Import of old SSLeay release: SSLeay 0.9.0b

549 files changed, 22297 insertions, 8792 deletions

diff --git a/COPYRIGHT b/COPYRIGHT
index 75b65cf13..4faa8c0a4 100644
--- a/COPYRIGHT
+++ b/COPYRIGHT
@@ -62,3 +62,4 @@ The reason behind this being stated in this direct manner is past
 experience in code simply being copied and the attribution removed
 from it and then being distributed as part of other packages. This
 implementation was a non-trivial and unpaid effort.
+
diff --git a/Configure b/Configure
index ab2038547..4f66d64e2 100755
--- a/Configure
+++ b/Configure
@@ -21,18 +21,22 @@
 #		This is used on the DEC Alpha where long is 8 bytes
 #		and int is 4
 # BN_LLONG	use the type 'long long' in crypto/bn/bn.h
-# MD2_CHAR	use 'char' instead of 'int' for MD2_INT in crypto/md/md2.h
-# MD2_LONG	use 'long' instead of 'int' for MD2_INT in crypto/md/md2.h
+# MD2_CHAR	use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# MD2_LONG	use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
 # IDEA_SHORT	use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
 # IDEA_LONG	use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
 # RC2_SHORT	use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
 # RC2_LONG	use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
 # RC4_CHAR	use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
 # RC4_LONG	use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
-# RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_enc.c.  This turns on
+# RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_locl.h.  This turns on
 #		array lookups instead of pointer use.
 # BF_PTR	use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
 # BF_PTR2	use a pentium/intel specific version.
+# MD5_ASM	use some extra md5 assember,
+# SHA1_ASM	use some extra sha1 assember, must define L_ENDIAN for x86
+# RMD160_ASM	use some extra ripemd160 assember,
+# BN_ASM	use some extra bn assember,
 
 $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
 
@@ -51,7 +55,13 @@ $tlib="-lnsl -lsocket";
 $bits1="THIRTY_TWO_BIT ";
 $bits2="SIXTY_FOUR_BIT ";
 
-# -DB_ENDIAN slows things down on a sparc
+$x86_sol_asm="asm/bn86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
+$x86_elf_asm="asm/bn86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
+$x86_out_asm="asm/bn86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
+$x86_bsdi_asm="asm/bn86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
+
+# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
+# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
 
 #config-string	CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \
 # des_asm:bf_asm
@@ -63,18 +73,17 @@ $bits2="SIXTY_FOUR_BIT ";
 
 # A few of my development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
-"debug",	"gcc:-DREF_CHECK -DCRYPTO_MDEBUG -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::::",
+"debug",	"gcc:-DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::::",
 "dist",		"cc:-O -DNOPROTO::::",
 
 # Basic configs that should work on any box
 "gcc",		"gcc:-O3::BN_LLONG:::",
 "cc",		"cc:-O -DNOPROTO -DNOCONST:::::",
 
+
 # My solaris setups
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN:\
-	-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-sol.o:asm/dx86-sol.o asm/cx86-sol.o:asm/bx86-sol.o",
-"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall:\
-	-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DBN_ASM:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm:",
+"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
 # DO NOT use /xO[34] on sparc with SC3.0. 
 # It is broken, and will not pass the tests
 "solaris-sparc-cc","cc:-fast -O -Xa -DB_ENDIAN:\
@@ -116,30 +125,44 @@ $bits2="SIXTY_FOUR_BIT ";
 "alpha400-cc", "cc:-arch host -tune host -fast -std -O4 -inline speed::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
 
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
-# x86-lnx.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnx.o:asm/dx86-elf.o asm/cx86-elf.o:asm/bx86-elf.o",
-"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnx.o:asm/dx86-elf.o asm/cx86-elf.o:asm/bx86-elf.o",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnxa.o:asm/dx86-out.o asm/cx86-out.o:asm/bx86-out.o",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86",	"gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnxa.o:asm/dx86-out.o asm/cx86-out.o:asm/bx86-out.o",
-"FreeBSD",   "gcc:-DTERMIOS -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnxa.o:asm/dx86-out.o asm/cx86-out.o:asm/bx86-out.o",
-#"bsdi-gcc",	"shlicc2:-O3 -ffast-math-m486::RSA_LLONG $x86_gcc_des $x86_gcc_opts:::",
-#"bsdi-gcc",     "gcc:-O3 -ffast-math -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:asm/x86-bsdi.o:asm/dx86bsdi.o asm/cx86bsdi.o:asm/bx86bsdi.o",
-"bsdi-gcc",     "gcc:-O3 -ffast-math -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:::",
-"nextstep",	"cc:-O3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
+# bn86-elf.o file file since it is hand tweaked assembler.
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-linux-elf","gcc:-DREF_CHECK -DBN_ASM -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-m86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-x86",	"gcc:-DTERMIOS -DBN_ASM -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"FreeBSD",   "gcc:-DTERMIOS -DBN_ASM -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+#"bsdi-gcc",     "gcc:-O3 -ffast-math -DBN_ASM -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm",
+"nextstep",	"cc:-O3 -Wall -DBN_ASM::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
+# NCR MP-RAS UNIX ver 02.03.01
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
 
 # UnixWare 2.0
-"unixware-2.0","cc:-O:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
-"unixware-2.0-pentium","cc:-O -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX $x86_des_des::",
+"unixware-2.0","cc:-O -DFILIO_H:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
+"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX $x86_des_des::",
 
 # IBM's AIX.
 "aix-cc",   "cc:-O -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O2 -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
 
+#
+# Cray T90 (SDSC)
+# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+# defined.  The T90 ints and longs are 8 bytes long, and apparently the
+# B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
+# non L_ENDIAN code aligns the bytes in each word correctly.
+#
+# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
+#'Taking the address of a bit field is not allowed. '
+#'An expression with bit field exists as the operand of "sizeof" '
+# (written by Wayne Schroeder <schroede@SDSC.EDU>)
+"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
 # DGUX, 88100.
 "dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
 "dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnx.o:asm/dx86-elf.o asm/cx86-elf.o:asm/bx86-elf.o",
+"dgux-R4-x86-gcc",	"gcc:-O3 -DBN_ASM -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 
 # SCO 5
 "sco5-cc",  "cc:-O:-lsocket:$x86_gcc_des $x86_gcc_opts:::", # des options?
@@ -167,15 +190,21 @@ $Makefile="Makefile.ssl";
 $des_locl="crypto/des/des_locl.h";
 $des	="crypto/des/des.h";
 $bn	="crypto/bn/bn.h";
-$md2	="crypto/md/md2.h";
+$md2	="crypto/md2/md2.h";
 $rc4	="crypto/rc4/rc4.h";
-$rc4_enc="crypto/rc4/rc4_enc.c";
+$rc4_locl="crypto/rc4/rc4_locl.h";
 $idea	="crypto/idea/idea.h";
 $rc2	="crypto/rc2/rc2.h";
 $bf	="crypto/bf/bf_locl.h";
 $bn_mulw="bn_mulw.o";
 $des_enc="des_enc.o fcrypt_b.o";
 $bf_enc	="bf_enc.o";
+$cast_enc="c_enc.o";
+$rc4_enc="rc4_enc.o";
+$rc5_enc="rc5_enc.o";
+$md5_obj="";
+$sha1_obj="";
+$rmd160_obj="";
 
 if ($#ARGV < 0)
 	{
@@ -219,14 +248,33 @@ if (!defined($table{$target}))
 	exit(1);
 	}
 
-($cc,$cflags,$lflags,$bn_ops,$bn_obj,$des_obj,$bf_obj)=
+($cc,$cflags,$lflags,$bn_ops,$bn_obj,$des_obj,$bf_obj,$md5_obj,$sha1_obj,
+	$cast_obj,$rc4_obj,$rmd160_obj,$rc5_obj)=
 	split(/\s*:\s*/,$table{$target});
 $cflags="$flags$cflags" if ($flags ne "");
 $lflags="$libs$lflags"if ($libs ne "");
 
-$bn_obj=$bn_mulw unless ($bn_obj =~ /\.o$/);
-$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
-$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
+$bn_obj=$bn_mulw	unless ($bn_obj =~ /\.o$/);
+$des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
+$bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
+$cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);
+$rc4_obj=$rc4_enc	unless ($rc4_obj =~ /\.o$/);
+$rc5_obj=$rc5_enc	unless ($rc5_obj =~ /\.o$/);
+if ($sha1_obj =~ /\.o$/)
+	{
+#	$sha1_obj=$sha1_enc;
+	$cflags.=" -DSHA1_ASM";
+	}
+if ($md5_obj =~ /\.o$/)
+	{
+#	$md5_obj=$md5_enc;
+	$cflags.=" -DMD5_ASM";
+	}
+if ($rmd160_obj =~ /\.o$/)
+	{
+#	$rmd160_obj=$rmd160_enc;
+	$cflags.=" -DRMD160_ASM";
+	}
 
 $n=&file_new($Makefile);
 open(IN,"<".$Makefile) || die "unable to read $Makefile:$!\n";
@@ -240,18 +288,30 @@ while (<IN>)
 	s/^BN_MULW=.*$/BN_MULW= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
+	s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
+	s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
+	s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
+	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
+	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
+	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
 	print OUT $_."\n";
 	}
 close(IN);
 close(OUT);
 &Rename($Makefile,&file_old($Makefile));
 &Rename($n,$Makefile);
-print "CC     =$cc\n";
-print "CFLAG  =$cflags\n";
-print "EX_LIBS=$lflags\n";
-print "BN_MULW=$bn_obj\n";
-print "DES_ENC=$des_obj\n";
-print "BF_ENC =$bf_obj\n";
+print "CC            =$cc\n";
+print "CFLAG         =$cflags\n";
+print "EX_LIBS       =$lflags\n";
+print "BN_MULW       =$bn_obj\n";
+print "DES_ENC       =$des_obj\n";
+print "BF_ENC        =$bf_obj\n";
+print "CAST_ENC      =$cast_obj\n";
+print "RC4_ENC       =$rc4_obj\n";
+print "RC5_ENC       =$rc5_obj\n";
+print "MD5_OBJ_ASM   =$md5_obj\n";
+print "SHA1_OBJ_ASM  =$sha1_obj\n";
+print "RMD160_OBJ_ASM=$rmd160_obj\n";
 
 $des_ptr=0;
 $des_risc1=0;
@@ -287,8 +347,8 @@ foreach (sort split(/\s+/,$bn_ops))
 	$rc2_int=3 if /RC2_LONG/;
 	$bf_ptr=1 if $_ eq "BF_PTR";
 	$bf_ptr=2 if $_ eq "BF_PTR2";
-	($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
+	($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
@@ -375,9 +435,9 @@ close(OUT);
 &Rename($rc4,&file_old($rc4));
 &Rename($n,$rc4);
 
-(($in=$rc4_enc) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($rc4_enc);
-open(IN,"<".$in) || die "unable to read $rc4_enc:$!\n";
+(($in=$rc4_locl) =~ s/\.([^.]+)/.$postfix/);
+$n=&file_new($rc4_locl);
+open(IN,"<".$in) || die "unable to read $rc4_locl:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
 	{
@@ -388,8 +448,8 @@ while (<IN>)
 	}
 close(IN);
 close(OUT);
-&Rename($rc4_enc,&file_old($rc4_enc));
-&Rename($n,$rc4_enc);
+&Rename($rc4_locl,&file_old($rc4_locl));
+&Rename($n,$rc4_locl);
 
