86 @@
+#
+# SSLeay/crypto/rsa/Makefile
+#
+
+DIR=    rsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=rsa
+ERRC=rsa_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c \
+        rsa_pk1.c rsa_ssl.c rsa_none.c
+LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o \
+        rsa_pk1.o rsa_ssl.o rsa_none.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rsa.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/sha/Makefile.ssl b/src/lib/libcrypto/sha/Makefile.ssl
new file mode 100644
index 0000000000..eeb545d140
--- /dev/null
+++ b/src/lib/libcrypto/sha/Makefile.ssl
@@ -0,0 +1,103 @@
+#
+# SSLeay/crypto/sha/Makefile
+#
+
+DIR=    sha
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+SHA1_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=shatest.c sha1test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA1_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= sha.h
+HEADER= sha_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/sx86-elf.o: asm/sx86unix.cpp
+        $(CPP) -DELF asm/sx86unix.cpp | as -o asm/sx86-elf.o
+
+# solaris
+asm/sx86-sol.o: asm/sx86unix.cpp
+        $(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
+        as -o asm/sx86-sol.o asm/sx86-sol.s
+        rm -f asm/sx86-sol.s
+
+# a.out
+asm/sx86-out.o: asm/sx86unix.cpp
+        $(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+
+# bsdi
+asm/sx86bsdi.o: asm/sx86unix.cpp
+        $(CPP) -DBSDI asm/sx86unix.cpp | as -o asm/sx86bsdi.o
+
+asm/sx86unix.cpp:
+        (cd asm; perl sha1-586.pl cpp >sx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/stack/Makefile.ssl b/src/lib/libcrypto/stack/Makefile.ssl
new file mode 100644
index 0000000000..0d232c08cf
--- /dev/null
+++ b/src/lib/libcrypto/stack/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/stack/Makefile
+#
+
+DIR=    stack
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=stack.c
+LIBOBJ=stack.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= stack.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/txt_db/Makefile.ssl b/src/lib/libcrypto/txt_db/Makefile.ssl
new file mode 100644
index 0000000000..76e511534f
--- /dev/null
+++ b/src/lib/libcrypto/txt_db/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/txt_db/Makefile
+#
+
+DIR=    txt_db
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=txt_db.c
+LIBOBJ=txt_db.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= txt_db.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/x509/Makefile.ssl b/src/lib/libcrypto/x509/Makefile.ssl
new file mode 100644
index 0000000000..1c1ca2ffa0
--- /dev/null
+++ b/src/lib/libcrypto/x509/Makefile.ssl
@@ -0,0 +1,96 @@
+#
+# SSLeay/crypto/x509/Makefile
+#
+
+DIR=    x509
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=x509
+ERRC=x509_err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+        x509_obj.c x509_req.c x509_vfy.c \
+        x509_set.c x509rset.c $(ERRC).c \
+        x509name.c x509_v3.c x509_ext.c x509pack.c \
+        x509type.c x509_lu.c x_all.c x509_txt.c \
+        by_file.c by_dir.c \
+        v3_net.c v3_x509.c
+LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
+        x509_obj.o x509_req.o x509_vfy.o \
+        x509_set.o x509rset.o $(ERRC).o \
+        x509name.o x509_v3.o x509_ext.o x509pack.o \
+        x509type.o x509_lu.o x_all.o x509_txt.o \
+        by_file.o by_dir.o \
+        v3_net.o v3_x509.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509.h x509_vfy.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/Makefile.ssl b/src/lib/libssl/src/Makefile.ssl
new file mode 100644
index 0000000000..da7f885985
--- /dev/null
+++ b/src/lib/libssl/src/Makefile.ssl
@@ -0,0 +1,331 @@
+#
+# Makefile for all the SSL related library routines and utilities
+VERSION = 0.9.0a
+#
+# make install will install:
+#   libraries into $INSTALLTOP/lib
+#   headers   into $INSTALLTOP/include
+#   utilities into $INSTALLTOP/bin
+#
+# By default INSTALLTOP is set to /usr/local/ssl
+# If you want things install elsewere, consider running
+# perl util/ssldir.pl /new/path
+#
+# Interesting Mailing Lists:
+#     ssl-bugs@mincom.oz.au
+#     ssl-users@mincom.oz.au
+#
+# To join the Mailing Lists:
+#     ssl-bugs-request@mincom.oz.au
+#     ssl-users-request@mincom.oz.au
+#
+# If you must get hold of people directly (we much prefer the above
+# lists to be used if the question is of general interest!):
+#       Eric Young <eay@cryptsoft.com>
+#       Tim Hudson <tjh@cryptsoft.com>
+#       or both    <ssleay@cryptsoft.com>
+#
+# The primary distribution of SSLeay is from
+# ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
+#
+# NOCONST - Define for C compilers that don't like the const key word.
+# NOPROTO - Define in if your compiler does not support prototypes.
+# RSAref  - Define if we are to link with RSAref.
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4  - Define to build without the RC4 algorithm
+# NO_RC2  - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+#           one.  32 bytes will be read from this when the random
+#           number generator is initalised.
+# SSL_ALLOW_ADH - define if you want the server to be able to use the
+#           SSLv3 anon-DH ciphers.
+# SSL_ALLOW_ENULL - define if you want the server to be able to use the
+#           NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#       call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+
+
+CC= gcc
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
+CFLAG= -DNO_IDEA -DTERMIOS -DBN_ASM -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+PEX_LIBS= -L. -L.. -L../.. -L../../..
+EX_LIBS= 
+AR=ar r
+
+# Set BN_MULW to bn_mulw.o if you want to use the C version
+BN_MULW= asm/bn86-out.o
+#BN_MULW= bn_mulw.o
+#BN_MULW= asm/bn86-elf.o        # elf, linux-elf
+#BN_MULW= asm/bn86-sol.o        # solaris
+#BN_MULW= asm/bn86-out.o        # a.out, FreeBSD
+#BN_MULW= asm/bn86bsdi.o        # bsdi
+#BN_MULW= asm/alpha.o           # DEC Alpha
+#BN_MULW= asm/pa-risc2.o        # HP-UX PA-RISC
+#BN_MULW= asm/r3000.o           # SGI MIPS cpu
+#BN_MULW= asm/sparc.o           # Sun solaris/SunOS
+#BN_MULW= asm/bn-win32.o                # Windows 95/NT
+#BN_MULW= asm/x86w16.o          # 16 bit code for Windows 3.1/DOS
+#BN_MULW= asm/x86w32.o          # 32 bit code for Windows 3.1
+
+# Set DES_ENC to des_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+DES_ENC= asm/dx86-out.o asm/yx86-out.o
+#DES_ENC= des_enc.o fcrypt_b.o          # C
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
+
+# Set BF_ENC to bf_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+BF_ENC= asm/bx86-out.o
+#BF_ENC= bf_enc.o
+#BF_ENC= asm/bx86-elf.o # elf
+#BF_ENC= asm/bx86-sol.o # solaris
+#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
+#BF_ENC= asm/bx86bsdi.o # bsdi
+
+# Set CAST_ENC to c_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+CAST_ENC= asm/cx86-out.o
+#CAST_ENC= c_enc.o
+#CAST_ENC= asm/cx86-elf.o # elf
+#CAST_ENC= asm/cx86-sol.o # solaris
+#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
+#CAST_ENC= asm/cx86bsdi.o # bsdi
+
+# Set RC4_ENC to rc4_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC4_ENC= asm/rx86-out.o
+#RC4_ENC= rc4_enc.o
+#RC4_ENC= asm/rx86-elf.o # elf
+#RC4_ENC= asm/rx86-sol.o # solaris
+#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
+#RC4_ENC= asm/rx86bsdi.o # bsdi
+
+# Set RC5_ENC to rc5_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC5_ENC= asm/r586-out.o
+#RC5_ENC= rc5_enc.o
+#RC5_ENC= asm/r586-elf.o # elf
+#RC5_ENC= asm/r586-sol.o # solaris
+#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
+#RC5_ENC= asm/r586bsdi.o # bsdi
+
+# Also need MD5_ASM defined
+MD5_ASM_OBJ= asm/mx86-out.o
+#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+
+# Also need SHA1_ASM defined
+SHA1_ASM_OBJ= asm/sx86-out.o
+#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+
+# Also need RMD160_ASM defined
+RMD160_ASM_OBJ= asm/rm86-out.o
+#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
+
+DIRS=   crypto ssl rsaref apps test tools
+# dirs in crypto to build
+SDIRS=  \
+        md2 md5 sha mdc2 hmac ripemd \
+        des rc2 rc4 rc5 idea bf cast \
+        bn rsa dsa dh \
+        buffer bio stack lhash rand err objects \
+        evp pem asn1 x509 conf txt_db pkcs7
+
+# If you change the INSTALLTOP, make sure to also change the values
+# in crypto/location.h
+INSTALLTOP=/usr/ssl
+
+MAKEFILE= Makefile.ssl
+MAKE=     make -f Makefile.ssl
+
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+
+TOP=    .
+ONEDIRS=out tmp
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl dep
+MISC=   COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile \
+        README TODO HISTORY README.066 README.080 README.090 \
+        VERSION PROBLEMS MINFO makefile.one e_os.h \
+        MICROSOFT makevms.com config PATENTS
+WDIRS=  windows
+LIBS=   libcrypto.a libssl.a 
+
+GENERAL=        Makefile
+BASENAME=       SSLeay
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        $(NAME).tar
+WTARFILE=       $(NAME)-win.tar
+EXHEADER=       e_os.h
+HEADER=         e_os.h
+
+all:
+        @for i in $(DIRS) ;\
+        do \
+        (cd $$i; echo "making $$i..."; \
+        $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' all ); \
+        done;
+
+sub_all:
+        @for i in $(DIRS) ;\
+        do \
+        (cd $$i; echo "making $$i..."; \
+        $(MAKE) CC='${CC}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' all ); \
+        done;
+
+clean:
+        /bin/rm -f shlib/*.o *.o core a.out fluff *.map
+        @for i in $(DIRS) ;\
+        do \
+        (cd $$i; echo "cleaning $$i..."; \
+        $(MAKE) SDIRS='${SDIRS}' clean ); \
+        /bin/rm -f $(LIBS); \
+        done;
+        /bin/rm -f *.a *.o speed.* *.map *.so .pure core
+        /bin/rm -f $(TARFILE)
+        @for i in $(ONEDIRS) ;\
+        do \
+        /bin/rm -fr $$i/*; \
+        done
+
+makefile.one: files
+        perl util/mk1mf.pl >makefile.one; \
+        sh util/do_ms.sh
+
+files:  MINFO
+        perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
+        @for i in $(DIRS) ;\
+        do \
+        (cd $$i; echo "making 'files' in $$i..."; \
+        $(MAKE) SDIRS='${SDIRS}' files ); \
+        done;
+
+links:
+        /bin/rm -f Makefile;
+        ./util/point.sh Makefile.ssl Makefile;
+        $(TOP)/util/mklink.sh include $(EXHEADER) ;
+        @for i in $(DIRS) ;\
+        do \
+        (cd $$i; echo "making links in $$i..."; \
+        $(MAKE) SDIRS='${SDIRS}' links ); \
+        done;
+        # @(cd apps; sh ./mklinks)
+        @( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
+
+dclean:
+        /bin/rm -f *.bak
+        @for i in $(DIRS) ;\
+        do \
+        (cd $$i; echo "undoing makedepend in $$i..."; \
+        $(MAKE) SDIRS='${SDIRS}' dclean ); \
+        done;
+
+rehash:
+        @(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs)
+
+test:   tests
+
+tests:
+        (cd test; echo "testing $$i..."; \
+        $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
+        @apps/ssleay version -a
+
+depend:
+        @for i in $(DIRS) ;\
+        do \
+        (cd $$i; echo "making dependancies $$i..."; \
+        $(MAKE) SDIRS='${SDIRS}' depend ); \
+        done;
+
+lint:
+        @for i in $(DIRS) ;\
+        do \
+        (cd $$i; echo "making lint $$i..."; \
+        $(MAKE) SDIRS='${SDIRS}' lint ); \
+        done;
+
+tags:
+        @for i in $(DIRS) ;\
+        do \
+        (cd $$i; echo "making tags $$i..."; \
+        $(MAKE) SDIRS='${SDIRS}' tags ); \
+        done;
+
+errors:
+        @for i in $(DIRS) ;\
+        do \
+        (cd $$i; echo "making errors in $$i..."; \
+        $(MAKE) SDIRS='${SDIRS}' errors ); \
+        done;
+
+tar:
+        @(cd ..;\
+        mv $(BASENAME) $(NAME); \
+        export STUFF; \
+        for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\
+        do \
+                STUFF="$$STUFF $(NAME)/$$i"; \
+        done; \
+        tar cf $(NAME)/$(TARFILE) $$STUFF; \
+        mv $(NAME) $(BASENAME) ) 
+        gzip -f $(TARFILE)
+
+dist:   
+        perl Configure dist
+        perl util/up_ver.pl ${VERSION}
+        @$(MAKE) dist_pem_h
+        @$(MAKE) SDIRS='${SDIRS}' clean
+        @$(MAKE) SDIRS='${SDIRS}' dclean
+        @(cd apps; sh ./rmlinks)
+        @$(MAKE) makefile.one
+        @$(MAKE) tar
+
+dist_pem_h:
+        (cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+
+install: all
+        @-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
+        @-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
+        @-mkdir -p $(INSTALLTOP)/include 2>/dev/null
+        @-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
+        @-mkdir -p $(INSTALLTOP)/private 2>/dev/null
+        @for i in $(DIRS) ;\
+        do \
+        (cd $$i; echo "installing $$i..."; \
+        $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
+        done
+        @for i in $(LIBS) ;\
+        do \
+        (       echo installing $$i; \
+                cp $$i $(INSTALLTOP)/lib; \
+                sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
+                chmod 644 $(INSTALLTOP)/lib/$$i ); \
+        done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/apps/Makefile.ssl b/src/lib/libssl/src/apps/Makefile.ssl
new file mode 100644
index 0000000000..1cace40ab7
--- /dev/null
+++ b/src/lib/libssl/src/apps/Makefile.ssl
@@ -0,0 +1,144 @@
+#
+# SSLeay/apps/Makefile.ssl
+#
+
+DIR=            apps
+TOP=            ..
+CC=             cc
+INCLUDES=       -I../include
+CFLAG=          -g -static
+INSTALLTOP=     /usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+RM=             /bin/rm -f
+
+PEX_LIBS=
+EX_LIBS= 
+
+CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+
+DLIBCRYPTO=../libcrypto.a
+DLIBSSL=../libssl.a
+LIBCRYPTO=-L.. -lcrypto
+LIBSSL=-L.. -lssl
+
+SSLEAY= ssleay
+
+SCRIPTS=CA.sh der_chop
+
+EXE= $(SSLEAY)
+
+E_EXE=  verify asn1pars req dgst dh enc gendh errstr ca crl \
+        rsa dsa dsaparam \
+        x509 genrsa s_server s_client speed \
+        s_time version pkcs7 crl2pkcs7 sess_id ciphers
+
+PROGS= $(SSLEAY).c
+
+A_OBJ=apps.o
+A_SRC=apps.c
+S_OBJ=  s_cb.o s_socket.o
+S_SRC=  s_cb.c s_socket.c
+
+E_OBJ=  verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
+        pkcs7.o crl2p7.o crl.o \
+        rsa.o dsa.o dsaparam.o \
+        x509.o genrsa.o s_server.o s_client.o speed.o \
+        s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
+        ciphers.o
+
+#       pem_mail.o
+
+E_SRC=  verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
+        pkcs7.c crl2p7.c crl.c \
+        rsa.c dsa.c dsaparam.c \
+        x509.c genrsa.c s_server.c s_client.c speed.c \
+        s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
+        ciphers.c
+
+#       pem_mail.c
+
+SRC=$(E_SRC)
+
+EXHEADER=
+HEADER= apps.h progs.h s_apps.h \
+        testdsa.h testrsa.h \
+        $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:    exe
+
+exe:    $(EXE)
+
+req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
+        $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+sreq.o: req.c 
+        $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+install: mklinks
+        @for i in $(EXE) $(SCRIPTS) mklinks; \
+        do  \
+        (echo installing $$i; \
+         cp $$i $(INSTALLTOP)/bin/$$i; \
+         chmod 755 $(INSTALLTOP)/bin/$$i ); \
+         done; \
+        cp ssleay.cnf $(INSTALLTOP)/lib
+        chmod 644 $(INSTALLTOP)/lib/ssleay.cnf
+        cd $(INSTALLTOP)/bin; \
+        /bin/sh ./mklinks; \
+        /bin/rm -f ./mklinks
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+errors:
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+        /bin/rm -f req
+
+$(DLIBSSL):
+        (cd ../ssl; $(MAKE))
+
+$(DLIBCRYPTO):
+        (cd ../crypto; $(MAKE))
+
+$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL)
+        $(RM) $(SSLEAY)
+        $(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+
+progs.h:
+        perl ./g_ssleay.pl $(E_EXE) >progs.h
+        $(RM) $(SSLEAY).o
+
+mklinks:
+        perl ./g_ssleay.pl $(E_EXE) >progs.h
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/apps/der_chop b/src/lib/libssl/src/apps/der_chop
new file mode 100644
index 0000000000..4639330c10
--- /dev/null
+++ b/src/lib/libssl/src/apps/der_chop
@@ -0,0 +1,305 @@
+#!/usr/local/bin/perl
+#
+# der_chop ... this is one total hack that Eric is really not proud of
+#              so don't look at it and don't ask for support
+#
+# The "documentation" for this (i.e. all the comments) are my fault --tjh
+#
+# This program takes the "raw" output of derparse/asn1parse and 
+# converts it into tokens and then runs regular expression matches
+# to try to figure out what to grab to get the things that are needed
+# and it is possible that this will do the wrong thing as it is a *hack*
+#
+# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
+# [I know ... promises promises :-)]
+#
+# To convert a Netscape Certificate:
+#    der_chop < ServerCert.der > cert.pem
+# To convert a Netscape Key (and encrypt it again to protect it)
+#    rsa -inform NET -in ServerKey.der -des > key.pem
+#
+# 23-Apr-96 eay    Added the extra ASN.1 string types, I still think this
+#                  is an evil hack.  If nothing else the parsing should
+#                  be relative, not absolute.
+# 19-Apr-96 tjh    hacked (with eay) into 0.5.x format
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+
+require 'getopts.pl';
+
+$debug=0;
+
+# this was the 0.4.x way of doing things ...
+$cmd="derparse";
+$x509_cmd="x509";
+$crl_cmd="crl";
+$rc4_cmd="rc4";
+$md2_cmd="md2";
+$md4_cmd="md4";
+$rsa_cmd="rsa -des -inform der ";
+
+# this was the 0.5.x way of doing things ...
+$cmd="ssleay asn1parse";
+$x509_cmd="ssleay x509";
+$crl_cmd="ssleay crl";
+$rc4_cmd="ssleay rc4";
+$md2_cmd="ssleay md2";
+$md4_cmd="ssleay md4";
+$rsa_cmd="ssleay rsa -des -inform der ";
+
+&Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
+$depth=($opt_d =~ /^\d+$/)?$opt_d:0;
+
+&init_der();
+
+if ($#ARGV != -1)
+        {
+        foreach $file (@ARGV)
+                {
+                print STDERR "doing $file\n";
+                &dofile($file);
+                }
+        }
+else
+        {
+        $file="/tmp/a$$.DER";
+        open(OUT,">$file") || die "unable to open $file:$!\n";
+        for (;;)
+                {
+                $i=sysread(STDIN,$b,1024*10);
+                last if ($i <= 0);
+                $i=syswrite(OUT,$b,$i);
+                }
+        &dofile($file);
+        unlink($file);
+        }
+        
+sub dofile
+        {
+        local($file)=@_;
+        local(@p);
+
+        $b=&load_file($file);
+        @p=&load_file_parse($file);
+
+        foreach $_ (@p)
+                {
+                ($off,$d,$hl,$len)=&parse_line($_);
+                $d-=$depth;
+                next if ($d != 0);
+                next if ($len == 0);
+
+                $o=substr($b,$off,$len+$hl);
+                ($str,@data)=&der_str($o);
+                print "$str\n" if ($opt_v);
+                if ($str =~ /^$crl/)
+                        {
+                        open(OUT,"|$crl_cmd -inform d -hash -issuer") ||
+                                die "unable to run $crl_cmd:$!\n";
+                        print OUT $o;
+                        close(OUT);
+                        }
+                elsif ($str =~ /^$x509/)
+                        {
+                        open(OUT,"|$x509_cmd -inform d -hash -subject -issuer")
+                                || die "unable to run $x509_cmd:$!\n";
+                        print OUT $o;
+                        close(OUT);
+                        }
+                elsif ($str =~ /^$rsa/)
+                        {
+                        ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
+                        next unless ($type eq "rsaEncryption");
+                        ($off,$d,$hl,$len)=&parse_line($data[5]);
+                        $os=substr($o,$off+$hl,$len);
+                        open(OUT,"|$rsa_cmd")
+                                || die "unable to run $rsa_cmd:$!\n";
+                        print OUT $os;
+                        close(OUT);
+                        }
+                elsif ($str =~ /^0G-1D-1G/)
+                        {
+                        ($off,$d,$hl,$len)=&parse_line($data[1]);
+                        $os=substr($o,$off+$hl,$len);
+                        print STDERR "<$os>\n" if $opt_v;
+                        &do_certificate($o,@data)
+                                if (($os eq "certificate") &&
+                                    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
+                        &do_private_key($o,@data)
+                                if (($os eq "private-key") &&
+                                    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
+                        }
+                }
+        }
+
+sub der_str
+        {
+        local($str)=@_;
+        local(*OUT,*IN,@a,$t,$d,$ret);
+        local($file)="/tmp/b$$.DER";
+        local(@ret);
+
+        open(OUT,">$file");
+        print OUT $str;
+        close(OUT);
+        open(IN,"$cmd -inform 'd' -in $file |") ||
+                die "unable to run $cmd:$!\n";
+        $ret="";
+        while (<IN>)
+                {
+                chop;
+                push(@ret,$_);
+
+                print STDERR "$_\n" if ($debug);
+
+                @a=split(/\s*:\s*/);
+                ($d)=($a[1] =~ /d=\s*(\d+)/);
+                $a[2] =~ s/\s+$//;
+                $t=$DER_s2i{$a[2]};
+                $ret.="$d$t-";
+                }
+        close(IN);
+        unlink($file);
+        chop $ret;
+        $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
+        $ret =~ s/(-3G-4B-4L)+/-RCERT/g;
+        return($ret,@ret);
+        }
+
+sub init_der
+        {
+        $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
+        $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
+        $rsa= "0G-1B-1G-2F-2E-1D";
+
+        %DER_i2s=(
+                # SSLeay 0.4.x has this list
+                "A","EOC",
+                "B","INTEGER",
+                "C","BIT STRING",
+                "D","OCTET STRING",
+                "E","NULL",
+                "F","OBJECT",
+                "G","SEQUENCE",
+                "H","SET",
+                "I","PRINTABLESTRING",
+                "J","T61STRING",
+                "K","IA5STRING",
+                "L","UTCTIME",
+                "M","NUMERICSTRING",
+                "N","VIDEOTEXSTRING",
+                "O","GENERALIZEDTIME",
+                "P","GRAPHICSTRING",
+                "Q","ISO64STRING",
+                "R","GENERALSTRING",
+                "S","UNIVERSALSTRING",
+
+                # SSLeay 0.5.x changed some things ... and I'm
+                # leaving in the old stuff but adding in these
+                # to handle the new as well --tjh
+                # - Well I've just taken them out and added the extra new
+                # ones :-) - eay
+                );
+
+        foreach (keys %DER_i2s)
+                { $DER_s2i{$DER_i2s{$_}}=$_; }
+        }
+
+sub parse_line
+        {
+        local($_)=@_;
+
+        return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/);
+        }
+
+#  0:d=0 hl=4 l=377 cons: univ: SEQUENCE          
+#  4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING      
+# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE          
+# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE          
+# 23:d=3 hl=2 l=  8 prim: univ: OBJECT_IDENTIFIER :rc4
+# 33:d=3 hl=2 l=  0 prim: univ: NULL              
+# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
+sub do_private_key
+        {
+        local($data,@struct)=@_;
+        local($file)="/tmp/b$$.DER";
+        local($off,$d,$hl,$len,$_,$b,@p,$s);
+
+        ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
+        if ($type eq "rc4")
+                {
+                ($off,$d,$hl,$len)=&parse_line($struct[6]);
+                open(OUT,"|$rc4_cmd >$file") ||
+                        die "unable to run $rc4_cmd:$!\n";
+                print OUT substr($data,$off+$hl,$len);
+                close(OUT);
+
+                $b=&load_file($file);
+                unlink($file);
+
+                ($s,@p)=&der_str($b);
+                die "unknown rsa key type\n$s\n"
+                        if ($s ne '0G-1B-1G-2F-2E-1D');
+                local($off,$d,$hl,$len)=&parse_line($p[5]);
+                $b=substr($b,$off+$hl,$len);
+                ($s,@p)=&der_str($b);
+                open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n";
+                print OUT $b;
+                close(OUT);
+                }
+        else
+                {
+                print "'$type' is unknown\n";
+                exit(1);
+                }
+        }
+
+sub do_certificate
+        {
+        local($data,@struct)=@_;
+        local($file)="/tmp/b$$.DER";
+        local($off,$d,$hl,$len,$_,$b,@p,$s);
+
+        ($off,$d,$hl,$len)=&parse_line($struct[2]);
+        $b=substr($data,$off,$len+$hl);
+
+        open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n";
+        print OUT $b;
+        close(OUT);
+        }
+
+sub load_file
+        {
+        local($file)=@_;
+        local(*IN,$r,$b,$i);
+
+        $r="";
+        open(IN,"<$file") || die "unable to open $file:$!\n";
+        for (;;)
+                {
+                $i=sysread(IN,$b,10240);
+                last if ($i <= 0);
+                $r.=$b;
+                }
+        close(IN);
+        return($r);
+        }
+
+sub load_file_parse
+        {
+        local($file)=@_;
+        local(*IN,$r,@ret,$_,$i,$n,$b);
+
+        open(IN,"$cmd -inform d -in $file|")
+                || die "unable to run der_parse\n";
+        while (<IN>)
+                {
+                chop;
+                push(@ret,$_);
+                }
+        return($r,@ret);
+        }
+
diff --git a/src/lib/libssl/src/certs/ICE-CA.pem b/src/lib/libssl/src/certs/ICE-CA.pem
new file mode 100644
index 0000000000..75652366c2
--- /dev/null
+++ b/src/lib/libssl/src/certs/ICE-CA.pem
@@ -0,0 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:35:53 1997 GMT
+            Not After : Apr  2 17:35:53 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
+                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
+                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
+                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
+                    49:11:a5:c9:45
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0.........z.."p......e..
+            X509v3 Subject Key Identifier: 
+                ..~r..:..B.44fu......3
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...
+            X509v3 Subject Alternative Name: 
+                0!..secude-support@darmstadt.gmd.de
+            X509v3 Issuer Alternative Name: 
+                0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
+            X509v3 Basic Constraints: critical
+                0....
+            X509v3 CRL Distribution Points: 
+                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
+    Signature Algorithm: md5WithRSAEncryption
+        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
+        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
+        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
+        88:73:cd:60:28:79:a3:fc:48:7a
+-----BEGIN CERTIFICATE-----
+MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
+AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
+BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
+IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
+NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
+MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
+VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
+LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
+/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
+aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
+7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/ICE-root.pem b/src/lib/libssl/src/certs/ICE-root.pem
new file mode 100644
index 0000000000..fa991599c9
--- /dev/null
+++ b/src/lib/libssl/src/certs/ICE-root.pem
@@ -0,0 +1,48 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:33:36 1997 GMT
+            Not After : Apr  2 17:33:36 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
+                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
+                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
+                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
+                    e7:c7:9f:41:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                ........z.."p......e..
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Subject Alternative Name: 
+                0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
+            X509v3 Basic Constraints: critical
+                0....
+    Signature Algorithm: md5WithRSAEncryption
+        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
+        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
+        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
+        7e:22:9f:25:06:60:bd:79:30:3d
+-----BEGIN CERTIFICATE-----
+MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
+EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
+0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
+ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
+dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
+LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
+iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
+fiKfJQZgvXkwPQ==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/ICE-user.pem b/src/lib/libssl/src/certs/ICE-user.pem
new file mode 100644
index 0000000000..28065fd37d
--- /dev/null
+++ b/src/lib/libssl/src/certs/ICE-user.pem
@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Validity
+            Not Before: Apr  2 17:35:59 1997 GMT
+            Not After : Apr  2 17:35:59 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
+                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
+                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
+                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
+                    be:3e:a4:61:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0...~r..:..B.44fu......3
+            X509v3 Subject Key Identifier: 
+                ...... .*...1.*.......
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...0.......
+            X509v3 Subject Alternative Name: 
+                0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
+            X509v3 Issuer Alternative Name: 
+                0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
+..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
+            X509v3 Basic Constraints: critical
+                0.
+            X509v3 CRL Distribution Points: 
+                0.0.......gmdca@gmd.de
+    Signature Algorithm: md5WithRSAEncryption
+        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
+        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
+        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
+        9a:f7:6f:63:9b:94:99:83:d6:a4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
+OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
+Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
+EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
+qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
+BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
+nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
+A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
+HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
+YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
+dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
+VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
+Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
+ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
+DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/ICE.crl b/src/lib/libssl/src/certs/ICE.crl
new file mode 100644
index 0000000000..21939e8cc4
--- /dev/null
+++ b/src/lib/libssl/src/certs/ICE.crl
@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
+VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
+NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
+WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
+i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
+KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
+mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
+-----END X509 CRL-----
diff --git a/src/lib/libssl/src/certs/ca-cert.pem b/src/lib/libssl/src/certs/ca-cert.pem
new file mode 100644
index 0000000000..6dd974d70d
--- /dev/null
+++ b/src/lib/libssl/src/certs/ca-cert.pem
@@ -0,0 +1,31 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/certs/dsa-ca.pem b/src/lib/libssl/src/certs/dsa-ca.pem
new file mode 100644
index 0000000000..9eb08f3ddd
--- /dev/null
+++ b/src/lib/libssl/src/certs/dsa-ca.pem
@@ -0,0 +1,43 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+
+svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+MVqOsYxGCb+kez0FoDSTgw==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+C1Q=
+-----END CERTIFICATE-----
+
diff --git a/src/lib/libssl/src/certs/dsa-pca.pem b/src/lib/libssl/src/certs/dsa-pca.pem
new file mode 100644
index 0000000000..e3641ad47e
--- /dev/null
+++ b/src/lib/libssl/src/certs/dsa-pca.pem
@@ -0,0 +1,49 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+
+GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+5rKUjNBhSg==
+-----END CERTIFICATE-----
+
diff --git a/src/lib/libssl/src/certs/factory.pem b/src/lib/libssl/src/certs/factory.pem
new file mode 100644
index 0000000000..8e28b391b2
--- /dev/null
+++ b/src/lib/libssl/src/certs/factory.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/nortelCA.pem b/src/lib/libssl/src/certs/nortelCA.pem
new file mode 100644
index 0000000000..207f34ab3a
--- /dev/null
+++ b/src/lib/libssl/src/certs/nortelCA.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
diff --git a/src/lib/libssl/src/certs/pca-cert.pem b/src/lib/libssl/src/certs/pca-cert.pem
new file mode 100644
index 0000000000..140e9a6b43
--- /dev/null
+++ b/src/lib/libssl/src/certs/pca-cert.pem
@@ -0,0 +1,31 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/certs/rsa-cca.pem b/src/lib/libssl/src/certs/rsa-cca.pem
new file mode 100644
index 0000000000..69f5c1c84c
--- /dev/null
+++ b/src/lib/libssl/src/certs/rsa-cca.pem
@@ -0,0 +1,19 @@
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/timCA.pem b/src/lib/libssl/src/certs/timCA.pem
new file mode 100644
index 0000000000..9c8d5bf9c6
--- /dev/null
+++ b/src/lib/libssl/src/certs/timCA.pem
@@ -0,0 +1,16 @@
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+-----END CERTIFICATE-----
+
diff --git a/src/lib/libssl/src/certs/tjhCA.pem b/src/lib/libssl/src/certs/tjhCA.pem
new file mode 100644
index 0000000000..67bee1b200
--- /dev/null
+++ b/src/lib/libssl/src/certs/tjhCA.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/vsign2.pem b/src/lib/libssl/src/certs/vsign2.pem
new file mode 100644
index 0000000000..2386e149d0
--- /dev/null
+++ b/src/lib/libssl/src/certs/vsign2.pem
@@ -0,0 +1,31 @@
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+
diff --git a/src/lib/libssl/src/crypto/Makefile.ssl b/src/lib/libssl/src/crypto/Makefile.ssl
new file mode 100644
index 0000000000..efdbba38ac
--- /dev/null
+++ b/src/lib/libssl/src/crypto/Makefile.ssl
@@ -0,0 +1,161 @@
+#
+# SSLeay/crypto/Makefile
+#
+
+DIR=            crypto
+TOP=            ..
+CC=             cc
+INCLUDE=        -I. -I../include
+INCLUDES=       -I.. -I../../include
+CFLAG=          -g
+INSTALLTOP=     /usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+RM=             /bin/rm -f
+AR=             ar r
+
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDE) $(CFLAG) -DCFLAGS=" \"$(CC) $(CFLAG)\" "
+
+ERR=crypto
+ERRC=cpt_err
+
+LIBS=
+
+SDIRS=  md2 md5 sha mdc2 hmac ripemd \
+        des rc2 rc4 rc5 idea bf cast \
+        bn rsa dsa dh \
+        buffer bio stack lhash rand err objects \
+        evp pem x509 \
+        asn1 conf txt_db pkcs7
+
+GENERAL=Makefile README
+
+LIB= $(TOP)/libcrypto.a
+LIBSRC= cryptlib.c mem.c cversion.c ex_data.c $(ERRC).c
+LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= crypto.h cryptall.h
+HEADER= cryptlib.h date.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: date.h lib subdirs
+
+date.h: ../Makefile.ssl ../VERSION
+        echo "#define DATE      \"`date`\"" >date.h
+
+subdirs:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making all in $$i..."; \
+        $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' all ); \
+        done;
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making 'files' in $$i..."; \
+        $(MAKE) files ); \
+        done;
+
+links:
+        /bin/rm -f Makefile 
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../include $(HEADER) ;
+        $(TOP)/util/mklink.sh ../test $(TEST) ;
+        $(TOP)/util/mklink.sh ../apps $(APPS) ;
+        $(TOP)/util/point.sh Makefile.ssl Makefile;
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making links in $$i..."; \
+        $(MAKE) links ); \
+        done;
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+libs:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making libs in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+        done;
+
+tests:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making tests in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
+        done;
+
+install:
+        @for i in $(EXHEADER) ;\
+        do \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making install in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+        done;
+
+lint:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making lint in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
+        done;
+
+depend:
+        $(MAKEDEPEND) $(INCLUDE) $(PROGS) $(LIBSRC)
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making depend in $$i..."; \
+        $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' MAKEDEPEND='${MAKEDEPEND}' depend ); \
+        done;
+
+clean:
+        /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making clean in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
+        done;
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making dclean in $$i..."; \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
+        done;
+
+errors:
+        perl ./err/err_code.pl -conf err/ssleay.ec *.c */*.c ../ssl/*.c ../rsaref/*.c
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl err/err_genc.pl -s $(ERR).h $(ERRC).c
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i; echo "making errors in $$i..."; \
+        $(MAKE) errors ); \
+        done;
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/asn1/Makefile.ssl b/src/lib/libssl/src/crypto/asn1/Makefile.ssl
new file mode 100644
index 0000000000..30751bd156
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/Makefile.ssl
@@ -0,0 +1,120 @@
+#
+# SSLeay/crypto/asn1/Makefile
+#
+
+DIR=    asn1
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=asn1
+ERRC=asn1_err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c \
+        a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+        a_sign.c a_digest.c a_verify.c \
+        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
+        x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c \
+        d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
+        d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
+        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        t_req.c t_x509.c t_pkey.c \
+        p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
+        p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
+        f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
+        a_hdr.c x_pkey.c a_bool.c x_exten.c \
+        asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c \
+        evp_asn1.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o \
+        a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+        a_sign.o a_digest.o a_verify.o \
+        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
+        x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o \
+        d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
+        d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
+        d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+        t_req.o t_x509.o t_pkey.o \
+        p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
+        p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
+        f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
+        a_hdr.o x_pkey.o a_bool.o x_exten.o \
+        asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o \
+        evp_asn1.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  asn1.h asn1_mac.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:   test.c
+        cc -g -I../../include -c test.c
+        cc -g -I../../include -o test test.o -L../.. -lcrypto
+
+pk:     pk.c
+        cc -g -I../../include -c pk.c
+        cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/asn1/f.c b/src/lib/libssl/src/crypto/asn1/f.c
new file mode 100644
index 0000000000..2ab3a262ac
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/f.c
@@ -0,0 +1,80 @@
+/* crypto/asn1/f.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "asn1.h"
+#include "err.h"
+
+main()
+        {
+        ASN1_TYPE *at;
+        char buf[512];
+        int n;
+        long l;
+
+        at=ASN1_TYPE_new();
+
+        n=ASN1_TYPE_set_int_octetstring(at,98736,"01234567",8);
+        printf("%d\n",n);
+        n=ASN1_TYPE_get_int_octetstring(at,&l,buf,8);
+        buf[8]='\0';
+        printf("%ld %d %d\n",l,n,buf[8]);
+        buf[8]='\0';
+        printf("%s\n",buf);
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_cinf.c b/src/lib/libssl/src/crypto/asn1/x_cinf.c
new file mode 100644
index 0000000000..4fc2cc9f6e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_cinf.c
@@ -0,0 +1,197 @@
+/* crypto/asn1/x_cinf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_CINF,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_CINF_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_X509_CINF(a,pp)
+X509_CINF *a;
+unsigned char **pp;
+        {
+        int v1=0,v2=0;
+        M_ASN1_I2D_vars(a);
+
+        M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+        M_ASN1_I2D_len(a->serialNumber,         i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(a->signature,            i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->issuer,               i2d_X509_NAME);
+        M_ASN1_I2D_len(a->validity,             i2d_X509_VAL);
+        M_ASN1_I2D_len(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_len(a->key,                  i2d_X509_PUBKEY);
+        M_ASN1_I2D_len_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_len_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+
+        M_ASN1_I2D_seq_total();
+
+        M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+        M_ASN1_I2D_put(a->serialNumber,         i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(a->signature,            i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->issuer,               i2d_X509_NAME);
+        M_ASN1_I2D_put(a->validity,             i2d_X509_VAL);
+        M_ASN1_I2D_put(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_put(a->key,                  i2d_X509_PUBKEY);
+        M_ASN1_I2D_put_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING,1);
+        M_ASN1_I2D_put_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING,2);
+        M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+
+        M_ASN1_I2D_finish();
+        }
+
+X509_CINF *d2i_X509_CINF(a,pp,length)
+X509_CINF **a;
+unsigned char **pp;
+long length;
+        {
+        int ver=0;
+        M_ASN1_D2I_vars(a,X509_CINF *,X509_CINF_new);
+
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        /* we have the optional version field */
+        if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+                {
+                M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);
+                if (ret->version->data != NULL)
+                        ver=ret->version->data[0];
+                }
+        else
+                {
+                if (ret->version != NULL)
+                        {
+                        ASN1_INTEGER_free(ret->version);
+                        ret->version=NULL;
+                        }
+                }
+        M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
+        M_ASN1_D2I_get(ret->signature,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->validity,d2i_X509_VAL);
+        M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->key,d2i_X509_PUBKEY);
+        if (ver >= 1) /* version 2 extensions */
+                {
+                if (ret->issuerUID != NULL)
+                        {
+                        ASN1_BIT_STRING_free(ret->issuerUID);
+                        ret->issuerUID=NULL;
+                        }
+                if (ret->subjectUID != NULL)
+                        {
+                        ASN1_BIT_STRING_free(ret->subjectUID);
+                        ret->issuerUID=NULL;
+                        }
+                M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING,  1,
+                        V_ASN1_BIT_STRING);
+                M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
+                        V_ASN1_BIT_STRING);
+                }
+        if (ver >= 2) /* version 3 extensions */
+                {
+                if (ret->extensions != NULL)
+                        while (sk_num(ret->extensions))
+                                X509_EXTENSION_free((X509_EXTENSION *)
+                                        sk_pop(ret->extensions));
+                M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,3,
+                        V_ASN1_SEQUENCE);
+                }
+        M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF);
+        }
+
+X509_CINF *X509_CINF_new()
+        {
+        X509_CINF *ret=NULL;
+
+        M_ASN1_New_Malloc(ret,X509_CINF);
+        ret->version=NULL;
+        M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
+        M_ASN1_New(ret->signature,X509_ALGOR_new);
+        M_ASN1_New(ret->issuer,X509_NAME_new);
+        M_ASN1_New(ret->validity,X509_VAL_new);
+        M_ASN1_New(ret->subject,X509_NAME_new);
+        M_ASN1_New(ret->key,X509_PUBKEY_new);
+        ret->issuerUID=NULL;
+        ret->subjectUID=NULL;
+        ret->extensions=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_CINF_NEW);
+        }
+
+void X509_CINF_free(a)
+X509_CINF *a;
+        {
+        if (a == NULL) return;
+        ASN1_INTEGER_free(a->version);
+        ASN1_INTEGER_free(a->serialNumber);
+        X509_ALGOR_free(a->signature);
+        X509_NAME_free(a->issuer);
+        X509_VAL_free(a->validity);
+        X509_NAME_free(a->subject);
+        X509_PUBKEY_free(a->key);
+        ASN1_BIT_STRING_free(a->issuerUID);
+        ASN1_BIT_STRING_free(a->subjectUID);
+        sk_pop_free(a->extensions,X509_EXTENSION_free);
+        Free((char *)a);
+        }
+
diff --git a/src/lib/libssl/src/crypto/bf/Makefile.ssl b/src/lib/libssl/src/crypto/bf/Makefile.ssl
new file mode 100644
index 0000000000..236671f238
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/Makefile.ssl
@@ -0,0 +1,107 @@
+#
+# SSLeay/crypto/blowfish/Makefile
+#
+
+DIR=    bf
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+BF_ENC=         bf_enc.o
+# or use
+#DES_ENC=       bx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=bftest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c 
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= blowfish.h
+HEADER= bf_pi.h bf_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/bx86-elf.o: asm/bx86unix.cpp
+        $(CPP) -DELF asm/bx86unix.cpp | as -o asm/bx86-elf.o