 (($in=$md2) =~ s/\.([^.]+)/.$postfix/);
 $n=&file_new($md2);
diff --git a/HISTORY b/HISTORY
index 7844faa55..771210003 100644
--- a/HISTORY
+++ b/HISTORY
@@ -1,3 +1,193 @@
+16-Mar-98
+	- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
+	- Lots and lots of changes
+
+29-Jan-98
+	- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
+	  Goetz Babin-Ebell <babinebell@trustcenter.de>.
+	- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
+	  TLS1_VERSION.
+
+7-Jan-98
+	- Finally reworked the cipher string to ciphers again, so it
+	  works correctly
+	- All the app_data stuff is now ex_data with funcion calls to access.
+	  The index is supplied by a function and 'methods' can be setup
+	  for the types that are called on XXX_new/XXX_free.  This lets
+	  applications get notified on creation and destruction.  Some of
+	  the RSA methods could be implemented this way and I may do so.
+	- Oh yes, SSL under perl5 is working at the basic level.
+
+15-Dec-97
+	- Warning - the gethostbyname cache is not fully thread safe,
+	  but it should work well enough.
+	- Major internal reworking of the app_data stuff.  More functions
+	  but if you were accessing ->app_data directly, things will
+	  stop working.
+	- The perlv5 stuff is working.  Currently on message digests,
+	  ciphers and the bignum library.
+
+9-Dec-97
+	- Modified re-negotiation so that server initated re-neg
+	  will cause a SSL_read() to return -1 should retry.
+	  The danger otherwise was that the server and the
+	  client could end up both trying to read when using non-blocking
+	  sockets.
+
+4-Dec-97
+	- Lots of small changes
+	- Fix for binaray mode in Windows for the FILE BIO, thanks to
+	  Bob Denny <rdenny@dc3.com>
+
+17-Nov-97
+	- Quite a few internal cleanups, (removal of errno, and using macros
+	  defined in e_os.h).
+	- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
+	  the automactic naming out output files was being stuffed up.
+
+29-Oct-97
+	- The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
+	  for x86.
+
+21-Oct-97
+	- Fixed a bug in the BIO_gethostbyname() cache.
+
+15-Oct-97
+	- cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
+	  has also been improved.  At this point in time, on the pentium,
+	  md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
+	  des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
+	  is %62 faster.
+
+12-Oct-97
+	- MEM_BUF_grow() has been fixed so that it always sets the buf->length
+	  to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
+	  way to set the length value correctly.
+
+10-Oct-97
+	- I now hash for certificate lookup on the raw DER encoded RDN (md5).
+	  This breaks things again :-(.  This is efficent since I cache
+	  the DER encoding of the RDN.
+	- The text DN now puts in the numeric OID instead of UNKNOWN.
+	- req can now process arbitary OIDs in the config file.
+	- I've been implementing md5 in x86 asm, much faster :-).
+	- Started sha1 in x86 asm, needs more work.
+	- Quite a few speedups in the BN stuff.  RSA public operation
+	  has been made faster by caching the BN_MONT_CTX structure.
+	  The calulating of the Ai where A*Ai === 1 mod m was rather
+	  expensive.  Basically a 40-50% speedup on public operations.
+	  The RSA speedup is now 15% on pentiums and %20 on pentium
+	  pro.
+
+30-Sep-97
+	- After doing some profiling, I added x86 adm for bn_add_words(),
+	  which just adds 2 arrays of longs together.  A %10 speedup
+	  for 512 and 1024 bit RSA on the pentium pro.
+
+29-Sep-97
+	- Converted the x86 bignum assembler to us the perl scripts
+	  for generation.
+
+23-Sep-97
+	- If SSL_set_session() is passed a NULL session, it now clears the
+	  current session-id.
+
+22-Sep-97
+	- Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
+	  certificates.
+	- Bug in crypto/evp/encode.c where by decoding of 65 base64
+	  encoded lines, one line at a time (via a memory BIO) would report
+	  EOF after the first line was decoded.
+	- Fix in X509_find_by_issuer_and_serial() from
+	  Dr Stephen Henson <shenson@bigfoot.com>
+
+19-Sep-97
+	- NO_FP_API and NO_STDIO added.
+	- Put in sh config command.  It auto runs Configure with the correct
+	  parameters.
+
+18-Sep-97
+	- Fix x509.c so if a DSA cert has different parameters to its parent,
+	  they are left in place.  Not tested yet.
+
+16-Sep-97
+	- ssl_create_cipher_list() had some bugs, fixes from
+	  Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
+	- Fixed a bug in the Base64 BIO, where it would return 1 instead
+	  of -1 when end of input was encountered but should retry.
+	  Basically a Base64/Memory BIO interaction problem.
+	- Added a HMAC set of functions in preporarion for TLS work.
+
+15-Sep-97
+	- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
+	- Prime generation spead up %25 (512 bit prime, pentium pro linux)
+	  by using montgomery multiplication in the prime number test.
+
+11-Sep-97
+	- Ugly bug in ssl3_write_bytes().  Basically if application land
+	  does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
+	  did not check the size and tried to copy the entire buffer.
+	  This would tend to cause memory overwrites since SSLv3 has
+	  a maximum packet size of 16k.  If your program uses
+	  buffers <= 16k, you would probably never see this problem.
+	- Fixed a new errors that were cause by malloc() not returning
+	  0 initialised memory..
+	- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
+	  SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
+	  since this flags stops SSLeay being able to handle client
+	  cert requests correctly.
+
+08-Sep-97
+	- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
+	  on, the SSL server routines will not use a SSL_SESSION that is
+	  held in it's cache.  This in intended to be used with the session-id
+	  callbacks so that while the session-ids are still stored in the
+	  cache, the decision to use them and how to look them up can be
+	  done by the callbacks.  The are the 'new', 'get' and 'remove'
+	  callbacks.  This can be used to determine the session-id
+	  to use depending on information like which port/host the connection
+	  is coming from.  Since the are also SSL_SESSION_set_app_data() and
+	  SSL_SESSION_get_app_data() functions, the application can hold
+	  information against the session-id as well.
+
+03-Sep-97
+	- Added lookup of CRLs to the by_dir method,
+	  X509_load_crl_file() also added.  Basically it means you can
+	  lookup CRLs via the same system used to lookup certificates.
+	- Changed things so that the X509_NAME structure can contain
+	  ASN.1 BIT_STRINGS which is required for the unique
+	  identifier OID.
+	- Fixed some problems with the auto flushing of the session-id
+	  cache.  It was not occuring on the server side.
+
+02-Sep-97
+	- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
+	  which is the maximum number of entries allowed in the
+	  session-id cache.  This is enforced with a simple FIFO list.
+	  The default size is 20*1024 entries which is rather large :-).
+	  The Timeout code is still always operating.
+
+01-Sep-97
+	- Added an argument to all the 'generate private key/prime`
+	  callbacks.  It is the last parameter so this should not
+	  break existing code but it is needed for C++.
+	- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
+	  BIO.  This lets the BIO read and write base64 encoded data
+	  without inserting or looking for '\n' characters.  The '-A'
+	  flag turns this on when using apps/enc.c.
+	- RSA_NO_PADDING added to help BSAFE functionality.  This is a
+	  very dangerous thing to use, since RSA private key
+	  operations without random padding bytes (as PKCS#1 adds) can
+	  be attacked such that the private key can be revealed.
+	- ASN.1 bug and rc2-40-cbc and rc4-40 added by
+	  Dr Stephen Henson <shenson@bigfoot.com>
+
+31-Aug-97 (stuff added while I was away)	
+	- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
+	- RSA_flags() added allowing bypass of pub/priv match check
+	  in ssl/ssl_rsa.c - Tim Hudson.
+	- A few minor bugs.
+
 SSLeay 0.8.1 released.
 
 19-Jul-97
diff --git a/INSTALL b/INSTALL
index 9cbdfd7d3..d394bf8a7 100644
--- a/INSTALL
+++ b/INSTALL
@@ -38,7 +38,7 @@ make -f Makefile.ssl links
 Makefile.ssl		CC CFLAG EX_LIBS BN_MULW
 crypto/des/des.h	DES_LONG
 crypto/des/des_locl.h	DES_PTR
-crypto/md/md2.h		MD2_INT
+crypto/md2/md2.h	MD2_INT
 crypto/rc4/rc4.h	RC4_INT
 crypto/rc4/rc4_enc.c	RC4_INDEX
 crypto/rc2/rc2.h	RC2_INT
diff --git a/MINFO b/MINFO
index 024b85dc9..0509f3364 100644
--- a/MINFO
+++ b/MINFO
@@ -3,12 +3,13 @@ AR=ar r
 BASENAME=SSLeay
 BF_ENC=bf_enc.o
 BN_MULW=bn_mulw.o
+CAST_ENC=c_enc.o
 CC=cc
 CFLAG=-O -DNOPROTO
 DES_ENC=des_enc.o fcrypt_b.o
 DIRS=crypto ssl rsaref apps test tools
-EDIRS=times doc bugs util include certs ms shlib mt demos
-EX_HEADER=
+EDIRS=times doc bugs util include certs ms shlib mt demos perl dep
+EXHEADER=e_os.h
 EX_LIBS=
 GENERAL=Makefile
 HEADER=e_os.h
@@ -18,25 +19,32 @@ MAKE=make -f Makefile.ssl
 MAKEFILE=Makefile.ssl
 MAN1=1
 MAN3=3
-MISC=COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile README TODO HISTORY README.066 README.080 VERSION PROBLEMS MINFO makefile.one e_os.h MICROSOFT makevms.com
-NAME=SSLeay-0.8.1
+MD5_ASM_OBJ=
+MISC=COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile README TODO HISTORY README.066 README.080 README.090 VERSION PROBLEMS MINFO makefile.one e_os.h MICROSOFT makevms.com config PATENTS
+NAME=SSLeay-0.9.0
 ONEDIRS=out tmp
 PEX_LIBS=-L. -L.. -L../.. -L../../..
-SDIRS=md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh buffer bio stack lhash rand err objects evp pem asn1 x509 conf txt_db pkcs7
+RC4_ENC=rc4_enc.o
+RC5_ENC=rc5_enc.o
+RMD160_ASM_OBJ=
+SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp pem asn1 x509 conf txt_db pkcs7
+SHA1_ASM_OBJ=
 SHELL=/bin/sh
-TARFILE=SSLeay-0.8.1.tar
+TARFILE=SSLeay-0.9.0.tar
 TOP=.
-VERSION=0.8.1
+VERSION=0.9.0
 WDIRS=windows
-WTARFILE=SSLeay-0.8.1-win.tar
+WTARFILE=SSLeay-0.9.0-win.tar
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto
-ALL=Makefile README cryptlib.c mem.c cversion.c cryptlib.h date.h crypto.h cryptall.h
+ALL=Makefile README cryptlib.c mem.c cversion.c ex_data.c cpt_err.c cryptlib.h date.h crypto.h cryptall.h
 AR=ar r
 CC=cc
 CFLAG=-g
 CFLAGS=-I. -I../include -g -DCFLAGS=" \"cc -g\" "
 DIR=crypto
+ERR=crypto
+ERRC=cpt_err
 EXHEADER=crypto.h cryptall.h
 EX_LIBS=
 GENERAL=Makefile README
@@ -45,39 +53,64 @@ INCLUDE=-I. -I../include
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../libcrypto.a
-LIBOBJ=cryptlib.o mem.o cversion.o
+LIBOBJ=cryptlib.o mem.o cversion.o ex_data.o cpt_err.o
 LIBS=
-LIBSRC=cryptlib.c mem.c cversion.c
+LIBSRC=cryptlib.c mem.c cversion.c ex_data.c cpt_err.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
 PEX_LIBS=
 RM=/bin/rm -f
-SDIRS=md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh buffer bio stack lhash rand err objects evp pem x509 asn1 conf txt_db pkcs7
-SRC=cryptlib.c mem.c cversion.c
+SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp pem x509 asn1 conf txt_db pkcs7
+SRC=cryptlib.c mem.c cversion.c ex_data.c cpt_err.c
 TOP=..
 RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/md
-ALL=Makefile md2_dgst.c md5_dgst.c md2_one.c md5_one.c md5_locl.h md2.h md5.h
+RELATIVE_DIRECTORY=crypto/md2
+ALL=Makefile md2_dgst.c md5_one.c md2.h
 APPS=
 AR=ar r
 CC=cc
 CFLAG=-g
 CFLAGS= -g
 DIR=md
-EXHEADER=md2.h md5.h
+EXHEADER=md2.h
 GENERAL=Makefile
-HEADER=md5_locl.h md2.h md5.h
+HEADER=md2.h
 INCLUDES=
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=md2_dgst.o md5_dgst.o md2_one.o md5_one.o
-LIBSRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c
+LIBOBJ=md2_dgst.o md2_one.o
+LIBSRC=md2_dgst.c md5_one.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
-SRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c
-TEST=md2test.c md5test.c
+SRC=md2_dgst.c md5_one.c
+TEST=md2test.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/md5
+ALL=Makefile md5_dgst.c md5_one.c md5_locl.h md5.h
+APPS=md5.c
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+CPP=cc -E
+DIR=md5
+EXHEADER=md5.h
+GENERAL=Makefile
+HEADER=md5_locl.h md5.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=md5_dgst.o md5_one.o 
+LIBSRC=md5_dgst.c md5_one.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+MD5_ASM_OBJ=
+SRC=md5_dgst.c md5_one.c
+TEST=md5test.c
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/sha
@@ -94,11 +127,12 @@ HEADER=sha_locl.h sha.h
 INCLUDES=
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o 
 LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
+SHA1_ASM_OBJ=
 SRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
 TEST=shatest.c sha1test.c
 TOP=../..
@@ -126,8 +160,56 @@ SRC=mdc2dgst.c mdc2_one.c
 TEST=mdc2test.c
 TOP=../..
 RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/hmac
+ALL=Makefile hmac.c hmac.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=hmac
+EXHEADER=hmac.h
+GENERAL=Makefile
+HEADER=hmac.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=hmac.o
+LIBSRC=hmac.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=hmac.c
+TEST=hmactest.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/ripemd
+ALL=Makefile rmd_dgst.c rmd_one.c rmd_locl.h rmdconst.h ripemd.h
+APPS=rmd160.c
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+CPP=cc -E
+DIR=ripemd
+EXHEADER=ripemd.h
+GENERAL=Makefile
+HEADER=rmd_locl.h rmdconst.h ripemd.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=rmd_dgst.o rmd_one.o 
+LIBSRC=rmd_dgst.c rmd_one.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+RIP_ASM_OBJ=
+SRC=rmd_dgst.c rmd_one.c
+TEST=rmdtest.c
+TOP=../..
+RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/des
-ALL=Makefile des.org des_locl.org cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
+ALL=Makefile des.org des_locl.org cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
 APPS=
 AR=ar r
 CC=cc
@@ -142,17 +224,40 @@ HEADER=des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
 INCLUDES=
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=set_key.o ecb_enc.o ede_enc.o cbc_enc.o cbc3_enc.o ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o enc_read.o enc_writ.o ncbc_enc.o ofb64enc.o ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o des_enc.o fcrypt_b.o read2pwd.o fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o supp.o
-LIBSRC=cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
+LIBOBJ=set_key.o ecb_enc.o cbc_enc.o ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o enc_read.o enc_writ.o ofb64enc.o ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o des_enc.o fcrypt_b.o read2pwd.o fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o supp.o
+LIBSRC=cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
-SRC=cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
+SRC=cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
 TEST=destest.c
 TOP=../..
 RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/rc2
+ALL=Makefile rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c rc2_locl.h rc2.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=rc2
+EXHEADER=rc2.h
+GENERAL=Makefile
+HEADER=rc2_locl.h rc2.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+TEST=rc2test.c
+TOP=../..
+RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/rc4
-ALL=Makefile rc4_enc.c rc4.h
+ALL=Makefile rc4_skey.c rc4_enc.c rc4.h rc4_locl.h
 APPS=
 AR=ar r
 CC=cc
@@ -161,40 +266,43 @@ CFLAGS= -g
 DIR=rc4
 EXHEADER=rc4.h
 GENERAL=Makefile
-HEADER=rc4.h
+HEADER=rc4.h rc4_locl.h
 INCLUDES=
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=rc4_enc.o
-LIBSRC=rc4_enc.c
+LIBOBJ=rc4_skey.o rc4_enc.o
+LIBSRC=rc4_skey.c rc4_enc.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
-SRC=rc4_enc.c
+RC4_ENC=rc4_enc.o
+SRC=rc4_skey.c rc4_enc.c
 TEST=rc4test.c
 TOP=../..
 RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rc2
-ALL=Makefile rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c rc2_locl.h rc2.h
+RELATIVE_DIRECTORY=crypto/rc5
+ALL=Makefile rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c rc5_locl.h rc5.h
 APPS=
 AR=ar r
 CC=cc
 CFLAG=-g
 CFLAGS= -g
-DIR=rc2
-EXHEADER=rc2.h
+CPP=cc -E
+DIR=rc5
+EXHEADER=rc5.h
 GENERAL=Makefile
-HEADER=rc2_locl.h rc2.h
+HEADER=rc5_locl.h rc5.h
 INCLUDES=
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
-LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+LIBOBJ=rc5_skey.o rc5_ecb.o rc5_enc.o rc5cfb64.o rc5ofb64.o
+LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
-SRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
-TEST=rc2test.c
+RC5_ENC=rc5_enc.o
+SRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c
+TEST=rc5test.c
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/idea
@@ -221,7 +329,7 @@ TEST=ideatest.c
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/bf
-ALL=Makefile bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c bf_pi.h bf_locl.h blowfish.h
+ALL=Makefile bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c bf_pi.h bf_locl.h blowfish.h
 APPS=
 AR=ar r
 BF_ENC=bf_enc.o
@@ -236,17 +344,42 @@ HEADER=bf_pi.h bf_locl.h blowfish.h
 INCLUDES=
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=bf_skey.o bf_ecb.o bf_enc.o bf_cbc.o bf_cfb64.o bf_ofb64.o
-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c
+LIBOBJ=bf_skey.o bf_ecb.o bf_enc.o bf_cfb64.o bf_ofb64.o
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
-SRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c
+SRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
 TEST=bftest.c
 TOP=../..
 RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/cast
+ALL=Makefile c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c cast_s.h cast_lcl.h cast.h
+APPS=
+AR=ar r
+CAST_ENC=c_enc.o
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+CPP=cc -E
+DIR=cast
+EXHEADER=cast.h
+GENERAL=Makefile
+HEADER=cast_s.h cast_lcl.h cast.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=c_skey.o c_ecb.o c_enc.o c_cfb64.o c_ofb64.o
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
+TEST=casttest.c
+TOP=../..
+RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/bn
-ALL=Makefile bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c bn_lcl.h bn_prime.h bn.h
+ALL=Makefile bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c bn_mpi.c bn_lcl.h bn_prime.h bn.h
 APPS=
 AR=ar r
 BN_MULW=bn_mulw.o
@@ -262,17 +395,17 @@ HEADER=bn_lcl.h bn_prime.h bn.h
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o bn_mulw.o bn_recp.o bn_mont.o
-LIBSRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c
+LIBOBJ=bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o bn_blind.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o bn_mulw.o bn_recp.o bn_mont.o bn_mpi.o
+LIBSRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c bn_mpi.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
-SRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c
+SRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c bn_mpi.c
 TEST=bntest.c exptest.c
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/rsa
-ALL=Makefile rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa.h
+ALL=Makefile rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c rsa.h
 APPS=
 AR=ar r
 CC=cc
@@ -287,12 +420,12 @@ HEADER=rsa.h
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=rsa_enc.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o
-LIBSRC=rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
+LIBOBJ=rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o rsa_pk1.o rsa_ssl.o rsa_none.o
+LIBSRC=rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
-SRC=rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
+SRC=rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
@@ -372,7 +505,7 @@ TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/bio
-ALL=Makefile bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bio.h
+ALL=Makefile bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bio.h bss_file.c
 APPS=
 AR=ar r
 CC=cc
@@ -381,9 +514,9 @@ CFLAGS=-I.. -I../../include -g
 DIR=bio
 ERR=bio
 ERRC=bio_err
-EXHEADER=bio.h
+EXHEADER=bio.h bss_file.c
 GENERAL=Makefile
-HEADER=bio.h
+HEADER=bio.h bss_file.c
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
@@ -472,7 +605,7 @@ AR=ar r
 CC=cc
 CFLAG=-g
 CFLAGS=-I.. -I../../include -g
-DIR=error
+DIR=err
 EXHEADER=err.h
 GENERAL=Makefile
 HEADER=err.h
@@ -514,7 +647,7 @@ TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/evp
-ALL=Makefile encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp.h
+ALL=Makefile encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c evp.h
 APPS=
 AR=ar r
 CC=cc
@@ -529,12 +662,12 @@ HEADER=evp.h
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=encode.o digest.o evp_enc.o evp_key.o e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o p_open.o p_seal.o p_sign.o p_verify.o p_lib.o bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o c_all.o
-LIBSRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c
+LIBOBJ=encode.o digest.o evp_enc.o evp_key.o e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o e_ecb_c.o e_cbc_c.o e_cfb_c.o e_ofb_c.o e_ecb_r5.o e_cbc_r5.o e_cfb_r5.o e_ofb_r5.o m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o m_ripemd.o p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o c_all.o evp_lib.o
+LIBSRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
-SRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c
+SRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
@@ -565,7 +698,7 @@ TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/asn1
-ALL=Makefile README a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c asn1.h asn1_mac.h
+ALL=Makefile README a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c asn1.h asn1_mac.h
 APPS=
 AR=ar r
 CC=cc
@@ -580,12 +713,12 @@ HEADER=asn1.h asn1_mac.h
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_sign.o a_digest.o a_verify.o x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o t_req.o t_x509.o t_pkey.o p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o
-LIBSRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c
+LIBOBJ=a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_sign.o a_digest.o a_verify.o x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o t_req.o t_x509.o t_pkey.o p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o evp_asn1.o
+LIBSRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
-SRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c
+SRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
@@ -688,7 +821,7 @@ TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=ssl
-ALL=Makefile README s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c ssl.h ssl2.h ssl3.h ssl23.h ssl_locl.h
+ALL=Makefile README s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c ssl.h ssl2.h ssl3.h ssl23.h tls1.h ssl_locl.h
 APPS=
 AR=ar r
 CC=cc
@@ -697,18 +830,18 @@ CFLAGS=-I../crypto -I../include -g
 DIR=ssl
 ERR=ssl
 ERRC=ssl_err
-EXHEADER=ssl.h ssl2.h ssl3.h ssl23.h
+EXHEADER=ssl.h ssl2.h ssl3.h ssl23.h tls1.h
 GENERAL=Makefile README
-HEADER=ssl.h ssl2.h ssl3.h ssl23.h ssl_locl.h
+HEADER=ssl.h ssl2.h ssl3.h ssl23.h tls1.h ssl_locl.h
 INCLUDES=-I../crypto -I../include
 INSTALLTOP=/usr/local/ssl
 LIB=../libssl.a
-LIBOBJ=s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_pkt.o s2_enc.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_pkt.o s3_enc.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o
-LIBSRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
+LIBOBJ=s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o
+LIBSRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
 MAKE=make -f Makefile.ssl
 MAKEDEPEND=makedepend -f Makefile.ssl
 MAKEFILE=Makefile.ssl
-SRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
+SRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
 TEST=ssltest.c
 TOP=..
 RELATIVE_DIRECTORY=
@@ -738,7 +871,7 @@ TEST=
 TOP=..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=apps
-ALL=Makefile verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c apps.h progs.h s_apps.h testdsa.h testrsa.h 
+ALL=Makefile verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c apps.h progs.h s_apps.h testdsa.h testrsa.h 
 A_OBJ=apps.o
 A_SRC=apps.c
 CC=cc
@@ -750,9 +883,9 @@ DLIBSSL=../libssl.a
 EXE=ssleay
 EXHEADER=
 EX_LIBS=
-E_EXE=verify asn1pars req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers
-E_OBJ=verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o gendsa.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o
-E_SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
+E_EXE=verify asn1pars req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers
+E_OBJ=verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o
+E_SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
 GENERAL=Makefile
 HEADER=apps.h progs.h s_apps.h testdsa.h testrsa.h 
 INCLUDES=-I../include
@@ -766,16 +899,17 @@ PEX_LIBS=
 PROGS=ssleay.c
 RM=/bin/rm -f
 SCRIPTS=CA.sh der_chop
-SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
+SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
 SSLEAY=ssleay
 S_OBJ=s_cb.o s_socket.o
 S_SRC=s_cb.c s_socket.c
 TOP=..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=test
-ALL=Makefile.ssl bntest.c ideatest.c md2test.c md5test.c rc4test.c destest.c shatest.c sha1test.c mdc2test.c randtest.c dhtest.c rc2test.c bftest.c ssltest.c dsatest.c exptest.c 
+ALL=Makefile.ssl bntest.c ideatest.c md2test.c md5test.c hmactest.c rc2test.c rc4test.c rc5test.c destest.c shatest.c sha1test.c mdc2test.c rmdtest.c randtest.c dhtest.c casttest.c bftest.c ssltest.c dsatest.c exptest.c 
 BFTEST=bftest
 BNTEST=bntest
+CASTTEST=casttest
 CC=cc
 CFLAG=-g
 CFLAGS=-I../include -g
@@ -785,12 +919,13 @@ DIR=test
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
 DSATEST=dsatest
-EXE=bntest ideatest md2test md5test rc4test destest shatest sha1test mdc2test randtest dhtest rc2test bftest ssltest exptest dsatest
+EXE=bntest ideatest md2test md5test hmactest rc2test rc4test rc5test destest shatest sha1test mdc2test rmdtest randtest dhtest bftest casttest ssltest exptest dsatest
 EXHEADER=
 EXPTEST=exptest
-EX_LIBS=-lnsl -lsocket
+EX_LIBS=
 GENERAL=Makefile.ssl
 HEADER=
+HMACTEST=hmactest
 IDEATEST=ideatest
 INCLUDES=-I../include
 INSTALLTOP=/usr/local/ssl
@@ -803,14 +938,16 @@ MD2TEST=md2test
 MD5TEST=md5test
 MDC2TEST=mdc2test
 METHTEST=methtest
-OBJ=bntest.o ideatest.o md2test.o md5test.o rc4test.o destest.o shatest.o sha1test.o mdc2test.o randtest.o dhtest.o rc2test.o bftest.o ssltest.o dsatest.o exptest.o
+OBJ=bntest.o ideatest.o md2test.o md5test.o hmactest.o rc2test.o rc4test.o rc5test.o destest.o shatest.o sha1test.o mdc2test.o rmdtest.o randtest.o dhtest.o casttest.o bftest.o ssltest.o dsatest.o exptest.o
 PEX_LIBS=
 RANDTEST=randtest
 RC2TEST=rc2test
 RC4TEST=rc4test
+RC5TEST=rc5test
+RMDTEST=rmdtest
 SHA1TEST=sha1test
 SHATEST=shatest
-SRC=bntest.c ideatest.c md2test.c md5test.c rc4test.c destest.c shatest.c sha1test.c mdc2test.c randtest.c dhtest.c rc2test.c bftest.c ssltest.c dsatest.c exptest.c
+SRC=bntest.c ideatest.c md2test.c md5test.c hmactest.c rc2test.c rc4test.c rc5test.c destest.c shatest.c sha1test.c mdc2test.c rmdtest.c randtest.c dhtest.c casttest.c bftest.c ssltest.c dsatest.c exptest.c
 SSLTEST=ssltest
 TOP=..
 RELATIVE_DIRECTORY=
diff --git a/Makefile.ssl b/Makefile.ssl
index 676ece0aa..0f352027e 100644
--- a/Makefile.ssl
+++ b/Makefile.ssl
@@ -1,6 +1,6 @@
 #
 # Makefile for all the SSL related library routines and utilities
-VERSION	= 0.8.1a
+VERSION = 0.9.0a
 #
 # make install will install:
 #   libraries into $INSTALLTOP/lib
@@ -21,9 +21,9 @@ VERSION	= 0.8.1a
 #
 # If you must get hold of people directly (we much prefer the above
 # lists to be used if the question is of general interest!):
-#	Eric Young <eay@cryptsoft.com>
-#	Tim Hudson <tjh@cryptsoft.com>
-#	or both    <ssleay@cryptsoft.com>
+#       Eric Young <eay@cryptsoft.com>
+#       Tim Hudson <tjh@cryptsoft.com>
+#       or both    <ssleay@cryptsoft.com>
 #
 # The primary distribution of SSLeay is from
 # ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
@@ -35,71 +35,124 @@ VERSION	= 0.8.1a
 # NO_RC4  - Define to build without the RC4 algorithm
 # NO_RC2  - Define to build without the RC2 algorithm
 # THREADS - Define when building with threads, you will probably also need any
-#	    system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
 # TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
 # TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
 # LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
 # DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#	    one.  32 bytes will be read from this when the random
-#	    number generator is initalised.
+#           one.  32 bytes will be read from this when the random
+#           number generator is initalised.
 # SSL_ALLOW_ADH - define if you want the server to be able to use the
-#	    SSLv3 anon-DH ciphers.
+#           SSLv3 anon-DH ciphers.
 # SSL_ALLOW_ENULL - define if you want the server to be able to use the
-#	    NULL encryption ciphers.
+#           NULL encryption ciphers.
 #
 # LOCK_DEBUG - turns on lots of lock debug output :-)
 # REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
 # CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
 # MFUNC - Make all Malloc/Free/Realloc calls call
-#	CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#	call application defined callbacks via CRYPTO_set_mem_functions()
+#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#       call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
 
 
 CC= cc
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
 CFLAG= -O -DNOPROTO
-#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
 PEX_LIBS= -L. -L.. -L../.. -L../../..
 EX_LIBS= 
-#EX_LIBS= #-lRSAglue -lrsaref -lnsl -lsocket
 AR=ar r
 