+
+# solaris
+asm/bx86-sol.o: asm/bx86unix.cpp
+        $(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+        as -o asm/bx86-sol.o asm/bx86-sol.s
+        rm -f asm/bx86-sol.s
+
+# a.out
+asm/bx86-out.o: asm/bx86unix.cpp
+        $(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o
+
+# bsdi
+asm/bx86bsdi.o: asm/bx86unix.cpp
+        $(CPP) -DBSDI asm/bx86unix.cpp | as -o asm/bx86bsdi.o
+
+asm/bx86unix.cpp:
+        (cd asm; perl bf-586.pl cpp >bx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/point.sh ../../doc/blowfish.doc blowfish.doc ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/bio/Makefile.ssl b/src/lib/libssl/src/crypto/bio/Makefile.ssl
new file mode 100644
index 0000000000..42e11e1c94
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/Makefile.ssl
@@ -0,0 +1,92 @@
+#
+# SSLeay/crypto/bio/Makefile
+#
+
+DIR=    bio
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=bio
+ERRC=bio_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bio_lib.c bio_cb.c $(ERRC).c \
+        bss_mem.c bss_null.c bss_fd.c \
+        bss_file.c bss_sock.c bss_conn.c \
+        bf_null.c bf_buff.c b_print.c b_dump.c \
+        b_sock.c bss_acpt.c bf_nbio.c
+LIBOBJ= bio_lib.o bio_cb.o $(ERRC).o \
+        bss_mem.o bss_null.o bss_fd.o \
+        bss_file.o bss_sock.o bss_conn.o \
+        bf_null.o bf_buff.o b_print.o b_dump.o \
+        b_sock.o bss_acpt.o bf_nbio.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bio.h bss_file.c
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) bss_file.c ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/bn/Makefile.ssl b/src/lib/libssl/src/crypto/bn/Makefile.ssl
new file mode 100644
index 0000000000..9809d26cbc
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/Makefile.ssl
@@ -0,0 +1,133 @@
+#
+# SSLeay/crypto/bn/Makefile
+#
+
+DIR=    bn
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+BN_MULW=        bn_mulw.o
+# or use
+#BN_MULW=       bn86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=bn
+ERRC=bn_err
+GENERAL=Makefile
+TEST=bntest.c exptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c \
+        bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_blind.c \
+        bn_gcd.c bn_prime.c $(ERRC).c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c \
+        bn_mpi.c
+
+LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o \
+        bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o bn_blind.o \
+        bn_gcd.o bn_prime.o $(ERRC).o bn_sqr.o $(BN_MULW) bn_recp.o bn_mont.o \
+        bn_mpi.o
+
+
+SRC= $(LIBSRC)
+
+EXHEADER= bn.h
+HEADER= bn_lcl.h bn_prime.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+knuth: bn_knuth.c
+        cc -pg -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
+
+knuth.fast: bn_knuth.c
+        cc -pg -fast -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
+
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/bn86-elf.o: asm/bn86unix.cpp
+        $(CPP) -DELF asm/bn86unix.cpp | as -o asm/bn86-elf.o
+
+# solaris
+asm/bn86-sol.o: asm/bn86unix.cpp
+        $(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s
+        as -o asm/bn86-sol.o asm/bn86-sol.s
+        rm -f asm/bn86-sol.s
+
+# a.out
+asm/bn86-out.o: asm/bn86unix.cpp
+        $(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o
+
+# bsdi
+asm/bn86bsdi.o: asm/bn86unix.cpp
+        $(CPP) -DBSDI asm/bn86unix.cpp | as -o asm/bn86bsdi.o
+
+asm/bn86unix.cpp:
+        (cd asm; perl bn-586.pl cpp >bn86unix.cpp )
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+exptest:
+        /bin/rm -f exptest
+        gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+
+div:
+        /bin/rm -f a.out
+        gcc -I.. -g div.c ../../libcrypto.a
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_mulw.s
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # special case .org
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/buffer/Makefile.ssl b/src/lib/libssl/src/crypto/buffer/Makefile.ssl
new file mode 100644
index 0000000000..a5f150e523
--- /dev/null
+++ b/src/lib/libssl/src/crypto/buffer/Makefile.ssl
@@ -0,0 +1,84 @@
+#
+# SSLeay/crypto/buffer/Makefile
+#
+
+DIR=    buffer
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=buffer
+ERRC=buf_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= buffer.c $(ERRC).c
+LIBOBJ= buffer.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= buffer.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/cast/Makefile.ssl b/src/lib/libssl/src/crypto/cast/Makefile.ssl
new file mode 100644
index 0000000000..0143827ae5
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/Makefile.ssl
@@ -0,0 +1,109 @@
+#
+# SSLeay/crypto/cast/Makefile
+#
+
+DIR=    cast
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CAST_ENC=c_enc.o
+# or use
+#CAST_ENC=asm/cx86-elf.o
+#CAST_ENC=asm/cx86-out.o
+#CAST_ENC=asm/cx86-sol.o
+#CAST_ENC=asm/cx86bdsi.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=casttest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c 
+LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= cast.h
+HEADER= cast_s.h cast_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/cx86-elf.o: asm/cx86unix.cpp
+        $(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
+
+# solaris
+asm/cx86-sol.o: asm/cx86unix.cpp
+        $(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+        as -o asm/cx86-sol.o asm/cx86-sol.s
+        rm -f asm/cx86-sol.s
+
+# a.out
+asm/cx86-out.o: asm/cx86unix.cpp
+        $(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+
+# bsdi
+asm/cx86bsdi.o: asm/cx86unix.cpp
+        $(CPP) -DBSDI asm/cx86unix.cpp | as -o asm/cx86bsdi.o
+
+asm/cx86unix.cpp:
+        (cd asm; perl cast-586.pl cpp >cx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/conf/Makefile.ssl b/src/lib/libssl/src/crypto/conf/Makefile.ssl
new file mode 100644
index 0000000000..00e917aa44
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/Makefile.ssl
@@ -0,0 +1,85 @@
+#
+# SSLeay/crypto/conf/Makefile
+#
+
+DIR=    conf
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=conf
+ERRC=conf_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= conf.c $(ERRC).c
+
+LIBOBJ= conf.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= conf.h
+HEADER= conf_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/des/FILES b/src/lib/libssl/src/crypto/des/FILES
new file mode 100644
index 0000000000..4c7ea2de7a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/FILES
@@ -0,0 +1,96 @@
+/* General stuff */
+COPYRIGHT       - Copyright info.
+MODES.DES       - A description of the features of the different modes of DES.
+FILES           - This file.
+INSTALL         - How to make things compile.
+Imakefile       - For use with kerberos.
+README          - What this package is.
+VERSION         - Which version this is and what was changed.
+KERBEROS        - Kerberos version 4 notes.
+Makefile.PL     - An old makefile to build with perl5, not current.
+Makefile.ssl    - The SSLeay makefile
+Makefile.uni    - The normal unix makefile.
+GNUmakefile     - The makefile for use with glibc.
+makefile.bc     - A Borland C makefile
+times           - Some outputs from 'speed' on some machines.
+vms.com         - For use when compiling under VMS
+
+/* My SunOS des(1) replacement */
+des.c           - des(1) source code.
+des.man         - des(1) manual.
+
+/* Testing and timing programs. */
+destest.c       - Source for libdes.a test program.
+speed.c         - Source for libdes.a timing program.
+rpw.c           - Source for libdes.a testing password reading routines.
+
+/* libdes.a source code */
+des_crypt.man   - libdes.a manual page.
+des.h           - Public libdes.a header file.
+ecb_enc.c       - des_ecb_encrypt() source, this contains the basic DES code.
+ecb3_enc.c      - des_ecb3_encrypt() source.
+cbc_ckm.c       - des_cbc_cksum() source.
+cbc_enc.c       - des_cbc_encrypt() source.
+ncbc_enc.c      - des_cbc_encrypt() that is 'normal' in that it copies
+                  the new iv values back in the passed iv vector.
+ede_enc.c       - des_ede3_cbc_encrypt() cbc mode des using triple DES.
+cbc3_enc.c      - des_3cbc_encrypt() source, don't use this function.
+cfb_enc.c       - des_cfb_encrypt() source.
+cfb64enc.c      - des_cfb64_encrypt() cfb in 64 bit mode but setup to be
+                  used as a stream cipher.
+cfb64ede.c      - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
+                  used as a stream cipher and using triple DES.
+ofb_enc.c       - des_cfb_encrypt() source.
+ofb64_enc.c     - des_ofb_encrypt() ofb in 64 bit mode but setup to be
+                  used as a stream cipher.
+ofb64ede.c      - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
+                  used as a stream cipher and using triple DES.
+enc_read.c      - des_enc_read() source.
+enc_writ.c      - des_enc_write() source.
+pcbc_enc.c      - des_pcbc_encrypt() source.
+qud_cksm.c      - quad_cksum() source.
+rand_key.c      - des_random_key() source.
+read_pwd.c      - Source for des_read_password() plus related functions.
+set_key.c       - Source for des_set_key().
+str2key.c       - Covert a string of any length into a key.
+fcrypt.c        - A small, fast version of crypt(3).
+des_locl.h      - Internal libdes.a header file.
+podd.h          - Odd parity tables - used in des_set_key().
+sk.h            - Lookup tables used in des_set_key().
+spr.h           - What is left of the S tables - used in ecb_encrypt().
+des_ver.h       - header file for the external definition of the
+                  version string.
+des.doc         - SSLeay documentation for the library.
+
+/* The perl scripts - you can ignore these files they are only
+ * included for the curious */
+des.pl          - des in perl anyone? des_set_key and des_ecb_encrypt
+                  both done in a perl library.
+testdes.pl      - Testing program for des.pl
+doIP            - Perl script used to develop IP xor/shift code.
+doPC1           - Perl script used to develop PC1 xor/shift code.
+doPC2           - Generates sk.h.
+PC1             - Output of doPC1 should be the same as output from PC1.
+PC2             - used in development of doPC2.
+shifts.pl       - Perl library used by my perl scripts.
+
+/* I started making a perl5 dynamic library for libdes
+ * but did not fully finish, these files are part of that effort. */
+DES.pm
+DES.pod
+DES.xs
+t
+typemap
+
+/* The following are for use with sun RPC implementaions. */
+rpc_des.h
+rpc_enc.c
+
+/* The following are contibuted by Mark Murray <mark@grondar.za>.  They
+ * are not normally built into libdes due to machine specific routines
+ * contained in them.  They are for use in the most recent incarnation of
+ * export kerberos v 4 (eBones). */
+supp.c
+new_rkey.c
+
+
diff --git a/src/lib/libssl/src/crypto/des/Makefile.ssl b/src/lib/libssl/src/crypto/des/Makefile.ssl
new file mode 100644
index 0000000000..78b5189ee3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/Makefile.ssl
@@ -0,0 +1,140 @@
+#
+# SSLeay/crypto/des/Makefile
+#
+
+DIR=    des
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+DES_ENC=        des_enc.o fcrypt_b.o
+# or use
+#DES_ENC=       dx86-elf.o yx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile des.org des_locl.org
+TEST=destest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+        ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+        fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+        qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
+        des_enc.c fcrypt_b.c read2pwd.c \
+        fcrypt.c xcbc_enc.c \
+        str2key.c  cfb64ede.c ofb64ede.c supp.c
+
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+        ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+        enc_read.o enc_writ.o ofb64enc.o \
+        ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+        ${DES_ENC} read2pwd.o \
+        fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o supp.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= des.h
+HEADER= des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/dx86-elf.o: asm/dx86unix.cpp
+        $(CPP) -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+
+asm/yx86-elf.o: asm/yx86unix.cpp
+        $(CPP) -DELF asm/yx86unix.cpp | as -o asm/yx86-elf.o
+
+# solaris
+asm/dx86-sol.o: asm/dx86unix.cpp
+        $(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+        as -o asm/dx86-sol.o asm/dx86-sol.s
+        rm -f asm/dx86-sol.s
+
+asm/yx86-sol.o: asm/yx86unix.cpp
+        $(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+        as -o asm/yx86-sol.o asm/yx86-sol.s
+        rm -f asm/yx86-sol.s
+
+# a.out
+asm/dx86-out.o: asm/dx86unix.cpp
+        $(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+
+asm/yx86-out.o: asm/yx86unix.cpp
+        $(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86unix.cpp
+        $(CPP) -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+
+asm/yx86bsdi.o: asm/yx86unix.cpp
+        $(CPP) -DBSDI asm/yx86unix.cpp | as -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp:
+        (cd asm; perl des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp:
+        (cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile
+        /bin/rm -f des.doc
+        /bin/rm -fr asm/perlasm
+        $(TOP)/util/point.sh ../../perlasm asm/perlasm
+        $(TOP)/util/point.sh ../../doc/des.doc des.doc
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install: installs
+
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/dh/Makefile.ssl b/src/lib/libssl/src/crypto/dh/Makefile.ssl
new file mode 100644
index 0000000000..dfa7e4525d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/Makefile.ssl
@@ -0,0 +1,84 @@
+#
+# SSLeay/crypto/dh/Makefile
+#
+
+DIR=    dh
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=dh
+ERRC=dh_err
+GENERAL=Makefile
+TEST= dhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c $(ERRC).c
+LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dh.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/dsa/Makefile.ssl b/src/lib/libssl/src/crypto/dsa/Makefile.ssl
new file mode 100644
index 0000000000..2cc4ddb39e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/Makefile.ssl
@@ -0,0 +1,84 @@
+#
+# SSLeay/crypto/dsa/Makefile
+#
+
+DIR=    dsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=dsa
+ERRC=dsa_err
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c $(ERRC).c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dsa.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/err/Makefile.ssl b/src/lib/libssl/src/crypto/err/Makefile.ssl
new file mode 100644
index 0000000000..57c87eb041
--- /dev/null
+++ b/src/lib/libssl/src/crypto/err/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/err/Makefile
+#
+
+DIR=    err
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=err.c err_all.c err_prn.c
+LIBOBJ=err.o err_all.o err_prn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= err.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/evp/Makefile.ssl b/src/lib/libssl/src/crypto/evp/Makefile.ssl
new file mode 100644
index 0000000000..8bf2516458
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/Makefile.ssl
@@ -0,0 +1,111 @@
+#
+# SSLeay/crypto/evp/Makefile
+#
+
+DIR=    evp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=evp
+ERRC=evp_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
+        e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c \
+        e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c \
+        e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c \
+        e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c \
+        e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c \
+        e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c \
+        e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c \
+        e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c \
+        m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c \
+        m_ripemd.c \
+        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+        bio_md.c bio_b64.c bio_enc.c $(ERRC).c e_null.c \
+        c_all.c evp_lib.c
+
+LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \
+        e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o \
+        e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o \
+        e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o \
+        e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o \
+        e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o \
+        e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o \
+        e_ecb_c.o e_cbc_c.o e_cfb_c.o e_ofb_c.o \
+        e_ecb_r5.o e_cbc_r5.o e_cfb_r5.o e_ofb_r5.o \
+        m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o \
+        m_ripemd.o \
+        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+        bio_md.o bio_b64.o bio_enc.o $(ERRC).o e_null.o \
+        c_all.o evp_lib.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= evp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/hmac/Makefile.ssl b/src/lib/libssl/src/crypto/hmac/Makefile.ssl
new file mode 100644
index 0000000000..7a042b7261
--- /dev/null
+++ b/src/lib/libssl/src/crypto/hmac/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+
+DIR=    hmac
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=hmactest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=hmac.c
+LIBOBJ=hmac.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= hmac.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/idea/Makefile.ssl b/src/lib/libssl/src/crypto/idea/Makefile.ssl
new file mode 100644
index 0000000000..41b42ce03b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/idea/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/idea/Makefile
+#
+
+DIR=    idea
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ideatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= idea.h
+HEADER= idea_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/lhash/Makefile.ssl b/src/lib/libssl/src/crypto/lhash/Makefile.ssl
new file mode 100644
index 0000000000..cb08547b4f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/lhash/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/lhash/Makefile
+#
+
+DIR=    lhash
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=lhash.c lh_stats.c
+LIBOBJ=lhash.o lh_stats.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= lhash.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/md2/Makefile.ssl b/src/lib/libssl/src/crypto/md2/Makefile.ssl
new file mode 100644
index 0000000000..d8e7200c83
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md2/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+
+DIR=    md
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md2_dgst.c md5_one.c
+LIBOBJ=md2_dgst.o md2_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= md2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/md5/Makefile.ssl b/src/lib/libssl/src/crypto/md5/Makefile.ssl
new file mode 100644
index 0000000000..47e1ce05ca
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md5/Makefile.ssl
@@ -0,0 +1,104 @@
+#
+# SSLeay/crypto/md5/Makefile
+#
+
+DIR=    md5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+MD5_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md5test.c
+APPS=md5.c
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md5_dgst.c md5_one.c
+LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= md5.h
+HEADER= md5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/mx86-elf.o: asm/mx86unix.cpp
+        $(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
+
+# solaris
+asm/mx86-sol.o: asm/mx86unix.cpp
+        $(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+        as -o asm/mx86-sol.o asm/mx86-sol.s
+        rm -f asm/mx86-sol.s
+
+# a.out
+asm/mx86-out.o: asm/mx86unix.cpp
+        $(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+
+# bsdi
+asm/mx86bsdi.o: asm/mx86unix.cpp
+        $(CPP) -DBSDI asm/mx86unix.cpp | as -o asm/mx86bsdi.o
+
+asm/mx86unix.cpp:
+        (cd asm; perl md5-586.pl cpp >mx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/mdc2/Makefile.ssl b/src/lib/libssl/src/crypto/mdc2/Makefile.ssl
new file mode 100644
index 0000000000..495a2789a0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/mdc2/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/mdc2/Makefile
+#
+
+DIR=    mdc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= mdc2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=mdc2dgst.c mdc2_one.c
+LIBOBJ=mdc2dgst.o mdc2_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= mdc2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/objects/Makefile.ssl b/src/lib/libssl/src/crypto/objects/Makefile.ssl
new file mode 100644
index 0000000000..320523cea1
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/Makefile.ssl
@@ -0,0 +1,87 @@
+#
+# SSLeay/crypto/objects/Makefile
+#
+
+DIR=    objects
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=objects
+ERRC=obj_err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= obj_dat.c obj_lib.c $(ERRC).c
+LIBOBJ= obj_dat.o obj_lib.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= objects.h
+HEADER= $(EXHEADER) obj_dat.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    obj_dat.h lib
+
+obj_dat.h: objects.h obj_dat.pl
+        perl ./obj_dat.pl < objects.h > obj_dat.h
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/pem/Makefile.ssl b/src/lib/libssl/src/crypto/pem/Makefile.ssl
new file mode 100644
index 0000000000..fc04a88fd9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pem/Makefile.ssl
@@ -0,0 +1,96 @@
+#
+# SSLeay/crypto/pem/Makefile
+#
+
+DIR=    pem
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=pem
+ERRC=pem_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+CTX_SIZE= ctx_size
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c $(ERRC).c
+
+LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= pem.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    pem.h lib
+
+pem.h: $(CTX_SIZE)
+        ./$(CTX_SIZE) <pem.org >pem.new
+        if [ -f pem.h ]; then mv -f pem.h pem.old; fi
+        mv -f pem.new pem.h
+
+$(CTX_SIZE): $(CTX_SIZE).o
+        $(CC) $(CFLAGS) -o $(CTX_SIZE) $(CTX_SIZE).o
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(CTX_SIZE).c $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f $(CTX_SIZE) *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # SPECIAL CASE .org
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl b/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl
new file mode 100644
index 0000000000..a88359b320
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl
@@ -0,0 +1,86 @@
+#
+# SSLeay/crypto/asn1/Makefile
+#
+
+DIR=    pkcs7
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=pkcs7
+ERRC=pkcs7err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pk7_lib.c pkcs7err.c pk7_doit.c
+LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  pkcs7.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/rand/Makefile.ssl b/src/lib/libssl/src/crypto/rand/Makefile.ssl
new file mode 100644
index 0000000000..d04f0a9b43
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rand/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/rand/Makefile
+#
+
+DIR=    rand
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= randtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md_rand.c randfile.c
+LIBOBJ=md_rand.o randfile.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rand.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/rc2/Makefile.ssl b/src/lib/libssl/src/crypto/rc2/Makefile.ssl
new file mode 100644
index 0000000000..c5138f13e2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/rc2/Makefile
+#
+
+DIR=    rc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc2.h
+HEADER= rc2_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/rc4/Makefile.ssl b/src/lib/libssl/src/crypto/rc4/Makefile.ssl
new file mode 100644
index 0000000000..19c1e980f3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/Makefile.ssl
@@ -0,0 +1,108 @@
+#
+# SSLeay/crypto/rc4/Makefile
+#
+
+DIR=    rc4
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RC4_ENC=rc4_enc.o
+# or use
+#RC4_ENC=asm/rx86-elf.o
+#RC4_ENC=asm/rx86-out.o
+#RC4_ENC=asm/rx86-sol.o
+#RC4_ENC=asm/rx86bdsi.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc4test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc4_skey.c rc4_enc.c
+LIBOBJ=rc4_skey.o $(RC4_ENC)
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc4.h
+HEADER= $(EXHEADER) rc4_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/rx86-elf.o: asm/rx86unix.cpp
+        $(CPP) -DELF asm/rx86unix.cpp | as -o asm/rx86-elf.o
+
+# solaris
+asm/rx86-sol.o: asm/rx86unix.cpp
+        $(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
+        as -o asm/rx86-sol.o asm/rx86-sol.s
+        rm -f asm/rx86-sol.s
+
+# a.out
+asm/rx86-out.o: asm/rx86unix.cpp
+        $(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+
+# bsdi
+asm/rx86bsdi.o: asm/rx86unix.cpp
+        $(CPP) -DBSDI asm/rx86unix.cpp | as -o asm/rx86bsdi.o
+
+asm/rx86unix.cpp:
+        (cd asm; perl rc4-586.pl cpp >rx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/rc5/Makefile.ssl b/src/lib/libssl/src/crypto/rc5/Makefile.ssl
new file mode 100644
index 0000000000..5e98ee2348
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc5/Makefile.ssl
@@ -0,0 +1,107 @@
+#
+# SSLeay/crypto/rc5/Makefile
+#
+
+DIR=    rc5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RC5_ENC=                rc5_enc.o
+# or use
+#DES_ENC=       r586-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc5test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c 
+LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc5.h
+HEADER= rc5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/r586-elf.o: asm/r586unix.cpp
+        $(CPP) -DELF asm/r586unix.cpp | as -o asm/r586-elf.o
+
+# solaris
+asm/r586-sol.o: asm/r586unix.cpp
+        $(CC) -E -DSOL asm/r586unix.cpp | sed 's/^#.*//' > asm/r586-sol.s
+        as -o asm/r586-sol.o asm/r586-sol.s
+        rm -f asm/r586-sol.s
+
+# a.out
+asm/r586-out.o: asm/r586unix.cpp
+        $(CPP) -DOUT asm/r586unix.cpp | as -o asm/r586-out.o
+
+# bsdi
+asm/r586bsdi.o: asm/r586unix.cpp
+        $(CPP) -DBSDI asm/r586unix.cpp | as -o asm/r586bsdi.o
+
+asm/r586unix.cpp:
+        (cd asm; perl rc5-586.pl cpp >r586unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/point.sh ../../doc/rc5.doc rc5.doc ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl b/src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl
new file mode 100644
index 0000000000..172bd9ee1b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl
@@ -0,0 +1,109 @@
+#!/usr/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"rc5-586.pl");
+
+$RC5_MAX_ROUNDS=16;
+$RC5_32_OFF=($RC5_MAX_ROUNDS+2)*4;
+$A="edi";
+$B="esi";
+$S="ebp";
+$tmp1="eax";
+$r="ebx";
+$tmpc="ecx";
+$tmp4="edx";
+
+&RC5_32_encrypt("RC5_32_encrypt",1);
+&RC5_32_encrypt("RC5_32_decrypt",0);
+&cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1);
+&asm_finish();
+
+sub RC5_32_encrypt
+        {
+        local($name,$enc)=@_;
+
+        &function_begin_B($name,"");
+
+        &comment("");
+
+        &push("ebp");
+         &push("esi");
+        &push("edi");
+         &mov($tmp4,&wparam(0));
+        &mov($S,&wparam(1));
+
+        &comment("Load the 2 words");
+         &mov($A,&DWP(0,$tmp4,"",0));
+        &mov($B,&DWP(4,$tmp4,"",0));
+
+        &push($r);
+         &mov($r,       &DWP(0,$S,"",0));
+
+        # encrypting part
+
+        if ($enc)
+                {
+                 &add($A,       &DWP(4+0,$S,"",0));
+                &add($B,        &DWP(4+4,$S,"",0));
+
+                for ($i=0; $i<$RC5_MAX_ROUNDS; $i++)
+                        {
+                         &xor($A,       $B);
+                        &mov($tmp1,     &DWP(12+$i*8,$S,"",0));
+                         &mov($tmpc,    $B);
+                        &rotl($A,       &LB("ecx"));
+                        &add($A,        $tmp1);
+
+                         &xor($B,       $A);
+                        &mov($tmp1,     &DWP(16+$i*8,$S,"",0));
+                         &mov($tmpc,    $A);
+                        &rotl($B,       &LB("ecx"));
+                        &add($B,        $tmp1);
+                        if (($i == 7) || ($i == 11))
+                                {
+                         &cmp($r,       $i+1);
+                        &je(&label("rc5_exit"));
+                                }
+                        }
+                }
+        else
+                {
+                 &cmp($r,       12);
+                &je(&label("rc5_dec_12"));
+                 &cmp($r,       8);
+                &je(&label("rc5_dec_8"));
+                for ($i=$RC5_MAX_ROUNDS; $i > 0; $i--)
+                        {
+                        &set_label("rc5_dec_$i") if ($i == 12) || ($i == 8);
+                         &mov($tmp1,    &DWP($i*8+8,$S,"",0));
+                        &sub($B,        $tmp1);
+                         &mov($tmpc,    $A);
+                        &rotr($B,       &LB("ecx"));
+                        &xor($B,        $A);
+
+                         &mov($tmp1,    &DWP($i*8+4,$S,"",0));
+                        &sub($A,        $tmp1);
+                         &mov($tmpc,    $B);
+                        &rotr($A,       &LB("ecx"));
+                        &xor($A,        $B);
+                        }
+                 &sub($B,       &DWP(4+4,$S,"",0));
+                &sub($A,        &DWP(4+0,$S,"",0));
+                }
+
+        &set_label("rc5_exit");
+         &mov(&DWP(0,$tmp4,"",0),$A);
+        &mov(&DWP(4,$tmp4,"",0),$B);
+
+         &pop("ebx");
+        &pop("edi");
+         &pop("esi");
+        &pop("ebp");
+         &ret();
+        &function_end_B($name);
+        }
+
+
diff --git a/src/lib/libssl/src/crypto/ripemd/Makefile.ssl b/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
new file mode 100644
index 0000000000..67d47ceb2c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
@@ -0,0 +1,104 @@
+#
+# SSLeay/crypto/ripemd/Makefile
+#
+
+DIR=    ripemd
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RIP_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rmdtest.c
+APPS=rmd160.c
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rmd_dgst.c rmd_one.c
+LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= ripemd.h
+HEADER= rmd_locl.h rmdconst.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/rm86-elf.o: asm/rm86unix.cpp
+        $(CPP) -DELF asm/rm86unix.cpp | as -o asm/rm86-elf.o
+
+# solaris
+asm/rm86-sol.o: asm/rm86unix.cpp
+        $(CC) -E -DSOL asm/rm86unix.cpp | sed 's/^#.*//' > asm/rm86-sol.s
+        as -o asm/rm86-sol.o asm/rm86-sol.s
+        rm -f asm/rm86-sol.s
+
+# a.out
+asm/rm86-out.o: asm/rm86unix.cpp
+        $(CPP) -DOUT asm/rm86unix.cpp | as -o asm/rm86-out.o
+
+# bsdi
+asm/rm86bsdi.o: asm/rm86unix.cpp
+        $(CPP) -DBSDI asm/rm86unix.cpp | as -o asm/rm86bsdi.o
+
+asm/rm86unix.cpp:
+        (cd asm; perl rmd-586.pl cpp >rm86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/rsa/Makefile.ssl b/src/lib/libssl/src/crypto/rsa/Makefile.ssl
new file mode 100644
index 0000000000..d52f2e609e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/Makefile.ssl
@@ -0,0 +1,86 @@
+#
+# SSLeay/crypto/rsa/Makefile
+#
+
+DIR=    rsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=rsa
+ERRC=rsa_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c \
+        rsa_pk1.c rsa_ssl.c rsa_none.c
+LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o \
+        rsa_pk1.o rsa_ssl.o rsa_none.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rsa.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/sha/Makefile.ssl b/src/lib/libssl/src/crypto/sha/Makefile.ssl
new file mode 100644
index 0000000000..eeb545d140
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/Makefile.ssl
@@ -0,0 +1,103 @@
+#
+# SSLeay/crypto/sha/Makefile
+#
+
+DIR=    sha
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+SHA1_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=shatest.c sha1test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA1_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= sha.h
+HEADER= sha_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+# elf
+asm/sx86-elf.o: asm/sx86unix.cpp
+        $(CPP) -DELF asm/sx86unix.cpp | as -o asm/sx86-elf.o
+
+# solaris
+asm/sx86-sol.o: asm/sx86unix.cpp
+        $(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
+        as -o asm/sx86-sol.o asm/sx86-sol.s
+        rm -f asm/sx86-sol.s
+
+# a.out
+asm/sx86-out.o: asm/sx86unix.cpp
+        $(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+
+# bsdi
+asm/sx86bsdi.o: asm/sx86unix.cpp
+        $(CPP) -DBSDI asm/sx86unix.cpp | as -o asm/sx86bsdi.o
+
+asm/sx86unix.cpp:
+        (cd asm; perl sha1-586.pl cpp >sx86unix.cpp)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/stack/Makefile.ssl b/src/lib/libssl/src/crypto/stack/Makefile.ssl
new file mode 100644
index 0000000000..0d232c08cf
--- /dev/null
+++ b/src/lib/libssl/src/crypto/stack/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/stack/Makefile
+#
+
+DIR=    stack
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=stack.c
+LIBOBJ=stack.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= stack.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/txt_db/Makefile.ssl b/src/lib/libssl/src/crypto/txt_db/Makefile.ssl
new file mode 100644
index 0000000000..76e511534f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/txt_db/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/txt_db/Makefile
+#
+
+DIR=    txt_db
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=txt_db.c
+LIBOBJ=txt_db.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= txt_db.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/crypto/x509/Makefile.ssl b/src/lib/libssl/src/crypto/x509/Makefile.ssl
new file mode 100644
index 0000000000..1c1ca2ffa0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/Makefile.ssl
@@ -0,0 +1,96 @@
+#
+# SSLeay/crypto/x509/Makefile
+#
+
+DIR=    x509
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=x509
+ERRC=x509_err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+        x509_obj.c x509_req.c x509_vfy.c \
+        x509_set.c x509rset.c $(ERRC).c \
+        x509name.c x509_v3.c x509_ext.c x509pack.c \
+        x509type.c x509_lu.c x_all.c x509_txt.c \
+        by_file.c by_dir.c \
+        v3_net.c v3_x509.c
+LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
+        x509_obj.o x509_req.o x509_vfy.o \
+        x509_set.o x509rset.o $(ERRC).o \
+        x509name.o x509_v3.o x509_ext.o x509pack.o \
+        x509type.o x509_lu.o x_all.o x509_txt.o \
+        by_file.o by_dir.o \
+        v3_net.o v3_x509.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509.h x509_vfy.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/ssl/Makefile.ssl b/src/lib/libssl/src/ssl/Makefile.ssl
new file mode 100644
index 0000000000..f4b13bf83b
--- /dev/null
+++ b/src/lib/libssl/src/ssl/Makefile.ssl
@@ -0,0 +1,100 @@
+#
+# SSLeay/ssl/Makefile
+#
+
+DIR=    ssl
+TOP=    ..
+CC=     cc
+INCLUDES= -I../crypto -I../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=ssl
+ERRC=ssl_err
+GENERAL=Makefile README
+TEST=ssltest.c
+APPS=
+
+LIB=$(TOP)/libssl.a
+LIBSRC= \
+        s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
+        s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
+        s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
+        t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
+        ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
+        ssl_ciph.c ssl_stat.c ssl_rsa.c \
+        ssl_asn1.c ssl_txt.c ssl_algs.c \
+        bio_ssl.c $(ERRC).c
+LIBOBJ= \
+        s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
+        s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
+        s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
+        t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
+        ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
+        ssl_ciph.o ssl_stat.o ssl_rsa.o \
+        ssl_asn1.o ssl_txt.o ssl_algs.o \
+        bio_ssl.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h
+HEADER= $(EXHEADER) ssl_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../test $(TEST)
+        $(TOP)/util/mklink.sh ../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../crypto/err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/test/Makefile.ssl b/src/lib/libssl/src/test/Makefile.ssl
new file mode 100644
index 0000000000..b3de76751e
--- /dev/null
+++ b/src/lib/libssl/src/test/Makefile.ssl
@@ -0,0 +1,294 @@
+#
+# test/Makefile.ssl
+#
+
+DIR=            test
+TOP=            ..
+CC=             cc
+INCLUDES=       -I../include
+CFLAG=          -g
+INSTALLTOP=     /usr/local/ssl
+MAKEFILE=       Makefile.ssl
+MAKE=           make -f $(MAKEFILE)
+MAKEDEPEND=     makedepend -f$(MAKEFILE)
+
+PEX_LIBS=
+EX_LIBS= #-lnsl -lsocket
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile.ssl
+
+DLIBCRYPTO= ../libcrypto.a
+DLIBSSL= ../libssl.a
+LIBCRYPTO= -L.. -lcrypto
+LIBSSL= -L.. -lssl
+
+BNTEST=         bntest
+EXPTEST=        exptest
+IDEATEST=       ideatest
+SHATEST=        shatest
+SHA1TEST=       sha1test
+MDC2TEST=       mdc2test
+RMDTEST=        rmdtest
+MD2TEST=        md2test
+MD5TEST=        md5test
+HMACTEST=       hmactest
+RC2TEST=        rc2test
+RC4TEST=        rc4test
+RC5TEST=        rc5test
+BFTEST=         bftest
+CASTTEST=       casttest
+DESTEST=        destest
+RANDTEST=       randtest
+DHTEST=         dhtest
+DSATEST=        dsatest
+METHTEST=       methtest
+SSLTEST=        ssltest
+
+EXE=    $(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
+        $(RC2TEST) $(RC4TEST) $(RC5TEST) \
+        $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
+        $(RANDTEST) $(DHTEST) \
+        $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST)
+
+# $(METHTEST)
+
+OBJ=    $(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
+        $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+        $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+        $(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
+        $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o
+SRC=    $(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
+        $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+        $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+        $(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
+        $(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c
+
+EXHEADER= 
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:    exe
+
+exe:    $(EXE)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+
+errors:
+
+install:
+
+tags:
+        ctags $(SRC)
+
+tests:  exe apps \
+        test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
+        test_rc2 test_rc4 test_rc5 test_bf test_cast \
+        test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \
+        test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \
+        test_ss test_ssl test_ca
+
+apps:
+        @(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
+
+test_des:
+        #./$(DESTEST)
+
+test_idea:
+        ./$(IDEATEST)
+
+test_sha:
+        ./$(SHATEST)
+        ./$(SHA1TEST)
+
+test_mdc2:
+        ./$(MDC2TEST)
+
+test_md5:
+        ./$(MD5TEST)
+
+test_hmac:
+        ./$(HMACTEST)
+
+test_md2:
+        ./$(MD2TEST)
+
+test_rmd:
+        ./$(RMDTEST)
+
+test_bf:
+        ./$(BFTEST)
+
+test_cast:
+        ./$(CASTTEST)
+
+test_rc2:
+        ./$(RC2TEST)
+
+test_rc4:
+        ./$(RC4TEST)
+
+test_rc5:
+        ./$(RC5TEST)
+
+test_rand:
+        ./$(RANDTEST)
+
+test_enc:
+        @sh ./testenc
+
+test_x509:
+        echo test normal x509v1 certificate
+        sh ./tx509 2>/dev/null
+        echo test first x509v3 certificate
+        sh ./tx509 v3-cert1.pem 2>/dev/null
+        echo test second x509v3 certificate
+        sh ./tx509 v3-cert2.pem 2>/dev/null
+
+test_rsa:
+        @sh ./trsa 2>/dev/null
+
+test_crl:
+        @sh ./tcrl 2>/dev/null
+
+test_sid:
+        @sh ./tsid 2>/dev/null
+
+test_req:
+        @sh ./treq 2>/dev/null
+        @sh ./treq testreq2.pem 2>/dev/null
+
+test_pkcs7:
+        @sh ./tpkcs7 2>/dev/null
+        @sh ./tpkcs7d 2>/dev/null
+
+test_bn:
+        @echo 'test a^b%c implementations'
+        ./$(EXPTEST)
+        @echo starting big number library test, could take a while...
+        @(./$(BNTEST)|bc) | awk '{ \
+if ($$0 != "0") {print "error"; exit(1); } \
+if (((NR+1)%64) == 0) print NR+1," tests done"; }'
+
+test_verify:
+        @echo "The following command should have some OK's and some failures"
+        @echo "There are definitly a few expired certificates"
+        ../apps/ssleay verify -CApath ../certs ../certs/*.pem
+
+test_dh:
+        @echo "Generate as set of DH parameters"
+        ./$(DHTEST)
+
+test_dsa:
+        @echo "Generate as set of DSA parameters"
+        ./$(DSATEST)
+
+test_reqgen:
+        @echo "Generate and verify a certificate request"
+        @sh ./testgen
+
+test_ss:
+        @echo "Generate and certify a test certificate"
+        @sh ./testss
+
+test_ssl:
+        @echo "test SSL protocol"
+        @sh ./testssl
+
+test_ca:
+        @echo "Generate and certify a test certificate via the 'ca' program"
+        @sh ./testca
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+
+$(DLIBSSL):
+        (cd ../ssl; $(MAKE))
+
+$(DLIBCRYPTO):
+        (cd ../crypto; $(MAKE))
+
+$(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
+        $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
+        $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
+        $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+        $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/tools/Makefile.ssl b/src/lib/libssl/src/tools/Makefile.ssl
new file mode 100644
index 0000000000..537e97d268
--- /dev/null
+++ b/src/lib/libssl/src/tools/Makefile.ssl
@@ -0,0 +1,54 @@
+#
+# SSLeay/tools/Makefile
+#
+
+DIR=    tools
+TOP=    ..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile.ssl
+TEST=
+APPS= c_hash c_info c_issuer c_name c_rehash
+
+all:
+
+install:
+        @for i in $(APPS) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/bin/$$i; \
+        chmod 755 $(INSTALLTOP)/bin/$$i ); \
+        done;
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+
+lint:
+
+tags:
+
+errors:
+
+depend:
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/test/Makefile.ssl b/src/lib/libssl/test/Makefile.ssl
new file mode 100644
index 0000000000..b3de76751e
--- /dev/null
+++ b/src/lib/libssl/test/Makefile.ssl
@@ -0,0 +1,294 @@
+#
+# test/Makefile.ssl
+#
+
+DIR=            test
+TOP=            ..
+CC=             cc
+INCLUDES=       -I../include
+CFLAG=          -g
+INSTALLTOP=     /usr/local/ssl
+MAKEFILE=       Makefile.ssl
+MAKE=           make -f $(MAKEFILE)
+MAKEDEPEND=     makedepend -f$(MAKEFILE)
+
+PEX_LIBS=
+EX_LIBS= #-lnsl -lsocket
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile.ssl
+
+DLIBCRYPTO= ../libcrypto.a
+DLIBSSL= ../libssl.a
+LIBCRYPTO= -L.. -lcrypto
+LIBSSL= -L.. -lssl
+
+BNTEST=         bntest
+EXPTEST=        exptest
+IDEATEST=       ideatest
+SHATEST=        shatest
+SHA1TEST=       sha1test
+MDC2TEST=       mdc2test
+RMDTEST=        rmdtest
+MD2TEST=        md2test
+MD5TEST=        md5test
+HMACTEST=       hmactest
+RC2TEST=        rc2test
+RC4TEST=        rc4test
+RC5TEST=        rc5test
+BFTEST=         bftest
+CASTTEST=       casttest
+DESTEST=        destest
+RANDTEST=       randtest
+DHTEST=         dhtest
+DSATEST=        dsatest
+METHTEST=       methtest
+SSLTEST=        ssltest
+
+EXE=    $(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
+        $(RC2TEST) $(RC4TEST) $(RC5TEST) \
+        $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
+        $(RANDTEST) $(DHTEST) \
+        $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST)
+
+# $(METHTEST)
+
+OBJ=    $(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
+        $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+        $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+        $(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
+        $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o
+SRC=    $(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
+        $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+        $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+        $(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
+        $(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c
+
+EXHEADER= 
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:    exe
+
+exe:    $(EXE)
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+
+errors:
+
+install:
+
+tags:
+        ctags $(SRC)
+
+tests:  exe apps \
+        test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
+        test_rc2 test_rc4 test_rc5 test_bf test_cast \
+        test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \
+        test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \
+        test_ss test_ssl test_ca
+
+apps:
+        @(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
+
+test_des:
+        #./$(DESTEST)
+
+test_idea:
+        ./$(IDEATEST)
+
+test_sha:
+        ./$(SHATEST)
+        ./$(SHA1TEST)
+
+test_mdc2:
+        ./$(MDC2TEST)
+
+test_md5:
+        ./$(MD5TEST)
+
+test_hmac:
+        ./$(HMACTEST)
+
+test_md2:
+        ./$(MD2TEST)
+
+test_rmd:
+        ./$(RMDTEST)
+
+test_bf:
+        ./$(BFTEST)
+
+test_cast:
+        ./$(CASTTEST)
+
+test_rc2:
+        ./$(RC2TEST)
+
+test_rc4:
+        ./$(RC4TEST)
+
+test_rc5:
+        ./$(RC5TEST)
+
+test_rand:
+        ./$(RANDTEST)
+
+test_enc:
+        @sh ./testenc
+
+test_x509:
+        echo test normal x509v1 certificate
+        sh ./tx509 2>/dev/null
+        echo test first x509v3 certificate
+        sh ./tx509 v3-cert1.pem 2>/dev/null
+        echo test second x509v3 certificate
+        sh ./tx509 v3-cert2.pem 2>/dev/null
+
+test_rsa:
+        @sh ./trsa 2>/dev/null
+
+test_crl:
+        @sh ./tcrl 2>/dev/null
+
+test_sid:
+        @sh ./tsid 2>/dev/null
+
+test_req:
+        @sh ./treq 2>/dev/null
+        @sh ./treq testreq2.pem 2>/dev/null
+
+test_pkcs7:
+        @sh ./tpkcs7 2>/dev/null
+        @sh ./tpkcs7d 2>/dev/null
+
+test_bn:
+        @echo 'test a^b%c implementations'
+        ./$(EXPTEST)
+        @echo starting big number library test, could take a while...
+        @(./$(BNTEST)|bc) | awk '{ \
+if ($$0 != "0") {print "error"; exit(1); } \
+if (((NR+1)%64) == 0) print NR+1," tests done"; }'
+
+test_verify:
+        @echo "The following command should have some OK's and some failures"
+        @echo "There are definitly a few expired certificates"
+        ../apps/ssleay verify -CApath ../certs ../certs/*.pem
+
+test_dh:
+        @echo "Generate as set of DH parameters"
+        ./$(DHTEST)
+
+test_dsa:
+        @echo "Generate as set of DSA parameters"
+        ./$(DSATEST)
+
+test_reqgen:
+        @echo "Generate and verify a certificate request"
+        @sh ./testgen
+
+test_ss:
+        @echo "Generate and certify a test certificate"
+        @sh ./testss
+
+test_ssl:
+        @echo "test SSL protocol"
+        @sh ./testssl
+
+test_ca:
+        @echo "Generate and certify a test certificate via the 'ca' program"
+        @sh ./testca
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+
+$(DLIBSSL):
+        (cd ../ssl; $(MAKE))
+
+$(DLIBCRYPTO):
+        (cd ../crypto; $(MAKE))
+
+$(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
+        $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
+        $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
+        $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
+        $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+        $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/regress/lib/libc/db/Makefile b/src/regress/lib/libc/db/Makefile
index 5bf343bf64..d42dc96315 100644
--- a/src/regress/lib/libc/db/Makefile
+++ b/src/regress/lib/libc/db/Makefile
@@ -1,11 +1,11 @@
-#       $NetBSD: Makefile,v 1.10 1995/04/20 22:39:11 cgd Exp $
+#       $NetBSD: Makefile,v 1.11 1995/12/12 01:54:15 cgd Exp $
 #       @(#)Makefile    8.1 (Berkeley) 6/4/93
 