 # Set BN_MULW to bn_mulw.o if you want to use the C version
-#BN_MULW= asm/x86-lnx.o
 BN_MULW= bn_mulw.o
-#BN_MULW= asm/x86-lnx.o		# elf
-#BN_MULW= asm/x86-sol.o		# solaris
-#BN_MULW= asm/x86-lnxa.o	# a.out, FreeBSD
-#BN_MULW= asm/x86-bsdi.o	# bsdi
-#BN_MULW= asm/alpha.o		# DEC Alpha
-#BN_MULW= asm/pa-risc2.o	# HP-UX PA-RISC
-#BN_MULW= asm/r3000.o		# SGI MIPS cpu
-#BN_MULW= asm/sparc.o		# Sun solaris/SunOS
-#BN_MULW= asm/x86nt32.o		# Windows 95/NT
-#BN_MULW= asm/x86w16.o		# 16 bit code for Windows 3.1/DOS
-#BN_MULW= asm/x86w32.o		# 32 bit code for Windows 3.1
+#BN_MULW= bn_mulw.o
+#BN_MULW= asm/bn86-elf.o        # elf, linux-elf
+#BN_MULW= asm/bn86-sol.o        # solaris
+#BN_MULW= asm/bn86-out.o        # a.out, FreeBSD
+#BN_MULW= asm/bn86bsdi.o        # bsdi
+#BN_MULW= asm/alpha.o           # DEC Alpha
+#BN_MULW= asm/pa-risc2.o        # HP-UX PA-RISC
+#BN_MULW= asm/r3000.o           # SGI MIPS cpu
+#BN_MULW= asm/sparc.o           # Sun solaris/SunOS
+#BN_MULW= asm/bn-win32.o                # Windows 95/NT
+#BN_MULW= asm/x86w16.o          # 16 bit code for Windows 3.1/DOS
+#BN_MULW= asm/x86w32.o          # 32 bit code for Windows 3.1
 
 # Set DES_ENC to des_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 DES_ENC= des_enc.o fcrypt_b.o
-#DES_ENC= des_enc.o fcrypt_b.o		# C
-#DES_ENC= asm/dx86-elf.o asm/cx86-elf.o # elf
-#DES_ENC= asm/dx86-sol.o asm/cx86-sol.o	# solaris
-#DES_ENC= asm/dx86-out.o asm/cx86-out.o	# a.out, FreeBSD
-#DES_ENC= asm/dx86bsdi.o asm/cx86bsdi.o	# bsdi
+#DES_ENC= des_enc.o fcrypt_b.o          # C
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
 
 # Set BF_ENC to bf_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 BF_ENC= bf_enc.o
-#BF_ENC= bf_enc.o	# C
+#BF_ENC= bf_enc.o
 #BF_ENC= asm/bx86-elf.o # elf
-#BF_ENC= asm/bx86-sol.o	# solaris
-#BF_ENC= asm/bx86-out.o	# a.out, FreeBSD
-#BF_ENC= asm/bx86bsdi.o	# bsdi
+#BF_ENC= asm/bx86-sol.o # solaris
+#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
+#BF_ENC= asm/bx86bsdi.o # bsdi
 
-DIRS=	crypto ssl rsaref apps test tools
+# Set CAST_ENC to c_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+CAST_ENC= c_enc.o
+#CAST_ENC= c_enc.o
+#CAST_ENC= asm/cx86-elf.o # elf
+#CAST_ENC= asm/cx86-sol.o # solaris
+#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
+#CAST_ENC= asm/cx86bsdi.o # bsdi
+
+# Set RC4_ENC to rc4_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC4_ENC= rc4_enc.o
+#RC4_ENC= rc4_enc.o
+#RC4_ENC= asm/rx86-elf.o # elf
+#RC4_ENC= asm/rx86-sol.o # solaris
+#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
+#RC4_ENC= asm/rx86bsdi.o # bsdi
+
+# Set RC5_ENC to rc5_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC5_ENC= rc5_enc.o
+#RC5_ENC= rc5_enc.o
+#RC5_ENC= asm/r586-elf.o # elf
+#RC5_ENC= asm/r586-sol.o # solaris
+#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
+#RC5_ENC= asm/r586bsdi.o # bsdi
+
+# Also need MD5_ASM defined
+MD5_ASM_OBJ= 
+#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+
+# Also need SHA1_ASM defined
+SHA1_ASM_OBJ= 
+#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+
+# Also need RMD160_ASM defined
+RMD160_ASM_OBJ= 
+#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
+
+DIRS=   crypto ssl rsaref apps test tools
 # dirs in crypto to build
 SDIRS=  \
-	md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh \
+	md2 md5 sha mdc2 hmac ripemd \
+	des rc2 rc4 rc5 idea bf cast \
+	bn rsa dsa dh \
 	buffer bio stack lhash rand err objects \
 	evp pem asn1 x509 conf txt_db pkcs7
 
@@ -108,46 +161,46 @@ SDIRS=  \
 INSTALLTOP=/usr/local/ssl
 
 MAKEFILE= Makefile.ssl
-MAKE=	  make -f Makefile.ssl
+MAKE=     make -f Makefile.ssl
 
 MAN1=1
 MAN3=3
 SHELL=/bin/sh
 
-TOP=	.
+TOP=    .
 ONEDIRS=out tmp
-EDIRS=	times doc bugs util include certs ms shlib mt demos
-MISC=	COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile \
-	README TODO HISTORY README.066 README.080 \
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl dep
+MISC=   COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile \
+	README TODO HISTORY README.066 README.080 README.090 \
 	VERSION PROBLEMS MINFO makefile.one e_os.h \
-	MICROSOFT makevms.com
-WDIRS=	windows
-LIBS=	libcrypto.a libssl.a 
-
-GENERAL=	Makefile
-BASENAME=	SSLeay
-NAME=		$(BASENAME)-$(VERSION)
-TARFILE=	$(NAME).tar
-WTARFILE=	$(NAME)-win.tar
-EX_HEADER=
-HEADER=		e_os.h
+	MICROSOFT makevms.com config PATENTS
+WDIRS=  windows
+LIBS=   libcrypto.a libssl.a 
+
+GENERAL=        Makefile
+BASENAME=       SSLeay
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        $(NAME).tar
+WTARFILE=       $(NAME)-win.tar
+EXHEADER=       e_os.h
+HEADER=         e_os.h
 
 all:
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' SDIRS='${SDIRS}' AR='${AR}' all ); \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' all ); \
 	done;
 
 sub_all:
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' AR='${AR}' all ); \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' all ); \
 	done;
 
 clean:
-	/bin/rm -f *.o core a.out fluff *.map
+	/bin/rm -f shlib/*.o *.o core a.out fluff *.map
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i; echo "cleaning $$i..."; \
@@ -158,14 +211,14 @@ clean:
 	/bin/rm -f $(TARFILE)
 	@for i in $(ONEDIRS) ;\
 	do \
-	/bin/rm -f $$i/*; \
+	/bin/rm -fr $$i/*; \
 	done
 
 makefile.one: files
 	perl util/mk1mf.pl >makefile.one; \
 	sh util/do_ms.sh
 
-files:	MINFO
+files:  MINFO
 	perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
 	@for i in $(DIRS) ;\
 	do \
@@ -176,13 +229,14 @@ files:	MINFO
 links:
 	/bin/rm -f Makefile;
 	./util/point.sh Makefile.ssl Makefile;
+	$(TOP)/util/mklink.sh include $(EXHEADER) ;
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i; echo "making links in $$i..."; \
 	$(MAKE) SDIRS='${SDIRS}' links ); \
 	done;
 	# @(cd apps; sh ./mklinks)
-	sh tools/c_rehash certs
+	@( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
 
 dclean:
 	/bin/rm -f *.bak
@@ -195,11 +249,11 @@ dclean:
 rehash:
 	@(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs)
 
-test:	tests
+test:   tests
 
 tests:
 	(cd test; echo "testing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' SDIRS='${SDIRS}' AR='${AR}' tests );
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
 	@apps/ssleay version -a
 
 depend:
@@ -242,8 +296,9 @@ tar:
 	mv $(NAME) $(BASENAME) ) 
 	gzip -f $(TARFILE)
 
-dist:	
+dist:   
 	perl Configure dist
+	perl util/up_ver.pl ${VERSION}
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='${SDIRS}' clean
 	@$(MAKE) SDIRS='${SDIRS}' dclean
@@ -267,7 +322,7 @@ install: all
 	done
 	@for i in $(LIBS) ;\
 	do \
-	(	echo installing $$i; \
+	(       echo installing $$i; \
 		cp $$i $(INSTALLTOP)/lib; \
 		sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
 		chmod 644 $(INSTALLTOP)/lib/$$i ); \
diff --git a/README b/README
index 543a1336f..eaa77007f 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-		SSLeay 0.8.1b 29-Jun-1998
+		SSLeay 0.9.0b 29-Jun-1998
 		Copyright (c) 1997, Eric Young
 		All rights reserved.
 
diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl
index 4fac51faa..1cace40ab 100644
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -31,7 +31,7 @@ SCRIPTS=CA.sh der_chop
 
 EXE= $(SSLEAY)
 
-E_EXE=	verify asn1pars req dgst dh enc gendh gendsa errstr ca crl \
+E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \
 	rsa dsa dsaparam \
 	x509 genrsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers
@@ -44,7 +44,7 @@ S_OBJ=	s_cb.o s_socket.o
 S_SRC=	s_cb.c s_socket.c
 
 E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
-	gendsa.o pkcs7.o crl2p7.o crl.o \
+	pkcs7.o crl2p7.o crl.o \
 	rsa.o dsa.o dsaparam.o \
 	x509.o genrsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
@@ -53,7 +53,7 @@ E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
 #	pem_mail.o
 
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
-	gendsa.c pkcs7.c crl2p7.c crl.c \
+	pkcs7.c crl2p7.c crl.c \
 	rsa.c dsa.c dsaparam.c \
 	x509.c genrsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
diff --git a/apps/apps.c b/apps/apps.c
index 7c9510e3b..5f0c8fa53 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1,5 +1,5 @@
 /* apps/apps.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -65,13 +65,8 @@
 #include "apps.h"
 #undef NON_MAIN
 
-#ifdef WIN16
-#define APPS_WIN16
-#ifdef FLAT_BUILD
-#include "bss_file.c"
-#else
-#include "../crypto/bio/bss_file.c"
-#endif
+#ifdef WINDOWS
+#  include "bss_file.c"
 #endif
 
 #ifndef NOPROTO
diff --git a/apps/apps.h b/apps/apps.h
index 528828cf6..25a9262e0 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -1,5 +1,5 @@
 /* apps/apps.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,18 +59,14 @@
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H
 
-#ifdef FLAT_INC
 #include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
 
 #include "buffer.h"
 #include "bio.h"
 #include "crypto.h"
 #include "progs.h"
 
-#ifdef WIN16
+#ifdef NO_STDIO
 BIO_METHOD *BIO_s_file();
 #endif
 
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 111e28270..3d382282e 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -1,5 +1,5 @@
 /* apps/asn1pars.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -75,6 +75,7 @@
  * -i		- indent the details by depth
  * -offset	- where in the file to start
  * -length	- how many bytes to use
+ * -oid file	- extra oid decription file
  */
 
 #undef PROG
@@ -89,17 +90,16 @@ char **argv;
 	long num;
 	BIO *in=NULL,*out=NULL,*b64=NULL;
 	int informat,indent=0;
-	char *infile,*str=NULL,*prog;
+	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL;
 	BUF_MEM *buf=NULL;
 
-	infile=NULL;
 	informat=FORMAT_PEM;
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	prog=argv[0];
 	argc--;
@@ -120,6 +120,11 @@ char **argv;
 			{
 			indent=1;
 			}
+		else if (strcmp(*argv,"-oid") == 0)
+			{
+			if (--argc < 1) goto bad;
+			oidfile= *(++argv);
+			}
 		else if (strcmp(*argv,"-offset") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -151,6 +156,7 @@ bad:
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   lenth of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
+		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
 		goto end;
 		}
 