 PROG=   dbtest
 
 # add -DSTATISTICS to CFLAGS to get usage statistics.  Note that
 # for this to work, libc must be compiled with -DSTATISTICS as well
-CFLAGS= -g -D__DBINTERFACE_PRIVATE -DDEBUG
+CFLAGS+= -g -D__DBINTERFACE_PRIVATE -DDEBUG
 NOMAN=  noman
 CLEANFILES+= t1 t2 t3
 
diff --git a/src/regress/lib/libc/db/README b/src/regress/lib/libc/db/README
index 3b290b09d8..fddf5c3d5a 100644
--- a/src/regress/lib/libc/db/README
+++ b/src/regress/lib/libc/db/README
@@ -1,5 +1,5 @@
-#       $NetBSD: README,v 1.4 1995/04/20 22:39:18 cgd Exp $
-#       @(#)README      8.4 (Berkeley) 6/20/94
+#       $NetBSD: README,v 1.5 1996/05/03 21:54:19 cgd Exp $
+#       @(#)README      8.8 (Berkeley) 7/31/94
 
 To run the tests, enter "make regress".
 
@@ -9,8 +9,11 @@ the test runs, and even larger files (the database files) are created in
 variable TMPDIR to a directory where the files can be built.
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-The script file consists of lines with a initial character which is
-the "command" for that line.  Legal characters are as follows:
+The script file consists of lines with an initial character which is
+the command for that line, or an initial character indicating a key
+or data entry for a previous command.
+
+Legal command characters are as follows:
 
 c: compare a record
         + must be followed by [kK][dD]; the data value in the database
@@ -19,17 +22,24 @@ c: compare a record
 e: echo a string
         + writes out the rest of the line into the output file; if the
           last character is not a carriage-return, a newline is appended.
+f: set the flags for the next command
+        + no value zero's the flags
 g: do a get command
         + must be followed by [kK]
         + writes out the retrieved data DBT.
+o [r]: dump [reverse]
+        + dump the database out, if 'r' is set, in reverse order.
 p: do a put command
         + must be followed by [kK][dD]
 r: do a del command
-        + must be followed by [kK]
+        + must be followed by [kK] unless R_CURSOR flag set.
+S: sync the database
 s: do a seq command
+        + must be followed by [kK] if R_CURSOR flag set.
         + writes out the retrieved data DBT.
-f: set the flags for the next command
-        + no value zero's the flags
+
+Legal key/data characters are as follows:
+
 D [file]: data file
         + set the current data value to the contents of the file
 d [data]:
@@ -38,17 +48,21 @@ K [file]: key file
         + set the current key value to the contents of the file
 k [data]:
         + set the current key value to the contents of the line.
-o [r]: dump [reverse]
-        + dump the database out, if 'r' is set, in reverse order.
+
+Blank lines, lines with leading white space, and lines with leading
+hash marks (#) are ignored.
 
 Options to dbtest are as follows:
 
+        -d: Set the DB_LOCK flag.
         -f: Use the file argument as the database file.
         -i: Use the rest of the argument to set elements in the info
             structure.  If the type is btree, then "-i cachesize=10240"
             will set BTREEINFO.cachesize to 10240.
         -o: The rest of the argument is the output file instead of
             using stdout.
+        -s: Don't delete the database file before opening it, i.e.
+            use the database file from a previous run.
 
-Dbtest requires two arguments, the type of access "hash", "recno" or
-"btree", and the script name.
+Dbtest requires two arguments, the type of access "hash", "recno"
+or "btree", and the script name or "-" to indicate stdin.
diff --git a/src/regress/lib/libc/db/dbtest.c b/src/regress/lib/libc/db/dbtest.c
index 1fcf09af97..6ccfba5011 100644
--- a/src/regress/lib/libc/db/dbtest.c
+++ b/src/regress/lib/libc/db/dbtest.c
@@ -1,7 +1,7 @@
-/*      $NetBSD: dbtest.c,v 1.7 1995/04/20 22:39:22 cgd Exp $   */
+/*      $NetBSD: dbtest.c,v 1.8 1996/05/03 21:57:48 cgd Exp $   */
 
 /*-
- * Copyright (c) 1992, 1993
+ * Copyright (c) 1992, 1993, 1994
  *      The Regents of the University of California.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -35,15 +35,15 @@
 
 #ifndef lint
 static char copyright[] =
-"@(#) Copyright (c) 1992, 1993\n\
+"@(#) Copyright (c) 1992, 1993, 1994\n\
         The Regents of the University of California.  All rights reserved.\n";
 #endif /* not lint */
 
 #ifndef lint
 #if 0
-static char sccsid[] = "@(#)dbtest.c    8.8 (Berkeley) 2/21/94";
+static char sccsid[] = "@(#)dbtest.c    8.17 (Berkeley) 9/1/94";
 #else
-static char rcsid[] = "$NetBSD: dbtest.c,v 1.7 1995/04/20 22:39:22 cgd Exp $";
+static char rcsid[] = "$NetBSD: dbtest.c,v 1.8 1996/05/03 21:57:48 cgd Exp $";
 #endif
 #endif /* not lint */
 
@@ -71,6 +71,8 @@ void	 get __P((DB *, DBT *));
 void     getdata __P((DB *, DBT *, DBT *));
 void     put __P((DB *, DBT *, DBT *));
 void     rem __P((DB *, DBT *));
+char    *sflags __P((int));
+void     synk __P((DB *));
 void    *rfile __P((char *, size_t *));
 void     seq __P((DB *, DBT *));
 u_int    setflags __P((char *));
@@ -78,13 +80,14 @@ void	*setinfo __P((DBTYPE, char *));
 void     usage __P((void));
 void    *xmalloc __P((char *, size_t));
 
-DBTYPE type;
-void *infop;
-u_long lineno;
-u_int flags;
-int ofd = STDOUT_FILENO;
+DBTYPE type;                            /* Database type. */
+void *infop;                            /* Iflags. */
+u_long lineno;                          /* Current line in test script. */
+u_int flags;                            /* Current DB flags. */
+int ofd = STDOUT_FILENO;                /* Standard output fd. */
 
 DB *XXdbp;                              /* Global for gdb. */
+int XXlineno;                           /* Fast breakpoint for gdb. */
 
 int
 main(argc, argv)
@@ -97,14 +100,15 @@ main(argc, argv)
         DB *dbp;
         DBT data, key, keydata;
         size_t len;
-        int ch, oflags;
-        char *fname, *infoarg, *p, buf[8 * 1024];
+        int ch, oflags, sflag;
+        char *fname, *infoarg, *p, *t, buf[8 * 1024];
 
         infoarg = NULL;
         fname = NULL;
         oflags = O_CREAT | O_RDWR;
-        while ((ch = getopt(argc, argv, "f:i:lo:")) != EOF)
-                switch(ch) {
+        sflag = 0;
+        while ((ch = getopt(argc, argv, "f:i:lo:s")) != -1)
+                switch (ch) {
                 case 'f':
                         fname = optarg;
                         break;
@@ -119,6 +123,9 @@ main(argc, argv)
                             O_WRONLY|O_CREAT|O_TRUNC, 0666)) < 0)
                                 err("%s: %s", optarg, strerror(errno));
                         break;
+                case 's':
+                        sflag = 1;
+                        break;
                 case '?':
                 default:
                         usage();
@@ -133,8 +140,8 @@ main(argc, argv)
         type = dbtype(*argv++);
 
         /* Open the descriptor file. */
-        if (freopen(*argv, "r", stdin) == NULL)
-                err("%s: %s", *argv, strerror(errno));
+        if (strcmp(*argv, "-") && freopen(*argv, "r", stdin) == NULL)
+            err("%s: %s", *argv, strerror(errno));
 
         /* Set up the db structure as necessary. */
         if (infoarg == NULL)
@@ -145,7 +152,10 @@ main(argc, argv)
                         if (*p != '\0')
                                 infop = setinfo(type, p);
 
-        /* Open the DB. */
+        /*
+         * Open the DB.  Delete any preexisting copy, you almost never
+         * want it around, and it often screws up tests.
+         */
         if (fname == NULL) {
                 p = getenv("TMPDIR");
                 if (p == NULL)
@@ -153,7 +163,9 @@ main(argc, argv)
                 (void)sprintf(buf, "%s/__dbtest", p);
                 fname = buf;
                 (void)unlink(buf);
-        }
+        } else  if (!sflag)
+                (void)unlink(fname);
+
         if ((dbp = dbopen(fname,
             oflags, S_IRUSR | S_IWUSR, type, infop)) == NULL)
                 err("dbopen: %s", strerror(errno));
@@ -162,8 +174,16 @@ main(argc, argv)
         state = COMMAND;
         for (lineno = 1;
             (p = fgets(buf, sizeof(buf), stdin)) != NULL; ++lineno) {
-                len = strlen(buf);
-                switch(*p) {
+                /* Delete the newline, displaying the key/data is easier. */
+                if (ofd == STDOUT_FILENO && (t = strchr(p, '\n')) != NULL)
+                        *t = '\0';
+                if ((len = strlen(buf)) == 0 || isspace(*p) || *p == '#')
+                        continue;
+
+                /* Convenient gdb break point. */
+                if (XXlineno == lineno)
+                        XXlineno = 1;
+                switch (*p) {
                 case 'c':                       /* compare */
                         if (state != COMMAND)
                                 err("line %lu: not expecting command", lineno);
@@ -176,7 +196,8 @@ main(argc, argv)
                         /* Don't display the newline, if CR at EOL. */
                         if (p[len - 2] == '\r')
                                 --len;
-                        if (write(ofd, p + 1, len - 1) != len - 1)
+                        if (write(ofd, p + 1, len - 1) != len - 1 ||
+                            write(ofd, "\n", 1) != 1)
                                 err("write: %s", strerror(errno));
                         break;
                 case 'g':                       /* get */
@@ -194,8 +215,19 @@ main(argc, argv)
                 case 'r':                       /* remove */
                         if (state != COMMAND)
                                 err("line %lu: not expecting command", lineno);
-                        state = KEY;
-                        command = REMOVE;
+                        if (flags == R_CURSOR) {
+                                rem(dbp, &key);
+                                state = COMMAND;
+                        } else {
+                                state = KEY;
+                                command = REMOVE;
+                        }
+                        break;
+                case 'S':                       /* sync */
+                        if (state != COMMAND)
+                                err("line %lu: not expecting command", lineno);
+                        synk(dbp);
+                        state = COMMAND;
                         break;
                 case 's':                       /* seq */
                         if (state != COMMAND)
@@ -219,7 +251,7 @@ main(argc, argv)
                                 err("line %lu: not expecting data", lineno);
                         data.data = xmalloc(p + 1, len - 1);
                         data.size = len - 1;
-ldata:                  switch(command) {
+ldata:                  switch (command) {
                         case COMPARE:
                                 compare(&keydata, &data);
                                 break;
@@ -255,7 +287,7 @@ ldata:			switch(command) {
                                 key.data = xmalloc(p + 1, len - 1);
                                 key.size = len - 1;
                         }
-lkey:                   switch(command) {
+lkey:                   switch (command) {
                         case COMPARE:
                                 getdata(dbp, &key, &keydata);
                                 state = DATA;
@@ -271,13 +303,13 @@ lkey:			switch(command) {
                                 break;
                         case REMOVE:
                                 rem(dbp, &key);
-                                if (type != DB_RECNO)
+                                if ((type != DB_RECNO) && (flags != R_CURSOR))
                                         free(key.data);
                                 state = COMMAND;
                                 break;
                         case SEQ:
                                 seq(dbp, &key);
-                                if (type != DB_RECNO)
+                                if ((type != DB_RECNO) && (flags != R_CURSOR))
                                         free(key.data);
                                 state = COMMAND;
                                 break;
@@ -291,11 +323,15 @@ lkey:			switch(command) {
                         break;
                 default:
                         err("line %lu: %s: unknown command character",
-                            p, lineno);
+                            lineno, p);
                 }
         }
 #ifdef STATISTICS
-        if (type == DB_BTREE)
+        /*
+         * -l must be used (DB_LOCK must be set) for this to be
+         * used, otherwise a page will be locked and it will fail.
+         */
+        if (type == DB_BTREE && oflags & DB_LOCK)
                 __bt_stat(dbp);
 #endif
         if (dbp->close(dbp))
@@ -305,7 +341,6 @@ lkey:			switch(command) {
 }
 
 #define NOOVERWRITE     "put failed, would overwrite key\n"
-#define NOSUCHKEY       "get failed, no such key\n"
 
 void
 compare(db1, db2)
@@ -334,17 +369,23 @@ get(dbp, kp)
 {
         DBT data;
 
-        switch(dbp->get(dbp, kp, &data, flags)) {
+        switch (dbp->get(dbp, kp, &data, flags)) {
         case 0:
                 (void)write(ofd, data.data, data.size);
+                if (ofd == STDOUT_FILENO)
+                        (void)write(ofd, "\n", 1);
                 break;
         case -1:
                 err("line %lu: get: %s", lineno, strerror(errno));
                 /* NOTREACHED */
         case 1:
-                (void)write(ofd, NOSUCHKEY, sizeof(NOSUCHKEY) - 1);
-                (void)fprintf(stderr, "%d: %.*s: %s\n", 
-                    lineno, kp->size, kp->data, NOSUCHKEY);
+#define NOSUCHKEY       "get failed, no such key\n"
+                if (ofd != STDOUT_FILENO)
+                        (void)write(ofd, NOSUCHKEY, sizeof(NOSUCHKEY) - 1);
+                else
+                        (void)fprintf(stderr, "%d: %.*s: %s",
+                            lineno, MIN(kp->size, 20), kp->data, NOSUCHKEY);
+#undef  NOSUCHKEY
                 break;
         }
 }
@@ -354,14 +395,14 @@ getdata(dbp, kp, dp)
         DB *dbp;
         DBT *kp, *dp;
 {
-        switch(dbp->get(dbp, kp, dp, flags)) {
+        switch (dbp->get(dbp, kp, dp, flags)) {
         case 0:
                 return;
         case -1:
                 err("line %lu: getdata: %s", lineno, strerror(errno));
                 /* NOTREACHED */
         case 1:
-                err("line %lu: get failed, no such key", lineno);
+                err("line %lu: getdata failed, no such key", lineno);
                 /* NOTREACHED */
         }
 }
@@ -371,7 +412,7 @@ put(dbp, kp, dp)
         DB *dbp;
         DBT *kp, *dp;
 {
-        switch(dbp->put(dbp, kp, dp, flags)) {
+        switch (dbp->put(dbp, kp, dp, flags)) {
         case 0:
                 break;
         case -1:
@@ -388,34 +429,67 @@ rem(dbp, kp)
         DB *dbp;
         DBT *kp;
 {
-        switch(dbp->del(dbp, kp, flags)) {
+        switch (dbp->del(dbp, kp, flags)) {
         case 0:
                 break;
         case -1:
-                err("line %lu: get: %s", lineno, strerror(errno));
+                err("line %lu: rem: %s", lineno, strerror(errno));
                 /* NOTREACHED */
         case 1:
-                (void)write(ofd, NOSUCHKEY, sizeof(NOSUCHKEY) - 1);
+#define NOSUCHKEY       "rem failed, no such key\n"
+                if (ofd != STDOUT_FILENO)
+                        (void)write(ofd, NOSUCHKEY, sizeof(NOSUCHKEY) - 1);
+                else if (flags != R_CURSOR)
+                        (void)fprintf(stderr, "%d: %.*s: %s", 
+                            lineno, MIN(kp->size, 20), kp->data, NOSUCHKEY);
+                else
+                        (void)fprintf(stderr,
+                            "%d: rem of cursor failed\n", lineno);
+#undef  NOSUCHKEY
                 break;
         }
 }
 
 void
+synk(dbp)
+        DB *dbp;
+{
+        switch (dbp->sync(dbp, flags)) {
+        case 0:
+                break;
+        case -1:
+                err("line %lu: synk: %s", lineno, strerror(errno));
+                /* NOTREACHED */
+        }
+}
+
+void
 seq(dbp, kp)
         DB *dbp;
         DBT *kp;
 {
         DBT data;
 
-        switch(dbp->seq(dbp, kp, &data, flags)) {
+        switch (dbp->seq(dbp, kp, &data, flags)) {
         case 0:
                 (void)write(ofd, data.data, data.size);
+                if (ofd == STDOUT_FILENO)
+                        (void)write(ofd, "\n", 1);
                 break;
         case -1:
                 err("line %lu: seq: %s", lineno, strerror(errno));
                 /* NOTREACHED */
         case 1:
-                (void)write(ofd, NOSUCHKEY, sizeof(NOSUCHKEY) - 1);
+#define NOSUCHKEY       "seq failed, no such key\n"
+                if (ofd != STDOUT_FILENO)
+                        (void)write(ofd, NOSUCHKEY, sizeof(NOSUCHKEY) - 1);
+                else if (flags == R_CURSOR)
+                        (void)fprintf(stderr, "%d: %.*s: %s", 
+                            lineno, MIN(kp->size, 20), kp->data, NOSUCHKEY);
+                else
+                        (void)fprintf(stderr,
+                            "%d: seq (%s) failed\n", lineno, sflags(flags));
+#undef  NOSUCHKEY
                 break;
         }
 }
@@ -436,9 +510,11 @@ dump(dbp, rev)
                 nflags = R_NEXT;
         }
         for (;; flags = nflags)
-                switch(dbp->seq(dbp, &key, &data, flags)) {
+                switch (dbp->seq(dbp, &key, &data, flags)) {
                 case 0:
                         (void)write(ofd, data.data, data.size);
+                        if (ofd == STDOUT_FILENO)
+                                (void)write(ofd, "\n", 1);
                         break;
                 case 1:
                         goto done;
@@ -454,34 +530,45 @@ u_int
 setflags(s)
         char *s;
 {
-        char *p, *index();
+        char *p;
 
         for (; isspace(*s); ++s);
-        if (*s == '\n')
+        if (*s == '\n' || *s == '\0')
                 return (0);
-        if ((p = index(s, '\n')) != NULL)
+        if ((p = strchr(s, '\n')) != NULL)
                 *p = '\0';
-        if (!strcmp(s, "R_CURSOR"))
-                return (R_CURSOR);
-        if (!strcmp(s, "R_FIRST"))
-                return (R_FIRST);
-        if (!strcmp(s, "R_IAFTER"))
-                return (R_IAFTER);
-        if (!strcmp(s, "R_IBEFORE"))
-                return (R_IBEFORE);
-        if (!strcmp(s, "R_LAST"))
-                return (R_LAST);
-        if (!strcmp(s, "R_NEXT"))
-                return (R_NEXT);
-        if (!strcmp(s, "R_NOOVERWRITE"))
-                return (R_NOOVERWRITE);
-        if (!strcmp(s, "R_PREV"))
-                return (R_PREV);
-        if (!strcmp(s, "R_SETCURSOR"))
-                return (R_SETCURSOR);
+        if (!strcmp(s, "R_CURSOR"))             return (R_CURSOR);
+        if (!strcmp(s, "R_FIRST"))              return (R_FIRST);
+        if (!strcmp(s, "R_IAFTER"))             return (R_IAFTER);
+        if (!strcmp(s, "R_IBEFORE"))            return (R_IBEFORE);
+        if (!strcmp(s, "R_LAST"))               return (R_LAST);
+        if (!strcmp(s, "R_NEXT"))               return (R_NEXT);
+        if (!strcmp(s, "R_NOOVERWRITE"))        return (R_NOOVERWRITE);
+        if (!strcmp(s, "R_PREV"))               return (R_PREV);
+        if (!strcmp(s, "R_SETCURSOR"))          return (R_SETCURSOR);
+
         err("line %lu: %s: unknown flag", lineno, s);
         /* NOTREACHED */
 }
+
+char *
+sflags(flags)
+        int flags;
+{
+        switch (flags) {
+        case R_CURSOR:          return ("R_CURSOR");
+        case R_FIRST:           return ("R_FIRST");
+        case R_IAFTER:          return ("R_IAFTER");
+        case R_IBEFORE:         return ("R_IBEFORE");
+        case R_LAST:            return ("R_LAST");
+        case R_NEXT:            return ("R_NEXT");
+        case R_NOOVERWRITE:     return ("R_NOOVERWRITE");
+        case R_PREV:            return ("R_PREV");
+        case R_SETCURSOR:       return ("R_SETCURSOR");
+        }
+
+        return ("UNKNOWN!");
+}
         
 DBTYPE
 dbtype(s)
@@ -505,15 +592,15 @@ setinfo(type, s)
         static BTREEINFO ib;
         static HASHINFO ih;
         static RECNOINFO rh;
-        char *eq, *index();
+        char *eq;
 
-        if ((eq = index(s, '=')) == NULL)
+        if ((eq = strchr(s, '=')) == NULL)
                 err("%s: illegal structure set statement", s);
         *eq++ = '\0';
         if (!isdigit(*eq))
                 err("%s: structure set statement must be a number", s);
                 
-        switch(type) {
+        switch (type) {
         case DB_BTREE:
                 if (!strcmp("flags", s)) {
                         ib.flags = atoi(eq);
@@ -601,10 +688,10 @@ rfile(name, lenp)
         struct stat sb;
         void *p;
         int fd;
-        char *np, *index();
+        char *np;
 
         for (; isspace(*name); ++name);
-        if ((np = index(name, '\n')) != NULL)
+        if ((np = strchr(name, '\n')) != NULL)
                 *np = '\0';
         if ((fd = open(name, O_RDONLY, 0)) < 0 ||
             fstat(fd, &sb))
@@ -642,14 +729,14 @@ usage()
         exit(1);
 }
 
-#if __STDC__
+#ifdef __STDC__
 #include <stdarg.h>
 #else
 #include <varargs.h>
 #endif
 
 void
-#if __STDC__
+#ifdef __STDC__
 err(const char *fmt, ...)
 #else
 err(fmt, va_alist)
@@ -658,7 +745,7 @@ err(fmt, va_alist)
 #endif
 {
         va_list ap;
-#if __STDC__
+#ifdef __STDC__
         va_start(ap, fmt);
 #else
         va_start(ap);
diff --git a/src/regress/lib/libc/db/run.test b/src/regress/lib/libc/db/run.test
index 4073310a31..acbd3f49e1 100644
--- a/src/regress/lib/libc/db/run.test
+++ b/src/regress/lib/libc/db/run.test
@@ -1,19 +1,27 @@
 #!/bin/sh -
-#       $NetBSD: run.test,v 1.7 1995/04/20 22:39:27 cgd Exp $
 #
-#       @(#)run.test    8.8 (Berkeley) 6/16/94
+#       $NetBSD: run.test,v 1.8 1996/05/03 21:57:51 cgd Exp $
+#       @(#)run.test    8.10 (Berkeley) 7/26/94
 #
 
 # db regression tests
 main()
 {
 
-DICT=/usr/share/dict/web2
-PROG=./dbtest
-TMP1=t1
-TMP2=t2
-TMP3=t3
+        PROG=./dbtest
+        TMP1=t1
+        TMP2=t2
+        TMP3=t3
 
+        if [ -f /usr/share/dict/words ]; then
+                DICT=/usr/share/dict/words
+        elif [ -f /usr/dict/words ]; then
+                DICT=/usr/dict/words
+        else
+                echo 'run.test: no dictionary'
+                exit 1
+        fi
+        
         if [ $# -eq 0 ]; then
                 for t in 1 2 3 4 5 6 7 8 9 10 11 12 13 20; do
                         test$t
@@ -345,7 +353,7 @@ test7()
                 for (i = 1; i <= 120; ++i)
                         printf("%05d: input key %d: %s\n", i, i, $0);
                 printf("%05d: input key %d: %s\n", 120, 120, $0);
-                printf("get failed, no such key\n");
+                printf("seq failed, no such key\n");
                 printf("%05d: input key %d: %s\n", 1, 1, $0);
                 printf("%05d: input key %d: %s\n", 2, 2, $0);
                 exit;
@@ -364,10 +372,10 @@ test7()
                         for (i = 1; i <= 120; ++i)
                                 printf("s\n");
                         printf("fR_CURSOR\ns\nk120\n");
-                        printf("r\nk120\n");
+                        printf("r\n");
                         printf("fR_NEXT\ns\n");
                         printf("fR_CURSOR\ns\nk1\n");
-                        printf("r\nk1\n");
+                        printf("r\n");
                         printf("fR_FIRST\ns\n");
                 }' > $TMP2
                 $PROG -o $TMP3 recno $TMP2
@@ -397,8 +405,6 @@ test8()
                                 printf("e\t%d of 10             \n", i);
                         printf("r\nkkey1\nr\nkkey2\n");
                 }
-                printf("e\n");
-                printf("eend of test8 run\n");
         }' > $TMP1
         $PROG btree $TMP1
 #       $PROG hash $TMP1
@@ -459,7 +465,7 @@ test10()
                         printf("p\nk%d\nd%s\n", ++i, $0);
                 }
                 END {
-                        printf("fR_CURSOR\nr\nk1\n");
+                        printf("fR_CURSOR\nr\n");
                         printf("eR_CURSOR SHOULD HAVE FAILED\n");
                 }' > $TMP2
                 $PROG -o $TMP3 $type $TMP2 > /dev/null 2>&1
@@ -573,7 +579,8 @@ test13()
                                 echo g
                                 echo k$i
                         done > $TMP2
-                        $PROG -ilorder=$order -f byte.file -o $TMP3 $type $TMP2
+                        $PROG -s \
+                            -ilorder=$order -f byte.file -o $TMP3 $type $TMP2
                         if (cmp -s $TMP1 $TMP3) ; then :
                         else
                                 echo "test13: $type/$order get failed"
diff --git a/src/regress/lib/libc/ieeefp/Makefile b/src/regress/lib/libc/ieeefp/Makefile
index 4e2e517b03..0f453a31e9 100644
--- a/src/regress/lib/libc/ieeefp/Makefile
+++ b/src/regress/lib/libc/ieeefp/Makefile
@@ -1,10 +1,6 @@
-#       $NetBSD: Makefile,v 1.4 1995/10/03 21:59:36 phil Exp $
+#       $NetBSD: Makefile,v 1.5 1996/04/09 16:54:18 phil Exp $
 
-.if ${MACHINE} == "pc532"
-SUBDIR+= round
-.else
 SUBDIR+= except round
-.endif
 
 regress: _SUBDIRUSE
 
diff --git a/src/regress/lib/libc/ieeefp/except/except.c b/src/regress/lib/libc/ieeefp/except/except.c
index 0ffdcdd468..a2a107a788 100644
--- a/src/regress/lib/libc/ieeefp/except/except.c
+++ b/src/regress/lib/libc/ieeefp/except/except.c
@@ -12,6 +12,7 @@ static volatile const double zero = 0.0;
 static volatile const double huge = DBL_MAX;
 static volatile const double tiny = DBL_MIN;
 
+int
 main()
 {
         volatile double x;
diff --git a/src/regress/lib/libc/regex/debug.c b/src/regress/lib/libc/regex/debug.c
index 861f550611..41cd4a557d 100644
--- a/src/regress/lib/libc/regex/debug.c
+++ b/src/regress/lib/libc/regex/debug.c
@@ -218,7 +218,7 @@ FILE *d;
                         fprintf(d, ">");
                         break;
                 default:
-                        fprintf(d, "!%d(%d)!", OP(*s), opnd);
+                        fprintf(d, "!%ld(%ld)!", (long)OP(*s), (long)opnd);
                         break;
                 }
                 if (!done)
diff --git a/src/regress/lib/libc/regex/main.c b/src/regress/lib/libc/regex/main.c
index 8d88a8b9b8..6e63ffc235 100644
--- a/src/regress/lib/libc/regex/main.c
+++ b/src/regress/lib/libc/regex/main.c
@@ -1,10 +1,13 @@
+/*      $OpenBSD: main.c,v 1.3 1997/01/15 23:41:07 millert Exp $        */
 /*      $NetBSD: main.c,v 1.2 1995/04/20 22:39:51 cgd Exp $     */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <regex.h>
 #include <assert.h>
+#include <unistd.h>
 
 #include "main.ih"
 
@@ -25,6 +28,7 @@ extern void regprint();
 /*
  - main - do the simple case, hand off to regress() for regression
  */
+int
 main(argc, argv)
 int argc;
 char *argv[];
@@ -43,7 +47,7 @@ char *argv[];
 
         progname = argv[0];
 
-        while ((c = getopt(argc, argv, "c:e:S:E:x")) != EOF)
+        while ((c = getopt(argc, argv, "c:e:S:E:x")) != -1)
                 switch (c) {
                 case 'c':       /* compile options */
                         copts = options('c', optarg);
@@ -102,10 +106,10 @@ char *argv[];
                 exit(status);
         }
         if (!(copts&REG_NOSUB)) {
-                len = (int)(subs[0].rm_eo - subs[0].rm_so);
+                len = (size_t)(subs[0].rm_eo - subs[0].rm_so);
                 if (subs[0].rm_so != -1) {
                         if (len != 0)
-                                printf("match `%.*s'\n", len,
+                                printf("match `%.*s'\n", (int)len,
                                         argv[optind] + subs[0].rm_so);
                         else
                                 printf("match `'@%.1s\n",
@@ -501,7 +505,6 @@ efind(name)
 char *name;
 {
         static char efbuf[100];
-        size_t n;
         regex_t re;
 
         sprintf(efbuf, "REG_%s", name);
diff --git a/src/regress/lib/libc/setjmp/jmptest.c b/src/regress/lib/libc/setjmp/jmptest.c
index f2cecc9178..16a482640a 100644
--- a/src/regress/lib/libc/setjmp/jmptest.c
+++ b/src/regress/lib/libc/setjmp/jmptest.c
@@ -32,6 +32,7 @@
  */
 