@@ -163,7 +169,19 @@ bad:
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (oidfile != NULL)
+		{
+		if (BIO_read_filename(in,oidfile) <= 0)
+			{
+			BIO_printf(bio_err,"problems opening %s\n",oidfile);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		OBJ_create_objects(in);
+		}
+
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
@@ -214,6 +232,7 @@ end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	if (buf != NULL) BUF_MEM_free(buf);
+	OBJ_cleanup();
 	EXIT(ret);
 	}
 
diff --git a/apps/ca.c b/apps/ca.c
index 3e10d6c27..a5848366c 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1,5 +1,5 @@
 /* apps/ca.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -97,6 +97,7 @@
 #define ENV_PRIVATE_KEY		"private_key"
 #define ENV_RANDFILE		"RANDFILE"
 #define ENV_DEFAULT_DAYS 	"default_days"
+#define ENV_DEFAULT_STARTDATE 	"default_startdate"
 #define ENV_DEFAULT_CRL_DAYS 	"default_crl_days"
 #define ENV_DEFAULT_CRL_HOURS 	"default_crl_hours"
 #define ENV_DEFAULT_MD		"default_md"
@@ -139,6 +140,7 @@ static char *ca_usage[]={
 " -outdir dir     - Where to put output certificates\n",
 " -infiles ....   - The last argument, requests to process\n",
 " -spkac file     - File contains DN and signed public key and challenge\n",
+" -ss_cert file   - File contains a self signed cert to sign\n",
 " -preserveDN     - Don't re-order the DN\n",
 " -batch	  - Don't ask questions\n",
 " -msie_hack	  - msie modifications to handle all thos universal strings\n",
@@ -163,16 +165,19 @@ static int index_name_cmp(char **a,char **b);
 static BIGNUM *load_serial(char *serialfile);
 static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,int days,
-	int batch, STACK *extensions,int verbose);
+	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
+	int days, int batch, STACK *extensions,int verbose);
+static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
+	int days,int batch,STACK *extensions,int verbose);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,int days,
-	STACK *extensions,int verbose);
+	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
+	int days,STACK *extensions,int verbose);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst,
-	STACK *policy, TXT_DB *db, BIGNUM *serial, int days, int batch,
-	int verbose, X509_REQ *req, STACK *extensions);
+	STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate,
+	int days, int batch, int verbose, X509_REQ *req, STACK *extensions);
 static int check_time_format(char *str);
 #else
 static STACK *load_extensions();
@@ -187,6 +192,7 @@ static int fix_data();
 static BIGNUM *load_serial();
 static int save_serial();
 static int certify();
+static int certify_cert();
 static int certify_spkac();
 static void write_new_certificate();
 static int do_body();
@@ -221,6 +227,7 @@ char **argv;
 	char *certfile=NULL;
 	char *infile=NULL;
 	char *spkac_file=NULL;
+	char *ss_cert_file=NULL;
 	EVP_PKEY *pkey=NULL;
 	int output_der = 0;
 	char *outfile=NULL;
@@ -228,6 +235,7 @@ char **argv;
 	char *serialfile=NULL;
 	char *extensions=NULL;
 	BIGNUM *serial=NULL;
+	char *startdate=NULL;
 	int days=0;
 	int batch=0;
 	X509 *x509=NULL;
@@ -263,7 +271,7 @@ EF_ALIGNMENT=0;
 	preserve=0;
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	argc--;
 	argv++;
@@ -281,6 +289,11 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			section= *(++argv);
 			}
+		else if (strcmp(*argv,"-startdate") == 0)
+			{
+			if (--argc < 1) goto bad;
+			startdate= *(++argv);
+			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -352,6 +365,12 @@ EF_ALIGNMENT=0;
 			req=1;
 			break;
 			}
+		else if (strcmp(*argv, "-ss_cert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			ss_cert_file = *(++argv);
+			req=1;
+			}
 		else if (strcmp(*argv, "-spkac") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -570,7 +589,7 @@ bad:
 		}
 	if (verbose)
 		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE); /* cannot fail */
+		BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
 		TXT_DB_write(out,db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
 			db->data->num);
@@ -605,7 +624,7 @@ bad:
 				}
 			}
 		else
-			BIO_set_fp(Sout,stdout,BIO_NOCLOSE);
+			BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
 		}
 
 	if (req)
@@ -647,6 +666,22 @@ bad:
 				goto err;
 			}
 
+		if (startdate == NULL)
+			{
+			startdate=(char *)CONF_get_string(conf,section,
+				ENV_DEFAULT_STARTDATE);
+			if (startdate == NULL)
+				startdate="today";
+			else
+				{
+				if (!ASN1_UTCTIME_set_string(NULL,startdate))
+					{
+					BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSS\n");
+					goto err;
+					}
+				}
+			}
+
 		if (days == 0)
 			{
 			days=(int)CONF_get_number(conf,section,
@@ -685,7 +720,7 @@ bad:
 			{
 			total++;
 			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
-				serial,days,extensions_sk,verbose);
+				serial,startdate,days,extensions_sk,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -704,11 +739,31 @@ bad:
 					}
 				}
 			}
+		if (ss_cert_file != NULL)
+			{
+			total++;
+			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
+				db,serial,startdate,days,batch,
+				extensions_sk,verbose);
+			if (j < 0) goto err;
+			if (j > 0)
+				{
+				total_done++;
+				BIO_printf(bio_err,"\n");
+				if (!BN_add_word(serial,1)) goto err;
+				if (!sk_push(cert_sk,(char *)x))
+					{
+					BIO_printf(bio_err,"Malloc failure\n");
+					goto err;
+					}
+				}
+			}
 		if (infile != NULL)
 			{
 			total++;
 			j=certify(&x,infile,pkey,x509,dgst,attribs,db,
-				serial,days,batch,extensions_sk,verbose);
+				serial,startdate,days,batch,
+				extensions_sk,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -726,7 +781,8 @@ bad:
 			{
 			total++;
 			j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
-				serial,days,batch,extensions_sk,verbose);
+				serial,startdate,days,batch,
+				extensions_sk,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -798,7 +854,7 @@ bad:
 				{
 				for (k=0; k<j; k++)
 					{
-					sprintf((char *)n,"%02X",*(p++));
+					sprintf((char *)n,"%02X",(unsigned char)*(p++));
 					n+=2;
 					}
 				}
@@ -893,6 +949,8 @@ bad:
 		if (ci->issuer == NULL) goto err;
 
 		X509_gmtime_adj(ci->lastUpdate,0);
+		if (ci->nextUpdate == NULL)
+			ci->nextUpdate=ASN1_UTCTIME_new();
 		X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
 
 		for (i=0; i<sk_num(db->data); i++)
@@ -1092,7 +1150,7 @@ err:
 	return(ret);
 	}
 
-static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,days,
+static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,days,
 	batch,extensions,verbose)
 X509 **xret;
 char *infile;
@@ -1102,6 +1160,7 @@ EVP_MD *dgst;
 STACK *policy;
 TXT_DB *db;
 BIGNUM *serial;
+char *startdate;
 int days;
 int batch;
 STACK *extensions;
@@ -1130,15 +1189,6 @@ int verbose;
 
 	BIO_printf(bio_err,"Check that the request matches the signature\n");
 
-	if (	(req->req_info == NULL) ||
-		(req->req_info->pubkey == NULL) ||
-		(req->req_info->pubkey->public_key == NULL) ||
-		(req->req_info->pubkey->public_key->data == NULL))
-		{
-		BIO_printf(bio_err,"The certificate request appears to corrupted\n");
-		BIO_printf(bio_err,"It does not contain a public key\n");
-		goto err;
-		}
 	if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
 		{
 		BIO_printf(bio_err,"error unpacking public key\n");
@@ -1160,8 +1210,8 @@ int verbose;
 	else
 		BIO_printf(bio_err,"Signature ok\n");
 
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,days,batch,verbose,req,
-		extensions);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
+		days,batch,verbose,req,extensions);
 
 err:
 	if (req != NULL) X509_REQ_free(req);
@@ -1169,15 +1219,89 @@ err:
 	return(ok);
 	}
 
-static int do_body(xret,pkey,x509,dgst,policy,db,serial,days,batch,verbose,req,
-	extensions)
+static int certify_cert(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,
+	days, batch,extensions,verbose)
 X509 **xret;
+char *infile;
 EVP_PKEY *pkey;
 X509 *x509;
 EVP_MD *dgst;
 STACK *policy;
 TXT_DB *db;
 BIGNUM *serial;
+char *startdate;
+int days;
+int batch;
+STACK *extensions;
+int verbose;
+	{
+	X509 *req=NULL;
+	X509_REQ *rreq=NULL;
+	BIO *in=NULL;
+	EVP_PKEY *pktmp=NULL;
+	int ok= -1,i;
+
+	in=BIO_new(BIO_s_file());
+
+	if (BIO_read_filename(in,infile) <= 0)
+		{
+		perror(infile);
+		goto err;
+		}
+	if ((req=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
+		{
+		BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile);
+		goto err;
+		}
+	if (verbose)
+		X509_print(bio_err,req);
+
+	BIO_printf(bio_err,"Check that the request matches the signature\n");
+
+	if ((pktmp=X509_get_pubkey(req)) == NULL)
+		{
+		BIO_printf(bio_err,"error unpacking public key\n");
+		goto err;
+		}
+	i=X509_verify(req,pktmp);
+	if (i < 0)
+		{
+		ok=0;
+		BIO_printf(bio_err,"Signature verification problems....\n");
+		goto err;
+		}
+	if (i == 0)
+		{
+		ok=0;
+		BIO_printf(bio_err,"Signature did not match the certificate request\n");
+		goto err;
+		}
+	else
+		BIO_printf(bio_err,"Signature ok\n");
+
+	if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
+		goto err;
+
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
+		batch,verbose,rreq,extensions);
+
+err:
+	if (rreq != NULL) X509_REQ_free(rreq);
+	if (req != NULL) X509_free(req);
+	if (in != NULL) BIO_free(in);
+	return(ok);
+	}
+
+static int do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
+	batch,verbose,req, extensions)
+X509 **xret;
+EVP_PKEY *pkey;
+X509 *x509;
+EVP_MD *dgst;
+STACK *policy;
+TXT_DB *db;
+BIGNUM *serial;
+char *startdate;
 int days;
 int batch;
 int verbose;
@@ -1185,7 +1309,7 @@ X509_REQ *req;
 STACK *extensions;
 	{
 	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
-	ASN1_UTCTIME *tm;
+	ASN1_UTCTIME *tm,*tmptm;
 	ASN1_STRING *str,*str2;
 	ASN1_OBJECT *obj;
 	X509 *ret=NULL;
@@ -1200,6 +1324,13 @@ STACK *extensions;
 	char *row[DB_NUMBER],**rrow,**irow=NULL;
 	char buf[25],*pbuf;
 
+	tmptm=ASN1_UTCTIME_new();
+	if (tmptm == NULL)
+		{
+		BIO_printf(bio_err,"malloc error\n");
+		return(0);
+		}
+
 	for (i=0; i<DB_NUMBER; i++)
 		row[i]=NULL;
 
@@ -1471,8 +1602,16 @@ again2:
 		goto err;
 
 	BIO_printf(bio_err,"Certificate is to be certified until ");
-	X509_gmtime_adj(X509_get_notBefore(ret),0);
-	X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
+	if (strcmp(startdate,"today") == 0)
+		{
+		X509_gmtime_adj(X509_get_notBefore(ret),0);
+		X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
+		}
+	else
+		{
+		/*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX*/
+		ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+		}
 	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
 	BIO_printf(bio_err," (%d days)\n",days);
 
@@ -1623,8 +1762,8 @@ int output_der;
 	BIO_puts(bp,"\n");
 	}
 
-static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,days,
-	extensions,verbose)
+static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,
+	startdate,days,extensions,verbose)
 X509 **xret;
 char *infile;
 EVP_PKEY *pkey;
@@ -1633,6 +1772,7 @@ EVP_MD *dgst;
 STACK *policy;
 TXT_DB *db;
 BIGNUM *serial;
+char *startdate;
 int days;
 STACK *extensions;
 int verbose;
@@ -1778,8 +1918,8 @@ int verbose;
 	BIO_printf(bio_err,"Signature ok\n");
 
 	X509_REQ_set_pubkey(req,pktmp);
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,days,1,verbose,req,
-		extensions);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
+		days,1,verbose,req,extensions);
 err:
 	if (req != NULL) X509_REQ_free(req);
 	if (parms != NULL) CONF_free(parms);
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 16ff2b492..867196e39 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -1,5 +1,5 @@
 /* apps/ciphers.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
diff --git a/apps/crl.c b/apps/crl.c
index 9642ee526..2c18374ee 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -1,5 +1,5 @@
 /* apps/crl.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -109,7 +109,6 @@ char **argv;
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
-	char *str=NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
 	char **pp,buf[256];
 
@@ -117,7 +116,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
@@ -209,7 +208,7 @@ bad:
 			if (issuer == i)
 				{
 				X509_NAME_oneline(x->crl->issuer,buf,256);
-				fprintf(stdout,"issuer= %s\n",str);
+				fprintf(stdout,"issuer= %s\n",buf);
 				}
 
 			if (hash == i)
@@ -226,7 +225,10 @@ bad:
 			if (nextupdate == i)
 				{
 				fprintf(stdout,"nextUpdate=");
-				ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
+				if (x->crl->nextUpdate != NULL)
+					ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
+				else
+					fprintf(stdout,"NONE");
 				fprintf(stdout,"\n");
 				}
 			}
@@ -259,8 +261,10 @@ bad:
 	else if (outformat == FORMAT_TEXT)
 		{
 		X509_REVOKED *r;
+		STACK *sk;
 
-		while ((r=(X509_REVOKED *)sk_pop(x->crl->revoked)) != NULL)
+		sk=sk_dup(x->crl->revoked);
+		while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)
 			{
 			fprintf(stdout,"revoked: serialNumber=");
 			i2a_ASN1_INTEGER(out,r->serialNumber);
@@ -268,6 +272,7 @@ bad:
 			ASN1_UTCTIME_print(bio_out,r->revocationDate);
 			fprintf(stdout,"\n");
 			}
+		sk_free(sk);
 		i=1;
 		}
 	else	
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 04bb1a1c8..82a782955 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -1,5 +1,5 @@
 /* apps/crl2p7.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -106,7 +106,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
diff --git a/apps/dgst.c b/apps/dgst.c
index 6d7a1787f..eea291db1 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -1,5 +1,5 @@
 /* apps/dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -103,7 +103,7 @@ char **argv;
 		}
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	/* first check the program name */
         program_name(argv[0],pname,PROG_NAME_SIZE);
@@ -135,16 +135,16 @@ char **argv;
 		BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 		BIO_printf(bio_err,"options are\n");
 		BIO_printf(bio_err,"-c   to output the digest with separating colons\n");
-		BIO_printf(bio_err,"-c   to output debug info\n");
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm (default)\n",
+		BIO_printf(bio_err,"-d   to output debug info\n");
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_md2,LN_md2);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_sha1,LN_sha1);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_sha,LN_sha);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_mdc2,LN_mdc2);
 		err=1;
 		goto end;
diff --git a/apps/dh.c b/apps/dh.c
index 8a3bcfb88..bbf445e84 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -1,5 +1,5 @@
 /* apps/dh.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -95,7 +95,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
diff --git a/apps/dsa.c b/apps/dsa.c
index 585116a67..fbd85a467 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -1,5 +1,5 @@
 /* apps/dsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -99,7 +99,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index e9485c003..6e99289bd 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -1,5 +1,5 @@
 /* apps/dsaparam.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -83,7 +83,7 @@
  */
 