 #include <sys/types.h>
+#include <err.h>
 #include <setjmp.h>
 #include <signal.h>
 #include <stdio.h>
@@ -101,7 +102,7 @@ main(argc, argv)
 #endif
 
         sa.sa_handler = aborthandler;
-        sa.sa_mask = 0;
+        sigemptyset(&sa.sa_mask);
         sa.sa_flags = 0;
         if (sigaction(SIGABRT, &sa, NULL) == -1)
                 err(1, "sigaction failed");
diff --git a/src/usr.bin/nc/Makefile b/src/usr.bin/nc/Makefile
new file mode 100644
index 0000000000..086a9e5ee8
--- /dev/null
+++ b/src/usr.bin/nc/Makefile
@@ -0,0 +1,7 @@
+#       $OpenBSD: Makefile,v 1.2 1997/09/21 11:50:13 deraadt Exp $
+
+CFLAGS+= -DTELNET
+PROG=   nc
+SRCS=   netcat.c
+
+.include <bsd.prog.mk>
diff --git a/src/usr.bin/nc/README b/src/usr.bin/nc/README
new file mode 100644
index 0000000000..4235bc41ac
--- /dev/null
+++ b/src/usr.bin/nc/README
@@ -0,0 +1,946 @@
+Netcat 1.10
+===========                                                        /\_/\
+                                                                  / 0 0 \
+Netcat is a simple Unix utility which reads and writes data      ====v====
+across network connections, using TCP or UDP protocol.            \  W  /
+It is designed to be a reliable "back-end" tool that can          |     |     _
+be used directly or easily driven by other programs and           / ___ \    /
+scripts.  At the same time, it is a feature-rich network         / /   \ \  |
+debugging and exploration tool, since it can create almost      (((-----)))-'
+any kind of connection you would need and has several            /
+interesting built-in capabilities.  Netcat, or "nc" as the      (      ___
+actual program is named, should have been supplied long ago      \__.=|___E
+as another one of those cryptic but standard Unix tools.                /
+
+In the simplest usage, "nc host port" creates a TCP connection to the given
+port on the given target host.  Your standard input is then sent to the host,
+and anything that comes back across the connection is sent to your standard
+output.  This continues indefinitely, until the network side of the connection
+shuts down.  Note that this behavior is different from most other applications
+which shut everything down and exit after an end-of-file on the standard input.
+
+Netcat can also function as a server, by listening for inbound connections
+on arbitrary ports and then doing the same reading and writing.  With minor
+limitations, netcat doesn't really care if it runs in "client" or "server"
+mode -- it still shovels data back and forth until there isn't any more left.
+In either mode, shutdown can be forced after a configurable time of inactivity
+on the network side.
+
+And it can do this via UDP too, so netcat is possibly the "udp telnet-like"
+application you always wanted for testing your UDP-mode servers.  UDP, as the
+"U" implies, gives less reliable data transmission than TCP connections and
+some systems may have trouble sending large amounts of data that way, but it's
+still a useful capability to have.
+
+You may be asking "why not just use telnet to connect to arbitrary ports?"
+Valid question, and here are some reasons.  Telnet has the "standard input
+EOF" problem, so one must introduce calculated delays in driving scripts to
+allow network output to finish.  This is the main reason netcat stays running
+until the *network* side closes.  Telnet also will not transfer arbitrary
+binary data, because certain characters are interpreted as telnet options and
+are thus removed from the data stream.  Telnet also emits some of its
+diagnostic messages to standard output, where netcat keeps such things
+religiously separated from its *output* and will never modify any of the real
+data in transit unless you *really* want it to.  And of course telnet is
+incapable of listening for inbound connections, or using UDP instead.  Netcat
+doesn't have any of these limitations, is much smaller and faster than telnet,
+and has many other advantages.
+
+Some of netcat's major features are:
+
+        Outbound or inbound connections, TCP or UDP, to or from any ports
+        Full DNS forward/reverse checking, with appropriate warnings
+        Ability to use any local source port
+        Ability to use any locally-configured network source address
+        Built-in port-scanning capabilities, with randomizer
+        Built-in loose source-routing capability
+        Can read command line arguments from standard input
+        Slow-send mode, one line every N seconds
+        Hex dump of transmitted and received data
+        Optional ability to let another program service established connections
+        Optional telnet-options responder
+
+Efforts have been made to have netcat "do the right thing" in all its various
+modes.  If you believe that it is doing the wrong thing under whatever
+circumstances, please notify me and tell me how you think it should behave.
+If netcat is not able to do some task you think up, minor tweaks to the code
+will probably fix that.  It provides a basic and easily-modified template for
+writing other network applications, and I certainly encourage people to make
+custom mods and send in any improvements they make to it.  This is the second
+release; the overall differences from 1.00 are relatively minor and have mostly
+to do with portability and bugfixes.  Many people provided greatly appreciated
+fixes and comments on the 1.00 release.  Continued feedback from the Internet
+community is always welcome!
+
+Netcat is entirely my own creation, although plenty of other code was used as
+examples.  It is freely given away to the Internet community in the hope that
+it will be useful, with no restrictions except giving credit where it is due.
+No GPLs, Berkeley copyrights or any of that nonsense.  The author assumes NO
+responsibility for how anyone uses it.  If netcat makes you rich somehow and
+you're feeling generous, mail me a check.  If you are affiliated in any way
+with Microsoft Network, get a life.  Always ski in control.  Comments,
+questions, and patches to hobbit@avian.org.
+
+Building
+========
+
+Compiling is fairly straightforward.  Examine the Makefile for a SYSTYPE that
+matches yours, and do "make <systype>".  The executable "nc" should appear.
+If there is no relevant SYSTYPE section, try "generic".  If you create new
+sections for generic.h and Makefile to support another platform, please follow
+the given format and mail back the diffs.
+
+There are a couple of other settable #defines in netcat.c, which you can
+include as DFLAGS="-DTHIS -DTHAT" to your "make" invocation without having to
+edit the Makefile.  See the following discussions for what they are and do.
+
+If you want to link against the resolver library on SunOS [recommended] and
+you have BIND 4.9.x, you may need to change XLIBS=-lresolv in the Makefile to
+XLIBS="-lresolv -l44bsd".
+
+Linux sys/time.h does not really support presetting of FD_SETSIZE; a harmless
+warning is issued.
+
+Some systems may warn about pointer types for signal().  No problem, though.
+
+Exploration of features
+=======================
+
+Where to begin?  Netcat is at the same time so simple and versatile, it's like
+trying to describe everything you can do with your Swiss Army knife.  This will
+go over the basics; you should also read the usage examples and notes later on
+which may give you even more ideas about what this sort of tool is good for.
+
+If no command arguments are given at all, netcat asks for them, reads a line
+from standard input, and breaks it up into arguments internally.  This can be
+useful when driving netcat from certain types of scripts, with the side effect
+of hiding your command line arguments from "ps" displays.
+
+The host argument can be a name or IP address.  If -n is specified, netcat
+will only accept numeric IP addresses and do no DNS lookups for anything.  If
+-n is not given and -v is turned on, netcat will do a full forward and reverse
+name and address lookup for the host, and warn you about the all-too-common
+problem of mismatched names in the DNS.  This often takes a little longer for
+connection setup, but is useful to know about.  There are circumstances under
+which this can *save* time, such as when you want to know the name for some IP
+address and also connect there.  Netcat will just tell you all about it, saving
+the manual steps of looking up the hostname yourself.  Normally mismatch-
+checking is case-insensitive per the DNS spec, but you can define ANAL at
+compile time to make it case-sensitive -- sometimes useful for uncovering minor
+errors in your own DNS files while poking around your networks.
+
+A port argument is required for outbound connections, and can be numeric or a
+name as listed in /etc/services.  If -n is specified, only numeric arguments
+are valid.  Special syntax and/or more than one port argument cause different
+behavior -- see details below about port-scanning.
+
+The -v switch controls the verbosity level of messages sent to standard error.
+You will probably want to run netcat most of the time with -v turned on, so you
+can see info about the connections it is trying to make.  You will probably
+also want to give a smallish -w argument, which limits the time spent trying to
+make a connection.  I usually alias "nc" to "nc -v -w 3", which makes it
+function just about the same for things I would otherwise use telnet to do.
+The timeout is easily changed by a subsequent -w argument which overrides the
+earlier one.  Specifying -v more than once makes diagnostic output MORE
+verbose.  If -v is not specified at all, netcat silently does its work unless
+some error happens, whereupon it describes the error and exits with a nonzero
+status.  Refused network connections are generally NOT considered to be errors,
+unless you only asked for a single TCP port and it was refused.
+
+Note that -w also sets the network inactivity timeout.  This does not have any
+effect until standard input closes, but then if nothing further arrives from
+the network in the next <timeout> seconds, netcat tries to read the net once
+more for good measure, and then closes and exits.  There are a lot of network
+services now that accept a small amount of input and return a large amount of
+output, such as Gopher and Web servers, which is the main reason netcat was
+written to "block" on the network staying open rather than standard input.
+Handling the timeout this way gives uniform behavior with network servers that
+*don't* close by themselves until told to.
+
+UDP connections are opened instead of TCP when -u is specified.  These aren't
+really "connections" per se since UDP is a connectionless protocol, although
+netcat does internally use the "connected UDP socket" mechanism that most
+kernels support.  Although netcat claims that an outgoing UDP connection is
+"open" immediately, no data is sent until something is read from standard
+input.  Only thereafter is it possible to determine whether there really is a
+UDP server on the other end, and often you just can't tell.  Most UDP protocols
+use timeouts and retries to do their thing and in many cases won't bother
+answering at all, so you should specify a timeout and hope for the best.  You
+will get more out of UDP connections if standard input is fed from a source
+of data that looks like various kinds of server requests.
+
+To obtain a hex dump file of the data sent either way, use "-o logfile".  The
+dump lines begin with "<" or ">" to respectively indicate "from the net" or
+"to the net", and contain the total count per direction, and hex and ascii
+representations of the traffic.  Capturing a hex dump naturally slows netcat
+down a bit, so don't use it where speed is critical.
+
+Netcat can bind to any local port, subject to privilege restrictions and ports
+that are already in use.  It is also possible to use a specific local network
+source address if it is that of a network interface on your machine.  [Note:
+this does not work correctly on all platforms.]  Use "-p portarg" to grab a
+specific local port, and "-s ip-addr" or "-s name" to have that be your source
+IP address.  This is often referred to as "anchoring the socket".  Root users
+can grab any unused source port including the "reserved" ones less than 1024.
+Absence of -p will bind to whatever unused port the system gives you, just like
+any other normal client connection, unless you use -r [see below].
+
+Listen mode will cause netcat to wait for an inbound connection, and then the
+same data transfer happens.  Thus, you can do "nc -l -p 1234 < filename" and
+when someone else connects to your port 1234, the file is sent to them whether
+they wanted it or not.  Listen mode is generally used along with a local port
+argument -- this is required for UDP mode, while TCP mode can have the system
+assign one and tell you what it is if -v is turned on.  If you specify a target
+host and optional port in listen mode, netcat will accept an inbound connection
+only from that host and if you specify one, only from that foreign source port.
+In verbose mode you'll be informed about the inbound connection, including what
+address and port it came from, and since listening on "any" applies to several
+possibilities, which address it came *to* on your end.  If the system supports
+IP socket options, netcat will attempt to retrieve any such options from an
+inbound connection and print them out in hex.
+
+If netcat is compiled with -DGAPING_SECURITY_HOLE, the -e argument specifies
+a program to exec after making or receiving a successful connection.  In the
+listening mode, this works similarly to "inetd" but only for a single instance.
+Use with GREAT CARE.  This piece of the code is normally not enabled; if you
+know what you're doing, have fun.  This hack also works in UDP mode.  Note that
+you can only supply -e with the name of the program, but no arguments.  If you
+want to launch something with an argument list, write a two-line wrapper script
+or just use inetd like always.
+
+If netcat is compiled with -DTELNET, the -t argument enables it to respond
+to telnet option negotiation [always in the negative, i.e. DONT or WONT].
+This allows it to connect to a telnetd and get past the initial negotiation
+far enough to get a login prompt from the server.  Since this feature has
+the potential to modify the data stream, it is not enabled by default.  You
+have to understand why you might need this and turn on the #define yourself.
+
+Data from the network connection is always delivered to standard output as
+efficiently as possible, using large 8K reads and writes.  Standard input is
+normally sent to the net the same way, but the -i switch specifies an "interval
+time" which slows this down considerably.  Standard input is still read in
+large batches, but netcat then tries to find where line breaks exist and sends
+one line every interval time.  Note that if standard input is a terminal, data
+is already read line by line, so unless you make the -i interval rather long,
+what you type will go out at a fairly normal rate.  -i is really designed
+for use when you want to "measure out" what is read from files or pipes.
+
+Port-scanning is a popular method for exploring what's out there.  Netcat
+accepts its commands with options first, then the target host, and everything
+thereafter is interpreted as port names or numbers, or ranges of ports in M-N
+syntax.  CAVEAT: some port names in /etc/services contain hyphens -- netcat
+currently will not correctly parse those, so specify ranges using numbers if
+you can.  If more than one port is thus specified, netcat connects to *all* of
+them, sending the same batch of data from standard input [up to 8K worth] to
+each one that is successfully connected to.  Specifying multiple ports also
+suppresses diagnostic messages about refused connections, unless -v is
+specified twice for "more verbosity".  This way you normally get notified only
+about genuinely open connections.  Example: "nc -v -w 2 -z target 20-30" will
+try connecting to every port between 20 and 30 [inclusive] at the target, and
+will likely inform you about an FTP server, telnet server, and mailer along the
+way.  The -z switch prevents sending any data to a TCP connection and very
+limited probe data to a UDP connection, and is thus useful as a fast scanning
+mode just to see what ports the target is listening on.  To limit scanning
+speed if desired, -i will insert a delay between each port probe.  There are
+some pitfalls with regard to UDP scanning, described later, but in general it
+works well.
+
+For each range of ports specified, scanning is normally done downward within
+that range.  If the -r switch is used, scanning hops randomly around within
+that range and reports open ports as it finds them.  [If you want them listed
+in order regardless, pipe standard error through "sort"...]  In addition, if
+random mode is in effect, the local source ports are also randomized.  This
+prevents netcat from exhibiting any kind of regular pattern in its scanning.
+You can exert fairly fine control over your scan by judicious use of -r and
+selected port ranges to cover.  If you use -r for a single connection, the
+source port will have a random value above 8192, rather than the next one the
+kernel would have assigned you.  Note that selecting a specific local port
+with -p overrides any local-port randomization.
+
+Many people are interested in testing network connectivity using IP source
+routing, even if it's only to make sure their own firewalls are blocking
+source-routed packets.  On systems that support it, the -g switch can be used
+multiple times [up to 8] to construct a loose-source-routed path for your
+connection, and the -G argument positions the "hop pointer" within the list.
+If your network allows source-routed traffic in and out, you can test
+connectivity to your own services via remote points in the internet.  Note that
+although newer BSD-flavor telnets also have source-routing capability, it isn't
+clearly documented and the command syntax is somewhat clumsy.  Netcat's
+handling of "-g" is modeled after "traceroute".
+
+Netcat tries its best to behave just like "cat".  It currently does nothing to
+terminal input modes, and does no end-of-line conversion.  Standard input from
+a terminal is read line by line with normal editing characters in effect.  You
+can freely suspend out of an interactive connection and resume.  ^C or whatever
+your interrupt character is will make netcat close the network connection and
+exit.  A switch to place the terminal in raw mode has been considered, but so
+far has not been necessary.  You can send raw binary data by reading it out of
+a file or piping from another program, so more meaningful effort would be spent
+writing an appropriate front-end driver.
+
+Netcat is not an "arbitrary packet generator", but the ability to talk to raw
+sockets and/or nit/bpf/dlpi may appear at some point.  Such things are clearly
+useful; I refer you to Darren Reed's excellent ip_filter package, which now
+includes a tool to construct and send raw packets with any contents you want.
+
+Example uses -- the light side
+==============================
+
+Again, this is a very partial list of possibilities, but it may get you to
+think up more applications for netcat.  Driving netcat with simple shell or
+expect scripts is an easy and flexible way to do fairly complex tasks,
+especially if you're not into coding network tools in C.  My coding isn't
+particularly strong either [although undoubtedly better after writing this
+thing!], so I tend to construct bare-metal tools like this that I can trivially
+plug into other applications.  Netcat doubles as a teaching tool -- one can
+learn a great deal about more complex network protocols by trying to simulate
+them through raw connections!
+
+An example of netcat as a backend for something else is the shell-script
+Web browser, which simply asks for the relevant parts of a URL and pipes
+"GET /what/ever" into a netcat connection to the server.  I used to do this
+with telnet, and had to use calculated sleep times and other stupidity to
+kludge around telnet's limitations.  Netcat guarantees that I get the whole
+page, and since it transfers all the data unmodified, I can even pull down
+binary image files and display them elsewhere later.  Some folks may find the
+idea of a shell-script web browser silly and strange, but it starts up and
+gets me my info a hell of a lot faster than a GUI browser and doesn't hide
+any contents of links and forms and such.  This is included, as scripts/web,
+along with several other web-related examples.
+
+Netcat is an obvious replacement for telnet as a tool for talking to daemons.
+For example, it is easier to type "nc host 25", talk to someone's mailer, and
+just ^C out than having to type ^]c or QUIT as telnet would require you to do.
+You can quickly catalog the services on your network by telling netcat to
+connect to well-known services and collect greetings, or at least scan for open
+ports.  You'll probably want to collect netcat's diagnostic messages in your
+output files, so be sure to include standard error in the output using
+`>& file' in *csh or `> file 2>&1' in bourne shell.
+
+A scanning example: "echo QUIT | nc -v -w 5 target 20-250 500-600 5990-7000"
+will inform you about a target's various well-known TCP servers, including
+r-services, X, IRC, and maybe a few you didn't expect.  Sending in QUIT and
+using the timeout will almost guarantee that you see some kind of greeting or
+error from each service, which usually indicates what it is and what version.
+[Beware of the "chargen" port, though...]  SATAN uses exactly this technique to
+collect host information, and indeed some of the ideas herein were taken from
+the SATAN backend tools.  If you script this up to try every host in your
+subnet space and just let it run, you will not only see all the services,
+you'll find out about hosts that aren't correctly listed in your DNS.  Then you
+can compare new snapshots against old snapshots to see changes.  For going
+after particular services, a more intrusive example is in scripts/probe.
+
+Netcat can be used as a simple data transfer agent, and it doesn't really
+matter which end is the listener and which end is the client -- input at one
+side arrives at the other side as output.  It is helpful to start the listener
+at the receiving side with no timeout specified, and then give the sending side
+a small timeout.  That way the listener stays listening until you contact it,
+and after data stops flowing the client will time out, shut down, and take the
+listener with it.  Unless the intervening network is fraught with problems,
+this should be completely reliable, and you can always increase the timeout.  A
+typical example of something "rsh" is often used for: on one side,
+
+        nc -l -p 1234 | uncompress -c | tar xvfp -
+
+and then on the other side
+
+        tar cfp - /some/dir | compress -c | nc -w 3 othermachine 1234
+
+will transfer the contents of a directory from one machine to another, without
+having to worry about .rhosts files, user accounts, or inetd configurations
+at either end.  Again, it matters not which is the listener or receiver; the
+"tarring" machine could just as easily be running the listener instead.  One
+could conceivably use a scheme like this for backups, by having cron-jobs fire
+up listeners and backup handlers [which can be restricted to specific addresses
+and ports between each other] and pipe "dump" or "tar" on one machine to "dd
+of=/dev/tapedrive" on another as usual.  Since netcat returns a nonzero exit
+status for a denied listener connection, scripts to handle such tasks could
+easily log and reject connect attempts from third parties, and then retry.
+
+Another simple data-transfer example: shipping things to a PC that doesn't have
+any network applications yet except a TCP stack and a web browser.  Point the
+browser at an arbitrary port on a Unix server by telling it to download
+something like http://unixbox:4444/foo, and have a listener on the Unix side
+ready to ship out a file when the connect comes in.  The browser may pervert
+binary data when told to save the URL, but you can dig the raw data out of
+the on-disk cache.
+
+If you build netcat with GAPING_SECURITY_HOLE defined, you can use it as an
+"inetd" substitute to test experimental network servers that would otherwise
+run under "inetd".  A script or program will have its input and output hooked
+to the network the same way, perhaps sans some fancier signal handling.  Given
+that most network services do not bind to a particular local address, whether
+they are under "inetd" or not, it is possible for netcat avoid the "address
+already in use" error by binding to a specific address.  This lets you [as
+root, for low ports] place netcat "in the way" of a standard service, since
+inbound connections are generally sent to such specifically-bound listeners
+first and fall back to the ones bound to "any".  This allows for a one-off
+experimental simulation of some service, without having to screw around with
+inetd.conf.  Running with -v turned on and collecting a connection log from
+standard error is recommended.
+
+Netcat as well can make an outbound connection and then run a program or script
+on the originating end, with input and output connected to the same network
+port.  This "inverse inetd" capability could enhance the backup-server concept
+described above or help facilitate things such as a "network dialback" concept.
+The possibilities are many and varied here; if such things are intended as
+security mechanisms, it may be best to modify netcat specifically for the
+purpose instead of wrapping such functions in scripts.
+
+Speaking of inetd, netcat will function perfectly well *under* inetd as a TCP
+connection redirector for inbound services, like a "plug-gw" without the
+authentication step.  This is very useful for doing stuff like redirecting
+traffic through your firewall out to other places like web servers and mail
+hubs, while posing no risk to the firewall machine itself.  Put netcat behind
+inetd and tcp_wrappers, perhaps thusly:
+
+        www stream tcp nowait nobody /etc/tcpd /bin/nc -w 3 realwww 80
+
+and you have a simple and effective "application relay" with access control
+and logging.  Note use of the wait time as a "safety" in case realwww isn't
+reachable or the calling user aborts the connection -- otherwise the relay may
+hang there forever.
+
+You can use netcat to generate huge amounts of useless network data for
+various performance testing.  For example, doing
+
+        yes AAAAAAAAAAAAAAAAAAAAAA | nc -v -v -l -p 2222 > /dev/null
+
+on one side and then hitting it with
+
+        yes BBBBBBBBBBBBBBBBBBBBBB | nc othermachine 2222 > /dev/null
+
+from another host will saturate your wires with A's and B's.  The "very
+verbose" switch usage will tell you how many of each were sent and received
+after you interrupt either side.  Using UDP mode produces tremendously MORE
+trash per unit time in the form of fragmented 8 Kbyte mobygrams -- enough to
+stress-test kernels and network interfaces.  Firing random binary data into
+various network servers may help expose bugs in their input handling, which
+nowadays is a popular thing to explore.  A simple example data-generator is
+given in data/data.c included in this package, along with a small collection
+of canned input files to generate various packet contents.  This program is
+documented in its beginning comments, but of interest here is using "%r" to
+generate random bytes at well-chosen points in a data stream.  If you can
+crash your daemon, you likely have a security problem.
+
+The hex dump feature may be useful for debugging odd network protocols,
+especially if you don't have any network monitoring equipment handy or aren't
+root where you'd need to run "tcpdump" or something.  Bind a listening netcat
+to a local port, and have it run a script which in turn runs another netcat
+to the real service and captures the hex dump to a log file.  This sets up a
+transparent relay between your local port and wherever the real service is.
+Be sure that the script-run netcat does *not* use -v, or the extra info it
+sends to standard error may confuse the protocol.  Note also that you cannot
+have the "listen/exec" netcat do the data capture, since once the connection
+arrives it is no longer netcat that is running.
+
+Binding to an arbitrary local port allows you to simulate things like r-service
+clients, if you are root locally.  For example, feeding "^@root^@joe^@pwd^@"
+[where ^@ is a null, and root/joe could be any other local/remote username
+pair] into a "rsh" or "rlogin" server, FROM your port 1023 for example,
+duplicates what the server expects to receive.  Thus, you can test for insecure
+.rhosts files around your network without having to create new user accounts on
+your client machine.  The program data/rservice.c can aid this process by
+constructing the "rcmd" protocol bytes.  Doing this also prevents "rshd" from
+trying to create that separate standard-error socket and still gives you an
+input path, as opposed to the usual action of "rsh -n".  Using netcat for
+things like this can be really useful sometimes, because rsh and rlogin
+generally want a host *name* as an argument and won't accept IP addresses.  If
+your client-end DNS is hosed, as may be true when you're trying to extract
+backup sets on to a dumb client, "netcat -n" wins where normal rsh/rlogin is
+useless.
+
+If you are unsure that a remote syslogger is working, test it with netcat.
+Make a UDP connection to port 514 and type in "<0>message", which should
+correspond to "kern.emerg" and cause syslogd to scream into every file it has
+open [and possibly all over users' terminals].  You can tame this down by
+using a different number and use netcat inside routine scripts to send syslog
+messages to places that aren't configured in syslog.conf.  For example,
+"echo '<38>message' | nc -w 1 -u loggerhost 514" should send to auth.notice
+on loggerhost.  The exact number may vary; check against your syslog.h first.
+
+Netcat provides several ways for you to test your own packet filters.  If you
+bind to a port normally protected against outside access and make a connection
+to somewhere outside your own network, the return traffic will be coming to
+your chosen port from the "outside" and should be blocked.  TCP may get through
+if your filter passes all "ack syn", but it shouldn't be even doing that to low
+ports on your network.  Remember to test with UDP traffic as well!  If your
+filter passes at least outbound source-routed IP packets, bouncing a connection
+back to yourself via some gateway outside your network will create "incoming"
+traffic with your source address, which should get dropped by a correctly
+configured anti-spoofing filter.  This is a "non-test" if you're also dropping
+source-routing, but it's good to be able to test for that too.  Any packet
+filter worth its salt will be blocking source-routed packets in both
+directions, but you never know what interesting quirks you might turn up by
+playing around with source ports and addresses and watching the wires with a
+network monitor.
+
+You can use netcat to protect your own workstation's X server against outside
+access.  X is stupid enough to listen for connections on "any" and never tell
+you when new connections arrive, which is one reason it is so vulnerable.  Once
+you have all your various X windows up and running you can use netcat to bind
+just to your ethernet address and listen to port 6000.  Any new connections
+from outside the machine will hit netcat instead your X server, and you get a
+log of who's trying.  You can either tell netcat to drop the connection, or
+perhaps run another copy of itself to relay to your actual X server on
+"localhost".  This may not work for dedicated X terminals, but it may be
+possible to authorize your X terminal only for its boot server, and run a relay
+netcat over on the server that will in turn talk to your X terminal.  Since
+netcat only handles one listening connection per run, make sure that whatever
+way you rig it causes another one to run and listen on 6000 soon afterward, or
+your real X server will be reachable once again.  A very minimal script just
+to protect yourself could be
+
+        while true ; do
+          nc -v -l -s <your-addr> -p 6000 localhost 2
+        done
+
+which causes netcat to accept and then close any inbound connection to your
+workstation's normal ethernet address, and another copy is immediately run by
+the script.  Send standard error to a file for a log of connection attempts.
+If your system can't do the "specific bind" thing all is not lost; run your
+X server on display ":1" or port 6001, and netcat can still function as a probe
+alarm by listening on 6000.
+
+Does your shell-account provider allow personal Web pages, but not CGI scripts?
+You can have netcat listen on a particular port to execute a program or script
+of your choosing, and then just point to the port with a URL in your homepage.
+The listener could even exist on a completely different machine, avoiding the
+potential ire of the homepage-host administrators.  Since the script will get
+the raw browser query as input it won't look like a typical CGI script, and
+since it's running under your UID you need to write it carefully.  You may want
+to write a netcat-based script as a wrapper that reads a query and sets up
+environment variables for a regular CGI script.  The possibilities for using
+netcat and scripts to handle Web stuff are almost endless.  Again, see the
+examples under scripts/.
+
+Example uses -- the dark side
+=============================
+
+Equal time is deserved here, since a versatile tool like this can be useful
+to any Shade of Hat.  I could use my Victorinox to either fix your car or
+disassemble it, right?  You can clearly use something like netcat to attack
+or defend -- I don't try to govern anyone's social outlook, I just build tools.
+Regardless of your intentions, you should still be aware of these threats to
+your own systems.
+
+The first obvious thing is scanning someone *else's* network for vulnerable
+services.  Files containing preconstructed data, be it exploratory or
+exploitive, can be fed in as standard input, including command-line arguments
+to netcat itself to keep "ps" ignorant of your doings.  The more random the
+scanning, the less likelihood of detection by humans, scan-detectors, or
+dynamic filtering, and with -i you'll wait longer but avoid loading down the
+target's network.  Some examples for crafting various standard UDP probes are
+given in data/*.d.
+
+Some configurations of packet filters attempt to solve the FTP-data problem by
+just allowing such connections from the outside.  These come FROM port 20, TO
+high TCP ports inside -- if you locally bind to port 20, you may find yourself
+able to bypass filtering in some cases.  Maybe not to low ports "inside", but
+perhaps to TCP NFS servers, X servers, Prospero, ciscos that listen on 200x
+and 400x...  Similar bypassing may be possible for UDP [and maybe TCP too] if a
+connection comes from port 53; a filter may assume it's a nameserver response.
+
+Using -e in conjunction with binding to a specific address can enable "server
+takeover" by getting in ahead of the real ones, whereupon you can snarf data
+sent in and feed your own back out.  At the very least you can log a hex dump
+of someone else's session.  If you are root, you can certainly use -s and -e to
+run various hacked daemons without having to touch inetd.conf or the real
+daemons themselves.  You may not always have the root access to deal with low
+ports, but what if you are on a machine that also happens to be an NFS server?
+You might be able to collect some interesting things from port 2049, including
+local file handles.  There are several other servers that run on high ports
+that are likely candidates for takeover, including many of the RPC services on
+some platforms [yppasswdd, anyone?].  Kerberos tickets, X cookies, and IRC
+traffic also come to mind.  RADIUS-based terminal servers connect incoming
+users to shell-account machines on a high port, usually 1642 or thereabouts.
+SOCKS servers run on 1080.  Do "netstat -a" and get creative.
+
+There are some daemons that are well-written enough to bind separately to all
+the local interfaces, possibly with an eye toward heading off this sort of
+problem.  Named from recent BIND releases, and NTP, are two that come to mind.
+Netstat will show these listening on address.53 instead of *.53.  You won't
+be able to get in front of these on any of the real interface addresses, which
+of course is especially interesting in the case of named, but these servers
+sometimes forget about things like "alias" interface addresses or interfaces
+that appear later on such as dynamic PPP links.  There are some hacked web
+servers and versions of "inetd" floating around that specifically bind as well,
+based on a configuration file -- these generally *are* bound to alias addresses
+to offer several different address-based services from one machine.
+
+Using -e to start a remote backdoor shell is another obvious sort of thing,
+easier than constructing a file for inetd to listen on "ingreslock" or
+something, and you can access-control it against other people by specifying a
+client host and port.  Experience with this truly demonstrates how fragile the
+barrier between being "logged in" or not really is, and is further expressed by
+scripts/bsh.  If you're already behind a firewall, it may be easier to make an
+*outbound* connection and then run a shell; a small wrapper script can
+periodically try connecting to a known place and port, you can later listen
+there until the inbound connection arrives, and there's your shell.  Running
+a shell via UDP has several interesting features, although be aware that once
+"connected", the UDP stub sockets tend to show up in "netstat" just like TCP
+connections and may not be quite as subtle as you wanted.  Packets may also be
+lost, so use TCP if you need reliable connections.  But since UDP is
+connectionless, a hookup of this sort will stick around almost forever, even if
+you ^C out of netcat or do a reboot on your side, and you only need to remember
+the ports you used on both ends to reestablish.  And outbound UDP-plus-exec
+connection creates the connected socket and starts the program immediately.  On
+a listening UDP connection, the socket is created once a first packet is
+received.  In either case, though, such a "connection" has the interesting side
+effect that only your client-side IP address and [chosen?] source port will
+thereafter be able to talk to it.  Instant access control!  A non-local third
+party would have to do ALL of the following to take over such a session:
+
+        forge UDP with your source address [trivial to do; see below]
+        guess the port numbers of BOTH ends, or sniff the wire for them
+        arrange to block ICMP or UDP return traffic between it and your real
+          source, so the session doesn't die with a network write error.
+
+The companion program data/rservice.c is helpful in scripting up any sort of
+r-service username or password guessing attack.  The arguments to "rservice"
+are simply the strings that get null-terminated and passed over an "rcmd"-style
+connection, with the assumption that the client does not need a separate
+standard-error port.  Brute-force password banging is best done via "rexec" if
+it is available since it is less likely to log failed attempts.  Thus, doing
+"rservice joe joespass pwd | nc target exec" should return joe's home dir if
+the password is right, or "Permission denied."  Plug in a dictionary and go to
+town.  If you're attacking rsh/rlogin, remember to be root and bind to a port