 #ifndef NOPROTO
-static void MS_CALLBACK dsa_cb(int p, int n);
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
 #else
 static void MS_CALLBACK dsa_cb();
 #endif
@@ -104,7 +104,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -217,7 +217,8 @@ bad:
 
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
-	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,dsa_cb);
+	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
+			dsa_cb,(char *)bio_err);
 		}
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
@@ -322,9 +323,10 @@ end:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK dsa_cb(p, n)
+static void MS_CALLBACK dsa_cb(p, n, arg)
 int p;
 int n;
+char *arg;
 	{
 	char c='*';
 
@@ -332,8 +334,8 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
diff --git a/apps/eay.c b/apps/eay.c
index c7a59ca24..37d5dcbd3 100644
--- a/apps/eay.c
+++ b/apps/eay.c
@@ -1,5 +1,5 @@
 /* apps/eay.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/apps/enc.c b/apps/enc.c
index d7c990911..c00d520b4 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -1,5 +1,5 @@
 /* apps/enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -96,7 +96,7 @@ char **argv;
 	char *str=NULL;
 	char *hkey=NULL,*hiv=NULL;
 	int enc=1,printkey=0,i,base64=0;
-	int debug=0;
+	int debug=0,olb64=0;
 	EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
@@ -107,7 +107,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	/* first check the program name */
         program_name(argv[0],pname,PROG_NAME_SIZE);
@@ -148,6 +148,8 @@ char **argv;
 			debug=1;
 		else if	(strcmp(*argv,"-P") == 0)
 			printkey=2;
+		else if	(strcmp(*argv,"-A") == 0)
+			olb64=1;
 		else if	(strcmp(*argv,"-a") == 0)
 			base64=1;
 		else if	(strcmp(*argv,"-base64") == 0)
@@ -281,6 +283,18 @@ bad:
 				LN_bf_cfb64, LN_bf_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
 #endif
+#ifndef NO_BLOWFISH
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_cast5_ecb, LN_cast5_cbc,
+				LN_cast5_cfb64, LN_cast5_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
+#endif
+#ifndef NO_BLOWFISH
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_rc5_ecb, LN_rc5_cbc,
+				LN_rc5_cfb64, LN_rc5_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
+#endif
 			goto end;
 			}
 		argc--;
@@ -463,6 +477,8 @@ bad:
 			BIO_set_callback(b64,BIO_debug_callback);
 			BIO_set_callback_arg(b64,bio_err);
 			}
+		if (olb64)
+			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
 		if (enc)
 			wbio=BIO_push(b64,wbio);
 		else
diff --git a/apps/errstr.c b/apps/errstr.c
index 6d0f9d137..d2b2b3fce 100644
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -1,5 +1,5 @@
 /* apps/errstr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -80,7 +80,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	SSL_load_error_strings();
 
diff --git a/apps/g_ssleay.pl b/apps/g_ssleay.pl
index 237dd4c69..cd05fe6a7 100644
--- a/apps/g_ssleay.pl
+++ b/apps/g_ssleay.pl
@@ -57,14 +57,16 @@ foreach ("md2","md5","sha","sha1","mdc2")
 
 foreach (
 	"base64",
-	"des", "des3", "desx", "idea", "rc4", "rc2","bf",
+	"des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5",
 	"des-ecb", "des-ede",    "des-ede3",
 	"des-cbc", "des-ede-cbc","des-ede3-cbc",
 	"des-cfb", "des-ede-cfb","des-ede3-cfb",
 	"des-ofb", "des-ede-ofb","des-ede3-ofb",
 	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
 	"rc2-cbc", "rc2-ecb",    "rc2-cfb",  "rc2-ofb",
-	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb")
+	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
+	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
+	"cast-cbc", "rc5-cbc",   "rc5-ecb",  "rc5-cfb",  "rc5-ofb")
 	{
 	push(@files,$_);
 
@@ -74,6 +76,8 @@ foreach (
 	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
 	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
 	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
+	elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
+	elsif ($_ =~ /rc5/)  { $t="#ifndef NO_RC5\n${t}#endif\n"; }
 	print $t;
 	}
 
diff --git a/apps/gendh.c b/apps/gendh.c
index b7b6d0fd6..2790f179f 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -1,5 +1,5 @@
 /* apps/gendh.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -74,7 +74,7 @@
 #define PROG gendh_main
 
 #ifndef NOPROTO
-static void MS_CALLBACK dh_cb(int p, int n);
+static void MS_CALLBACK dh_cb(int p, int n, char *arg);
 static long dh_load_rand(char *names);
 #else
 static void MS_CALLBACK dh_cb();
@@ -97,7 +97,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	argv++;
 	argc--;
@@ -171,7 +171,7 @@ bad:
 
 	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
-	dh=DH_generate_parameters(num,g,dh_cb);
+	dh=DH_generate_parameters(num,g,dh_cb,(char *)bio_err);
 		
 	if (dh == NULL) goto end;
 
@@ -191,9 +191,10 @@ end:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK dh_cb(p, n)
+static void MS_CALLBACK dh_cb(p,n,arg)
 int p;
 int n;
+char *arg;
 	{
 	char c='*';
 
@@ -201,8 +202,8 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 35f299a58..e0e5afa40 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -1,5 +1,5 @@
 /* apps/gendsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -94,7 +94,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	argv++;
 	argc--;
@@ -135,7 +135,7 @@ bad:
 		}
 
 	in=BIO_new(BIO_s_file());
-	if (!(BIO_read_filename(in,"r")))
+	if (!(BIO_read_filename(in,"dsaparams")))
 		{
 		perror(dsaparams);
 		goto end;
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 973175447..cdba6189a 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -1,5 +1,5 @@
 /* apps/genrsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -75,7 +75,7 @@
 #define PROG genrsa_main
 
 #ifndef NOPROTO
-static void MS_CALLBACK genrsa_cb(int p, int n);
+static void MS_CALLBACK genrsa_cb(int p, int n, char *arg);
 static long gr_load_rand(char *names);
 #else
 static void MS_CALLBACK genrsa_cb();
@@ -101,7 +101,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
 		BIO_printf(bio_err,"unable to creat BIO for output\n");
@@ -201,7 +201,7 @@ bad:
 
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	rsa=RSA_generate_key(num,f4,genrsa_cb);
+	rsa=RSA_generate_key(num,f4,genrsa_cb,(char *)bio_err);
 		
 	if (randfile == NULL)
 		BIO_printf(bio_err,"unable to write 'random state'\n");
@@ -234,9 +234,10 @@ err:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK genrsa_cb(p, n)
+static void MS_CALLBACK genrsa_cb(p, n, arg)
 int p;
 int n;
+char *arg;
 	{
 	char c='*';
 
@@ -244,8 +245,8 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
diff --git a/apps/mklinks b/apps/mklinks
index 642361338..55a56b399 100644
--- a/apps/mklinks
+++ b/apps/mklinks
@@ -1,5 +1,5 @@
 #!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb 
+for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb 
 do
 echo making symlink for $i
 /bin/rm -f $i
diff --git a/apps/openssl.c b/apps/openssl.c
index f69f14aa2..eac411b85 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -1,5 +1,5 @@
 /* apps/ssleay.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,14 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
-#define DEBUG
+#ifndef DEBUG
+#undef DEBUG
+#endif
 
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#ifdef WIN16
-#define APPS_WIN16
-#endif
 #include "bio.h"
 #include "crypto.h"
 #include "lhash.h"
@@ -78,19 +77,22 @@
 #include "s_apps.h"
 #include "err.h"
 
+/*
+#ifdef WINDOWS
+#include "bss_file.c"
+#endif
+*/
 
 #ifndef NOPROTO
 static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
-static void sig_stop(int i);
 #else
 static unsigned long MS_CALLBACK hash();
 static int MS_CALLBACK cmp();
 static LHASH *prog_init();
 static int do_cmd();
-static void sig_stop();
 #endif
 
 LHASH *config=NULL;
@@ -143,7 +145,7 @@ char *Argv[];
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
@@ -224,6 +226,7 @@ char *Argv[];
 			}
 		if (ret != 0)
 			BIO_printf(bio_err,"error in %s\n",argv[0]);
+		BIO_flush(bio_err);
 		}
 	BIO_printf(bio_err,"bad exit\n");
 	ret=1;
diff --git a/apps/pem_mail.c b/apps/pem_mail.c
index e48c358f7..64e04acb5 100644
--- a/apps/pem_mail.c
+++ b/apps/pem_mail.c
@@ -1,5 +1,5 @@
 /* apps/pem_mail.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index 47bd7564a..4105dbd9e 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -1,5 +1,5 @@
 /* apps/pkcs7.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -87,7 +87,9 @@ char **argv;
 	{
 	PKCS7 *p7=NULL;
 	int i,badops=0;
+#if !defined(NO_DES) || !defined(NO_IDEA)
 	EVP_CIPHER *enc=NULL;
+#endif
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat;
 	char *infile,*outfile,*prog,buf[256];
@@ -98,7 +100,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
diff --git a/apps/privkey.pem b/apps/privkey.pem
index 8308004d5..b567e411b 100644
--- a/apps/privkey.pem
+++ b/apps/privkey.pem
@@ -1,15 +1,11 @@
 -----BEGIN DSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,2221AF3DAA41AB24
+DEK-Info: DES-EDE3-CBC,1BF8E9CE60B9941C
 
-IOx3ubYOV2SETDSWiuG4bsioEl7jA2CulYKAJvIfy8z5GI+08NwptNOUqbMhDV1s
-156KhUvBvG48uz9mxcOyHjZRD0HNixGNMXDaFJSajINFoGtmYZRc20DEoY6buzsi
-E76GK95cJHsjJsdNrdggIJRTaiLayLzsMFVDrKhmaJVTKlBpcdnFM4BEKSyD2H5N
-OllrfK6GgmlH+WVXU9AlXoy5Jm0YXT7i5bPCB5eDDL/GkTISFHZsnEYpHCrMARsw
-5V15dYEwFc6NA/psBGk1qS2CHVIOYNcfCfndR90+UCos+rMBkcQDfvxI95+L8dbS
-ONJJrUqiCHV/zYSE+aXZN001mJJLvHOW65YbgdwSOfiowcv7HPbFrGdwOOJvSEx2
-d571YvqfsaDojwR5KLgfFDSwVBwzo/mfcFeVrT9Q8LwPL4/dwwoElWTmYbSaW0uZ
-Ov73xRUbVGa5LTJoGbFVMvjpmEO2qtBsx7vq9AT8v8gDzYSuEafyC7d0h85EIfTJ
-wPlIN3xKTiqFpp/eFCkdKqNn826NoC1TgQuoCBIrJ8gZsIr1l8R+iAuGxKGPASoF
-cyqnpcqGgaaTrxnk9cX4dQ==
+JuhgIvVRrxCRedTTC9ABlIByMsq6IcpqyDZwOPS4rxTtVWvjj1BMHtoCebK7CKMZ
+dLsvztfSkdAYmTGK62C73RwlmnMxB4JXhTLaoAX2eL9iylojTWRg+/0Y4rbIKmUe
+hrmwrHld7vnfE9XHL8OoaFp6aJ8BB9B8HIfdJMnrNcTWJSGS6gYPTWPdm7ZCykEV
+2fFEX6IqWjBjaRm36Esj5mHLRVhBbi2n/jy5IhZeqjEsQ8adYGUulzPSe5xc2JZa
++OO4ch/RRqWTFP59eNPfdke3UE7uNlUhPnYDAOXhSdMJBzI+T9RQXU2y/tMOrYYK
+3+jNQcQ9q1Xy1s5dz/BOvw==
 -----END DSA PRIVATE KEY-----
diff --git a/apps/progs.h b/apps/progs.h
index 50e2ca4a4..ec00396ed 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -6,7 +6,6 @@ extern int dgst_main(int argc,char *argv[]);
 extern int dh_main(int argc,char *argv[]);
 extern int enc_main(int argc,char *argv[]);
 extern int gendh_main(int argc,char *argv[]);
-extern int gendsa_main(int argc,char *argv[]);
 extern int errstr_main(int argc,char *argv[]);
 extern int ca_main(int argc,char *argv[]);
 extern int crl_main(int argc,char *argv[]);
@@ -32,7 +31,6 @@ extern int dgst_main();
 extern int dh_main();
 extern int enc_main();
 extern int gendh_main();
-extern int gendsa_main();
 extern int errstr_main();
 extern int ca_main();
 extern int crl_main();
@@ -78,9 +76,6 @@ FUNCTION functions[] = {
 #ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
 #endif
-#ifndef NO_DSA
-	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
-#endif
 	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"ca",ca_main},
@@ -145,6 +140,12 @@ FUNCTION functions[] = {
 #ifndef NO_BLOWFISH
 	{FUNC_TYPE_CIPHER,"bf",enc_main},
 #endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5",enc_main},
+#endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
 #endif
@@ -217,6 +218,33 @@ FUNCTION functions[] = {
 #ifndef NO_BLOWFISH
 	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
 #endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
+#endif
 	{0,NULL,NULL}
 	};
 #endif
diff --git a/apps/progs.pl b/apps/progs.pl
index 237dd4c69..cd05fe6a7 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -57,14 +57,16 @@ foreach ("md2","md5","sha","sha1","mdc2")
 
 foreach (
 	"base64",
-	"des", "des3", "desx", "idea", "rc4", "rc2","bf",
+	"des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5",
 	"des-ecb", "des-ede",    "des-ede3",
 	"des-cbc", "des-ede-cbc","des-ede3-cbc",
 	"des-cfb", "des-ede-cfb","des-ede3-cfb",
 	"des-ofb", "des-ede-ofb","des-ede3-ofb",
 	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
 	"rc2-cbc", "rc2-ecb",    "rc2-cfb",  "rc2-ofb",
-	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb")
+	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
+	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
+	"cast-cbc", "rc5-cbc",   "rc5-ecb",  "rc5-cfb",  "rc5-ofb")
 	{
 	push(@files,$_);
 