+between 512 and 1023 on your end, and pipe in "rservice joe joe pwd" and such.
+
+Netcat can prevent inadvertently sending extra information over a telnet
+connection.  Use "nc -t" in place of telnet, and daemons that try to ask for
+things like USER and TERM environment variables will get no useful answers, as
+they otherwise would from a more recent telnet program.  Some telnetds actually
+try to collect this stuff and then plug the USER variable into "login" so that
+the caller is then just asked for a password!  This mechanism could cause a
+login attempt as YOUR real username to be logged over there if you use a
+Borman-based telnet instead of "nc -t".
+
+Got an unused network interface configured in your kernel [e.g. SLIP], or
+support for alias addresses?  Ifconfig one to be any address you like, and bind
+to it with -s to enable all sorts of shenanigans with bogus source addresses.
+The interface probably has to be UP before this works; some SLIP versions
+need a far-end address before this is true.  Hammering on UDP services is then
+a no-brainer.  What you can do to an unfiltered syslog daemon should be fairly
+obvious; trimming the conf file can help protect against it.  Many routers out
+there still blindly believe what they receive via RIP and other routing
+protocols.  Although most UDP echo and chargen servers check if an incoming
+packet was sent from *another* "internal" UDP server, there are many that still
+do not, any two of which [or many, for that matter] could keep each other
+entertained for hours at the expense of bandwidth.  And you can always make
+someone wonder why she's being probed by nsa.gov.
+
+Your TCP spoofing possibilities are mostly limited to destinations you can
+source-route to while locally bound to your phony address.  Many sites block
+source-routed packets these days for precisely this reason.  If your kernel
+does oddball things when sending source-routed packets, try moving the pointer
+around with -G.  You may also have to fiddle with the routing on your own
+machine before you start receiving packets back.  Warning: some machines still
+send out traffic using the source address of the outbound interface, regardless
+of your binding, especially in the case of localhost.  Check first.  If you can
+open a connection but then get no data back from it, the target host is
+probably killing the IP options on its end [this is an option inside TCP
+wrappers and several other packages], which happens after the 3-way handshake
+is completed.  If you send some data and observe the "send-q" side of "netstat"
+for that connection increasing but never getting sent, that's another symptom.
+Beware: if Sendmail 8.7.x detects a source-routed SMTP connection, it extracts
+the hop list and sticks it in the Received: header!
+
+SYN bombing [sometimes called "hosing"] can disable many TCP servers, and if
+you hit one often enough, you can keep it unreachable for days.  As is true of
+many other denial-of-service attacks, there is currently no defense against it
+except maybe at the human level.  Making kernel SOMAXCONN considerably larger
+than the default and the half-open timeout smaller can help, and indeed some
+people running large high-performance web servers have *had* to do that just to
+handle normal traffic.  Taking out mailers and web servers is sociopathic, but
+on the other hand it is sometimes useful to be able to, say, disable a site's
+identd daemon for a few minutes.  If someone realizes what is going on,
+backtracing will still be difficult since the packets have a phony source
+address, but calls to enough ISP NOCs might eventually pinpoint the source.
+It is also trivial for a clueful ISP to watch for or even block outgoing
+packets with obviously fake source addresses, but as we know many of them are
+not clueful or willing to get involved in such hassles.  Besides, outbound
+packets with an [otherwise unreachable] source address in one of their net
+blocks would look fairly legitimate.
+
+Notes
+=====
+
+A discussion of various caveats, subtleties, and the design of the innards.
+
+As of version 1.07 you can construct a single file containing command arguments
+and then some data to transfer.  Netcat is now smart enough to pick out the
+first line and build the argument list, and send any remaining data across the
+net to one or multiple ports.  The first release of netcat had trouble with
+this -- it called fgets() for the command line argument, which behind the
+scenes does a large read() from standard input, perhaps 4096 bytes or so, and
+feeds that out to the fgets() library routine.  By the time netcat 1.00 started
+directly read()ing stdin for more data, 4096 bytes of it were gone.  It now
+uses raw read() everywhere and does the right thing whether reading from files,
+pipes, or ttys.  If you use this for multiple-port connections, the single
+block of data will now be a maximum of 8K minus the first line.  Improvements
+have been made to the logic in sending the saved chunk to each new port.  Note
+that any command-line arguments hidden using this mechanism could still be
+extracted from a core dump.
+
+When netcat receives an inbound UDP connection, it creates a "connected socket"
+back to the source of the connection so that it can also send out data using
+normal write().  Using this mechanism instead of recvfrom/sendto has several
+advantages -- the read/write select loop is simplified, and ICMP errors can in
+effect be received by non-root users.  However, it has the subtle side effect
+that if further UDP packets arrive from the caller but from different source
+ports, the listener will not receive them.  UDP listen mode on a multihomed
+machine may have similar quirks unless you specifically bind to one of its
+addresses.  It is not clear that kernel support for UDP connected sockets
+and/or my understanding of it is entirely complete here, so experiment...
+
+You should be aware of some subtleties concerning UDP scanning.  If -z is on,
+netcat attempts to send a single null byte to the target port, twice, with a
+small time in between.  You can either use the -w timeout, or netcat will try
+to make a "sideline" TCP connection to the target to introduce a small time
+delay equal to the round-trip time between you and the target.  Note that if
+you have a -w timeout and -i timeout set, BOTH take effect and you wait twice
+as long.  The TCP connection is to a normally refused port to minimize traffic,
+but if you notice a UDP fast-scan taking somewhat longer than it should, it
+could be that the target is actually listening on the TCP port.  Either way,
+any ICMP port-unreachable messages from the target should have arrived in the
+meantime.  The second single-byte UDP probe is then sent.  Under BSD kernels,
+the ICMP error is delivered to the "connected socket" and the second write
+returns an error, which tells netcat that there is NOT a UDP service there.
+While Linux seems to be a fortunate exception, under many SYSV derived kernels
+the ICMP is not delivered, and netcat starts reporting that *all* the ports are
+"open" -- clearly wrong.  [Some systems may not even *have* the "udp connected
+socket" concept, and netcat in its current form will not work for UDP at all.]
+If -z is specified and only one UDP port is probed, netcat's exit status
+reflects whether the connection was "open" or "refused" as with TCP.
+
+It may also be that UDP packets are being blocked by filters with no ICMP error
+returns, in which case everything will time out and return "open".  This all
+sounds backwards, but that's how UDP works.  If you're not sure, try "echo
+w00gumz | nc -u -w 2 target 7" to see if you can reach its UDP echo port at
+all.  You should have no trouble using a BSD-flavor system to scan for UDP
+around your own network, although flooding a target with the high activity that
+-z generates will cause it to occasionally drop packets and indicate false
+"opens".  A more "correct" way to do this is collect and analyze the ICMP
+errors, as does SATAN's "udp_scan" backend, but then again there's no guarantee
+that the ICMP gets back to you either.  Udp_scan also does the zero-byte
+probes but is excruciatingly careful to calculate its own round-trip timing
+average and dynamically set its own response timeouts along with decoding any
+ICMP received.  Netcat uses a much sleazier method which is nonetheless quite
+effective.  Cisco routers are known to have a "dead time" in between ICMP
+responses about unreachable UDP ports, so a fast scan of a cisco will show
+almost everything "open".  If you are looking for a specific UDP service, you
+can construct a file containing the right bytes to trigger a response from the
+other end and send that as standard input.  Netcat will read up to 8K of the
+file and send the same data to every UDP port given.  Note that you must use a
+timeout in this case [as would any other UDP client application] since the
+two-write probe only happens if -z is specified.
+
+Many telnet servers insist on a specific set of option negotiations before
+presenting a login banner.  On a raw connection you will see this as small
+amount of binary gook.  My attempts to create fixed input bytes to make a
+telnetd happy worked some places but failed against newer BSD-flavor ones,
+possibly due to timing problems, but there are a couple of much better
+workarounds.  First, compile with -DTELNET and use -t if you just want to get
+past the option negotiation and talk to something on a telnet port.  You will
+still see the binary gook -- in fact you'll see a lot more of it as the options
+are responded to behind the scenes.  The telnet responder does NOT update the
+total byte count, or show up in the hex dump -- it just responds negatively to
+any options read from the incoming data stream.  If you want to use a normal
+full-blown telnet to get to something but also want some of netcat's features
+involved like settable ports or timeouts, construct a tiny "foo" script:
+
+        #! /bin/sh
+        exec nc -otheroptions targethost 23
+
+and then do
+
+        nc -l -p someport -e foo localhost &
+        telnet localhost someport
+
+and your telnet should connect transparently through the exec'ed netcat to
+the target, using whatever options you supplied in the "foo" script.  Don't
+use -t inside the script, or you'll wind up sending *two* option responses.
+
+I've observed inconsistent behavior under some Linuxes [perhaps just older
+ones?] when binding in listen mode.  Sometimes netcat binds only to "localhost"
+if invoked with no address or port arguments, and sometimes it is unable to
+bind to a specific address for listening if something else is already listening
+on "any".  The former problem can be worked around by specifying "-s 0.0.0.0",
+which will do the right thing despite netcat claiming that it's listening on
+[127.0.0.1].  This is a known problem -- for example, there's a mention of it
+in the makefile for SOCKS.  On the flip side, binding to localhost and sending
+packets to some other machine doesn't work as you'd expect -- they go out with
+the source address of the sending interface instead.  The Linux kernel contains
+a specific check to ensure that packets from 127.0.0.1 are never sent to the
+wire; other kernels may contain similar code.  Linux, of course, *still*
+doesn't support source-routing, but they claim that it and many other network
+improvements are at least breathing hard.
+
+There are several possible errors associated with making TCP connections, but
+to specifically see anything other than "refused", one must wait the full
+kernel-defined timeout for a connection to fail.  Netcat's mechanism of
+wrapping an alarm timer around the connect prevents the *real* network error
+from being returned -- "errno" at that point indicates "interrupted system
+call" since the connect attempt was interrupted.  Some old 4.3 BSD kernels
+would actually return things like "host unreachable" immediately if that was
+the case, but most newer kernels seem to wait the full timeout and *then* pass
+back the real error.  Go figure.  In this case, I'd argue that the old way was
+better, despite those same kernels generally being the ones that tear down
+*established* TCP connections when ICMP-bombed.
+
+Incoming socket options are passed to applications by the kernel in the
+kernel's own internal format.  The socket-options structure for source-routing
+contains the "first-hop" IP address first, followed by the rest of the real
+options list.  The kernel uses this as is when sending reply packets -- the
+structure is therefore designed to be more useful to the kernel than to humans,
+but the hex dump of it that netcat produces is still useful to have.
+
+Kernels treat source-routing options somewhat oddly, but it sort of makes sense
+once one understands what's going on internally.  The options list of addresses
+must contain hop1, hop2, ..., destination.  When a source-routed packet is sent
+by the kernel [at least BSD], the actual destination address becomes irrelevant
+because it is replaced with "hop1", "hop1" is removed from the options list,
+and all the other addresses in the list are shifted up to fill the hole.  Thus
+the outbound packet is sent from your chosen source address to the first
+*gateway*, and the options list now contains hop2, ..., destination.  During
+all this address shuffling, the kernel does NOT change the pointer value, which
+is why it is useful to be able to set the pointer yourself -- you can construct
+some really bizarre return paths, and send your traffic fairly directly to the
+target but around some larger loop on the way back.  Some Sun kernels seem to
+never flip the source-route around if it contains less than three hops, never
+reset the pointer anyway, and tries to send the packet [with options containing
+a "completed" source route!!] directly back to the source.  This is way broken,
+of course.  [Maybe ipforwarding has to be on?  I haven't had an opportunity to
+beat on it thoroughly yet.]
+
+"Credits" section: The original idea for netcat fell out of a long-standing
+desire and fruitless search for a tool resembling it and having the same
+features.  After reading some other network code and realizing just how many
+cool things about sockets could be controlled by the calling user, I started
+on the basics and the rest fell together pretty quickly.  Some port-scanning
+ideas were taken from Venema/Farmer's SATAN tool kit, and Pluvius' "pscan"
+utility.  Healthy amounts of BSD kernel source were perused in an attempt to
+dope out socket options and source-route handling; additional help was obtained
+from Dave Borman's telnet sources.  The select loop is loosely based on fairly
+well-known code from "rsh" and Richard Stevens' "sock" program [which itself is
+sort of a "netcat" with more obscure features], with some more paranoid
+sanity-checking thrown in to guard against the distinct likelihood that there
+are subtleties about such things I still don't understand.  I found the
+argument-hiding method cleanly implemented in Barrett's "deslogin"; reading the
+line as input allows greater versatility and is much less prone to cause
+bizarre problems than the more common trick of overwriting the argv array.
+After the first release, several people contributed portability fixes; they are
+credited in generic.h and the Makefile.  Lauren Burka inspired the ascii art
+for this revised document.  Dean Gaudet at Wired supplied a precursor to
+the hex-dump code, and mudge@l0pht.com originally experimented with and
+supplied code for the telnet-options responder.  Outbound "-e <prog>" resulted
+from a need to quietly bypass a firewall installation.  Other suggestions and
+patches have rolled in for which I am always grateful, but there are only 26
+hours per day and a discussion of feature creep near the end of this document.
+
+Netcat was written with the Russian railroad in mind -- conservatively built
+and solid, but it *will* get you there.  While the coding style is fairly
+"tight", I have attempted to present it cleanly [keeping *my* lines under 80
+characters, dammit] and put in plenty of comments as to why certain things
+are done.  Items I know to be questionable are clearly marked with "XXX".
+Source code was made to be modified, but determining where to start is
+difficult with some of the tangles of spaghetti code that are out there.
+Here are some of the major points I feel are worth mentioning about netcat's
+internal design, whether or not you agree with my approach.
+
+Except for generic.h, which changes to adapt more platforms, netcat is a single
+source file.  This has the distinct advantage of only having to include headers
+once and not having to re-declare all my functions in a billion different
+places.  I have attempted to contain all the gross who's-got-what-.h-file
+things in one small dumping ground.  Functions are placed "dependencies-first",
+such that when the compiler runs into the calls later, it already knows the
+type and arguments and won't complain.  No function prototyping -- not even the
+__P(()) crock -- is used, since it is more portable and a file of this size is
+easy enough to check manually.  Each function has a standard-format comment
+ahead of it, which is easily found using the regexp " :$".  I freely use gotos.
+Loops and if-clauses are made as small and non-nested as possible, and the ends
+of same *marked* for clarity [I wish everyone would do this!!].
+
+Large structures and buffers are all malloc()ed up on the fly, slightly larger
+than the size asked for and zeroed out.  This reduces the chances of damage
+from those "end of the buffer" fencepost errors or runaway pointers escaping
+off the end.  These things are permanent per run, so nothing needs to be freed
+until the program exits.
+
+File descriptor zero is always expected to be standard input, even if it is
+closed.  If a new network descriptor winds up being zero, a different one is
+asked for which will be nonzero, and fd zero is simply left kicking around
+for the rest of the run.  Why?  Because everything else assumes that stdin is
+always zero and "netfd" is always positive.  This may seem silly, but it was a
+lot easier to code.  The new fd is obtained directly as a new socket, because
+trying to simply dup() a new fd broke subsequent socket-style use of the new fd
+under Solaris' stupid streams handling in the socket library.
+
+The catch-all message and error handlers are implemented with an ample list of
+phoney arguments to get around various problems with varargs.  Varargs seems
+like deliberate obfuscation in the first place, and using it would also
+require use of vfprintf() which not all platforms support.  The trailing
+sleep in bail() is to allow output to flush, which is sometimes needed if
+netcat is already on the other end of a network connection.
+
+The reader may notice that the section that does DNS lookups seems much
+gnarlier and more confusing than other parts.  This is NOT MY FAULT.  The
+sockaddr and hostent abstractions are an abortion that forces the coder to
+deal with it.  Then again, a lot of BSD kernel code looks like similar
+struct-pointer hell.  I try to straighten it out somewhat by defining my own
+HINF structure, containing names, ascii-format IP addresses, and binary IP
+addresses.  I fill this structure exactly once per host argument, and squirrel
+everything safely away and handy for whatever wants to reference it later.
+
+Where many other network apps use the FIONBIO ioctl to set non-blocking I/O
+on network sockets, netcat uses straightforward blocking I/O everywhere.
+This makes everything very lock-step, relying on the network and filesystem
+layers to feed in data when needed.  Data read in is completely written out
+before any more is fetched.  This may not be quite the right thing to do under
+some OSes that don't do timed select() right, but this remains to be seen.
+
+The hexdump routine is written to be as fast as possible, which is why it does
+so much work itself instead of just sprintf()ing everything together.  Each
+dump line is built into a single buffer and atomically written out using the
+lowest level I/O calls.  Further improvements could undoubtedly be made by
+using writev() and eliminating all sprintf()s, but it seems to fly right along
+as is.  If both exec-a-prog mode and a hexdump file is asked for, the hexdump
+flag is deliberately turned off to avoid creating random zero-length files.
+Files are opened in "truncate" mode; if you want "append" mode instead, change
+the open flags in main().
+
+main() may look a bit hairy, but that's only because it has to go down the
+argv list and handle multiple ports, random mode, and exit status.  Efforts
+have been made to place a minimum of code inside the getopt() loop.  Any real
+work is sent off to functions in what is hopefully a straightforward way.
+
+Obligatory vendor-bash: If "nc" had become a standard utility years ago,
+the commercial vendors would have likely packaged it setuid root and with
+-DGAPING_SECURITY_HOLE turned on but not documented.  It is hoped that netcat
+will aid people in finding and fixing the no-brainer holes of this sort that
+keep appearing, by allowing easier experimentation with the "bare metal" of
+the network layer.
+
+It could be argued that netcat already has too many features.  I have tried
+to avoid "feature creep" by limiting netcat's base functionality only to those
+things which are truly relevant to making network connections and the everyday
+associated DNS lossage we're used to.  Option switches already have slightly
+overloaded functionality.  Random port mode is sort of pushing it.  The
+hex-dump feature went in later because it *is* genuinely useful.  The
+telnet-responder code *almost* verges on the gratuitous, especially since it
+mucks with the data stream, and is left as an optional piece.  Many people have
+asked for example "how 'bout adding encryption?" and my response is that such
+things should be separate entities that could pipe their data *through* netcat
+instead of having their own networking code.  I am therefore not completely
+enthusiastic about adding any more features to this thing, although you are
+still free to send along any mods you think are useful.
+
+Nonetheless, at this point I think of netcat as my tcp/ip swiss army knife,
+and the numerous companion programs and scripts to go with it as duct tape.
+Duct tape of course has a light side and a dark side and binds the universe
+together, and if I wrap enough of it around what I'm trying to accomplish,
+it *will* work.  Alternatively, if netcat is a large hammer, there are many
+network protocols that are increasingly looking like nails by now...
+
+_H* 960320 v1.10 RELEASE -- happy spring!
diff --git a/src/usr.bin/nc/data/Makefile b/src/usr.bin/nc/data/Makefile
new file mode 100644
index 0000000000..65cf185358
--- /dev/null
+++ b/src/usr.bin/nc/data/Makefile
@@ -0,0 +1,10 @@
+all:    data rservice xor
+
+data:   data.c
+        cc -s -O -o data data.c
+rservice:       rservice.c
+        cc -s -O -o rservice rservice.c
+xor:    xor.c
+        cc -s -O -o xor xor.c
+clean:
+        rm -f *.o data rservice xor
diff --git a/src/usr.bin/nc/data/README b/src/usr.bin/nc/data/README
new file mode 100644
index 0000000000..7e4b9fbf63
--- /dev/null
+++ b/src/usr.bin/nc/data/README
@@ -0,0 +1,9 @@
+For now, read the header comments inside each of these for documentation.
+The programs are simple enough that they don't really need a Makefile any more
+complex than the one given; ymmv.  Data and xor may also be useful on DOS,
+which is why there are hooks for it in the code.
+
+data.c          a primitive atob / btoa byte generator
+*.d             example input to "data -g"
+rservice.c      a utility for scripting up rsh/rexec attacks
+xor.c           generic xor handler
diff --git a/src/usr.bin/nc/data/data.c b/src/usr.bin/nc/data/data.c
new file mode 100644
index 0000000000..56c167fd96
--- /dev/null
+++ b/src/usr.bin/nc/data/data.c
@@ -0,0 +1,274 @@
+/* primitive arbitrary-data frontend for netcat.  0.9 960226
+   only handles one value per ascii line, but at least parses 0xNN too
+   an input line containing "%r" during "-g" generates a random byte
+
+   todo:
+        make work on msloss jus' for kicks [workin' on it...]
+
+   syntax: data -X [limit]
+   where X is one of
+        d: dump raw bytes to ascii format
+        g: generate raw bytes from ascii input
+        c: generate ??? of value -- NOTYET
+        r: generate all random bytes
+   and limit is how many bytes to generate or dump [unspecified = infinite]
+
+   *Hobbit*, started 951004 or so and randomly screwed around with since */
+
+#include <stdio.h>
+
+#ifdef MSDOS                            /* for MSC only at the moment... */
+#include <fcntl.h>
+#else /* MSDOS */
+#include <sys/file.h>
+#define HAVE_RANDOM                     /* XXX: might have to change */
+#endif /* MSDOS */
+
+static char buf_in [128];
+static char buf_raw [8192];
+static char surveysez[] = "survey sez... XXX\n";
+
+/* fgetss :
+   wrapper for fgets, that yanks trailing newlines.  Doing the work ourselves
+   instead of calling strchr/strlen/whatever */
+char * fgetss (buf, len, from)
+  char * buf;
+  size_t len;
+  FILE * from;
+{
+  register int x;
+  register char * p, * q;
+  p = fgets (buf, len, from);           /* returns ptr to buf */
+  if (! p)
+    return (NULL);
+  q = p;
+  for (x = 0; x < len; x++) {
+    *p = (*p & 0x7f);                   /* rip parity, just in case */
+    switch (*p) {
+      case '\n':
+      case '\r':
+      case '\0':
+        *p = '\0';
+        return (q);
+    } /* switch */
+    p++;
+  } /* for */
+} /* fgetss */
+
+/* randint:
+   swiped from rndb.c.  Generates an INT, you have to mask down to char. */
+int randint()
+{
+  register int q;
+  register int x;
+
+#ifndef HAVE_RANDOM
+  q = rand();
+#else
+  q = random();
+#endif
+  x = ((q >> 8) & 0xff);        /* perturb low byte using some higher bits */
+  x = q ^ x;
+  return (x);
+}
+
+main (argc, argv)
+  int argc;
+  char ** argv;
+{
+  register unsigned char * p;
+  register char * q;
+  register int x;
+  int bc = 0;
+  int limit = 0;                /* num to gen, or 0 = infinite */
+  register int xlimit;          /* running limit */
+  FILE * txt;                   /* line-by-line ascii file */
+  int raw;                      /* raw bytes fd */
+  int dumping = 0;              /* cmd flags ... */
+  int genning = 0;
+  int randing = 0;
+
+  memset (buf_in, 0, sizeof (buf_in));
+  memset (buf_raw, 0, sizeof (buf_raw));
+
+  xlimit = 1;                           /* doubles as "exit flag" */
+  bc = 1;                               /* preload, assuming "dump" */
+  x = getpid() + 687319;
+/* if your library doesnt have srandom/random, use srand/rand. [from rnd.c] */
+#ifndef HAVE_RANDOM
+  srand (time(0) + x);
+#else
+  srandom (time(0) + x);
+#endif
+
+#ifdef O_BINARY
+/* DOS stupidity */
+/* Aha: *here's* where that setmode() lib call conflict in ?BSD came from */
+  x = setmode (0, O_BINARY);            /* make stdin raw */
+  if (x < 0) {
+    fprintf (stderr, "stdin binary setmode oops: %d\n", x);
+    exit (1);
+  }
+  x = setmode (1, O_BINARY);            /* make stdout raw */
+  if (x < 0) {
+    fprintf (stderr, "stdout binary setmode oops: %d\n", x);
+    exit (1);
+  }
+#endif /* O_BINARY */
+
+  if (argv[1]) {
+    p = argv[1];                /* shit-simple single arg parser... */
+    if (*p == '-')              /* dash is optional, we'll deal */
+      p++;
+    if (*p == 'd')
+      dumping++;
+    if (*p == 'g')
+      genning++;
+    if (*p == 'r')
+      randing++;
+  } /* if argv 1 */
+
+/* optional second argument: limit # of bytes shoveled either way */
+  if (argv[2]) {
+    x = atoi (argv[2]);
+    if (x)
+      limit = x;
+    else
+      goto wrong;
+    xlimit = limit;
+  }
+
+/* Since this prog would likely best be written in assmbler, I'm gonna
+   write it *like* assembler.  So there. */
+
+  if (randing)
+    goto do_rand;
+
+nextbuf:                                /* loop sleaze */
+
+  if (dumping) {                        /* switch off to wherever */
+    if (genning)
+      goto wrong;
+    goto do_dump;
+  }
+  if (genning)
+    goto do_gen;
+wrong:
+  fprintf (stderr, surveysez);          /* if both or neither */
+  exit (1);
+
+do_gen:
+/* here if genning -- original functionality */
+  q = buf_raw;
+  bc = 0;
+/* suck up lines until eof or buf_raw is full */
+  while (1) {
+    p = fgetss (buf_in, 120, stdin);
+    if (! p)
+      break;                            /* EOF */
+/* super-primitive version first: one thingie per line */
+    if (*p == '#')                      /* comment */
+      continue;
+    if (*p == '\0')                     /* blank line */
+      continue;
+    if (*p == '%') {                    /* escape char? */
+      p++;
+      if (*p == 'r') {                  /* random byte */
+        x = randint();
+        goto stuff;
+      } /* %r */
+    } /* if "%" escape */
+    if (*p == '0')
+      if (*(p+1) == 'x')                /* 0x?? */
+        goto hex;
+    x = atoi (p);                       /* reg'lar decimal number */
+    goto stuff;
+
+hex:
+/* A 65   a 97 */
+/* xxx: use a conversion table for this or something.  Since we ripped the
+   parity bit, we only need a preset array of 128 with downconversion factors
+   loaded in *once*.   maybe look at scanf... */
+    p++; p++;                           /* point at hex-chars */
+    x = 0;
+    if ((*p > 96) && (*p < 123))        /* a-z */
+      *p = (*p - 32);                   /* this is massively clumsy */
+    if ((*p > 64) && (*p < 71))         /* A-F */
+      x = (*p - 55);
+    if ((*p > 47) && (*p < 58))         /* digits */
+      x = (*p - 48);
+    p++;
+    if (*p)                             /* another digit? */
+      x = (x << 4);                     /* shift to hi half */
+    if ((*p > 96) && (*p < 123))        /* a-z */
+      *p = (*p - 32);
+    if ((*p > 64) && (*p < 71))         /* A-F */
+      x = (x | (*p - 55));              /* lo half */
+    if ((*p > 47) && (*p < 58))         /* digits */
+      x = (x | (*p - 48));
+
+/* fall thru */
+stuff:                                  /* cvt to byte and add to buffer */
+    *q = (x & 0xff);
+    q++;
+    bc++;
+    if (limit) {
+      xlimit--;
+      if (xlimit == 0)                  /* max num reached */
+        break;
+    } /* limit */
+    if (bc >= sizeof (buf_raw))         /* buffer full */
+      break;
+  } /* while 1 */
+
+/* now in theory we have our buffer formed; shovel it out */
+  x = write (1, buf_raw, bc);
+  if (x <= 0) {
+    fprintf (stderr, "write oops: %d\n", x);
+    exit (1);
+  }
+  if (xlimit && p)
+    goto nextbuf;                       /* go get some more */
+  exit (0);
+
+do_dump:
+/* here if dumping raw stuff into an ascii file */
+/* gad, this is *so* much simpler!  can we say "don't rewrite printf"? */
+  x = read (0, buf_raw, 8192);
+  if (x <= 0)
+    exit (0);
+  q = buf_raw;
+  for ( ; x > 0; x--) {
+    p = q;
+    printf ("%-3.3d # 0x%-2.2x # ", *p, *p);
+    if ((*p > 31) && (*p < 127))
+      printf ("%c %d\n", *p, bc);
+    else
+      printf (". %d\n", bc);
+    q++;
+    bc++;
+    if (limit) {
+      xlimit--;
+      if (xlimit == 0) {
+        fflush (stdout);
+        exit (0);
+      }
+    } /* limit */
+  } /* for */
+  goto nextbuf;
+
+do_rand:
+/* here if generating all-random bytes.  Stays in this loop */
+  p = buf_raw;
+  while (1) {
+    *p = (randint() & 0xff);
+    write (1, p, 1);                    /* makes very slow! */
+    if (limit) {
+      xlimit--;
+      if (xlimit == 0)
+        break;
+    }
+  } /* while */
+  exit (0);
+
+} /* main */
diff --git a/src/usr.bin/nc/data/dns-any.d b/src/usr.bin/nc/data/dns-any.d
new file mode 100644
index 0000000000..77b014cf70
--- /dev/null
+++ b/src/usr.bin/nc/data/dns-any.d
@@ -0,0 +1,36 @@
+# dns "any for ." query, to udp 53
+# if tcp: precede with 2 bytes of len:
+# 0
+# 17
+# you should get at least *one* record back out
+
+# HEADER:
+0       # query id = 2
+2
+
+1       # flags/opcodes = query, dorecurse
+0
+
+0       # qdcount, i.e. nqueries: 1
+1
+
+0       # ancount: answers, 0
+0
+
+0       # nscount: 0
+0
+
+0       # addl records: 0
+0
+
+# end of fixed header
+
+0       # name-len: 0 for ".", lenbyte plus name-bytes otherwise
+
+0       # type: any, 255
+0xff
+
+0       # class: IN
+1
+
+# i think that's it..
diff --git a/src/usr.bin/nc/data/nfs-0.d b/src/usr.bin/nc/data/nfs-0.d
new file mode 100644
index 0000000000..0360938227
--- /dev/null
+++ b/src/usr.bin/nc/data/nfs-0.d
@@ -0,0 +1,59 @@
+# UDP NFS null-proc call; finds active NFS listeners on port 2049.
+# If you get *something* back, there's an NFS server there.
+
+000     # XID: 4 trash bytes
+001
+002
+003
+
+000     # CALL: 0
+000
+000
+000
+
+000     # RPC version: 2
+000
+000
+002
+
+000     # nfs: 100003
+001
+0x86
+0xa3
+
+000     # version: 1
+000
+000
+001
+
+000     # procedure number: 0
+000
+000
+000
+
+000     # port: junk
+000
+000
+000
+
+000     # auth trash
+000
+000
+000
+
+000     # auth trash
+000
+000
+000
+
+000     # auth trash
+000
+000
+000
+
+000     # extra auth trash?  probably not needed
+000
+000
+000
+
+# that's it!
diff --git a/src/usr.bin/nc/data/pm.d b/src/usr.bin/nc/data/pm.d
new file mode 100644
index 0000000000..fe327693a9
--- /dev/null
+++ b/src/usr.bin/nc/data/pm.d
@@ -0,0 +1,8 @@
+# obligatory duplicate of dr delete's Livingston portmaster crash, aka
+# telnet break.  Fire into its telnet listener.  An *old* bug by now, but
+# consider the small window one might obtain from a slightly out-of-rev PM
+# used as a firewall, that starts routing IP traffic BEFORE its filter sets
+# are fully loaded...
+
+255 # 0xff # . 1
+243 # 0xf3 # . 2
diff --git a/src/usr.bin/nc/data/pmap-dump.d b/src/usr.bin/nc/data/pmap-dump.d
new file mode 100644
index 0000000000..bc6b63277d
--- /dev/null
+++ b/src/usr.bin/nc/data/pmap-dump.d
@@ -0,0 +1,60 @@
+# portmap dump request: like "rpcinfo -p" but via UDP instead
+# send to UDP 111 and hope it's not a logging portmapper!
+# split into longwords, since rpc apparently only deals with them
+
+001 # 0x01 # .  # XID: 4 trash bytes
+002 # 0x02 # .
+003 # 0x03 # .
+004 # 0x04 # .
+
+000 # 0x00 # .  # MSG: int 0=call, 1=reply
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .  # pmap call body: rpc version=2
+000 # 0x00 # .
+000 # 0x00 # .
+002 # 0x02 # .
+
+000 # 0x00 # .  # pmap call body: prog=PMAP, 100000
+001 # 0x01 # .
+134 # 0x86 # .
+160 # 0xa0 # .
+
+000 # 0x00 # .  # pmap call body: progversion=2
+000 # 0x00 # .
+000 # 0x00 # .
+002 # 0x02 # .
+
+000 # 0x00 # .  # pmap call body: proc=DUMP, 4
+000 # 0x00 # .
+000 # 0x00 # .
+004 # 0x04 # .
+
+# with AUTH_NONE, there are 4 zero integers [16 bytes] here
+
+000 # 0x00 # .  # auth junk: cb_cred: auth_unix = 1; NONE = 0
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .  # auth junk
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .  # auth junk
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .  # auth junk
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+# The reply you get back contains your XID, int 1 if "accepted", and
+# a whole mess of gobbledygook containing program numbers, versions,
+# and ports that rpcinfo knows how to decode.  For the moment, you get
+# to wade through it yourself...
diff --git a/src/usr.bin/nc/data/pmap-mnt.d b/src/usr.bin/nc/data/pmap-mnt.d
new file mode 100644
index 0000000000..00588ba41f
--- /dev/null
+++ b/src/usr.bin/nc/data/pmap-mnt.d
@@ -0,0 +1,78 @@
+# portmap request for mountd [or whatever; see where prog=MOUNT]
+# send to UDP 111 and hope it's not a logging portmapper!
+# split into longwords, since rpc apparently only deals with them
+
+001 # 0x01 # .  # XID: 4 trash bytes
+002 # 0x02 # .
+003 # 0x03 # .
+004 # 0x04 # .
+
+000 # 0x00 # .  # MSG: int 0=call, 1=reply
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .  # pmap call body: rpc version=2
+000 # 0x00 # .
+000 # 0x00 # .
+002 # 0x02 # .
+
+000 # 0x00 # .  # pmap call body: prog=PMAP, 100000
+001 # 0x01 # .
+134 # 0x86 # .
+160 # 0xa0 # .
+
+000 # 0x00 # .  # pmap call body: progversion=2
+000 # 0x00 # .
+000 # 0x00 # .
+002 # 0x02 # .
+
+000 # 0x00 # .  # pmap call body: proc=GETPORT, 3
+000 # 0x00 # .
+000 # 0x00 # .
+003 # 0x03 # .
+
+# with AUTH_NONE, there are 4 zero integers [16 bytes] here
+
+000 # 0x00 # .  # auth junk: cb_cred: auth_unix = 1; NONE = 0
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .  # auth junk
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .  # auth junk
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .  # auth junk
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .  # prog=MOUNT, 100005
+001 # 0x01 # .
+134 # 0x86 # .
+165 # 0xa5 # .
+
+000 # 0x00 # .  # progversion=1
+000 # 0x00 # .
+000 # 0x00 # .
+001 # 0x01 # .
+
+000 # 0x00 # .  # protocol=udp, 17
+000 # 0x00 # .
+000 # 0x00 # .
+017 # 0x11 # .
+
+000 # 0x00 # .  # proc num = junk
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+# The reply you get back contains your XID, int 1 if "accepted", and
+# mountd's port number at the end or 0 if not registered.
diff --git a/src/usr.bin/nc/data/rip.d b/src/usr.bin/nc/data/rip.d
new file mode 100644
index 0000000000..da505e2143
--- /dev/null
+++ b/src/usr.bin/nc/data/rip.d
@@ -0,0 +1,52 @@
+# struct netinfo {
+#       struct  sockaddr rip_dst;       /* destination net/host */
+#       int     rip_metric;             /* cost of route */
+# };
+# struct rip {
+#       u_char  rip_cmd;                /* request/response */
+#       u_char  rip_vers;               /* protocol version # */
+#       u_char  rip_res1[2];            /* pad to 32-bit boundary */
+#       union {
+#               struct  netinfo ru_nets[1];     /* variable length... */
+#               char    ru_tracefile[1];        /* ditto ... */
+#       } ripun;
+#define rip_nets        ripun.ru_nets
+#define rip_tracefile   ripun.ru_tracefile
+#define RIPCMD_REQUEST          1       /* want info */
+#define RIPCMD_RESPONSE         2       /* responding to request */
+#define RIPCMD_TRACEON          3       /* turn tracing on */
+#define RIPCMD_TRACEOFF         4       /* turn it off */
+#define HOPCNT_INFINITY         16      /* per Xerox NS */
+#define MAXPACKETSIZE           512     /* max broadcast size */
+
+### RIP packet redux
+### UDP send FROM clued-rtr/520 to target/520
+2       # RIPCMD_RESPONSE
+1       # version
+0       # padding
+0
+
+# sockaddr-plus-metric  structs begin, as many as necessary...
+0       # len
+2       # AF_INET
+0       # port
+0
+# addr bytes:
+X
+Y
+Z
+Q
+0       # filler, out to 16 bytes [sizeof (sockaddr)] ...
+0
+0
+0
+0
+0
+0
+0
+0       # metric: net-order integer
+0
+0
+1
+
+## that's it
diff --git a/src/usr.bin/nc/data/rservice.c b/src/usr.bin/nc/data/rservice.c
new file mode 100644
index 0000000000..1085d9cb78
--- /dev/null
+++ b/src/usr.bin/nc/data/rservice.c
@@ -0,0 +1,68 @@
+/* generate ^@string1^@string2^@cmd^@ input to netcat, for scripting up
+   rsh/rexec attacks.  Needs to be a prog because shells strip out nulls.
+
+   args:
+        locuser remuser [cmd]
+        remuser passwd [cmd]
+
+   cmd defaults to "pwd".
+
+   ... whatever.  _H*/
+
+#include <stdio.h>
+
+/* change if you like; "id" is a good one for figuring out if you won too */
+static char cmd[] = "pwd";
+
+static char buf [256];
+
+main(argc, argv)
+  int argc;
+  char * argv[];
+{
+  register int x;
+  register int y;
+  char * p;
+  char * q;
+
+  p = buf;
+  memset (buf, 0, 256);
+
+  p++;                          /* first null */
+  y = 1;
+
+  if (! argv[1])
+    goto wrong;
+  x = strlen (argv[1]);
+  memcpy (p, argv[1], x);       /* first arg plus another null */
+  x++;
+  p += x;
+  y += x;
+
+  if (! argv[2])
+    goto wrong;
+  x = strlen (argv[2]);
+  memcpy (p, argv[2], x);       /* second arg plus null */
+  x++;
+  p += x;
+  y += x;
+
+  q = cmd;
+  if (argv[3])
+    q = argv[3];
+  x = strlen (q);               /* not checked -- bfd */
+  memcpy (p, q, x);             /* the command, plus final null */
+  x++;
+  p += x;
+  y += x;
+
+  memcpy (p, "\n", 1);          /* and a newline, so it goes */
+  y++;
+
+  write (1, buf, y);            /* zot! */
+  exit (0);
+
+wrong:
+  fprintf (stderr, "wrong!  needs 2 or more args.\n");
+  exit (1);
+}
diff --git a/src/usr.bin/nc/data/showmount.d b/src/usr.bin/nc/data/showmount.d
new file mode 100644
index 0000000000..499794bc8a
--- /dev/null
+++ b/src/usr.bin/nc/data/showmount.d
@@ -0,0 +1,63 @@
+# UDP mountd call.  Use as input to find mount daemons and avoid portmap.
+# Useful proc numbers are 2, 5, and 6.
+# UDP-scan around between 600-800 to find most mount daemons.
+# Using this with "2", plugged into "nc -u -v -w 2 victim X-Y" will
+# directly scan *and* dump the current exports when mountd is hit.
+# combine stdout *and* stderr thru "strings" or something to clean it up
+
+000     # XID: 4 trash bytes
+001
+002
+003
+
+000     # CALL: 0
+000
+000
+000
+
+000     # RPC version: 2
+000
+000
+002
+
+000     # mount: 100005
+001
+0x86
+0xa5
+
+000     # mount version: 1
+000
+000
+001
+
+000     # procedure number -- put what you need here:
+000     #       2 = dump  [showmount -e]
+000     #       5 = exportlist [showmount -a]
+xxx     # "sed s/xxx/$1/ | data -g | nc ..."  or some such...
+
+000     # port: junk
+000
+000
+000
+
+000     # auth trash
+000
+000
+000
+
+000     # auth trash
+000
+000
+000
+
+000     # auth trash
+000
+000
+000
+
+000     # extra auth trash?  probably not needed
+000
+000
+000
+
+# that's it!
diff --git a/src/usr.bin/nc/data/xor.c b/src/usr.bin/nc/data/xor.c
new file mode 100644
index 0000000000..9feead0cba
--- /dev/null
+++ b/src/usr.bin/nc/data/xor.c
@@ -0,0 +1,92 @@
+/* Generic xor handler.
+
+   With no args, xors stdin against 0xFF to stdout.  A single argument is a
+   file to read xor-bytes out of.  Any zero in the xor-bytes array is treated
+   as the end; if you need to xor against a string that *includes* zeros,
+   you're on your own.
+
+   The indirect file can be generated easily with data.c.
+
+   Written because there are so many lame schemes for "masking" plaintext
+   passwords and the like floating around, and it's handy to just run an
+   obscure binary-format configuration file through this and look for strings.
+
+   *Hobbit*, 960208 */
+
+#include <stdio.h>
+#include <fcntl.h>
+
+char buf[8192];
+char bytes[256];
+char * py;
+
+/* do the xor, in place.  Uses global ptr "py" to maintain "bytes" state */
+xorb (buf, len)
+  char * buf;
+  int len;
+{
+  register int x;
+  register char * pb;
+
+  pb = buf;
+  x = len;
+  while (x > 0) {
+    *pb = (*pb ^ *py);
+    pb++;
+    py++;
+    if (! *py)
+      py = bytes;
+    x--;
+  }
+} /* xorb */
+
+/* blah */
+main (argc, argv)
+  int argc;
+  char ** argv;
+{
+  register int x = 0;
+  register int y;
+
+/* manually preload; xor-with-0xFF is all too common */
+  memset (bytes, 0, sizeof (bytes));
+  bytes[0] = 0xff;
+
+/* if file named in any arg, reload from that */
+#ifdef O_BINARY                         /* DOS shit... */
+  x = setmode (0, O_BINARY);            /* make stdin raw */
+  if (x < 0) {
+    fprintf (stderr, "stdin binary setmode oops: %d\n", x);
+    exit (1);
+  }
+  x = setmode (1, O_BINARY);            /* make stdout raw */
+  if (x < 0) {
+    fprintf (stderr, "stdout binary setmode oops: %d\n", x);
+    exit (1);
+  }
+#endif /* O_BINARY */
+  
+  if (argv[1])
+#ifdef O_BINARY
+    x = open (argv[1], O_RDONLY | O_BINARY);
+#else
+    x = open (argv[1], O_RDONLY);
+#endif
+  if (x > 0) {
+    read (x, bytes, 250);               /* nothin' fancy here */
+    close (x);
+  }
+  py = bytes;
+  x = 1;
+  while (x > 0) {
+    x = read (0, buf, sizeof (buf));
+    if (x <= 0)
+      break;
+    xorb (buf, x);
+    y = write (1, buf, x);
+    if (y <= 0)
+      exit (1);
+  }
+  exit (0);
+}
+
diff --git a/src/usr.bin/nc/generic.h b/src/usr.bin/nc/generic.h
new file mode 100644
index 0000000000..b3dd5f5dc6
--- /dev/null
+++ b/src/usr.bin/nc/generic.h
@@ -0,0 +1,377 @@
+/* generic.h -- anything you don't #undef at the end remains in effect.
+   The ONLY things that go in here are generic indicator flags; it's up
+   to your programs to declare and call things based on those flags.
+
+   You should only need to make changes via a minimal system-specific section
+   at the end of this file.  To build a new section, rip through this and
+   check everything it mentions on your platform, and #undef that which needs
+   it.  If you generate a system-specific section you didn't find in here,
+   please mail me a copy so I can update the "master".
+
+   I realize I'm probably inventing another pseudo-standard here, but
+   goddamnit, everybody ELSE has already, and I can't include all of their
+   hairball schemes too.  HAVE_xx conforms to the gnu/autoconf usage and
+   seems to be the most common format.  In fact, I dug a lot of these out
+   of autoconf and tried to common them all together using "stupidh" to
+   collect data from platforms.
+
+   In disgust...  _H*  940910, 941115, 950511.  Pseudo-version: 1.3
+
+   Updated 951104 with many patches from netcat feedback, and properly
+   closed a lot of slop in open-ended comments: version 1.4
+   960217 + nextstep: version 1.5
+*/
+
+#ifndef GENERIC_H               /* only run through this once */
+#define GENERIC_H
+
+/* =============================== */
+/* System calls, lib routines, etc */
+/* =============================== */
+
+/* How does your system declare malloc, void or char?  Usually void, but go
+   ask the SunOS people why they had to be different... */
+#define VOID_MALLOC
+
+/* notably from fwtk/firewall.h: posix locking? */
+#define HAVE_FLOCK              /* otherwise it's lockf() */
+
+/* if you don't have setsid(), you might have setpgrp(). */
+#define HAVE_SETSID
+
+/* random() is generally considered better than rand() */
+#define HAVE_RANDOM
+
+/* the srand48/lrand48/etc family is s'posedly even better */
+#define HAVE_RAND48
+/* bmc@telebase and others have suggested these macros if a box *does* have
+   rand48.  Will consider for later if we're doing something that really
+   requires stronger random numbers, but netcat and such certainly doesn't.
+#define srandom(seed) srand48((long) seed)
+#define random()      lrand48() */
+
+/* if your machine doesn't have lstat(), it should have stat() [dos...] */
+#define HAVE_LSTAT
+
+/* different kinds of term ioctls.  How to recognize them, very roughly:
+   sysv/POSIX_ME_HARDER:  termio[s].h, struct termio[s], tty.c_*[]
+   bsd/old stuff:  sgtty.h, ioctl(TIOCSETP), sgttyb.sg_*, tchars.t_*  */
+#define HAVE_TERMIOS
+
+/* dbm vs ndbm */
+#define HAVE_NDBM
+
+/* extended utmp/wtmp stuff.  MOST machines still do NOT have this SV-ism */
+#define UTMPX
+
+/* some systems have nice() which takes *relative* values... [resource.h] */
+#define HAVE_SETPRIORITY
+
+/* a sysvism, I think, but ... */
+#define HAVE_SYSINFO
+
+/* ============= */
+/* Include files */
+/* ============= */
+
+/* Presence of these can be determined via a script that sniffs them
+   out if you aren't sure.  See "stupidh"... */
+
+/* stdlib comes with most modern compilers, but ya never know */
+#define HAVE_STDLIB_H
+
+/* not on a DOS box! */
+#define HAVE_UNISTD_H
+
+/* stdarg is a weird one */
+#define HAVE_STDARG_H
+
+/* dir.h or maybe ndir.h otherwise. */
+#define HAVE_DIRENT_H
+
+/* string or strings */
+#define HAVE_STRINGS_H
+
+/* if you don't have lastlog.h, what you want might be in login.h */
+#define HAVE_LASTLOG_H
+
+/* predefines for _PATH_various */
+#define HAVE_PATHS_H
+
+/* some SV-flavors break select stuff out separately */
+#define HAVE_SELECT_H
+
+/* assorted others */
+#define HAVE_PARAM_H            /* in sys/ */
+#define HAVE_SYSMACROS_H        /* in sys/ */
+#define HAVE_TTYENT_H           /* securetty et al */
+
+/* ==================== */
+
+/* Still maybe have to do something about the following, if it's even
+   worth it.  I just grepped a lot of these out of various code, without
+   looking them up yet:
+
+#define HAVE_EINPROGRESS
+#define HAVE_F_SETOWN
+HAVE_FILIO_H ... fionbio, fiosetown, etc... will need for hairier
+  select loops.
+#define HAVE_SETENV ... now *there's* a hairy one; **environ is portable
+#define BIG_ENDIAN/little_endian ... *please* try to avoid this stupidity
+   and LSBFIRST/MSBFIRST
+#define HAVE_GETUSERSHELL ... you could always pull it out of getpwent()
+#define HAVE_SETE[UG]ID ... lib or syscall, it varies on diff platforms
+#define HAVE_STRCHR ... should actually be handled by string/strings
+#define HAVE_PSTAT
+#define HAVE_ST_BLKSIZE ... a stat() thing?
+#define HAVE_IP_TOS
+#define HAVE_STRFTIME ... screw this, we'll just INCLUDE one for lame
+   old boxes that don't have it [sunos 3.x, early 4.x?]
+#define HAVE_VFPRINTF
+#define HAVE_SHADOW_PASSWD  ... in its multitudinous schemes?? ... how
+   about sumpin' like #define SHADOW_PASSWD_TYPE ... could get grody.
+   ... looks like sysv /etc/shadow, getspent() family is common.
+#define SIG*  ... what a swamp, punt for now; should all be in signal.h
+#define HAVE_STRCSPN  ... see larry wall's comment in the fwtk regex code
+#define ULTRIX_AUTH  ... bwahaha.
+#define HAVE_YP  or NIS or whatever you wanna call it this week
+randomness about VARARGS??
+--- later stuff to be considered ---
+#define UINT4 ... u-int on alpha/osf, i.e. __alpha/__osf__, ulong elsewhere?
+   dont name it that, though, it'll conflict with extant .h files like md5
+randomness about machine/endian.h, machine/inline.h -- bsdi, net/2
+randomness about _PATH_WTMP vs WTMP_FILE and where they even live!!
+#define HAVE_SYS_ERRLIST ... whether it's in stdio.h or not [bsd 4.4]
+--- still more stuff
+#define HAVE_SETENV
+#define _PATH_UTMP vs UTMP_FILE, a la deslogind?!
+#define HAVE_DAEMON
+#define HAVE_INETADDR  [vixie bind?]
+lseek: SEEK_SET vs L_SET and associated lossage [epi-notes, old 386Mach]
+bsdi: ioctl_compat.h ?
+--- takin' some ifdefs from CNS krb:
+F_GETOWN/F_SETOWN
+CRAY: long = 8 bytes, etc  [class with alpha?]
+CGETENT
+SIGINFO
+SIGTSTP SIGTTOU SIGWINCH
+SPX?
+SYSV_TERMIO -- covered elsewhere, I hope
+TIOCEXT TIOCFLUSH TIOC[GS]WINSIZ 
+NEWINIT: something about init cleaning up dead login processes [telnet?]
+PARENT_DOES_UTMP, too  [telnet]
+VDISCARD
+VEOL/VEOL2/VLNEXT VREPRINT -- termios stuff?, and related...
+STREAMSPTY/STREAMSPTYEM
+AF_INET/AF_UNSPEC, PF_*
+ECHOCTL/ECHOKE
+F_ULOCK [?!]
+setpgrp/getpgrp() ONEARG business..
+HAVE_ALLOCA
+HAVE_GETUTENT
+HAVE_SYS_SELECT_H  [irix!]
+HAVE_DIRENT  [old 386mach has *direct.h*!]
+HAVE_SIGSET
+HAVE_VFORK_H and HAVE_VFORK
+HAVE_VHANGUP
+HAVE_VSPRINTF
+HAVE_IPTOS_*
+HAVE_STRCASECMP, STRNCASECMP
+HAVE_SYS_FCNTL_H
+HAVE_SYS_TIME_H
+HAVE_UTIMES
+NOTTYENT [?]
+HAVE_FCHMOD
+HAVE_GETUSERSHELL
+HAVE_SIGCONTEXT  [stack hair, very machine-specific]
+YYLINENO?
+POSIX_SIGNALS
+POSIX_TERMIOS
+SETPROCTITLE -- breaks some places, like fbsd sendmail
+SIG* -- actual signal names?  some are missing
+SIOCGIFCONF
+SO_BROADCAST
+SHMEM  [krb tickets]
+VARARGS, or HAVE_VARARGS
+CBAUD
+... and B300, B9600, etc etc
+HAVE_BZERO  vs  memset/memcpy
+HAVE_SETVBUF
+HAVE_STRDUP
+HAVE_GETENV
+HAVE_STRSAVE
+HAVE_STBLKSIZE  [stat?]
+HAVE_STREAM_H -- in sys/, ref sendmail 8.7 for IP_SRCROUTE
+FCHMOD
+INITGROUPS -- most machines seem to *have*
+SETREUID
+SNPRINTF
+SETPGRP semantics bsd vs. sys5 style
+
+There's also the issue about WHERE various .h files live, sys/ or otherwise.
+There's a BIG swamp lurking where network code of any sort lives.
+*/
+
+/* ======================== */
+/* System-specific sections */
+/* ======================== */
+
+/* By turning OFF various bits of the above,  you can customize for
+   a given platform.  Yes, we're ignoring the stock compiler predefines
+   and using our own plugged in via the Makefile. */
+
+/* DOS boxes, with MSC; you may need to adapt to a different compiler. */
+/* looks like later ones *do* have dirent.h, for example */
+#ifdef MSDOS
+#undef HAVE_FLOCK
+#undef HAVE_RANDOM
+#undef HAVE_LSTAT
+#undef HAVE_TERMIOS
+#undef UTMPX
+#undef HAVE_SYSINFO
+#undef HAVE_UNISTD_H
+#undef HAVE_DIRENT_H    /* unless you have the k00l little wrapper from L5!! */
+#undef HAVE_STRINGS_H
+#undef HAVE_LASTLOG_H
+#undef HAVE_PATHS_H
+#undef HAVE_PARAM_H
+#undef HAVE_SYSMACROS_H
+#undef HAVE_SELECT_H
+#undef HAVE_TTYENT_H
+#endif /* MSDOS */
+
+/* buglix 4.x; dunno about 3.x on down.  should be bsd4.2 */
+#ifdef ULTRIX
+#undef UTMPX
+#undef HAVE_PATHS_H
+#undef HAVE_SYSMACROS_H
+#undef HAVE_SELECT_H
+#endif /* buglix */
+
+/* some of this might still be broken on older sunoses */
+#ifdef SUNOS
+#undef VOID_MALLOC
+#undef UTMPX
+#undef HAVE_PATHS_H
+#undef HAVE_SELECT_H
+#endif /* sunos */
+
+/* "contact your vendor for a fix" */
+#ifdef SOLARIS
+/* has UTMPX */
+#undef HAVE_RANDOM
+#undef HAVE_SETPRIORITY
+#undef HAVE_STRINGS_H   /* this is genuinely the case, go figure */
+#undef HAVE_PATHS_H
+#undef HAVE_SELECT_H
+#undef HAVE_TTYENT_H
+#endif /* SOLARIS */
+
+/* whatever aix variant MIT had at the time; 3.2.x?? */
+#ifdef AIX
+#undef UTMPX
+#undef HAVE_LASTLOG_H
+#define HAVE_LOGIN_H    /* "special", in the educational sense */
+#endif /* aix */
+
+/* linux, which is trying as desperately as the gnu folks can to be
+   POSIXLY_CORRECT.  I think I'm gonna hurl... */
+#ifdef LINUX
+#undef UTMPX
+#undef HAVE_SYSINFO
+#undef HAVE_SELECT_H
+#undef HAVE_TTYENT_H
+#endif /* linux */
+
+/* irix 5.x; may not be correct for earlier ones */
+#ifdef IRIX
+/* wow, does irix really have everything?! */
+#endif /* irix */
+
+/* osf on alphas */
+#ifdef OSF
+#undef UTMPX
+#undef HAVE_SELECT_H
+#endif /* osf */
+
+/* they's some FUCKED UP paths in this one! */
+#ifdef FREEBSD
+#undef UTMPX
+#undef HAVE_SYSINFO
+#undef HAVE_LASTLOG_H
+#undef HAVE_SYSMACROS_H
+#undef HAVE_SELECT_H    /* actually a lie, but only for kernel */
+#endif /* freebsd */
+
+/* Originally from the sidewinder site, of all places, but subsequently
+   checked further under a more normal bsdi 2.0 */
+#ifdef BSDI
+#undef UTMPX
+#undef HAVE_LASTLOG_H
+#undef HAVE_SYSMACROS_H
+/* and their malloc.h was in sys/ ?! */
+#undef HAVE_SELECT_H
+#endif /* bsdi */
+
+/* netbsd/44lite, jives with amiga-netbsd from cactus */
+#ifdef NETBSD
+#undef UTMPX
+#undef HAVE_SYSINFO
+#undef HAVE_LASTLOG_H
+#undef HAVE_SELECT_H
+#endif /* netbsd */
+
+/* Hpux 9.0x, from BBN and various patches sent in */
+#ifdef HPUX
+#undef HAVE_RANDOM      /* but *does* have ?rand48 -- need to consider.. */
+#undef HAVE_UTMPX
+#undef HAVE_LASTLOG_H   /* has utmp/wtmp/btmp nonsense, and pututline() */
+#undef HAVE_PATHS_H
+#undef HAVE_SELECT_H
+#undef HAVE_TTYENT_H
+#endif /* hockeypux */
+
+/* Unixware [a loose definition of "unix", to be sure], 1.1.2 [at least]
+   from Brian Clapper.  He wasn't sure about 2.0... */
+#ifdef UNIXWARE
+/* has UTMPX */
+#undef HAVE_SETPRIORITY
+/* NOTE: UnixWare does provide the BSD stuff, in "/usr/ucbinclude" (headers)
+   and "/usr/ucblib" (libraries).  However, I've run into problems linking
+   stuff out of that version of the C library, when objects are also coming
+   out of the "regular" C library.  My advice: Avoid the BSD compatibility
+   stuff wherever possible.  Brian Clapper <bmc@telebase.com> */
+#undef HAVE_STRINGS_H
+#undef HAVE_PATHS_H
+#undef HAVE_TTYENT_H
+#endif /* UNIXWARE */
+
+/* A/UX 3.1.x from darieb@sandia.gov */
+#ifdef AUX
+#undef HAVE_RANDOM
+#undef HAVE_SELECT_H    /* xxx: untested */
+#endif /* a/ux */
+
+/* NeXTSTEP 3.2 motorola mudge@l0pht.com xxx should also work with
+   white hardware and Sparc/HPPA. Should work with 3.3 too as it's
+   4.3 / 4.4 bsd wrapped around mach */
+#ifdef NEXT
+#undef UTMPX
+#undef HAVE_SELECT_X
+#endif /* NeXTSTEP 3.2 motorola */
+
+/* Make some "generic" assumptions if all else fails */
+#ifdef GENERIC
+#undef HAVE_FLOCK
+#if defined(SYSV) && (SYSV < 4)  /* TW leftover: old SV doesnt have symlinks */
+#undef HAVE_LSTAT
+#endif /* old SYSV */
+#undef HAVE_TERMIOS
+#undef UTMPX
+#undef HAVE_PATHS_H
+#undef HAVE_SELECT_H
+#endif /* generic */
+
+/* ================ */
+#endif /* GENERIC_H */
+
diff --git a/src/usr.bin/nc/nc.1 b/src/usr.bin/nc/nc.1
new file mode 100644
index 0000000000..8d87051c73
--- /dev/null
+++ b/src/usr.bin/nc/nc.1
@@ -0,0 +1,215 @@
+.\"     $OpenBSD: nc.1,v 1.5 1998/09/28 06:57:35 millert Exp $
+.\"
+.\" Copyright (c) 1996 David Sacerdote
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd August 1, 1996
+.Dt NC 1
+.Os
+.Sh NAME
+.Nm nc
+.Nd "arbitrary TCP and UDP connections and listens"
+.Sh SYNOPSIS
+.Nm nc
+.Op Fl e Ar command
+.Op Fl g Ar intermediates
+.Op Fl G Ar hopcount
+.Op Fl i Ar interval
+.Op Fl lnrtuvz
+.Op Fl o Ar filename
+.Op Fl p Ar source port 
+.Op Fl s Ar ip address
+.Op Fl w Ar timeout 
+.Op Ar hostname
+.Op Ar port[s...]
+.Sh DESCRIPTION
+The
+.Nm nc
+(or
+.Nm netcat )
+utility is used for just about anything under the sun
+involving TCP or UDP.  It can open TCP connections, send UDP packets,
+listen on arbitrary TCP and UDP ports, do port scanning, and source
+routing.  Unlike
+.Xr telnet 1 ,
+.Nm nc
+scripts nicely, and separates error messages onto standard error instead
+of sending them to standard output, as 
+.Xr telnet 1  
+does with some.  
+.Pp
+Destination ports can be single integers, names as listed in
+.Xr services 5 ,
+or ranges.  Ranges are in the form nn-mm, and several separate ports and/or
+ranges may be specified on the command line.
+.Pp
+Common uses include:
+.Bl -bullet 
+.It
+simple TCP proxies
+.It
+shell\-script based HTTP clients and servers
+.It
+network daemon testing
+.It
+source routing based connectivity testing
+.It
+and much, much more
+.El
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl e Ar command
+Execute the specified command, using data from the network for stdin,
+and sending stdout and stderr to the network.  This option is only present if
+.Nm nc
+was compiled with the GAPING_SECURITY_HOLE compile time option, since it
+allows users to make arbitrary programs available to anyone on the network.
+.It Fl g Ar intermediate-host
+Specifies a hop along a loose source routed path.  Can be used more than
+once to build a chain of hop points.
+.It Fl G Ar pointer
+Positions the "hop counter" within the list of machines in the path of
+a source routed packet.  Must be a multiple of 4.
+.It Fl i Ar seconds
+Specifies a delay time interval between lines of text sent and received.
+Also causes a delay time between connections to multiple ports.
+.It Fl l
+Is used to specify that
+.Nm nc
+should listen for an incoming connection, rather than initiate a
+connection to a remote host.  Any hostname/IP address and port arguments
+restrict the source of inbound connections to only that address and
+source port.
+.It Fl n
+Do not do DNS lookups on any of the specified addresses or hostnames, or
+names of port numbers from /etc/services.
+.It Fl o Ar filename
+Create a hexadecimal log of data transferred in the specified file.
+Each line begins with ``<'' or ``>''.  ``<'' means "from the net" and ``>''
+means "to the net".
+.It Fl p Ar port
+Specifies the source port
+.Nm nc
+should use, subject to privilege restrictions and availability.
+.It Fl r
+Specifies that source and/or destination ports should be chosen semi-randomly
+instead of sequentially within a range or in the order that the
+system assigns.
+.It Fl s Ar hostname/ip-address
+Specifies the IP of the interface which is used to send the packets.
+On some platforms, this can be used for UDP spoofing by using
+.Xr ifconfig 8
+to bring up a dummy interface with the desired source IP address.
+.It Fl t
+Causes
+.Nm nc
+to send RFC854 DON'T and WON'T responses to RFC854 DO
+and WILL requests.  This makes it possible to use
+.Nm nc
+to script telnet sessions.  The presence of this option can be
+enabled or disabled as a compile-time option.
+.It Fl u
+Use UDP instead of TCP. 
+On most platforms,
+.Nm nc
+will behave as if a connection is established until it receives an
+ICMP packet indicating that there is no program listening to what it
+sends.
+.It Fl v
+Verbose.  Cause
+.Nm nc
+to display connection information.  Using
+.Fl v
+more than once will cause
+.Nm nc
+to become even more verbose.
+.It Fl w Ar timeout
+Specifies the number of seconds
+.Nm nc
+should wait before deciding that
+an attempt to establish a connection is hopeless.
+Also used to specify how long to wait for more network data after standard
+input closes.
+.It Fl z
+Specifies that
+.Nm nc
+should just scan for listening
+daemons, without sending any data to them.  Diagnostic messages about refused
+connections will not be
+displayed unless
+.Fl v
+is specified twice.
+.Sh EXAMPLES
+.Bl -tag -width x
+.It Li "nc"
+Wait for the user to type what would normally be command-line
+arguments in at stdin.
+.It Li "nc example.host 42"
+Open a TCP connection to port 42 of example.host.  If the connection
+fails, do not display any error messages, but simply exit.
+.It Li "nc -p 31337 example.host 42"
+Open a TCP connection to port 42 of example.host, and use port 31337
+as the source port.
+.It Li "nc -w 5 example.host 42"
+Open a TCP connection to port 42 of example.host, and time out after
+five seconds while attempting to connect.
+.It Li "nc -u example.host 53"
+Send any data from stdin
+to UDP port 53 of example.host, and display any data returned.
+.It Li "nc -s 10.1.2.3 example.host 42"
+Open a TCP connection to port 42 of example.host using 10.1.2.3 as the
+IP for the local end of the connection.
+.It Li "nc -v example.host 42"
+Open a TCP connection to port 42 of example.host, displaying some
+diagnostic messages on stderr.
+.It Li "nc -v -v example.host 42"
+Open a TCP connection to port 42 of example.host, displaying all
+diagnostic messages on stderr.
+.It Li "nc -v -z example.host 20-30"
+Attempt to open TCP connections to ports 20 through 30 of
+example.host, and report which ones
+.Nm nc
+was able to connect to.
+.It Li "nc -v -u -z -w 3 example.host 20-30"
+Send UDP packets to ports 20-30 of example.host, and report which ones
+did not respond with an ICMP packet after three seconds.
+.It Li "nc -l -p 3000"
+Listen on TCP port 3000, and once there is a connection, send stdin to
+the remote host, and send data from the remote host to stdout.
+.It Li "echo foobar | nc example.host 1000"
+Connect to port 1000 of example.host, send the string "foobar"
+followed by a newline, and move data from port 1000 of example.host to
+stdout until example.host closes the connection.
+.El
+.Sh SEE ALSO
+.Xr cat 1 ,
+.Xr telnet 1
+.Pp
+The
+.Nm netcat
+.Pa README .
+.Sh AUTHOR
+*Hobbit*  [hobbit@avian.org]
diff --git a/src/usr.bin/nc/netcat.blurb b/src/usr.bin/nc/netcat.blurb
new file mode 100644
index 0000000000..2c540ad9dc
--- /dev/null
+++ b/src/usr.bin/nc/netcat.blurb
@@ -0,0 +1,61 @@
+Netcat 1.10 is an updated release of Netcat, a simple Unix utility which reads
+and writes data across network connections using TCP or UDP protocol.  It is
+designed to be a reliable "back-end" tool that can be used directly or easily
+driven by other programs and scripts.  At the same time it is a feature-rich
+network debugging and exploration tool, since it can create almost any kind of
+connection you would need and has several interesting built-in capabilities.
+
+Some of netcat's major features are:
+
+        Outbound or inbound connections, TCP or UDP, to or from any ports
+        Full DNS forward/reverse checking, with appropriate warnings
+        Ability to use any local source port
+        Ability to use any locally-configured network source address
+        Built-in port-scanning capabilities, with randomizer
+        Built-in loose source-routing capability
+        Can read command line arguments from standard input
+        Slow-send mode, one line every N seconds
+        Hex dump of transmitted and received data
+        Optional ability to let another program service established connections
+        Optional telnet-options responder
+
+A very short list of potential uses:
+
+        Script backends
+        Scanning ports and inventorying services, automated probes
+        Backup handlers
+        File transfers
+        Server testing, simulation, debugging, and hijacking
+        Firewall testing
+        Proxy gatewaying
+        Network performance testing
+        Address spoofing tests
+        Protecting X servers
+        1001 other uses you'll likely come up with
+
+Changes between the 1.00 release and this release:
+
+        Better portability -- updated generic.h and Makefile [thanx folks!]
+        Indication of local-end interface address on inbound connections
+        That's *Dave* Borman's telnet, not Paul Borman...
+        Better indication of DNS errors
+        Total byte counts printed if -v -v is used
+        A bunch of front-end driver companion programs and scripts
+        Better handling of stdin arguments-plus-data
+        Hex-dump feature
+        Telnet responder
+        Program exec works inbound or outbound now
+
+Netcat and the associated package is a product of Avian Research, and is freely
+available in full source form with no restrictions save an obligation to give
+credit where due.  Get it via anonymous FTP at avian.org:/src/hacks/nc110.tgz
+which is a gzipped tar file and not to be confused with its version 1.00
+precursor, nc100.tgz.  Other distribution formats can be accomodated upon
+request.  Netcat is also mirrored at the following [faster] sites:
+
+        zippy.telcom.arizona.edu:/pub/mirrors/avian.org/hacks/nc110.tgz
+        ftp.sterling.com:/mirrors/avian.org/src/hacks/nc110.tgz
+        coast.cs.purdue.edu:/pub/tools/unix/netcat/nc110.tgz
+        ftp.rge.com:/pub/security/coast/mirrors/avian.org/netcat/nc110.tgz
+
+_H* 960320
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
new file mode 100644
index 0000000000..bb0b30749d
--- /dev/null
+++ b/src/usr.bin/nc/netcat.c
@@ -0,0 +1,1670 @@
+/* Netcat 1.10 RELEASE 960320
+
+   A damn useful little "backend" utility begun 950915 or thereabouts,
+   as *Hobbit*'s first real stab at some sockets programming.  Something that
+   should have and indeed may have existed ten years ago, but never became a
+   standard Unix utility.  IMHO, "nc" could take its place right next to cat,
+   cp, rm, mv, dd, ls, and all those other cryptic and Unix-like things.
+
+   Read the README for the whole story, doc, applications, etc.
+
+   Layout:
+        conditional includes:
+        includes:
+        handy defines:
+        globals:
+        malloced globals:
+        cmd-flag globals:
+        support routines:
+        readwrite select loop:
+        main:
+
+  bluesky:
+        parse ranges of IP address as well as ports, perhaps
+        RAW mode!
+        backend progs to grab a pty and look like a real telnetd?!
+        backend progs to do various encryption modes??!?!
+*/
+
+#include "generic.h"            /* same as with L5, skey, etc */
+
+/* conditional includes -- a very messy section which you may have to dink
+   for your own architecture [and please send diffs...]: */
+/* #undef _POSIX_SOURCE         /* might need this for something? */
+#define HAVE_BIND               /* ASSUMPTION -- seems to work everywhere! */
+#define HAVE_HELP               /* undefine if you dont want the help text */
+/* #define ANAL                 /* if you want case-sensitive DNS matching */
+
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#else
+#include <malloc.h>
+#endif
+#ifdef HAVE_SELECT_H            /* random SV variants need this */
+#include <sys/select.h>
+#endif
+
+/* have to do this *before* including types.h. xxx: Linux still has it wrong */
+#ifdef FD_SETSIZE               /* should be in types.h, butcha never know. */
+#undef FD_SETSIZE               /* if we ever need more than 16 active */
+#endif                          /* fd's, something is horribly wrong! */
+#define FD_SETSIZE 16           /* <-- this'll give us a long anyways, wtf */
+#include <sys/types.h>          /* *now* do it.  Sigh, this is broken */
+
+#ifdef HAVE_RANDOM              /* aficionados of ?rand48() should realize */
+#define SRAND srandom           /* that this doesn't need *strong* random */
+#define RAND random             /* numbers just to mix up port numbers!! */
+#else
+#define SRAND srand
+#define RAND rand
+#endif /* HAVE_RANDOM */
+
+/* includes: */
+#include <sys/time.h>           /* timeval, time_t */
+#include <setjmp.h>             /* jmp_buf et al */
+#include <sys/socket.h>         /* basics, SO_ and AF_ defs, sockaddr, ... */
+#include <netinet/in.h>         /* sockaddr_in, htons, in_addr */
+#include <netinet/in_systm.h>   /* misc crud that netinet/ip.h references */
+#include <netinet/ip.h>         /* IPOPT_LSRR, header stuff */
+#include <netdb.h>              /* hostent, gethostby*, getservby* */
+#include <arpa/inet.h>          /* inet_ntoa */
+#include <stdio.h>
+#include <string.h>             /* strcpy, strchr, yadda yadda */
+#include <errno.h>
+#include <signal.h>
+#include <fcntl.h>              /* O_WRONLY et al */
+
+/* handy stuff: */
+#define SA struct sockaddr      /* socket overgeneralization braindeath */
+#define SAI struct sockaddr_in  /* ... whoever came up with this model */
+#define IA struct in_addr       /* ... should be taken out and shot, */
+                                /* ... not that TLI is any better.  sigh.. */
+#define SLEAZE_PORT 31337       /* for UDP-scan RTT trick, change if ya want */
+#define USHORT unsigned short   /* use these for options an' stuff */
+#define BIGSIZ 8192             /* big buffers */
+
+#ifndef INADDR_NONE
+#define INADDR_NONE 0xffffffff
+#endif
+
+struct host_poop {
+  char name[MAXHOSTNAMELEN];    /* dns name */
+  char addrs[8][24];            /* ascii-format IP addresses */
+  struct in_addr iaddrs[8];     /* real addresses: in_addr.s_addr: ulong */
+};
+#define HINF struct host_poop
+
+struct port_poop {
+  char name [64];               /* name in /etc/services */
+  char anum [8];                /* ascii-format number */
+  USHORT num;                   /* real host-order number */
+};
+#define PINF struct port_poop
+
+/* globals: */
+jmp_buf jbuf;                   /* timer crud */
+int jval = 0;                   /* timer crud */
+int netfd = -1;
+int ofd = 0;                    /* hexdump output fd */
+static char unknown[] = "(UNKNOWN)";
+static char p_tcp[] = "tcp";    /* for getservby* */
+static char p_udp[] = "udp";
+#ifdef HAVE_BIND
+extern int h_errno;
+/* stolen almost wholesale from bsd herror.c */
+static char * h_errs[] = {
+  "Error 0",                            /* but we *don't* use this */
+  "Unknown host",                       /* 1 HOST_NOT_FOUND */
+  "Host name lookup failure",           /* 2 TRY_AGAIN */
+  "Unknown server error",               /* 3 NO_RECOVERY */
+  "No address associated with name",    /* 4 NO_ADDRESS */
+};
+#else
+int h_errno;                    /* just so we *do* have it available */
+#endif /* HAVE_BIND */
+int gatesidx = 0;               /* LSRR hop count */
+int gatesptr = 4;               /* initial LSRR pointer, settable */
+USHORT Single = 1;              /* zero if scanning */
+unsigned int insaved = 0;       /* stdin-buffer size for multi-mode */
+unsigned int wrote_out = 0;     /* total stdout bytes */
+unsigned int wrote_net = 0;     /* total net bytes */
+static char wrote_txt[] = " sent %d, rcvd %d";
+static char hexnibs[20] = "0123456789abcdef  ";
+
+/* will malloc up the following globals: */
+struct timeval * timer1 = NULL;
+struct timeval * timer2 = NULL;
+SAI * lclend = NULL;            /* sockaddr_in structs */
+SAI * remend = NULL;
+HINF ** gates = NULL;           /* LSRR hop hostpoop */
+char * optbuf = NULL;           /* LSRR or sockopts */
+char * bigbuf_in;               /* data buffers */
+char * bigbuf_net;
+fd_set * ding1;                 /* for select loop */
+fd_set * ding2;
+PINF * portpoop = NULL;         /* for getportpoop / getservby* */
+unsigned char * stage = NULL;   /* hexdump line buffer */
+
+/* global cmd flags: */
+USHORT o_alla = 0;
+unsigned int o_interval = 0;
+USHORT o_listen = 0;
+USHORT o_nflag = 0;
+USHORT o_wfile = 0;
+USHORT o_random = 0;
+USHORT o_udpmode = 0;
+USHORT o_verbose = 0;
+unsigned int o_wait = 0;
+USHORT o_zero = 0;
+/* o_tn in optional section */
+
+/* Debug macro: squirt whatever message and sleep a bit so we can see it go
+   by.  need to call like Debug ((stuff)) [with no ; ] so macro args match!
+   Beware: writes to stdOUT... */
+#ifdef DEBUG
+#define Debug(x) printf x; printf ("\n"); fflush (stdout); sleep (1);
+#else
+#define Debug(x)        /* nil... */
+#endif
+
+
+/* support routines -- the bulk of this thing.  Placed in such an order that
+   we don't have to forward-declare anything: */
+
+/* holler :
+   fake varargs -- need to do this way because we wind up calling through
+   more levels of indirection than vanilla varargs can handle, and not all
+   machines have vfprintf/vsyslog/whatever!  6 params oughta be enough. */
+void holler (str, p1, p2, p3, p4, p5, p6)
+  char * str;
+  char * p1, * p2, * p3, * p4, * p5, * p6;
+{
+  if (o_verbose) {
+    fprintf (stderr, str, p1, p2, p3, p4, p5, p6);
+#ifdef HAVE_BIND
+    if (h_errno) {              /* if host-lookup variety of error ... */
+      if (h_errno > 4)          /* oh no you don't, either */
+        fprintf (stderr, "preposterous h_errno: %d", h_errno);
+      else
+        fprintf (stderr, h_errs[h_errno]);      /* handle it here */
+      h_errno = 0;                              /* and reset for next call */
+    }
+#endif
+    if (errno) {                /* this gives funny-looking messages, but */
+      perror (" ");             /* it's more portable than sys_errlist[]... */
+    } else                      /* xxx: do something better?  */
+      fprintf (stderr, "\n");
+    fflush (stderr);
+  }
+} /* holler */
+
+/* bail :
+   error-exit handler, callable from anywhere */
+void bail (str, p1, p2, p3, p4, p5, p6)
+  char * str;
+  char * p1, * p2, * p3, * p4, * p5, * p6;
+{
+  o_verbose = 1;
+  holler (str, p1, p2, p3, p4, p5, p6);
+  close (netfd);
+  sleep (1);
+  exit (1);
+} /* bail */
+
+/* catch :
+   no-brainer interrupt handler */
+void catch ()
+{
+  errno = 0;
+  if (o_verbose > 1)            /* normally we don't care */
+    bail (wrote_txt, wrote_net, wrote_out);
+  bail (" punt!");
+}
+
+/* timeout and other signal handling cruft */
+void tmtravel ()
+{
+  signal (SIGALRM, SIG_IGN);
+  alarm (0);
+  if (jval == 0)
+    bail ("spurious timer interrupt!");
+  longjmp (jbuf, jval);
+}
+
+/* arm :
+   set the timer.  Zero secs arg means unarm */
+void arm (num, secs)
+  unsigned int num;
+  unsigned int secs;
+{
+  if (secs == 0) {                      /* reset */
+    signal (SIGALRM, SIG_IGN);
+    alarm (0);
+    jval = 0;
+  } else {                              /* set */
+    signal (SIGALRM, tmtravel);
+    alarm (secs);
+    jval = num;
+  } /* if secs */
+} /* arm */
+
+/* Hmalloc :
+   malloc up what I want, rounded up to *4, and pre-zeroed.  Either succeeds
+   or bails out on its own, so that callers don't have to worry about it. */
+char * Hmalloc (size)
+  unsigned int size;
+{
+  unsigned int s = (size + 4) & 0xfffffffc;     /* 4GB?! */
+  char * p = malloc (s);
+  if (p != NULL)
+    memset (p, 0, s);
+  else
+    bail ("Hmalloc %d failed", s);
+  return (p);
+} /* Hmalloc */
+
+/* findline :
+   find the next newline in a buffer; return inclusive size of that "line",
+   or the entire buffer size, so the caller knows how much to then write().
+   Not distinguishing \n vs \r\n for the nonce; it just works as is... */
+unsigned int findline (buf, siz)
+  char * buf;
+  unsigned int siz;
+{
+  register char * p;
+  register int x;
+  if (! buf)                    /* various sanity checks... */
+    return (0);
+  if (siz > BIGSIZ)
+    return (0);
+  x = siz;
+  for (p = buf; x > 0; x--) {
+    if (*p == '\n') {
+      x = (int) (p - buf);
+      x++;                      /* 'sokay if it points just past the end! */
+Debug (("findline returning %d", x))
+      return (x);
+    }
+    p++;
+  } /* for */
+Debug (("findline returning whole thing: %d", siz))
+  return (siz);
+} /* findline */
+
+/* comparehosts :
+   cross-check the host_poop we have so far against new gethostby*() info,
+   and holler about mismatches.  Perhaps gratuitous, but it can't hurt to
+   point out when someone's DNS is fukt.  Returns 1 if mismatch, in case
+   someone else wants to do something about it. */
+int comparehosts (poop, hp)
+  HINF * poop;
+  struct hostent * hp;
+{
+  errno = 0;
+  h_errno = 0;
+/* The DNS spec is officially case-insensitive, but for those times when you
+   *really* wanna see any and all discrepancies, by all means define this. */
+#ifdef ANAL                     
+  if (strcmp (poop->name, hp->h_name) != 0) {           /* case-sensitive */
+#else
+  if (strcasecmp (poop->name, hp->h_name) != 0) {       /* normal */
+#endif
+    holler ("DNS fwd/rev mismatch: %s != %s", poop->name, hp->h_name);
+    return (1);
+  }
+  return (0);
+/* ... do we need to do anything over and above that?? */
+} /* comparehosts */
+
+/* gethostpoop :
+   resolve a host 8 ways from sunday; return a new host_poop struct with its
+   info.  The argument can be a name or [ascii] IP address; it will try its
+   damndest to deal with it.  "numeric" governs whether we do any DNS at all,
+   and we also check o_verbose for what's appropriate work to do. */
+HINF * gethostpoop (name, numeric)
+  char * name;
+  USHORT numeric;
+{
+  struct hostent * hostent;
+  struct in_addr iaddr;
+  register HINF * poop = NULL;
+  register int x;
+
+/* I really want to strangle the twit who dreamed up all these sockaddr and
+   hostent abstractions, and then forced them all to be incompatible with
+   each other so you *HAVE* to do all this ridiculous casting back and forth.
+   If that wasn't bad enough, all the doc insists on referring to local ports
+   and addresses as "names", which makes NO sense down at the bare metal.
+
+   What an absolutely horrid paradigm, and to think of all the people who
+   have been wasting significant amounts of time fighting with this stupid
+   deliberate obfuscation over the last 10 years... then again, I like
+   languages wherein a pointer is a pointer, what you put there is your own
+   business, the compiler stays out of your face, and sheep are nervous.
+   Maybe that's why my C code reads like assembler half the time... */
+
+/* If we want to see all the DNS stuff, do the following hair --
+   if inet_addr, do reverse and forward with any warnings; otherwise try
+   to do forward and reverse with any warnings.  In other words, as long
+   as we're here, do a complete DNS check on these clowns.  Yes, it slows
+   things down a bit for a first run, but once it's cached, who cares? */
+
+  errno = 0;
+  h_errno = 0;
+  if (name)
+    poop = (HINF *) Hmalloc (sizeof (HINF));
+  if (! poop)
+    bail ("gethostpoop fuxored");
+  strcpy (poop->name, unknown);         /* preload it */
+/* see wzv:workarounds.c for dg/ux return-a-struct inet_addr lossage */
+  iaddr.s_addr = inet_addr (name);
+
+  if (iaddr.s_addr == INADDR_NONE) {    /* here's the great split: names... */
+    if (numeric)
+      bail ("Can't parse %s as an IP address", name);
+    hostent = gethostbyname (name);
+    if (! hostent)
+/* failure to look up a name is fatal, since we can't do anything with it */
+      bail ("%s: forward host lookup failed: ", name);
+    strncpy (poop->name, hostent->h_name, MAXHOSTNAMELEN - 1);
+    poop->name[MAXHOSTNAMELEN - 1] = '\0';
+    for (x = 0; hostent->h_addr_list[x] && (x < 8); x++) {
+      memcpy (&poop->iaddrs[x], hostent->h_addr_list[x], sizeof (IA));
+      strncpy (poop->addrs[x], inet_ntoa (poop->iaddrs[x]),
+        sizeof (poop->addrs[0])-1);
+      poop->addrs[x][sizeof (poop->addrs[0]) - 1] = '\0';
+    } /* for x -> addrs, part A */