@@ -74,6 +76,8 @@ foreach (
 	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
 	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
 	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
+	elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
+	elsif ($_ =~ /rc5/)  { $t="#ifndef NO_RC5\n${t}#endif\n"; }
 	print $t;
 	}
 
diff --git a/apps/req.c b/apps/req.c
index 9b6041e17..f51345f5a 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1,5 +1,5 @@
 /* apps/req.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,7 +60,7 @@
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -111,7 +111,7 @@ static int add_attribute_object(STACK *n, char *text, char *def,
 	char *value, int nid,int min,int max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int nid,int min,int max);
-static void MS_CALLBACK req_cb(int p,int n);
+static void MS_CALLBACK req_cb(int p,int n,char *arg);
 static int req_fix_data(int nid,int *type,int len,int min,int max);
 #else
 static int make_REQ();
@@ -135,7 +135,9 @@ int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
+#ifndef NO_DSA
 	DSA *dsa_params=NULL;
+#endif
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
@@ -160,7 +162,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -228,7 +230,9 @@ char **argv;
 				p+=4;
 				newkey= atoi(p);
 				}
-			else if (strncmp("dsa:",p,4) == 0)
+			else
+#ifndef NO_DSA
+				if (strncmp("dsa:",p,4) == 0)
 				{
 				X509 *xtmp=NULL;
 				EVP_PKEY *dtmp;
@@ -249,6 +253,9 @@ char **argv;
 						BIO_printf(bio_err,"unable to load DSA parameters from file\n");
 						goto end;
 						}
+
+					/* This will 'disapear'
+					 * when we free xtmp */
 					dtmp=X509_get_pubkey(xtmp);
 					if (dtmp->type == EVP_PKEY_DSA)
 						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
@@ -258,18 +265,21 @@ char **argv;
 						BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");
 						goto end;
 						}
-					
 					}
 				BIO_free(in);
 				newkey=BN_num_bits(dsa_params->p);
 				in=NULL;
 				}
-			else if (strncmp("dh:",p,4) == 0)
+			else 
+#endif
+#ifndef NO_DH
+				if (strncmp("dh:",p,4) == 0)
 				{
 				pkey_type=TYPE_DH;
 				p+=3;
 				}
 			else
+#endif
 				pkey_type=TYPE_RSA;
 
 			newreq=1;
@@ -463,7 +473,8 @@ bad:
 		if (pkey_type == TYPE_RSA)
 			{
 			if (!EVP_PKEY_assign_RSA(pkey,
-				RSA_generate_key(newkey,0x10001,req_cb)))
+				RSA_generate_key(newkey,0x10001,
+					req_cb,(char *)bio_err)))
 				goto end;
 			}
 		else
@@ -559,8 +570,10 @@ loop:
 
 	if (newreq || x509)
 		{
+#ifndef NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
+#endif
 
 		if (pkey == NULL)
 			{
@@ -733,7 +746,9 @@ end:
 	if (pkey != NULL) EVP_PKEY_free(pkey);
 	if (req != NULL) X509_REQ_free(req);
 	if (x509ss != NULL) X509_free(x509ss);
+#ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
+#endif
 	EXIT(ex);
 	}
 
@@ -743,7 +758,7 @@ EVP_PKEY *pkey;
 int attribs;
 	{
 	int ret=0,i,j;
-	unsigned char *p;
+	unsigned char *p,*q;
 	X509_REQ_INFO *ri;
 	char buf[100];
 	int nid,min,max;
@@ -800,19 +815,43 @@ start:		for (;;)
 			if ((int)sk_num(sk) <= i) break;
 
 			v=(CONF_VALUE *)sk_value(sk,i);
-			p=NULL;
+			p=q=NULL;
 			type=v->name;
+			/* Allow for raw OIDs */
+			/* [n.mm.ooo.ppp] */
 			for (j=0; type[j] != '\0'; j++)
 				{
 				if (	(type[j] == ':') ||
 					(type[j] == ',') ||
 					(type[j] == '.'))
-					p= (unsigned char *)&(type[j+1]);
+					p=(unsigned char *)&(type[j+1]);
+				if (type[j] == '[')
+					{
+					p=(unsigned char *)&(type[j+1]);
+					for (j++; type[j] != '\0'; j++)
+						if (type[j] == ']')
+							{
+							q=(unsigned char *)&(type[j]);
+							break;
+							}
+					break;
+					}
 				}
 			if (p != NULL)
 				type=(char *)p;
 			if ((nid=OBJ_txt2nid(type)) == NID_undef)
-				goto start;
+				{
+				/* Add a new one if possible */
+				if ((p != NULL) && (q != NULL) && (*q == ']'))
+					{
+					*q='\0';
+					nid=OBJ_create((char *)p,NULL,NULL);
+					*q=']';
+					if (nid == NID_undef) goto start;
+					}
+				else
+					goto start;
+				}
 
 			sprintf(buf,"%s_default",v->name);
 			if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
@@ -1044,9 +1083,10 @@ err:
 	return(0);
 	}
 
-static void MS_CALLBACK req_cb(p, n)
+static void MS_CALLBACK req_cb(p,n,arg)
 int p;
 int n;
+char *arg;
 	{
 	char c='*';
 
@@ -1054,8 +1094,8 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
diff --git a/apps/rmlinks b/apps/rmlinks
index 54bc996f1..7c4f8983b 100644
--- a/apps/rmlinks
+++ b/apps/rmlinks
@@ -1,5 +1,5 @@
 #!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb 
+for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb 
 do
 echo removing $i
 /bin/rm -f $i
diff --git a/apps/rsa.c b/apps/rsa.c
index 9f2df771b..267b12b15 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -1,5 +1,5 @@
 /* apps/rsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -99,7 +99,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
diff --git a/apps/s_apps.h b/apps/s_apps.h
index 685767454..ba320946b 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -1,5 +1,5 @@
 /* apps/s_apps.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,9 +79,8 @@ int nbio_init_client_ip(int *sock,unsigned char ip[4], int port);
 int nbio_sock_error(int sock);
 int spawn(int argc, char **argv, int *in, int *out);
 int init_server(int *sock, int port);
+int init_server_long(int *sock, int port,char *ip);
 int should_retry(int i);
-int sock_err(void );
-int socket_ioctl(int, long,unsigned long *);
 void sock_cleanup(void );
 int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
@@ -108,8 +107,6 @@ int nbio_sock_error();
 int spawn();
 int init_server();
 int should_retry();
-int sock_err();
-int socket_ioctl();
 void sock_cleanup();
 int extract_port();
 int extract_host_port();
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 712a04331..cd086bb93 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1,5 +1,5 @@
 /* apps/s_cb.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,7 +71,6 @@
 int verify_depth=0;
 int verify_error=X509_V_OK;
 
-/* should be X509 * but we can just have them as char *. */
 int MS_CALLBACK verify_callback(ok, ctx)
 int ok;
 X509_STORE_CTX *ctx;
@@ -137,7 +136,7 @@ char *key_file;
 		if (SSL_CTX_use_certificate_file(ctx,cert_file,
 			SSL_FILETYPE_PEM) <= 0)
 			{
-			BIO_printf(bio_err,"unable to set certificate file\n");
+			BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
 			ERR_print_errors(bio_err);
 			return(0);
 			}
@@ -145,7 +144,7 @@ char *key_file;
 		if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
 			SSL_FILETYPE_PEM) <= 0)
 			{
-			BIO_printf(bio_err,"unable to set public key file\n");
+			BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
 			ERR_print_errors(bio_err);
 			return(0);
 			}
diff --git a/apps/s_client.c b/apps/s_client.c
index b5dc23887..e783eb723 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1,5 +1,5 @@
 /* apps/s_client.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,7 +60,7 @@
 #include <stdlib.h>
 #include <string.h>
 #define USE_SOCKETS
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -127,6 +127,8 @@ static void sc_usage()
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
+	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
+	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'ssleay ciphers'\n");
 	BIO_printf(bio_err,"                 command to se what is available\n");
@@ -137,6 +139,7 @@ int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
+	int off=0;
 	SSL *con=NULL,*con2=NULL;
 	int s,k,width,state=0;
 	char *cbuf=NULL,*sbuf=NULL;
@@ -165,6 +168,7 @@ char **argv;
 #endif
 
 	apps_startup();
+	c_Pause=0;
 	c_quiet=0;
 	c_debug=0;
 
@@ -235,6 +239,10 @@ char **argv;
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
+#ifndef NO_TLS1
+		else if	(strcmp(*argv,"-tls1") == 0)
+			meth=TLSv1_client_method();
+#endif
 		else if (strcmp(*argv,"-bugs") == 0)
 			bugs=1;
 		else if	(strcmp(*argv,"-key") == 0)
@@ -256,6 +264,12 @@ char **argv;
 			if (--argc < 1) goto bad;
 			CAfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-no_tls1") == 0)
+			off|=SSL_OP_NO_TLSv1;
+		else if (strcmp(*argv,"-no_ssl3") == 0)
+			off|=SSL_OP_NO_SSLv3;
+		else if (strcmp(*argv,"-no_ssl2") == 0)
+			off|=SSL_OP_NO_SSLv2;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -302,7 +316,10 @@ bad:
 		goto end;
 		}
 
-	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
+	if (bugs)
+		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
+	else
+		SSL_CTX_set_options(ctx,off);
 
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 	if (cipher != NULL)
@@ -319,20 +336,21 @@ bad:
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(ctx)))
 		{
-		BIO_printf(bio_err,"error seting default verify locations\n");
+		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
 		ERR_print_errors(bio_err);
-		goto end;
+		/* goto end; */
 		}
 
 	SSL_load_error_strings();
 
 	con=(SSL *)SSL_new(ctx);
+/*	SSL_set_cipher_list(con,"RC4-MD5"); */
 
 re_start:
 
 	if (init_client(&s,host,port) == 0)
 		{
-		BIO_printf(bio_err,"connect:errno=%d\n",errno);
+		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
 		SHUTDOWN(s);
 		goto end;
 		}
@@ -343,7 +361,11 @@ re_start:
 		{
 		unsigned long l=1;
 		BIO_printf(bio_c_out,"turning on non blocking io\n");
-		socket_ioctl(s,FIONBIO,&l);
+		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
 		}
 #endif                                              
 	if (c_Pause & 0x01) con->debug=1;
@@ -386,7 +408,7 @@ re_start:
 		FD_ZERO(&readfds);
 		FD_ZERO(&writefds);
 
-		if (SSL_in_init(con))
+		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
 			{
 			in_init=1;
 			tty_on=0;
@@ -427,11 +449,11 @@ re_start:
 /*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
 			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
 
-/*		printf("pending=%d\n",SSL_pending(con)); */
 		i=select(width,&readfds,&writefds,NULL,NULL);
 		if ( i < 0)
 			{
-			BIO_printf(bio_err,"bad select %d\n",sock_err());
+			BIO_printf(bio_err,"bad select %d\n",
+				get_last_socket_error());
 			goto shut;
 			/* goto end; */
 			}
@@ -489,7 +511,7 @@ re_start:
 				if ((k != 0) || (cbuf_len != 0))
 					{
 					BIO_printf(bio_err,"write:errno=%d\n",
-						errno);
+						get_last_socket_error());
 					goto shut;
 					}
 				else
@@ -526,7 +548,10 @@ re_start:
 #endif
 		else if (FD_ISSET(SSL_get_fd(con),&readfds))
 			{
-			k=SSL_read(con,sbuf,BUFSIZZ);
+#ifdef RENEG
+{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
+#endif
+			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
 
 			switch (SSL_get_error(con,k))
 				{
@@ -555,7 +580,7 @@ re_start:
 				BIO_printf(bio_c_out,"read X BLOCK\n");
 				break;
 			case SSL_ERROR_SYSCALL:
-				BIO_printf(bio_err,"read:errno=%d\n",errno);
+				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
 				goto shut;
 			case SSL_ERROR_ZERO_RETURN:
 				BIO_printf(bio_c_out,"closed\n");
@@ -619,7 +644,7 @@ BIO *bio;
 SSL *s;
 int full;
 	{
-	X509 *peer;
+	X509 *peer=NULL;
 	char *p;
 	static char *space="                ";
 	char buf[BUFSIZ];
@@ -657,7 +682,6 @@ int full;
 			X509_NAME_oneline(X509_get_issuer_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"issuer=%s\n",buf);
-			X509_free(peer);
 			}
 		else
 			BIO_printf(bio,"no peer certificate available\n");
@@ -687,7 +711,7 @@ int full;
 				{
 				if (*p == ':')
 					{
-					BIO_write(bio,space,15-j);
+					BIO_write(bio,space,15-j%25);
 					i++;
 					j=0;
 					BIO_write(bio,((i%3)?" ":"\n"),1);
@@ -711,7 +735,12 @@ int full;
 	BIO_printf(bio,"%s, Cipher is %s\n",
 		SSL_CIPHER_get_version(c),
 		SSL_CIPHER_get_name(c));
+	if (peer != NULL)
+		BIO_printf(bio,"Server public key is %d bit\n",
+			EVP_PKEY_bits(X509_get_pubkey(peer)));
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
+	if (peer != NULL)
+		X509_free(peer);
 	}
 
diff --git a/apps/s_server.c b/apps/s_server.c
index d1e406c7b..5012ef254 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1,5 +1,5 @@
 /* apps/s_server.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,7 +61,7 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "lhash.h"
@@ -82,8 +82,11 @@ static void close_accept_socket(void );
 static void sv_usage(void);
 static int init_ssl_connection(SSL *s);
 static void print_stats(BIO *bp,SSL_CTX *ctx);
+#ifndef NO_DH
 static DH *load_dh_param(void );
 static DH *get_dh512(void);
+#endif
+/* static void s_server_init(void);*/
 #else
 static RSA MS_CALLBACK *tmp_rsa_cb();
 static int sv_body();
@@ -92,15 +95,19 @@ static void close_accept_socket();
 static void sv_usage();
 static int init_ssl_connection();
 static void print_stats();
+#ifndef NO_DH
 static DH *load_dh_param();
 static DH *get_dh512();
 #endif
+/* static void s_server_init(); */
+#endif
 