+    if (! o_verbose)                    /* if we didn't want to see the */
+      return (poop);                    /* inverse stuff, we're done. */
+/* do inverse lookups in separate loop based on our collected forward addrs,
+   since gethostby* tends to crap into the same buffer over and over */
+    for (x = 0; poop->iaddrs[x].s_addr && (x < 8); x++) {
+      hostent = gethostbyaddr ((char *)&poop->iaddrs[x],
+                                sizeof (IA), AF_INET);
+      if ((! hostent) || (! hostent-> h_name))
+        holler ("Warning: inverse host lookup failed for %s: ",
+          poop->addrs[x]);
+      else
+        (void) comparehosts (poop, hostent);
+    } /* for x -> addrs, part B */
+
+  } else {  /* not INADDR_NONE: numeric addresses... */
+    memcpy (poop->iaddrs, &iaddr, sizeof (IA));
+    strncpy (poop->addrs[0], inet_ntoa (iaddr), sizeof (poop->addrs)-1);
+    poop->addrs[0][sizeof (poop->addrs)-1] = '\0';
+    if (numeric)                        /* if numeric-only, we're done */
+      return (poop);
+    if (! o_verbose)                    /* likewise if we don't want */
+      return (poop);                    /* the full DNS hair */
+    hostent = gethostbyaddr ((char *) &iaddr, sizeof (IA), AF_INET);
+/* numeric or not, failure to look up a PTR is *not* considered fatal */
+    if (! hostent)
+        holler ("%s: inverse host lookup failed: ", name);
+    else {
+        strncpy (poop->name, hostent->h_name, MAXHOSTNAMELEN - 1);
+        poop->name[MAXHOSTNAMELEN-1] = '\0';
+        hostent = gethostbyname (poop->name);
+        if ((! hostent) || (! hostent->h_addr_list[0]))
+          holler ("Warning: forward host lookup failed for %s: ",
+                poop->name);
+        else
+          (void) comparehosts (poop, hostent);
+    } /* if hostent */
+  } /* INADDR_NONE Great Split */
+
+/* whatever-all went down previously, we should now have a host_poop struct
+   with at least one IP address in it. */
+  h_errno = 0;
+  return (poop);
+} /* gethostpoop */
+
+/* getportpoop :
+   Same general idea as gethostpoop -- look up a port in /etc/services, fill
+   in global port_poop, but return the actual port *number*.  Pass ONE of:
+        pstring to resolve stuff like "23" or "exec";
+        pnum to reverse-resolve something that's already a number.
+   If o_nflag is on, fill in what we can but skip the getservby??? stuff.
+   Might as well have consistent behavior here, and it *is* faster. */
+USHORT getportpoop (pstring, pnum)
+  char * pstring;
+  unsigned int pnum;
+{
+  struct servent * servent;
+  register int x;
+  register int y;
+  char * whichp = p_tcp;
+  if (o_udpmode)
+    whichp = p_udp;
+  portpoop->name[0] = '?';              /* fast preload */
+  portpoop->name[1] = '\0';
+
+/* case 1: reverse-lookup of a number; placed first since this case is much
+   more frequent if we're scanning */
+  if (pnum) {
+    if (pstring)                        /* one or the other, pleeze */
+      return (0);
+    x = pnum;
+    if (o_nflag)                        /* go faster, skip getservbyblah */
+      goto gp_finish;
+    y = htons (x);                      /* gotta do this -- see Fig.1 below */
+    servent = getservbyport (y, whichp);
+    if (servent) {
+      y = ntohs (servent->s_port);
+      if (x != y)                       /* "never happen" */
+        holler ("Warning: port-bynum mismatch, %d != %d", x, y);
+      strncpy (portpoop->name, servent->s_name, sizeof (portpoop->name)-1);
+      portpoop->name[sizeof (portpoop->name)-1] = '\0';
+    } /* if servent */
+    goto gp_finish;
+  } /* if pnum */
+
+/* case 2: resolve a string, but we still give preference to numbers instead
+   of trying to resolve conflicts.  None of the entries in *my* extensive
+   /etc/services begins with a digit, so this should "always work" unless
+   you're at 3com and have some company-internal services defined... */
+  if (pstring) {
+    if (pnum)                           /* one or the other, pleeze */
+      return (0);
+    x = atoi (pstring);
+    if (x)
+      return (getportpoop (NULL, x));   /* recurse for numeric-string-arg */
+    if (o_nflag)                        /* can't use names! */
+      return (0);
+    servent = getservbyname (pstring, whichp);
+    if (servent) {
+      strncpy (portpoop->name, servent->s_name, sizeof (portpoop->name)-1);
+      portpoop->name[sizeof (portpoop->name)-1] = '\0';
+      x = ntohs (servent->s_port);
+      goto gp_finish;
+    } /* if servent */
+  } /* if pstring */
+
+  return (0);                           /* catches any problems so far */
+
+/* Obligatory netdb.h-inspired rant: servent.s_port is supposed to be an int.
+   Despite this, we still have to treat it as a short when copying it around.
+   Not only that, but we have to convert it *back* into net order for
+   getservbyport to work.  Manpages generally aren't clear on all this, but
+   there are plenty of examples in which it is just quietly done.  More BSD
+   lossage... since everything getserv* ever deals with is local to our own
+   host, why bother with all this network-order/host-order crap at all?!
+   That should be saved for when we want to actually plug the port[s] into
+   some real network calls -- and guess what, we have to *re*-convert at that
+   point as well.  Fuckheads. */
+
+gp_finish:
+/* Fall here whether or not we have a valid servent at this point, with
+   x containing our [host-order and therefore useful, dammit] port number */
+  sprintf (portpoop->anum, "%d", x);    /* always load any numeric specs! */
+  portpoop->num = (x & 0xffff);         /* ushort, remember... */
+  return (portpoop->num);
+} /* getportpoop */
+
+/* nextport :
+   Come up with the next port to try, be it random or whatever.  "block" is
+   a ptr to randports array, whose bytes [so far] carry these meanings:
+        0       ignore
+        1       to be tested
+        2       tested [which is set as we find them here]
+   returns a USHORT random port, or 0 if all the t-b-t ones are used up. */
+USHORT nextport (block)
+  char * block;
+{
+  register unsigned int x;
+  register unsigned int y;
+
+  y = 70000;                    /* high safety count for rnd-tries */
+  while (y > 0) {
+    x = (RAND() & 0xffff);
+    if (block[x] == 1) {        /* try to find a not-done one... */
+      block[x] = 2;
+      break;
+    }
+    x = 0;                      /* bummer. */
+    y--;
+  } /* while y */
+  if (x)
+    return (x);
+
+  y = 65535;                    /* no random one, try linear downsearch */
+  while (y > 0) {               /* if they're all used, we *must* be sure! */
+    if (block[y] == 1) {
+      block[y] = 2;
+      break;
+    }
+    y--;
+  } /* while y */
+  if (y)
+    return (y);                 /* at least one left */
+
+  return (0);                   /* no more left! */
+} /* nextport */
+
+/* loadports :
+   set "to be tested" indications in BLOCK, from LO to HI.  Almost too small
+   to be a separate routine, but makes main() a little cleaner... */
+void loadports (block, lo, hi)
+  char * block;
+  USHORT lo;
+  USHORT hi;
+{
+  USHORT x;
+
+  if (! block)
+    bail ("loadports: no block?!");
+  if ((! lo) || (! hi))
+    bail ("loadports: bogus values %d, %d", lo, hi);
+  x = hi;
+  while (lo <= x) {
+    block[x] = 1;
+    x--;
+  }
+} /* loadports */
+
+#ifdef GAPING_SECURITY_HOLE
+char * pr00gie = NULL;                  /* global ptr to -e arg */
+
+/* doexec :
+   fiddle all the file descriptors around, and hand off to another prog.  Sort
+   of like a one-off "poor man's inetd".  This is the only section of code
+   that would be security-critical, which is why it's ifdefed out by default.
+   Use at your own hairy risk; if you leave shells lying around behind open
+   listening ports you deserve to lose!! */
+doexec (fd)
+  int fd;
+{
+  register char * p;
+
+  dup2 (fd, 0);                         /* the precise order of fiddlage */
+  close (fd);                           /* is apparently crucial; this is */
+  dup2 (0, 1);                          /* swiped directly out of "inetd". */
+  dup2 (0, 2);
+  p = strrchr (pr00gie, '/');           /* shorter argv[0] */
+  if (p)
+    p++;
+  else
+    p = pr00gie;
+Debug (("gonna exec %s as %s...", pr00gie, p))
+  execl (pr00gie, p, NULL);
+  bail ("exec %s failed", pr00gie);     /* this gets sent out.  Hmm... */
+} /* doexec */
+#endif /* GAPING_SECURITY_HOLE */
+
+/* doconnect :
+   do all the socket stuff, and return an fd for one of
+        an open outbound TCP connection
+        a UDP stub-socket thingie
+   with appropriate socket options set up if we wanted source-routing, or
+        an unconnected TCP or UDP socket to listen on.
+   Examines various global o_blah flags to figure out what-all to do. */
+int doconnect (rad, rp, lad, lp)
+  IA * rad;
+  USHORT rp;
+  IA * lad;
+  USHORT lp;
+{
+  register int nnetfd;
+  register int rr;
+  int x, y;
+  errno = 0;
+
+/* grab a socket; set opts */
+newskt:
+  if (o_udpmode)
+    nnetfd = socket (AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+  else
+    nnetfd = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
+  if (nnetfd < 0)
+    bail ("Can't get socket");
+  if (nnetfd == 0)              /* if stdin was closed this might *be* 0, */
+    goto newskt;                /* so grab another.  See text for why... */
+  x = 1;
+  rr = setsockopt (nnetfd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof (x));
+  if (rr == -1)
+    holler ("nnetfd reuseaddr failed");         /* ??? */
+#ifdef SO_REUSEPORT     /* doesnt exist everywhere... */
+  rr = setsockopt (nnetfd, SOL_SOCKET, SO_REUSEPORT, &x, sizeof (x));
+  if (rr == -1)
+    holler ("nnetfd reuseport failed");         /* ??? */
+#endif
+#if 0
+/* If you want to screw with RCVBUF/SNDBUF, do it here.  Liudvikas Bukys at
+   Rochester sent this example, which would involve YET MORE options and is
+   just archived here in case you want to mess with it.  o_xxxbuf are global
+   integers set in main() getopt loop, and check for rr == 0 afterward. */
+  rr = setsockopt(nnetfd, SOL_SOCKET, SO_RCVBUF, &o_rcvbuf, sizeof o_rcvbuf);
+  rr = setsockopt(nnetfd, SOL_SOCKET, SO_SNDBUF, &o_sndbuf, sizeof o_sndbuf);
+#endif
+  
+  /* fill in all the right sockaddr crud */
+    lclend->sin_family = AF_INET;
+
+/* fill in all the right sockaddr crud */
+  lclend->sin_family = AF_INET;
+  remend->sin_family = AF_INET;
+
+/* if lad/lp, do appropriate binding */
+  if (lad)
+    memcpy (&lclend->sin_addr.s_addr, lad, sizeof (IA));
+  if (lp)
+    lclend->sin_port = htons (lp);
+  rr = 0;
+  if (lad || lp) {
+    x = (int) lp;
+/* try a few times for the local bind, a la ftp-data-port... */
+    for (y = 4; y > 0; y--) {
+      rr = bind (nnetfd, (SA *)lclend, sizeof (SA));
+      if (rr == 0)
+        break;
+      if (errno != EADDRINUSE)
+        break;
+      else {
+        holler ("retrying local %s:%d", inet_ntoa (lclend->sin_addr), lp);
+        sleep (2);
+        errno = 0;                      /* clear from sleep */
+      } /* if EADDRINUSE */
+    } /* for y counter */
+  } /* if lad or lp */
+  if (rr)
+    bail ("Can't grab %s:%d with bind",
+        inet_ntoa(lclend->sin_addr), lp);
+
+  if (o_listen)
+    return (nnetfd);                    /* thanks, that's all for today */
+
+  memcpy (&remend->sin_addr.s_addr, rad, sizeof (IA));
+  remend->sin_port = htons (rp);
+
+/* rough format of LSRR option and explanation of weirdness.
+Option comes after IP-hdr dest addr in packet, padded to *4, and ihl > 5.
+IHL is multiples of 4, i.e. real len = ip_hl << 2.
+        type 131        1       ; 0x83: copied, option class 0, number 3
+        len             1       ; of *whole* option!
+        pointer         1       ; nxt-hop-addr; 1-relative, not 0-relative
+        addrlist...     var     ; 4 bytes per hop-addr
+        pad-to-32       var     ; ones, i.e. "NOP"
+
+If we want to route A -> B via hops C and D, we must add C, D, *and* B to the
+options list.  Why?  Because when we hand the kernel A -> B with list C, D, B
+the "send shuffle" inside the kernel changes it into A -> C with list D, B and
+the outbound packet gets sent to C.  If B wasn't also in the hops list, the
+final destination would have been lost at this point.
+
+When C gets the packet, it changes it to A -> D with list C', B where C' is
+the interface address that C used to forward the packet.  This "records" the
+route hop from B's point of view, i.e. which address points "toward" B.  This
+is to make B better able to return the packets.  The pointer gets bumped by 4,
+so that D does the right thing instead of trying to forward back to C.
+
+When B finally gets the packet, it sees that the pointer is at the end of the
+LSRR list and is thus "completed".  B will then try to use the packet instead
+of forwarding it, i.e. deliver it up to some application.
+
+Note that by moving the pointer yourself, you could send the traffic directly
+to B but have it return via your preconstructed source-route.  Playing with
+this and watching "tcpdump -v" is the best way to understand what's going on.
+
+Only works for TCP in BSD-flavor kernels.  UDP is a loss; udp_input calls
+stripoptions() early on, and the code to save the srcrt is notdef'ed.
+Linux is also still a loss at 1.3.x it looks like; the lsrr code is { }...
+*/
+
+/* if any -g arguments were given, set up source-routing.  We hit this after
+   the gates are all looked up and ready to rock, any -G pointer is set,
+   and gatesidx is now the *number* of hops */
+  if (gatesidx) {               /* if we wanted any srcrt hops ... */
+/* don't even bother compiling if we can't do IP options here! */
+#ifdef IP_OPTIONS
+    if (! optbuf) {             /* and don't already *have* a srcrt set */
+      char * opp;               /* then do all this setup hair */
+      optbuf = Hmalloc (48);
+      opp = optbuf;
+      *opp++ = IPOPT_LSRR;                                      /* option */
+      *opp++ = (char)
+        (((gatesidx + 1) * sizeof (IA)) + 3) & 0xff;            /* length */
+      *opp++ = gatesptr;                                        /* pointer */
+/* opp now points at first hop addr -- insert the intermediate gateways */
+      for ( x = 0; x < gatesidx; x++) {
+        memcpy (opp, gates[x]->iaddrs, sizeof (IA));
+        opp += sizeof (IA);
+      }
+/* and tack the final destination on the end [needed!] */
+      memcpy (opp, rad, sizeof (IA));
+      opp += sizeof (IA);
+      *opp = IPOPT_NOP;                 /* alignment filler */
+    } /* if empty optbuf */
+/* calculate length of whole option mess, which is (3 + [hops] + [final] + 1),
+   and apply it [have to do this every time through, of course] */
+    x = ((gatesidx + 1) * sizeof (IA)) + 4;
+    rr = setsockopt (nnetfd, IPPROTO_IP, IP_OPTIONS, optbuf, x);
+    if (rr == -1)
+      bail ("srcrt setsockopt fuxored");
+#else /* IP_OPTIONS */
+    holler ("Warning: source routing unavailable on this machine, ignoring");
+#endif /* IP_OPTIONS*/
+  } /* if gatesidx */
+
+/* wrap connect inside a timer, and hit it */
+  arm (1, o_wait);
+  if (setjmp (jbuf) == 0) {
+    rr = connect (nnetfd, (SA *)remend, sizeof (SA));
+  } else {                              /* setjmp: connect failed... */
+    rr = -1;
+    errno = ETIMEDOUT;                  /* fake it */
+  }
+  arm (0, 0);
+  if (rr == 0)
+    return (nnetfd);
+  close (nnetfd);                       /* clean up junked socket FD!! */
+  return (-1);
+} /* doconnect */
+
+/* dolisten :
+   just like doconnect, and in fact calls a hunk of doconnect, but listens for
+   incoming and returns an open connection *from* someplace.  If we were
+   given host/port args, any connections from elsewhere are rejected.  This
+   in conjunction with local-address binding should limit things nicely... */
+int dolisten (rad, rp, lad, lp)
+  IA * rad;
+  USHORT rp;
+  IA * lad;
+  USHORT lp;
+{
+  register int nnetfd;
+  register int rr;
+  HINF * whozis = NULL;
+  int x;
+  char * cp;
+  USHORT z;
+  errno = 0;
+
+/* Pass everything off to doconnect, who in o_listen mode just gets a socket */
+  nnetfd = doconnect (rad, rp, lad, lp);
+  if (nnetfd <= 0)
+    return (-1);
+  if (o_udpmode) {                      /* apparently UDP can listen ON */
+    if (! lp)                           /* "port 0",  but that's not useful */
+      bail ("UDP listen needs -p arg");
+  } else {
+    rr = listen (nnetfd, 1);            /* gotta listen() before we can get */
+    if (rr < 0)                         /* our local random port.  sheesh. */
+      bail ("local listen fuxored");
+  }
+
+/* Various things that follow temporarily trash bigbuf_net, which might contain
+   a copy of any recvfrom()ed packet, but we'll read() another copy later. */
+
+/* I can't believe I have to do all this to get my own goddamn bound address
+   and port number.  It should just get filled in during bind() or something.
+   All this is only useful if we didn't say -p for listening, since if we
+   said -p we *know* what port we're listening on.  At any rate we won't bother
+   with it all unless we wanted to see it, although listening quietly on a
+   random unknown port is probably not very useful without "netstat". */
+  if (o_verbose) {
+    x = sizeof (SA);            /* how 'bout getsockNUM instead, pinheads?! */
+    rr = getsockname (nnetfd, (SA *) lclend, &x);
+    if (rr < 0)
+      holler ("local getsockname failed");
+    strcpy (bigbuf_net, "listening on [");      /* buffer reuse... */
+    if (lclend->sin_addr.s_addr)
+      strcat (bigbuf_net, inet_ntoa (lclend->sin_addr));
+    else
+      strcat (bigbuf_net, "any");
+    strcat (bigbuf_net, "] %d ...");
+    z = ntohs (lclend->sin_port);
+    holler (bigbuf_net, z);
+  } /* verbose -- whew!! */
+
+/* UDP is a speeeeecial case -- we have to do I/O *and* get the calling
+   party's particulars all at once, listen() and accept() don't apply.
+   At least in the BSD universe, however, recvfrom/PEEK is enough to tell
+   us something came in, and we can set things up so straight read/write
+   actually does work after all.  Yow.  YMMV on strange platforms!  */
+  if (o_udpmode) {
+    x = sizeof (SA);            /* retval for recvfrom */
+    arm (2, o_wait);            /* might as well timeout this, too */
+    if (setjmp (jbuf) == 0) {   /* do timeout for initial connect */
+      rr = recvfrom             /* and here we block... */
+        (nnetfd, bigbuf_net, BIGSIZ, MSG_PEEK, (SA *) remend, &x);
+Debug (("dolisten/recvfrom ding, rr = %d, netbuf %s ", rr, bigbuf_net))
+    } else
+      goto dol_tmo;             /* timeout */
+    arm (0, 0);
+/* I'm not completely clear on how this works -- BSD seems to make UDP
+   just magically work in a connect()ed context, but we'll undoubtedly run
+   into systems this deal doesn't work on.  For now, we apparently have to
+   issue a connect() on our just-tickled socket so we can write() back.
+   Again, why the fuck doesn't it just get filled in and taken care of?!
+   This hack is anything but optimal.  Basically, if you want your listener
+   to also be able to send data back, you need this connect() line, which
+   also has the side effect that now anything from a different source or even a
+   different port on the other end won't show up and will cause ICMP errors.
+   I guess that's what they meant by "connect".
+   Let's try to remember what the "U" is *really* for, eh? */
+    rr = connect (nnetfd, (SA *)remend, sizeof (SA));
+    goto whoisit;
+  } /* o_udpmode */
+
+/* fall here for TCP */
+  x = sizeof (SA);              /* retval for accept */
+  arm (2, o_wait);              /* wrap this in a timer, too; 0 = forever */
+  if (setjmp (jbuf) == 0) {
+    rr = accept (nnetfd, (SA *)remend, &x);
+  } else
+    goto dol_tmo;               /* timeout */
+  arm (0, 0);
+  close (nnetfd);               /* dump the old socket */
+  nnetfd = rr;                  /* here's our new one */
+
+whoisit:
+  if (rr < 0)
+    goto dol_err;               /* bail out if any errors so far */
+
+/* If we can, look for any IP options.  Useful for testing the receiving end of
+   such things, and is a good exercise in dealing with it.  We do this before
+   the connect message, to ensure that the connect msg is uniformly the LAST
+   thing to emerge after all the intervening crud.  Doesn't work for UDP on
+   any machines I've tested, but feel free to surprise me. */
+#ifdef IP_OPTIONS
+  if (! o_verbose)                      /* if we wont see it, we dont care */
+    goto dol_noop;
+  optbuf = Hmalloc (40);
+  x = 40;
+  rr = getsockopt (nnetfd, IPPROTO_IP, IP_OPTIONS, optbuf, &x);
+  if (rr < 0)
+    holler ("getsockopt failed");
+Debug (("ipoptions ret len %d", x))
+  if (x) {                              /* we've got options, lessee em... */
+    unsigned char * q = (unsigned char *) optbuf;
+    char * p = bigbuf_net;              /* local variables, yuk! */
+    char * pp = &bigbuf_net[128];       /* get random space farther out... */
+    memset (bigbuf_net, 0, 256);        /* clear it all first */
+    while (x > 0) {
+        sprintf (pp, "%2.2x ", *q);     /* clumsy, but works: turn into hex */
+        strcat (p, pp);                 /* and build the final string */
+        q++; p++;
+        x--;
+    }
+    holler ("IP options: %s", bigbuf_net);
+  } /* if x, i.e. any options */
+dol_noop:
+#endif /* IP_OPTIONS */
+
+/* find out what address the connection was *to* on our end, in case we're
+   doing a listen-on-any on a multihomed machine.  This allows one to
+   offer different services via different alias addresses, such as the
+   "virtual web site" hack. */
+  memset (bigbuf_net, 0, 64);
+  cp = &bigbuf_net[32];
+  x = sizeof (SA);
+  rr = getsockname (nnetfd, (SA *) lclend, &x);
+  if (rr < 0)
+    holler ("post-rcv getsockname failed");
+  strcpy (cp, inet_ntoa (lclend->sin_addr));
+
+/* now check out who it is.  We don't care about mismatched DNS names here,
+   but any ADDR and PORT we specified had better fucking well match the caller.
+   Converting from addr to inet_ntoa and back again is a bit of a kludge, but
+   gethostpoop wants a string and there's much gnarlier code out there already,
+   so I don't feel bad.
+   The *real* question is why BFD sockets wasn't designed to allow listens for
+   connections *from* specific hosts/ports, instead of requiring the caller to
+   accept the connection and then reject undesireable ones by closing.  In
+   other words, we need a TCP MSG_PEEK. */
+  z = ntohs (remend->sin_port);
+  strcpy (bigbuf_net, inet_ntoa (remend->sin_addr));
+  whozis = gethostpoop (bigbuf_net, o_nflag);
+  errno = 0;
+  x = 0;                                /* use as a flag... */
+  if (rad)      /* xxx: fix to go down the *list* if we have one? */
+    if (memcmp (rad, whozis->iaddrs, sizeof (SA)))
+      x = 1;
+  if (rp)
+    if (z != rp)
+      x = 1;
+  if (x)                                        /* guilty! */
+    bail ("invalid connection to [%s] from %s [%s] %d",
+        cp, whozis->name, whozis->addrs[0], z);
+  holler ("connect to [%s] from %s [%s] %d",            /* oh, you're okay.. */
+        cp, whozis->name, whozis->addrs[0], z);
+  return (nnetfd);                              /* open! */
+
+dol_tmo:
+  errno = ETIMEDOUT;                    /* fake it */
+dol_err:
+  close (nnetfd);
+  return (-1);
+} /* dolisten */
+
+/* udptest :
+   fire a couple of packets at a UDP target port, just to see if it's really
+   there.  On BSD kernels, ICMP host/port-unreachable errors get delivered to
+   our socket as ECONNREFUSED write errors.  On SV kernels, we lose; we'll have
+   to collect and analyze raw ICMP ourselves a la satan's probe_udp_ports
+   backend.  Guess where one could swipe the appropriate code from...
+
+   Use the time delay between writes if given, otherwise use the "tcp ping"
+   trick for getting the RTT.  [I got that idea from pluvius, and warped it.]
+   Return either the original fd, or clean up and return -1. */
+udptest (fd, where)
+  int fd;
+  IA * where;
+{
+  register int rr;
+
+  rr = write (fd, bigbuf_in, 1);
+  if (rr != 1)
+    holler ("udptest first write failed?! errno %d", errno);
+  if (o_wait)
+    sleep (o_wait);
+  else {
+/* use the tcp-ping trick: try connecting to a normally refused port, which
+   causes us to block for the time that SYN gets there and RST gets back.
+   Not completely reliable, but it *does* mostly work. */
+    o_udpmode = 0;                      /* so doconnect does TCP this time */
+/* Set a temporary connect timeout, so packet filtration doesnt cause
+   us to hang forever, and hit it */
+    o_wait = 5;                         /* enough that we'll notice?? */
+    rr = doconnect (where, SLEAZE_PORT, 0, 0);
+    if (rr > 0)
+      close (rr);                       /* in case it *did* open */
+    o_wait = 0;                         /* reset it */
+    o_udpmode++;                        /* we *are* still doing UDP, right? */
+  } /* if o_wait */
+  errno = 0;                            /* clear from sleep */
+  rr = write (fd, bigbuf_in, 1);
+  if (rr == 1)                          /* if write error, no UDP listener */
+    return (fd);
+  close (fd);                           /* use it or lose it! */
+  return (-1);
+} /* udptest */
+
+/* oprint :
+   Hexdump bytes shoveled either way to a running logfile, in the format:
+D offset       -  - - - --- 16 bytes --- - - -  -     # .... ascii .....
+   where "which" sets the direction indicator, D:
+        0 -- sent to network, or ">"
+        1 -- rcvd and printed to stdout, or "<"
+   and "buf" and "n" are data-block and length.  If the current block generates
+   a partial line, so be it; we *want* that lockstep indication of who sent
+   what when.  Adapted from dgaudet's original example -- but must be ripping
+   *fast*, since we don't want to be too disk-bound... */
+void oprint (which, buf, n)
+  int which;
+  char * buf;
+  int n;
+{
+  int bc;                       /* in buffer count */
+  int obc;                      /* current "global" offset */
+  int soc;                      /* stage write count */
+  register unsigned char * p;   /* main buf ptr; m.b. unsigned here */
+  register unsigned char * op;  /* out hexdump ptr */
+  register unsigned char * a;   /* out asc-dump ptr */
+  register int x;
+  register unsigned int y;
+
+  if (! ofd)
+    bail ("oprint called with no open fd?!");
+  if (n == 0)
+    return;
+
+  op = stage;
+  if (which) {
+    *op = '<';
+    obc = wrote_out;            /* use the globals! */
+  } else {
+    *op = '>';
+    obc = wrote_net;
+  }
+  op++;                         /* preload "direction" */
+  *op = ' ';
+  p = (unsigned char *) buf;
+  bc = n;
+  stage[59] = '#';              /* preload separator */
+  stage[60] = ' ';
+
+  while (bc) {                  /* for chunk-o-data ... */
+    x = 16;
+    soc = 78;                   /* len of whole formatted line */
+    if (bc < x) {
+      soc = soc - 16 + bc;      /* fiddle for however much is left */
+      x = (bc * 3) + 11;        /* 2 digits + space per, after D & offset */
+      op = &stage[x];
+      x = 16 - bc;
+      while (x) {
+        *op++ = ' ';            /* preload filler spaces */
+        *op++ = ' ';
+        *op++ = ' ';
+        x--;
+      }
+      x = bc;                   /* re-fix current linecount */
+    } /* if bc < x */
+
+    bc -= x;                    /* fix wrt current line size */
+    sprintf (&stage[2], "%8.8x ", obc);         /* xxx: still slow? */
+    obc += x;                   /* fix current offset */
+    op = &stage[11];            /* where hex starts */
+    a = &stage[61];             /* where ascii starts */
+
+    while (x) {                 /* for line of dump, however long ... */
+      y = (int)(*p >> 4);       /* hi half */
+      *op = hexnibs[y];
+      op++;
+      y = (int)(*p & 0x0f);     /* lo half */
+      *op = hexnibs[y];
+      op++;
+      *op = ' ';
+      op++;
+      if ((*p > 31) && (*p < 127))
+        *a = *p;                /* printing */
+      else
+        *a = '.';               /* nonprinting, loose def */
+      a++;
+      p++;
+      x--;
+    } /* while x */
+    *a = '\n';                  /* finish the line */
+    x = write (ofd, stage, soc);
+    if (x < 0)
+      bail ("ofd write err");
+  } /* while bc */
+} /* oprint */
+
+#ifdef TELNET
+USHORT o_tn = 0;                /* global -t option */
+
+/* atelnet :
+   Answer anything that looks like telnet negotiation with don't/won't.
+   This doesn't modify any data buffers, update the global output count,
+   or show up in a hexdump -- it just shits into the outgoing stream.
+   Idea and codebase from Mudge@l0pht.com. */
+void atelnet (buf, size)
+  unsigned char * buf;          /* has to be unsigned here! */
+  unsigned int size;
+{
+  static unsigned char obuf [4];  /* tiny thing to build responses into */
+  register int x;
+  register unsigned char y;
+  register unsigned char * p;
+
+  y = 0;
+  p = buf;
+  x = size;
+  while (x > 0) {
+    if (*p != 255)                      /* IAC? */
+      goto notiac;
+    obuf[0] = 255;
+    p++; x--;
+    if ((*p == 251) || (*p == 252))     /* WILL or WONT */
+      y = 254;                          /* -> DONT */
+    if ((*p == 253) || (*p == 254))     /* DO or DONT */
+      y = 252;                          /* -> WONT */
+    if (y) {
+      obuf[1] = y;
+      p++; x--;
+      obuf[2] = *p;                     /* copy actual option byte */
+      (void) write (netfd, obuf, 3);
+/* if one wanted to bump wrote_net or do a hexdump line, here's the place */
+      y = 0;
+    } /* if y */
+notiac:
+    p++; x--;
+  } /* while x */
+} /* atelnet */
+#endif /* TELNET */
+
+/* readwrite :
+   handle stdin/stdout/network I/O.  Bwahaha!! -- the select loop from hell.
+   In this instance, return what might become our exit status. */
+int readwrite (fd)
+  int fd;
+{
+  register int rr;
+  register char * zp;           /* stdin buf ptr */
+  register char * np;           /* net-in buf ptr */
+  unsigned int rzleft;
+  unsigned int rnleft;
+  USHORT netretry;              /* net-read retry counter */
+  USHORT wretry;                /* net-write sanity counter */
+  USHORT wfirst;                /* one-shot flag to skip first net read */
+
+/* if you don't have all this FD_* macro hair in sys/types.h, you'll have to
+   either find it or do your own bit-bashing: *ding1 |= (1 << fd), etc... */
+  if (fd > FD_SETSIZE) {
+    holler ("Preposterous fd value %d", fd);
+    return (1);
+  }
+  FD_SET (fd, ding1);           /* global: the net is open */
+  netretry = 2;
+  wfirst = 0;
+  rzleft = rnleft = 0;
+  if (insaved) {
+    rzleft = insaved;           /* preload multi-mode fakeouts */
+    zp = bigbuf_in;
+    wfirst = 1;
+    if (Single)                 /* if not scanning, this is a one-off first */
+      insaved = 0;              /* buffer left over from argv construction, */
+    else {
+      FD_CLR (0, ding1);        /* OR we've already got our repeat chunk, */
+      close (0);                /* so we won't need any more stdin */
+    } /* Single */
+  } /* insaved */
+  if (o_interval)
+    sleep (o_interval);         /* pause *before* sending stuff, too */
+  errno = 0;                    /* clear from sleep, close, whatever */
+
+/* and now the big ol' select shoveling loop ... */
+  while (FD_ISSET (fd, ding1)) {        /* i.e. till the *net* closes! */
+    wretry = 8200;                      /* more than we'll ever hafta write */
+    if (wfirst) {                       /* any saved stdin buffer? */
+      wfirst = 0;                       /* clear flag for the duration */
+      goto shovel;                      /* and go handle it first */
+    }
+    *ding2 = *ding1;                    /* FD_COPY ain't portable... */
+/* some systems, notably linux, crap into their select timers on return, so
+   we create a expendable copy and give *that* to select.  *Fuck* me ... */
+    if (timer1)
+      memcpy (timer2, timer1, sizeof (struct timeval));
+    rr = select (16, ding2, 0, 0, timer2);      /* here it is, kiddies */
+    if (rr < 0) {
+        if (errno != EINTR) {           /* might have gotten ^Zed, etc ?*/
+          holler ("select fuxored");
+          close (fd);
+          return (1);
+        }
+    } /* select fuckup */
+/* if we have a timeout AND stdin is closed AND we haven't heard anything
+   from the net during that time, assume it's dead and close it too. */
+    if (rr == 0) {
+        if (! FD_ISSET (0, ding1))
+          netretry--;                   /* we actually try a coupla times. */
+        if (! netretry) {
+          if (o_verbose > 1)            /* normally we don't care */
+            holler ("net timeout");
+          close (fd);
+          return (0);                   /* not an error! */
+        }
+    } /* select timeout */
+/* xxx: should we check the exception fds too?  The read fds seem to give
+   us the right info, and none of the examples I found bothered. */
+
+/* Ding!!  Something arrived, go check all the incoming hoppers, net first */
+    if (FD_ISSET (fd, ding2)) {         /* net: ding! */
+        rr = read (fd, bigbuf_net, BIGSIZ);
+        if (rr <= 0) {
+          FD_CLR (fd, ding1);           /* net closed, we'll finish up... */
+          rzleft = 0;                   /* can't write anymore: broken pipe */
+        } else {
+          rnleft = rr;
+          np = bigbuf_net;
+#ifdef TELNET
+          if (o_tn)
+            atelnet (np, rr);           /* fake out telnet stuff */
+#endif /* TELNET */
+        } /* if rr */
+Debug (("got %d from the net, errno %d", rr, errno))
+    } /* net:ding */
+
+/* if we're in "slowly" mode there's probably still stuff in the stdin
+   buffer, so don't read unless we really need MORE INPUT!  MORE INPUT! */
+    if (rzleft)
+        goto shovel;
+
+/* okay, suck more stdin */
+    if (FD_ISSET (0, ding2)) {          /* stdin: ding! */
+        rr = read (0, bigbuf_in, BIGSIZ);
+/* Considered making reads here smaller for UDP mode, but 8192-byte
+   mobygrams are kinda fun and exercise the reassembler. */
+        if (rr <= 0) {                  /* at end, or fukt, or ... */
+          FD_CLR (0, ding1);            /* disable and close stdin */
+          close (0);
+        } else {
+          rzleft = rr;
+          zp = bigbuf_in;
+/* special case for multi-mode -- we'll want to send this one buffer to every
+   open TCP port or every UDP attempt, so save its size and clean up stdin */
+          if (! Single) {               /* we might be scanning... */
+            insaved = rr;               /* save len */
+            FD_CLR (0, ding1);          /* disable further junk from stdin */
+            close (0);                  /* really, I mean it */
+          } /* Single */
+        } /* if rr/read */
+    } /* stdin:ding */
+
+shovel:
+/* now that we've dingdonged all our thingdings, send off the results.
+   Geez, why does this look an awful lot like the big loop in "rsh"? ...
+   not sure if the order of this matters, but write net -> stdout first. */
+
+/* sanity check.  Works because they're both unsigned... */
+    if ((rzleft > 8200) || (rnleft > 8200)) {
+        holler ("Bogus buffers: %d, %d", rzleft, rnleft);
+        rzleft = rnleft = 0;
+    }
+/* net write retries sometimes happen on UDP connections */
+    if (! wretry) {                     /* is something hung? */
+        holler ("too many output retries");
+        return (1);
+    }
+    if (rnleft) {
+        rr = write (1, np, rnleft);
+        if (rr > 0) {
+          if (o_wfile)
+            oprint (1, np, rr);         /* log the stdout */
+          np += rr;                     /* fix up ptrs and whatnot */
+          rnleft -= rr;                 /* will get sanity-checked above */
+          wrote_out += rr;              /* global count */
+        }
+Debug (("wrote %d to stdout, errno %d", rr, errno))
+    } /* rnleft */
+    if (rzleft) {
+        if (o_interval)                 /* in "slowly" mode ?? */
+          rr = findline (zp, rzleft);
+        else
+          rr = rzleft;
+        rr = write (fd, zp, rr);        /* one line, or the whole buffer */
+        if (rr > 0) {
+          if (o_wfile)
+            oprint (0, zp, rr);         /* log what got sent */
+          zp += rr;
+          rzleft -= rr;
+          wrote_net += rr;              /* global count */
+        }
+Debug (("wrote %d to net, errno %d", rr, errno))
+    } /* rzleft */
+    if (o_interval) {                   /* cycle between slow lines, or ... */
+        sleep (o_interval);
+        errno = 0;                      /* clear from sleep */
+        continue;                       /* ...with hairy select loop... */
+    }
+    if ((rzleft) || (rnleft)) {         /* shovel that shit till they ain't */
+        wretry--;                       /* none left, and get another load */
+        goto shovel;
+    }
+  } /* while ding1:netfd is open */
+
+/* XXX: maybe want a more graceful shutdown() here, or screw around with
+   linger times??  I suspect that I don't need to since I'm always doing
+   blocking reads and writes and my own manual "last ditch" efforts to read
+   the net again after a timeout.  I haven't seen any screwups yet, but it's
+   not like my test network is particularly busy... */
+  close (fd);
+  return (0);
+} /* readwrite */
+
+/* main :
+   now we pull it all together... */
+main (argc, argv)
+  int argc;
+  char ** argv;
+{
+#ifndef HAVE_GETOPT
+  extern char * optarg;
+  extern int optind, optopt;
+#endif
+  register int x;
+  register char *cp;
+  HINF * gp;
+  HINF * whereto = NULL;
+  HINF * wherefrom = NULL;
+  IA * ouraddr = NULL;
+  IA * themaddr = NULL;
+  USHORT o_lport = 0;
+  USHORT ourport = 0;
+  USHORT loport = 0;            /* for scanning stuff */
+  USHORT hiport = 0;
+  USHORT curport = 0;
+  char * randports = NULL;
+
+#ifdef HAVE_BIND
+/* can *you* say "cc -yaddayadda netcat.c -lresolv -l44bsd" on SunLOSs? */
+  res_init();
+#endif
+/* I was in this barbershop quartet in Skokie IL ... */
+/* round up the usual suspects, i.e. malloc up all the stuff we need */
+  lclend = (SAI *) Hmalloc (sizeof (SA));
+  remend = (SAI *) Hmalloc (sizeof (SA));
+  bigbuf_in = Hmalloc (BIGSIZ);
+  bigbuf_net = Hmalloc (BIGSIZ);
+  ding1 = (fd_set *) Hmalloc (sizeof (fd_set));
+  ding2 = (fd_set *) Hmalloc (sizeof (fd_set));
+  portpoop = (PINF *) Hmalloc (sizeof (PINF));
+
+  errno = 0;
+  gatesptr = 4;
+  h_errno = 0;
+
+/* catch a signal or two for cleanup */
+  signal (SIGINT, catch);
+  signal (SIGQUIT, catch);
+  signal (SIGTERM, catch);
+/* and suppress others... */
+#ifdef SIGURG
+  signal (SIGURG, SIG_IGN);
+#endif
+#ifdef SIGPIPE
+  signal (SIGPIPE, SIG_IGN);            /* important! */
+#endif
+
+/* if no args given at all, get 'em from stdin, construct an argv, and hand
+   anything left over to readwrite(). */
+  if (argc == 1) {
+    cp = argv[0];
+    argv = (char **) Hmalloc (128 * sizeof (char *));   /* XXX: 128? */
+    argv[0] = cp;                       /* leave old prog name intact */
+    cp = Hmalloc (BIGSIZ);
+    argv[1] = cp;                       /* head of new arg block */
+    fprintf (stderr, "Cmd line: ");
+    fflush (stderr);            /* I dont care if it's unbuffered or not! */
+    insaved = read (0, cp, BIGSIZ);     /* we're gonna fake fgets() here */
+    if (insaved <= 0)
+      bail ("wrong");
+    x = findline (cp, insaved);
+    if (x)
+      insaved -= x;             /* remaining chunk size to be sent */
+    if (insaved)                /* which might be zero... */
+      memcpy (bigbuf_in, &cp[x], insaved);
+    cp = strchr (argv[1], '\n');
+    if (cp)
+      *cp = '\0';
+    cp = strchr (argv[1], '\r');        /* look for ^M too */
+    if (cp)
+      *cp = '\0';
+
+/* find and stash pointers to remaining new "args" */
+    cp = argv[1];
+    cp++;                               /* skip past first char */
+    x = 2;                              /* we know argv 0 and 1 already */
+    for (; *cp != '\0'; cp++) {
+      if (*cp == ' ') {
+        *cp = '\0';                     /* smash all spaces */
+        continue;
+      } else {
+        if (*(cp-1) == '\0') {
+          argv[x] = cp;
+          x++;
+        }
+      } /* if space */
+    } /* for cp */
+    argc = x;
+  } /* if no args given */
+
+/* If your shitbox doesn't have getopt, step into the nineties already. */
+/* optarg, optind = next-argv-component [i.e. flag arg]; optopt = last-char */
+  while ((x = getopt (argc, argv, "ae:g:G:hi:lno:p:rs:tuvw:z")) != -1) {
+/* Debug (("in go: x now %c, optarg %x optind %d", x, optarg, optind)) */
+    switch (x) {
+      case 'a':
+        bail ("all-A-records NIY");
+        o_alla++; break;
+#ifdef GAPING_SECURITY_HOLE
+      case 'e':                         /* prog to exec */
+        pr00gie = optarg;
+        break;
+#endif
+      case 'G':                         /* srcrt gateways pointer val */
+        x = atoi (optarg);
+        if ((x) && (x == (x & 0x1c)))   /* mask off bits of fukt values */
+          gatesptr = x;
+        else
+          bail ("invalid hop pointer %d, must be multiple of 4 <= 28", x);
+        break;
+      case 'g':                         /* srcroute hop[s] */
+        if (gatesidx > 8)
+          bail ("too many -g hops");
+        if (gates == NULL)              /* eat this, Billy-boy */
+          gates = (HINF **) Hmalloc (sizeof (HINF *) * 10);
+        gp = gethostpoop (optarg, o_nflag);
+        if (gp)
+          gates[gatesidx] = gp;
+        gatesidx++;
+        break;
+      case 'h':
+        errno = 0;
+#ifdef HAVE_HELP
+        helpme();                       /* exits by itself */
+#else
+        bail ("no help available, dork -- RTFS");
+#endif
+      case 'i':                         /* line-interval time */
+        o_interval = atoi (optarg) & 0xffff;
+        if (! o_interval)
+          bail ("invalid interval time %s", optarg);
+        break;
+      case 'l':                         /* listen mode */
+        o_listen++; break;
+      case 'n':                         /* numeric-only, no DNS lookups */
+        o_nflag++; break;
+      case 'o':                         /* hexdump log */
+        stage = (unsigned char *) optarg;
+        o_wfile++; break;
+      case 'p':                         /* local source port */
+        o_lport = getportpoop (optarg, 0);
+        if (o_lport == 0)
+          bail ("invalid local port %s", optarg);
+        break;
+      case 'r':                         /* randomize various things */
+        o_random++; break;
+      case 's':                         /* local source address */
+/* do a full lookup [since everything else goes through the same mill],
+   unless -n was previously specified.  In fact, careful placement of -n can
+   be useful, so we'll still pass o_nflag here instead of forcing numeric.  */
+        wherefrom = gethostpoop (optarg, o_nflag);
+        ouraddr = &wherefrom->iaddrs[0];
+        break;
+#ifdef TELNET
+      case 't':                         /* do telnet fakeout */
+        o_tn++; break;
+#endif /* TELNET */
+      case 'u':                         /* use UDP */
+        o_udpmode++; break;
+      case 'v':                         /* verbose */
+        o_verbose++; break;
+      case 'w':                         /* wait time */
+        o_wait = atoi (optarg);
+        if (o_wait <= 0)
+          bail ("invalid wait-time %s", optarg);
+        timer1 = (struct timeval *) Hmalloc (sizeof (struct timeval));
+        timer2 = (struct timeval *) Hmalloc (sizeof (struct timeval));
+        timer1->tv_sec = o_wait;        /* we need two.  see readwrite()... */
+        break;
+      case 'z':                         /* little or no data xfer */
+        o_zero++;
+        break;
+      default:
+        errno = 0;
+        bail ("nc -h for help");
+    } /* switch x */
+  } /* while getopt */
+
+/* other misc initialization */
+Debug (("fd_set size %d", sizeof (*ding1)))     /* how big *is* it? */
+  FD_SET (0, ding1);                    /* stdin *is* initially open */
+  if (o_random) {
+    SRAND (time (0));
+    randports = Hmalloc (65536);        /* big flag array for ports */
+  }
+#ifdef GAPING_SECURITY_HOLE
+  if (pr00gie) {
+    close (0);                          /* won't need stdin */
+    o_wfile = 0;                        /* -o with -e is meaningless! */
+    ofd = 0;
+  }
+#endif /* G_S_H */
+  if (o_wfile) {
+    ofd = open (stage, O_WRONLY | O_CREAT | O_TRUNC, 0664);
+    if (ofd <= 0)                       /* must be > extant 0/1/2 */
+      bail ("can't open %s", stage);
+    stage = (unsigned char *) Hmalloc (100);
+  }
+
+/* optind is now index of first non -x arg */
+Debug (("after go: x now %c, optarg %x optind %d", x, optarg, optind))
+/* Debug (("optind up to %d at host-arg %s", optind, argv[optind])) */
+/* gonna only use first addr of host-list, like our IQ was normal; if you wanna
+   get fancy with addresses, look up the list yourself and plug 'em in for now.
+   unless we finally implement -a, that is. */
+  if (argv[optind])
+    whereto = gethostpoop (argv[optind], o_nflag);
+  if (whereto && whereto->iaddrs)
+    themaddr = &whereto->iaddrs[0];
+  if (themaddr)
+    optind++;                           /* skip past valid host lookup */
+  errno = 0;
+  h_errno = 0;
+
+/* Handle listen mode here, and exit afterward.  Only does one connect;
+   this is arguably the right thing to do.  A "persistent listen-and-fork"
+   mode a la inetd has been thought about, but not implemented.  A tiny
+   wrapper script can handle such things... */
+  if (o_listen) {
+    curport = 0;                        /* rem port *can* be zero here... */
+    if (argv[optind]) {                 /* any rem-port-arg? */
+      curport = getportpoop (argv[optind], 0);
+      if (curport == 0)                 /* if given, demand correctness */
+        bail ("invalid port %s", argv[optind]);
+    } /* if port-arg */
+    netfd = dolisten (themaddr, curport, ouraddr, o_lport);
+/* dolisten does its own connect reporting, so we don't holler anything here */
+    if (netfd > 0) {
+#ifdef GAPING_SECURITY_HOLE
+      if (pr00gie)                      /* -e given? */
+        doexec (netfd);
+#endif /* GAPING_SECURITY_HOLE */
+      x = readwrite (netfd);            /* it even works with UDP! */
+      if (o_verbose > 1)                /* normally we don't care */
+        holler (wrote_txt, wrote_net, wrote_out);
+      exit (x);                         /* "pack out yer trash" */
+    } else /* if no netfd */
+      bail ("no connection");
+  } /* o_listen */
+
+/* fall thru to outbound connects.  Now we're more picky about args... */
+  if (! themaddr)
+    bail ("no destination");
+  if (argv[optind] == NULL)
+    bail ("no port[s] to connect to");
+  if (argv[optind + 1])         /* look ahead: any more port args given? */
+    Single = 0;                         /* multi-mode, case A */
+  ourport = o_lport;                    /* which can be 0 */
+
+/* everything from here down is treated as as ports and/or ranges thereof, so
+   it's all enclosed in this big ol' argv-parsin' loop.  Any randomization is
+   done within each given *range*, but in separate chunks per each succeeding
+   argument, so we can control the pattern somewhat. */
+  while (argv[optind]) {
+    hiport = loport = 0;
+    cp = strchr (argv[optind], '-');    /* nn-mm range? */
+    if (cp) {
+      *cp = '\0';
+      cp++;
+      hiport = getportpoop (cp, 0);
+      if (hiport == 0)
+        bail ("invalid port %s", cp);
+    } /* if found a dash */
+    loport = getportpoop (argv[optind], 0);
+    if (loport == 0)
+      bail ("invalid port %s", argv[optind]);
+    if (hiport > loport) {              /* was it genuinely a range? */
+      Single = 0;                       /* multi-mode, case B */
+      curport = hiport;                 /* start high by default */
+      if (o_random) {                   /* maybe populate the random array */
+        loadports (randports, loport, hiport);
+        curport = nextport (randports);
+      }
+    } else                      /* not a range, including args like "25-25" */
+      curport = loport;
+Debug (("Single %d, curport %d", Single, curport))
+
+/* Now start connecting to these things.  curport is already preloaded. */
+    while (loport <= curport) {
+      if ((! o_lport) && (o_random)) {  /* -p overrides random local-port */
+        ourport = (RAND() & 0xffff);    /* random local-bind -- well above */
+        if (ourport < 8192)             /* resv and any likely listeners??? */
+          ourport += 8192;              /* if it *still* conflicts, use -s. */
+      }
+      curport = getportpoop (NULL, curport);
+      netfd = doconnect (themaddr, curport, ouraddr, ourport);
+Debug (("netfd %d from port %d to port %d", netfd, ourport, curport))
+      if (netfd > 0)
+        if (o_zero && o_udpmode)        /* if UDP scanning... */
+          netfd = udptest (netfd, themaddr);
+      if (netfd > 0) {                  /* Yow, are we OPEN YET?! */
+        x = 0;                          /* pre-exit status */
+        holler ("%s [%s] %d (%s) open",
+          whereto->name, whereto->addrs[0], curport, portpoop->name);
+#ifdef GAPING_SECURITY_HOLE
+        if (pr00gie)                    /* exec is valid for outbound, too */
+          doexec (netfd);
+#endif /* GAPING_SECURITY_HOLE */
+        if (! o_zero)
+          x = readwrite (netfd);        /* go shovel shit */
+      } else { /* no netfd... */
+        x = 1;                          /* preload exit status for later */
+/* if we're scanning at a "one -v" verbosity level, don't print refusals.
+   Give it another -v if you want to see everything. */
+        if ((Single || (o_verbose > 1)) || (errno != ECONNREFUSED))
+          holler ("%s [%s] %d (%s)",
+            whereto->name, whereto->addrs[0], curport, portpoop->name);
+      } /* if netfd */
+      close (netfd);                    /* just in case we didn't already */
+      if (o_interval)
+        sleep (o_interval);             /* if -i, delay between ports too */
+      if (o_random)
+        curport = nextport (randports);
+      else
+        curport--;                      /* just decrement... */
+    } /* while curport within current range */
+    optind++;
+  } /* while remaining port-args -- end of big argv-ports loop*/
+
+  errno = 0;
+  if (o_verbose > 1)            /* normally we don't care */
+    holler (wrote_txt, wrote_net, wrote_out);
+  if (Single)
+    exit (x);                   /* give us status on one connection */
+  exit (0);                     /* otherwise, we're just done */
+} /* main */
+
+#ifdef HAVE_HELP                /* unless we wanna be *really* cryptic */
+/* helpme :
+   the obvious */
+helpme()
+{
+  o_verbose = 1;
+  holler ("[v1.10]\n\
+connect to somewhere:   nc [-options] hostname port[s] [ports] ... \n\
+listen for inbound:     nc -l -p port [-options] [hostname] [port]\n\
+options:");
+/* sigh, this necessarily gets messy.  And the trailing \ characters may be
+   interpreted oddly by some compilers, generating or not generating extra
+   newlines as they bloody please.  u-fix... */
+#ifdef GAPING_SECURITY_HOLE     /* needs to be separate holler() */
+  holler ("\
+        -e prog                 program to exec after connect [dangerous!!]");
+#endif
+  holler ("\
+        -g gateway              source-routing hop point[s], up to 8\n\
+        -G num                  source-routing pointer: 4, 8, 12, ...\n\
+        -h                      this cruft\n\
+        -i secs                 delay interval for lines sent, ports scanned\n\
+        -l                      listen mode, for inbound connects\n\
+        -n                      numeric-only IP addresses, no DNS\n\
+        -o file                 hex dump of traffic\n\
+        -p port                 local port number\n\
+        -r                      randomize local and remote ports\n\
+        -s addr                 local source address");
+#ifdef TELNET
+  holler ("\
+        -t                      answer TELNET negotiation");
+#endif
+  holler ("\
+        -u                      UDP mode\n\
+        -v                      verbose [use twice to be more verbose]\n\
+        -w secs                 timeout for connects and final net reads\n\
+        -z                      zero-I/O mode [used for scanning]");
+  bail ("port numbers can be individual or ranges: lo-hi [inclusive]");
+} /* helpme */
+#endif /* HAVE_HELP */
+
+/* None genuine without this seal!  _H*/
diff --git a/src/usr.bin/nc/scripts/README b/src/usr.bin/nc/scripts/README
new file mode 100644
index 0000000000..07aee0c8ea
--- /dev/null
+++ b/src/usr.bin/nc/scripts/README
@@ -0,0 +1,5 @@
+A collection of example scripts that use netcat as a backend, each
+documented by its own internal comments.
+
+I'll be the first to admit that some of these are seriously *sick*,
+but they do work and are quite useful to me on a daily basis.
diff --git a/src/usr.bin/nc/scripts/alta b/src/usr.bin/nc/scripts/alta
new file mode 100644
index 0000000000..7a091767e8
--- /dev/null
+++ b/src/usr.bin/nc/scripts/alta
@@ -0,0 +1,33 @@
+#! /bin/sh
+## special handler for altavista, since they only hand out chunks of 10 at
+## a time.  Tries to isolate out results without the leading/trailing trash.
+## multiword arguments are foo+bar, as usual.
+## Second optional arg switches the "what" field, to e.g. "news"
+
+test "${1}" = "" && echo 'Needs an argument to search for!' && exit 1
+WHAT="web"
+test "${2}" && WHAT="${2}"
+
+# convert multiple args
+PLUSARG="`echo $* | sed 's/ /+/g'`"
+
+# Plug in arg.  only doing simple-q for now; pg=aq for advanced-query
+# embedded quotes define phrases; otherwise it goes wild on multi-words
+QB="GET /cgi-bin/query?pg=q&what=${WHAT}&fmt=c&q=\"${PLUSARG}\""
+
+# ping 'em once, to get the routing warm
+nc -z -w 8 www.altavista.digital.com 24015 2> /dev/null
+echo "=== Altavista ==="
+
+for xx in 0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 \
+  190 200 210 220 230 240 250 260 270 280 290 300 310 320 330 340 350 ; do
+  echo "${QB}&stq=${xx}" | nc -w 15 www.altavista.digital.com 80 | \
+  egrep '^<a href="http://'
+done
+
+exit 0
+
+# old filter stuff
+  sed -e '/Documents .* matching .* query /,/query?.*stq=.* Document/p' \
+  -e d
+
diff --git a/src/usr.bin/nc/scripts/bsh b/src/usr.bin/nc/scripts/bsh
new file mode 100644
index 0000000000..796e480354
--- /dev/null
+++ b/src/usr.bin/nc/scripts/bsh
@@ -0,0 +1,29 @@
+#! /bin/sh
+## a little wrapper to "password" and re-launch a shell-listener.
+## Arg is taken as the port to listen on.  Define "NC" to point wherever.
+
+NC=nc
+
+case "$1" in
+  ?* )
+  LPN="$1"
+  export LPN
+  sleep 1
+  echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 &
+  echo "launched on port $LPN"
+  exit 0
+  ;;
+esac
+
+# here we play inetd
+echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 &
+
+while read qq ; do
+case "$qq" in
+# here's yer password
+  gimme )
+  cd /
+  exec csh -i
+  ;;
+esac
+done
diff --git a/src/usr.bin/nc/scripts/dist.sh b/src/usr.bin/nc/scripts/dist.sh
new file mode 100644
index 0000000000..4d2534a0e3
--- /dev/null
+++ b/src/usr.bin/nc/scripts/dist.sh
@@ -0,0 +1,23 @@
+#! /bin/sh
+## This is a quick example listen-exec server, which was used for a while to
+## distribute netcat prereleases.  It illustrates use of netcat both as a
+## "fake inetd" and a syslogger, and how easy it then is to crock up a fairly
+## functional server that restarts its own listener and does full connection
+## logging.  In a half-screen of shell script!!
+
+PORT=31337
+
+sleep 1
+SRC=`tail -1 dist.log`
+echo "<36>elite: ${SRC}" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1
+echo ";;; Hi, ${SRC}..."
+echo ";;; This is a PRERELEASE version of 'netcat', tar/gzip/uuencoded."
+echo ";;; Unless you are capturing this somehow, it won't do you much good."
+echo ";;; Ready??  Here it comes!  Have phun ..."
+sleep 8
+cat dist.file
+sleep 1
+./nc -v -l -p ${PORT} -e dist.sh < /dev/null >> dist.log 2>&1 &
+sleep 1
+echo "<36>elite: done" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1
+exit 0
diff --git a/src/usr.bin/nc/scripts/irc b/src/usr.bin/nc/scripts/irc
new file mode 100644
index 0000000000..3557d7a0c6
--- /dev/null
+++ b/src/usr.bin/nc/scripts/irc
@@ -0,0 +1,79 @@
+#! /bin/sh
+## Shit-simple script to supply the "privmsg <recipient>" of IRC typein, and
+## keep the connection alive.  Pipe this thru "nc -v -w 5 irc-server port".
+## Note that this mechanism makes the script easy to debug without being live,
+## since it just echoes everything bound for the server.
+## if you want autologin-type stuff, construct some appropriate files and
+## shovel them in using the "<" mechanism.
+
+# magic arg: if "tick", do keepalive process instead of main loop
+if test "$1" = "tick" ; then
+# ignore most signals; the parent will nuke the kid
+# doesn't stop ^Z, of course.
+  trap '' 1 2 3 13 14 15 16
+  while true ; do
+    sleep 60
+    echo "PONG !"
+  done
+fi
+
+# top level: fire ourselves off as the keepalive process, and keep track of it
+sh $0 tick &
+ircpp=$!
+echo "[Keepalive: $ircpp]" >&2
+# catch our own batch of signals: hup int quit pipe alrm term urg
+trap 'kill -9 $ircpp ; exit 0' 1 2 3 13 14 15 16
+sleep 2
+
+sender=''
+savecmd=''
+
+# the big honkin' loop...
+while read xx yy ; do
+  case "${xx}" in
+# blank line: do nothing
+    "")
+        continue
+    ;;
+# new channel or recipient; if bare ">", we're back to raw literal mode.
+    ">")
+        if test "${yy}" ; then
+          sender="privmsg ${yy} :"
+        else
+          sender=''
+        fi
+        continue
+    ;;
+# send crud from a file, one line per second.  Can you say "skr1pt kidz"??
+# *Note: uses current "recipient" if set.
+    "<")
+        if test -f "${yy}" ; then
+          ( while read zz ; do
+            sleep 1
+            echo "${sender}${zz}"
+          done ) < "$yy"
+          echo "[done]" >&2
+        else
+          echo "[File $yy not found]" >&2
+        fi
+        continue
+    ;;
+# do and save a single command, for quick repeat
+    "/")
+        if test "${yy}" ; then
+          savecmd="${yy}"
+        fi
+        echo "${savecmd}"
+    ;;
+# default case goes to recipient, just like always
+    *)
+        echo "${sender}${xx} ${yy}"
+        continue
+    ;;
+  esac
+done
+
+# parting shot, if you want it
+echo "quit :Bye all!"
+kill -9 $ircpp
+exit 0
diff --git a/src/usr.bin/nc/scripts/iscan b/src/usr.bin/nc/scripts/iscan
new file mode 100644
index 0000000000..6279bc817f
--- /dev/null
+++ b/src/usr.bin/nc/scripts/iscan
@@ -0,0 +1,35 @@
+#! /bin/sh
+## duplicate DaveG's ident-scan thingie using netcat.  Oooh, he'll be pissed.
+## args: target port [port port port ...]
+## hose stdout *and* stderr together.
+##
+## advantages: runs slower than ident-scan, giving remote inetd less cause
+## for alarm, and only hits the few known daemon ports you specify.
+## disadvantages: requires numeric-only port args, the output sleazitude,
+## and won't work for r-services when coming from high source ports.
+
+case "${2}" in
+  "" ) echo needs HOST and at least one PORT ; exit 1 ;;
+esac
+
+# ping 'em once and see if they *are* running identd
+nc -z -w 9 "$1" 113 || { echo "oops, $1 isn't running identd" ; exit 0 ; }
+
+# generate a randomish base port
+RP=`expr $$ % 999 + 31337`
+
+TRG="$1"
+shift
+
+while test "$1" ; do
+  nc -v -w 8 -p ${RP} "$TRG" ${1} < /dev/null > /dev/null &
+  PROC=$!
+  sleep 3
+  echo "${1},${RP}" | nc -w 4 -r "$TRG" 113 2>&1
+  sleep 2
+# does this look like a lamer script or what...
+  kill -HUP $PROC
+  RP=`expr ${RP} + 1`
+  shift
+done
+
diff --git a/src/usr.bin/nc/scripts/ncp b/src/usr.bin/nc/scripts/ncp
new file mode 100644
index 0000000000..1931b03385
--- /dev/null
+++ b/src/usr.bin/nc/scripts/ncp
@@ -0,0 +1,46 @@
+#! /bin/sh
+## Like "rcp" but uses netcat on a high port.
+## do "ncp targetfile" on the RECEIVING machine
+## then do "ncp sourcefile receivinghost" on the SENDING machine
+## if invoked as "nzp" instead, compresses transit data.
+
+## pick your own personal favorite port, which will be used on both ends.
+## You should probably change this for your own uses.
+MYPORT=23456
+
+## if "nc" isn't systemwide or in your PATH, add the right place
+# PATH=${HOME}:${PATH} ; export PATH
+
+test "$3" && echo "too many args" && exit 1
+test ! "$1" && echo "no args?" && exit 1
+me=`echo $0 | sed 's+.*/++'`
+test "$me" = "nzp" && echo '[compressed mode]'
+
+# if second arg, it's a host to send an [extant] file to.
+if test "$2" ; then
+  test ! -f "$1" && echo "can't find $1" && exit 1
+  if test "$me" = "nzp" ; then
+    compress -c < "$1" | nc -v -w 2 $2 $MYPORT && exit 0
+  else
+    nc -v -w 2 $2 $MYPORT < "$1" && exit 0
+  fi
+  echo "transfer FAILED!"
+  exit 1
+fi
+
+# fall here for receiver.  Ask before trashing existing files
+if test -f "$1" ; then
+  echo -n "Overwrite $1? "
+  read aa
+  test ! "$aa" = "y" && echo "[punted!]" && exit 1
+fi
+# 30 seconds oughta be pleeeeenty of time, but change if you want.
+if test "$me" = "nzp" ; then
+  nc -v -w 30 -p $MYPORT -l < /dev/null | uncompress -c > "$1" && exit 0
+else
+  nc -v -w 30 -p $MYPORT -l < /dev/null > "$1" && exit 0
+fi
+echo "transfer FAILED!"
+# clean up, since even if the transfer failed, $1 is already trashed
+rm -f "$1"
+exit 1
diff --git a/src/usr.bin/nc/scripts/probe b/src/usr.bin/nc/scripts/probe
new file mode 100644
index 0000000000..c47dc3f495
--- /dev/null
+++ b/src/usr.bin/nc/scripts/probe
@@ -0,0 +1,50 @@
+#! /bin/sh
+## launch a whole buncha shit at yon victim in no particular order; capture
+## stderr+stdout in one place.  Run as root for rservice and low -p to work.
+## Fairly thorough example of using netcat to collect a lot of host info.
+## Will set off every intrusion alarm in existence on a paranoid machine!
+
+# where .d files are kept; "." if nothing else
+DDIR=../data
+# address of some well-connected router that groks LSRR
+GATE=192.157.69.11
+
+# might conceivably wanna change this for different run styles
+UCMD='nc -v -w 8'
+
+test ! "$1" && echo Needs victim arg && exit 1
+
+echo '' | $UCMD -w 9 -r "$1" 13 79 6667 2>&1
+echo '0' | $UCMD "$1" 79 2>&1
+# if LSRR was passed thru, should get refusal here:
+$UCMD -z -r -g $GATE "$1" 6473 2>&1
+$UCMD -r -z "$1" 6000 4000-4004 111 53 2105 137-140 1-20 540-550 95 87 2>&1
+# -s `hostname` may be wrong for some multihomed machines
+echo 'UDP echoecho!' | nc -u -p 7 -s `hostname` -w 3 "$1" 7 19 2>&1
+echo '113,10158' | $UCMD -p 10158 "$1" 113 2>&1
+rservice bin bin | $UCMD -p 1019 "$1" shell 2>&1
+echo QUIT | $UCMD -w 8 -r "$1" 25 158 159 119 110 109 1109 142-144 220 23 2>&1
+# newline after any telnet trash
+echo ''
+echo PASV | $UCMD -r "$1" 21 2>&1
+echo 'GET /' | $UCMD -w 10 "$1" 80 81 210 70 2>&1
+# sometimes contains useful directory info:
+echo 'GET /robots.txt' | $UCMD -w 10 "$1" 80 2>&1
+# now the big red lights go on
+rservice bin bin 9600/9600 | $UCMD -p 1020 "$1" login 2>&1
+rservice root root | $UCMD -r "$1" exec 2>&1
+echo 'BEGIN big udp -- everything may look "open" if packet-filtered'
+data -g < ${DDIR}/nfs-0.d | $UCMD -i 1 -u "$1" 2049 | od -x 2>&1
+# no wait-time, uses RTT hack
+nc -v -z -u -r "$1" 111 66-70 88 53 87 161-164 121-123 213 49 2>&1
+nc -v -z -u -r "$1" 137-140 694-712 747-770 175-180 2103 510-530 2>&1
+echo 'END big udp'
+$UCMD -r -z "$1" 175-180 2000-2003 530-533 1524 1525 666 213 8000 6250 2>&1
+# Use our identd-sniffer!
+iscan "$1" 21 25 79 80 111 53 6667 6000 2049 119 2>&1
+# this gets pretty intrusive, but what the fuck.  Probe for portmap first
+if nc -w 5 -z -u "$1" 111 ; then
+  showmount -e "$1" 2>&1
+  rpcinfo -p "$1" 2>&1
+fi
+exit 0
diff --git a/src/usr.bin/nc/scripts/web b/src/usr.bin/nc/scripts/web
new file mode 100644
index 0000000000..382b18e1e3
--- /dev/null
+++ b/src/usr.bin/nc/scripts/web
@@ -0,0 +1,148 @@
+#! /bin/sh
+## The web sucks.  It is a mighty dismal kludge built out of a thousand
+## tiny dismal kludges all band-aided together, and now these bottom-line
+## clueless pinheads who never heard of "TCP handshake" want to run
+## *commerce* over the damn thing.  Ye godz.  Welcome to TV of the next
+## century -- six million channels of worthless shit to choose from, and
+## about as much security as today's cable industry!
+##
+## Having grown mightily tired of pain in the ass browsers, I decided
+## to build the minimalist client.  It doesn't handle POST, just GETs, but
+## the majority of cgi forms handlers apparently ignore the method anyway.
+## A distinct advantage is that it *doesn't* pass on any other information
+## to the server, like Referer: or info about your local machine such as
+## Netscum tries to!
+##
+## Since the first version, this has become the *almost*-minimalist client,
+## but it saves a lot of typing now.  And with netcat as its backend, it's
+## totally the balls.  Don't have netcat?  Get it here in /src/hacks!
+## _H* 950824, updated 951009 et seq.
+##
+## args: hostname [port].  You feed it the filename-parts of URLs.
+## In the loop, HOST, PORT, and SAVE do the right things; a null line
+## gets the previous spec again [useful for initial timeouts]; EOF to exit.
+## Relative URLs behave like a "cd" to wherever the last slash appears, or
+## just use the last component with the saved preceding "directory" part.
+## "\" clears the "filename" part and asks for just the "directory", and
+## ".." goes up one "directory" level while retaining the "filename" part.
+## Play around; you'll get used to it.
+
+if test "$1" = "" ; then
+  echo Needs hostname arg.
+  exit 1
+fi
+umask 022
+
+# optional PATH fixup
+# PATH=${HOME}:${PATH} ; export PATH
+
+test "${PAGER}" || PAGER=more
+BACKEND="nc -v -w 15"
+TMPAGE=/tmp/web$$
+host="$1"
+port="80"
+if test "$2" != "" ; then
+  port="$2"
+fi
+
+spec="/"
+specD="/"
+specF=''
+saving=''
+
+# be vaguely smart about temp file usage.  Use your own homedir if you're
+# paranoid about someone symlink-racing your shell script, jeez.
+rm -f ${TMPAGE}
+test -f ${TMPAGE} && echo "Can't use ${TMPAGE}" && exit 1
+
+# get loopy.  Yes, I know "echo -n" aint portable.  Everything echoed would
+# need "\c" tacked onto the end in an SV universe, which you can fix yourself.
+while echo -n "${specD}${specF} " && read spec ; do
+  case $spec in
+  HOST)
+    echo -n 'New host: '
+    read host
+    continue
+  ;;
+  PORT)
+    echo -n 'New port: '
+    read port
+    continue
+  ;;
+  SAVE)
+    echo -n 'Save file: '
+    read saving
+# if we've already got a page, save it
+    test "${saving}" && test -f ${TMPAGE} &&
+      echo "=== ${host}:${specD}${specF} ===" >> $saving &&
+      cat ${TMPAGE} >> $saving && echo '' >> $saving
+    continue
+  ;;
+# changing the logic a bit here.  Keep a state-concept of "current dir"
+# and "current file".  Dir is /foo/bar/ ; file is "baz" or null.
+# leading slash: create whole new state.
+  /*)
+    specF=`echo "${spec}" | sed 's|.*/||'`
+    specD=`echo "${spec}" | sed 's|\(.*/\).*|\1|'`
+    spec="${specD}${specF}"
+  ;;
+# embedded slash: adding to the path.  "file" part can be blank, too
+  */*)
+    specF=`echo "${spec}" | sed 's|.*/||'`
+    specD=`echo "${specD}${spec}" | sed 's|\(.*/\).*|\1|'`
+  ;;
+# dotdot: jump "up" one level and just reprompt [confirms what it did...]
+  ..)
+    specD=`echo "${specD}" | sed 's|\(.*/\)..*/|\1|'`
+    continue
+  ;;
+# blank line: do nothing, which will re-get the current one
+  '')
+  ;;
+# hack-quoted blank line: "\" means just zero out "file" part
+  '\')
+    specF=''
+  ;;
+# sigh
+  '?')
+    echo Help yourself.  Read the script fer krissake.
+    continue
+  ;;
+# anything else is taken as a "file" part
+  *)
+    specF=${spec}
+  ;;
+  esac
+
+# now put it together and stuff it down a connection.  Some lame non-unix
+# http servers assume they'll never get simple-query format, and wait till
+# an extra newline arrives.  If you're up against one of these, change
+# below to (echo GET "$spec" ; echo '') | $BACKEND ...
+  spec="${specD}${specF}"
+    echo GET "${spec}" | $BACKEND $host $port > ${TMPAGE}
+  ${PAGER} ${TMPAGE}
+
+# save in a format that still shows the URLs we hit after a de-html run
+  if test "${saving}" ; then
+    echo "=== ${host}:${spec} ===" >> $saving
+    cat ${TMPAGE} >> $saving
+    echo '' >> $saving
+  fi
+done
+rm -f ${TMPAGE}
+exit 0
+
+#######
+# Encoding notes, finally from RFC 1738:
+# %XX -- hex-encode of special chars
+# allowed alphas in a URL: $_-.+!*'(),
+# relative names *not* described, but obviously used all over the place
+# transport://user:pass@host:port/path/name?query-string
+# wais: port 210, //host:port/database?search or /database/type/file?
+# cgi-bin/script?arg1=foo&arg2=bar&...  scripts have to parse xxx&yyy&zzz
+# ISMAP imagemap stuff: /bin/foobar.map?xxx,yyy -- have to guess at coords!
+# local access-ctl files: ncsa: .htaccess ; cern: .www_acl
+#######
+# SEARCH ENGINES: fortunately, all are GET forms or at least work that way...
+# multi-word args for most cases: foo+bar
+# See 'websearch' for concise results of this research...
diff --git a/src/usr.bin/nc/scripts/webproxy b/src/usr.bin/nc/scripts/webproxy
new file mode 100644
index 0000000000..cee2d29fd1
--- /dev/null
+++ b/src/usr.bin/nc/scripts/webproxy
@@ -0,0 +1,138 @@
+#! /bin/sh
+## Web proxy, following the grand tradition of Web things being handled by
+## gross scripts.  Uses netcat to listen on a high port [default 8000],
+## picks apart requests and sends them on to the right place.  Point this
+## at the browser client machine you'll be coming from [to limit access to
+## only it], and point the browser's concept of an HTTP proxy to the
+## machine running this.  Takes a single argument of the client that will
+## be using it, and rejects connections from elsewhere.  LOGS the queries
+## to a configurable logfile, which can be an interesting read later on!
+## If the argument is "reset", the listener and logfile are cleaned up.
+##
+## This works surprisingly fast and well, for a shell script, although may
+## randomly fail when hammered by a browser that tries to open several
+## connections at once.  Drop the "maximum connections" in your browser if
+## this is a problem.
+##
+## A more degenerate case of this, or preferably a small C program that
+## does the same thing under inetd, could handle a small site's worth of
+## proxy queries.  Given the way browsers are evolving, proxies like this
+## can play an important role in protecting your own privacy.
+##
+## If you grabbed this in ASCII mode, search down for "eew" and make sure
+## the embedded-CR check is intact, or requests might hang.
+##
+## Doesn't handle POST forms.  Who cares, if you're just watching HTTV?
+## Dumbness here has a highly desirable side effect: it only sends the first
+## GET line, since that's all you really ever need to send, and suppresses
+## the other somewhat revealing trash that most browsers insist on sending.
+
+# set these as you wish: proxy port...
+PORT=8000
+# logfile spec: a real file or /dev/null if you don't care
+LFILE=${0}.log
+# optional: where to dump connect info, so you can see if anything went wrong
+# CFILE=${0}.conn
+# optional extra args to the listener "nc", for instance "-s inside-net-addr"
+# XNC=''
+
+# functionality switch has to be done fast, so the next listener can start
+# prelaunch check: if no current client and no args, bail.
+case "${1}${CLIENT}" in
+  "")
+    echo needs client hostname
+    exit 1
+  ;;
+esac
+
+case "${1}" in
+  "")
+# Make like inetd, and run the next relayer process NOW.  All the redirection
+# is necessary so this shell has NO remaining channel open to the net.
+# This will hang around for 10 minutes, and exit if no new connections arrive.
+# Using -n for speed, avoiding any DNS/port lookups.
+    nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \
+        2> $CFILE &
+  ;;
+esac
+
+# no client yet and had an arg, this checking can be much slower now
+umask 077
+
+if test "$1" ; then
+# if magic arg, just clean up and then hit our own port to cause server exit
+  if test "$1" = "reset" ; then
+    rm -f $LFILE
+    test -f "$CFILE" && rm -f $CFILE
+    nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1
+    exit 0
+  fi
+# find our ass with both hands
+  test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1
+# correct launch: set up client access control, passed along thru environment.
+  CLIENT="$1"
+  export CLIENT
+  test "$CFILE" || CFILE=/dev/null
+  export CFILE
+  touch "$CFILE"
+# tell us what happened during the last run, if possible
+  if test -f "$CFILE"  ; then
+    echo "Last connection results:"
+    cat $CFILE
+  fi
+
+# ping client machine and get its bare IP address
+  CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 | sed 's/.*\[\(..*\)\].*/\1/'`
+  test ! "$CLIENT" && echo "Can't find address of $1" && exit 1
+
+# if this was an initial launch, be informative about it
+  echo "=== Launch: $CLIENT" >> $LFILE
+  echo "Proxy running -- will accept connections on $PORT from $CLIENT"
+  echo "  Logging queries to $LFILE"
+  test -f "$CFILE" && echo "  and connection fuckups to $CFILE"
+
+# and run the first listener, showing us output just for the first hit
+  nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" &
+  exit 0
+fi
+
+# Fall here to handle a page.
+# GET type://host.name:80/file/path HTTP/1.0
+# Additional: trash
+# More: trash
+# <newline>
+
+read x1 x2 x3 x4
+echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE
+test "$x4" && echo "extra junk after request: $x4" && exit 0
+# nuke questionable characters and split up the request
+hurl=`echo "$x2" | sed -e "s+.*//++" -e 's+[\`'\''|$;<>{}\\!*()"]++g'`
+# echo massaged hurl: $hurl >> $LFILE
+hh=`echo "$hurl" | sed -e "s+/.*++" -e "s+:.*++"`
+hp=`echo "$hurl" | sed -e "s+.*:++" -e "s+/.*++"`
+test "$hp" = "$hh" && hp=80
+hf=`echo "$hurl" | sed -e "s+[^/]*++"`
+# echo total split: $hh : $hp : $hf >> $LFILE
+# suck in and log the entire request, because we're curious
+# Fails on multipart stuff like forms; oh well...
+if test "$x3" ; then
+  while read xx ; do
+    echo "${xx}" >> $LFILE
+    test "${xx}" || break
+# eew, buried returns, gross but necessary for DOS stupidity:
+    test "${xx}" = "
" && break
+  done
+fi
+# check for non-GET *after* we log the query...
+test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0
+# no, you can *not* phone home, you miserable piece of shit
+test "`echo $hh | fgrep -i netscap`" && \
+  echo "access to Netscam's servers <b>DENIED.</b>" && exit 0
+# Do it.  30 sec net-wait time oughta be *plenty*...
+# Some braindead servers have forgotten how to handle the simple-query syntax.
+# If necessary, replace below with (echo "$x1 $hf" ; echo '') | nc...
+echo "$x1 $hf" | nc -w 30 "$hh" "$hp" 2> /dev/null || \
+  echo "oops, can't get to $hh : $hp".
+echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE
+exit 0
+
diff --git a/src/usr.bin/nc/scripts/webrelay b/src/usr.bin/nc/scripts/webrelay
new file mode 100644
index 0000000000..829a8b0708
--- /dev/null
+++ b/src/usr.bin/nc/scripts/webrelay
@@ -0,0 +1,44 @@
+#! /bin/sh
+## web relay -- a degenerate version of webproxy, usable with browsers that
+## don't understand proxies.  This just forwards connections to a given server.
+## No query logging, no access control [although you can add it to XNC for
+## your own run], and full-URL links will undoubtedly confuse the browser
+## if it can't reach the server directly.  This was actually written before
+## the full proxy was, and it shows.
+## The arguments in this case are the destination server and optional port.
+## Please flame pinheads who use self-referential absolute links.
+
+# set these as you wish: proxy port...
+PORT=8000
+# any extra args to the listening "nc", for instance "-s inside-net-addr"
+XNC=''
+
+# functionality switch, which has to be done fast to start the next listener
+case "${1}${RDEST}" in
+  "")
+    echo needs hostname
+    exit 1
+  ;;
+esac
+
+case "${1}" in
+  "")
+# no args: fire off new relayer process NOW.  Will hang around for 10 minutes
+    nc -w 600 -l -n -p $PORT -e "$0" $XNC < /dev/null > /dev/null 2>&1 &
+# and handle this request, which will simply fail if vars not set yet.
+    exec nc -w 15 $RDEST $RPORT
+  ;;
+esac
+
+# Fall here for setup; this can now be slower.
+RDEST="$1"
+RPORT="$2"
+test "$RPORT" || RPORT=80
+export RDEST RPORT
+
+# Launch the first relayer same as above, but let its error msgs show up
+# will hang around for a minute, and exit if no new connections arrive.
+nc -v -w 600 -l -p $PORT -e "$0" $XNC < /dev/null > /dev/null &
+echo \
+  "Relay to ${RDEST}:${RPORT} running -- point your browser here on port $PORT"
+exit 0
diff --git a/src/usr.bin/nc/scripts/websearch b/src/usr.bin/nc/scripts/websearch
new file mode 100644
index 0000000000..60c3a3356a
--- /dev/null
+++ b/src/usr.bin/nc/scripts/websearch
@@ -0,0 +1,77 @@
+#! /bin/sh
+## Hit the major search engines.  Hose the [large] output to a file!
+## autoconverts multiple arguments into the right format for given servers --
+## usually worda+wordb, with certain lame exceptions like dejanews.
+## Extracting and post-sorting the URLs is highly recommended...
+##
+## Altavista currently handled by a separate script; may merge at some point.
+##
+## _H* original 950824, updated 951218 and 960209
+
+test "${1}" = "" && echo 'Needs argument[s] to search for!' && exit 1
+PLUSARG="`echo $* | sed 's/ /+/g'`"
+PIPEARG="`echo ${PLUSARG} | sed 's/+/|/g'`"
+IFILE=/tmp/.webq.$$
+
+# Don't have "nc"?  Get "netcat" from avian.org and add it to your toolkit.
+doquery () {
+  echo GET "$1" | nc -v -i 1 -w 30 "$2" "$3"
+}
+
+# changed since original: now supplying port numbers and separator lines...
+
+echo "=== Yahoo ==="
+doquery "/bin/search?p=${PLUSARG}&n=300&w=w&s=a" search.yahoo.com 80
+
+echo '' ; echo "=== Webcrawler ==="
+doquery "/cgi-bin/WebQuery?searchText=${PLUSARG}&maxHits=300" webcrawler.com 80
+
+# the infoseek lamers want "registration" before they do a real search, but...
+echo '' ; echo "=== Infoseek ==="
+echo "  is broken."
+# doquery "WW/IS/Titles?qt=${PLUSARG}" www2.infoseek.com 80
+# ... which doesn't work cuz their lame server wants the extra newlines, WITH
+# CRLF pairs ferkrissake.  Fuck 'em for now, they're hopelessly broken.  If
+# you want to play, the basic idea and query formats follow.
+# echo "GET /WW/IS/Titles?qt=${PLUSARG}" > $IFILE
+# echo "" >> $IFILE
+# nc -v -w 30 guide-p.infoseek.com 80 < $IFILE
+
+# this is kinda flakey; might have to do twice??
+echo '' ; echo "=== Opentext ==="
+doquery "/omw/simplesearch?SearchFor=${PLUSARG}&mode=phrase" \
+  search.opentext.com 80
+
+# looks like inktomi will only take hits=100, or defaults back to 30
+# we try to suppress all the stupid rating dots here, too
+echo '' ; echo "=== Inktomi ==="
+doquery "/query/?query=${PLUSARG}&hits=100" ink3.cs.berkeley.edu 1234 | \
+  sed '/^<IMG ALT.*inktomi.*\.gif">$/d'
+
+#djnews lame shit limits hits to 120 and has nonstandard format
+echo '' ; echo "=== Dejanews ==="
+doquery "/cgi-bin/nph-dnquery?query=${PIPEARG}+maxhits=110+format=terse+defaultOp=AND" \
+  smithers.dejanews.com 80
+
+# OLD lycos: used to work until they fucking BROKE it...
+# doquery "/cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=1" \
+#   query5.lycos.cs.cmu.edu 80
+# NEW lycos: wants the User-agent field present in query or it returns nothing
+# 960206: webmaster@lycos duly bitched at
+# 960208: reply received; here's how we will now handle it:
+echo \
+"GET /cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=terse&matchmode=and&minscore=.5 HTTP/1.x" \
+  > $IFILE
+echo "User-agent: *FUCK OFF*" >> $IFILE
+echo "Why: go ask todd@pointcom.com (Todd Whitney)" >> $IFILE
+echo '' >> $IFILE
+echo '' ; echo "=== Lycos ==="
+nc -v -i 1 -w 30 twelve.srv.lycos.com 80 < $IFILE
+
+rm -f $IFILE
+exit 0
+
+# CURRENTLY BROKEN [?]
+# infoseek
+
+# some args need to be redone to ensure whatever "and" mode applies