 
 #ifndef S_ISDIR
 #define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)
 #endif
 
+#ifndef NO_DH
 static unsigned char dh512_p[]={
 	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
 	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
@@ -117,15 +124,14 @@ static DH *get_dh512()
 	{
 	DH *dh=NULL;
 
-#ifndef NO_DH
 	if ((dh=DH_new()) == NULL) return(NULL);
 	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
 	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
 	if ((dh->p == NULL) || (dh->g == NULL))
 		return(NULL);
-#endif
 	return(dh);
 	}
+#endif
 
 /* static int load_CA(SSL_CTX *ctx, char *file);*/
 
@@ -142,8 +148,9 @@ static int accept_socket= -1;
 extern int verify_depth;
 
 static char *cipher=NULL;
-int verify=SSL_VERIFY_NONE;
-char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+static int s_server_verify=SSL_VERIFY_NONE;
+static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+static char *s_dcert_file=NULL,*s_dkey_file=NULL;
 #ifdef FIONBIO
 static int s_nbio=0;
 #endif
@@ -155,11 +162,33 @@ static BIO *bio_s_out=NULL;
 static int s_debug=0;
 static int s_quiet=0;
 
+#if 0
+static void s_server_init()
+	{
+	cipher=NULL;
+	s_server_verify=SSL_VERIFY_NONE;
+	s_dcert_file=NULL;
+	s_dkey_file=NULL;
+	s_cert_file=TEST_CERT;
+	s_key_file=NULL;
+#ifdef FIONBIO
+	s_nbio=0;
+#endif
+	s_nbio_test=0;
+	ctx=NULL;
+	www=0;
+
+	bio_s_out=NULL;
+	s_debug=0;
+	s_quiet=0;
+	}
+#endif
+
 static void sv_usage()
 	{
 	BIO_printf(bio_err,"usage: s_server [args ...]\n");
 	BIO_printf(bio_err,"\n");
-	BIO_printf(bio_err," -accpet arg   - port to accept on (default is %d\n",PORT);
+	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d\n",PORT);
 	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
@@ -180,14 +209,18 @@ static void sv_usage()
 	BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
+	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
+	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
+	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
+	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatability\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Returns requested page from to a 'GET <path> HTTP/1.0'\n");
 	}
 
-static int local_argc;
+static int local_argc=0;
 static char **local_argv;
-static int hack;
+static int hack=0;
 
 int MAIN(argc, argv)
 int argc;
@@ -197,10 +230,13 @@ char *argv[];
 	char *CApath=NULL,*CAfile=NULL;
 	int badop=0,bugs=0;
 	int ret=1;
+	int off=0;
 	int no_tmp_rsa=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
+#ifndef NO_DH
 	DH *dh=NULL;
+#endif
 
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_server_method();
@@ -240,14 +276,14 @@ char *argv[];
 			}
 		else if	(strcmp(*argv,"-verify") == 0)
 			{
-			verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
 			if (--argc < 1) goto bad;
 			verify_depth=atoi(*(++argv));
 			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
 			}
 		else if	(strcmp(*argv,"-Verify") == 0)
 			{
-			verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
+			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
 				SSL_VERIFY_CLIENT_ONCE;
 			if (--argc < 1) goto bad;
 			verify_depth=atoi(*(++argv));
@@ -263,6 +299,16 @@ char *argv[];
 			if (--argc < 1) goto bad;
 			s_key_file= *(++argv);
 			}
+		else if	(strcmp(*argv,"-dcert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			s_dcert_file= *(++argv);
+			}
+		else if	(strcmp(*argv,"-dkey") == 0)
+			{
+			if (--argc < 1) goto bad;
+			s_dkey_file= *(++argv);
+			}
 		else if (strcmp(*argv,"-nocert") == 0)
 			{
 			nocert=1;
@@ -309,6 +355,12 @@ char *argv[];
 			{ www=1; }
 		else if	(strcmp(*argv,"-WWW") == 0)
 			{ www=2; }
+		else if	(strcmp(*argv,"-no_ssl2") == 0)
+			{ off|=SSL_OP_NO_SSLv2; }
+		else if	(strcmp(*argv,"-no_ssl3") == 0)
+			{ off|=SSL_OP_NO_SSLv3; }
+		else if	(strcmp(*argv,"-no_tls1") == 0)
+			{ off|=SSL_OP_NO_TLSv1; }
 #ifndef NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			{ meth=SSLv2_server_method(); }
@@ -317,6 +369,10 @@ char *argv[];
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			{ meth=SSLv3_server_method(); }
 #endif
+#ifndef NO_TLS1
+		else if	(strcmp(*argv,"-tls1") == 0)
+			{ meth=TLSv1_server_method(); }
+#endif
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -352,6 +408,8 @@ bad:
 		{
 		s_cert_file=NULL;
 		s_key_file=NULL;
+		s_dcert_file=NULL;
+		s_dkey_file=NULL;
 		}
 
 	SSL_load_error_strings();
@@ -364,12 +422,16 @@ bad:
 		goto end;
 		}
 
+	SSL_CTX_set_quiet_shutdown(ctx,1);
 	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+	SSL_CTX_set_options(ctx,off);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
 
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 
+	SSL_CTX_sess_set_cache_size(ctx,128);
+
 #if 0
 	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
 #endif
@@ -385,9 +447,9 @@ bad:
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(ctx)))
 		{
-		BIO_printf(bio_err,"X509_load_verify_locations\n");
+		/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
 		ERR_print_errors(bio_err);
-		goto end;
+		/* goto end; */
 		}
 
 #ifndef NO_DH
@@ -410,6 +472,11 @@ bad:
 	
 	if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
 		goto end;
+	if (s_dcert_file != NULL)
+		{
+		if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file))
+			goto end;
+		}
 
 #if 1
 	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
@@ -435,7 +502,7 @@ bad:
 
 	if (cipher != NULL)
 		SSL_CTX_set_cipher_list(ctx,cipher);
-	SSL_CTX_set_verify(ctx,verify,verify_callback);
+	SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
 
 	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
 
@@ -464,16 +531,23 @@ SSL_CTX *ssl_ctx;
 		SSL_CTX_sess_number(ssl_ctx));
 	BIO_printf(bio,"%4d client connects (SSL_connect())\n",
 		SSL_CTX_sess_connect(ssl_ctx));
+	BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n",
+		SSL_CTX_sess_connect_renegotiate(ssl_ctx));
 	BIO_printf(bio,"%4d client connects that finished\n",
 		SSL_CTX_sess_connect_good(ssl_ctx));
 	BIO_printf(bio,"%4d server accepts (SSL_accept())\n",
 		SSL_CTX_sess_accept(ssl_ctx));
+	BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n",
+		SSL_CTX_sess_accept_renegotiate(ssl_ctx));
 	BIO_printf(bio,"%4d server accepts that finished\n",
 		SSL_CTX_sess_accept_good(ssl_ctx));
 	BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
 	BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
 	BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
 	BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
+	BIO_printf(bio,"%4d cache full overflows (%d allowed)\n",
+		SSL_CTX_sess_cache_full(ssl_ctx),
+		SSL_CTX_sess_get_cache_size(ssl_ctx));
 	}
 
 static int sv_body(hostname, s)
@@ -500,7 +574,8 @@ int s;
 
 		if (!s_quiet)
 			BIO_printf(bio_err,"turning on non blocking io\n");
-		socket_ioctl(s,FIONBIO,&sl);
+		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+			ERR_print_errors(bio_err);
 		}
 #endif
 
@@ -539,7 +614,7 @@ int s;
 		if (i <= 0) continue;
 		if (FD_ISSET(fileno(stdin),&readfds))
 			{
-			i=read(fileno(stdin),buf,BUFSIZZ);
+			i=read(fileno(stdin),buf,128/*BUFSIZZ*/);
 			if (!s_quiet)
 				{
 				if ((i <= 0) || (buf[0] == 'Q'))
@@ -558,18 +633,24 @@ int s;
 					ret= -11;*/
 					goto err;
 					}
-				if (buf[0] == 'r')
+				if ((buf[0] == 'r') && 
+					((buf[1] == '\n') || (buf[1] == '\r')))
 					{
 					SSL_renegotiate(con);
+					i=SSL_do_handshake(con);
+					printf("SSL_do_handshake -> %d\n",i);
 					i=0; /*13; */
 					continue;
 					strcpy(buf,"server side RE-NEGOTIATE\n");
 					}
-				if (buf[0] == 'R')
+				if ((buf[0] == 'R') &&
+					((buf[1] == '\0') || (buf[1] == '\r')))
 					{
 					SSL_set_verify(con,
 						SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
 					SSL_renegotiate(con);
+					i=SSL_do_handshake(con);
+					printf("SSL_do_handshake -> %d\n",i);
 					i=0; /* 13; */
 					continue;
 					strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n");
@@ -588,19 +669,27 @@ int s;
 			for (;;)
 				{
 				/* should do a select for the write */
-				k=SSL_write(con,&(buf[l]),(unsigned int)i);
-				if (
-#ifdef FIONBIO
-					s_nbio &&
+#ifdef RENEG
+{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
 #endif
-					BIO_sock_should_retry(k))
+				k=SSL_write(con,&(buf[l]),(unsigned int)i);
+				switch (SSL_get_error(con,k))
 					{
+				case SSL_ERROR_NONE:
+					break;
+				case SSL_ERROR_WANT_WRITE:
+				case SSL_ERROR_WANT_READ:
+				case SSL_ERROR_WANT_X509_LOOKUP:
 					BIO_printf(bio_s_out,"Write BLOCK\n");
-					continue;
-					}
-				if (k <= 0)
-					{
+					break;
+				case SSL_ERROR_SYSCALL:
+				case SSL_ERROR_SSL:
+					BIO_printf(bio_s_out,"ERROR\n");
 					ERR_print_errors(bio_err);
+					ret=1;
+					goto err;
+					break;
+				case SSL_ERROR_ZERO_RETURN:
 					BIO_printf(bio_s_out,"DONE\n");
 					ret=1;
 					goto err;
@@ -629,25 +718,29 @@ int s;
 				}
 			else
 				{
-				i=SSL_read(con,(char *)buf,BUFSIZZ);
-				if ((i <= 0) &&
-#ifdef FIONBIO
-					s_nbio &&
-#endif
-					BIO_sock_should_retry(i))
+				i=SSL_read(con,(char *)buf,128 /*BUFSIZZ */);
+				switch (SSL_get_error(con,i))
 					{
+				case SSL_ERROR_NONE:
+					write(fileno(stdout),buf,
+						(unsigned int)i);
+					break;
+				case SSL_ERROR_WANT_WRITE:
+				case SSL_ERROR_WANT_READ:
+				case SSL_ERROR_WANT_X509_LOOKUP:
 					BIO_printf(bio_s_out,"Read BLOCK\n");
-					}
-				else if (i <= 0)
-					{
+					break;
+				case SSL_ERROR_SYSCALL:
+				case SSL_ERROR_SSL:
+					BIO_printf(bio_s_out,"ERROR\n");
 					ERR_print_errors(bio_err);
+					ret=1;
+					goto err;
+				case SSL_ERROR_ZERO_RETURN:
 					BIO_printf(bio_s_out,"DONE\n");
 					ret=1;
 					goto err;
 					}
-				else
-					write(fileno(stdout),buf,
-						(unsigned int)i);
 				}
 			}
 		}
@@ -685,7 +778,7 @@ SSL *con;
 	int i;
 	char *str;
 	X509 *peer;
-	int verify_error;
+	long verify_error;
 	MS_STATIC char buf[BUFSIZ];
 
 	if ((i=SSL_accept(con)) <= 0)
@@ -730,20 +823,20 @@ SSL *con;
 	return(1);
 	}
 
+#ifndef NO_DH
 static DH *load_dh_param()
 	{
 	DH *ret=NULL;
 	BIO *bio;
 
-#ifndef NO_DH
 	if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
 		goto err;
 	ret=PEM_read_bio_DHparams(bio,NULL,NULL);
 err:
 	if (bio != NULL) BIO_free(bio);
-#endif
 	return(ret);
 	}
+#endif
 
 #if 0
 static int load_CA(ctx,file)
@@ -779,6 +872,7 @@ int s;
 	SSL *con;
 	SSL_CIPHER *c;
 	BIO *io,*ssl_bio,*sbio;
+	long total_bytes;
 
 	io=BIO_new(BIO_f_buffer());
 	ssl_bio=BIO_new(BIO_f_ssl());
@@ -787,16 +881,17 @@ int s;
 #ifdef FIONBIO	
 	if (s_nbio)
 		{
-		unsigned int long sl=1;
+		unsigned long sl=1;
 
 		if (!s_quiet)
 			BIO_printf(bio_err,"turning on non blocking io\n");
-		socket_ioctl(s,FIONBIO,&sl);
+		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+			ERR_print_errors(bio_err);
 		}
 #endif
 
 	/* lets make the output buffer a reasonable size */
-	if (!BIO_set_write_buffer_size(io,16*1024)) goto err;
+	if (!BIO_set_write_buffer_size(io,253 /*16*1024*/)) goto err;
 
 	if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
 
@@ -875,14 +970,15 @@ int s;
 
 		/* else we have data */
 		if (	((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
-			((www == 2) && (strncmp("GET stats ",buf,10) == 0)))
+			((www == 2) && (strncmp("GET /stats ",buf,10) == 0)))
 			{
 			char *p;
 			X509 *peer;
 			STACK *sk;
-			static char *space="                ";
+			static char *space="                          ";
 
 			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+			BIO_puts(io,"<HTML><BODY BGCOLOR=ffffff>\n");
 			BIO_puts(io,"<pre>\n");
 /*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
 			BIO_puts(io,"\n");
@@ -901,10 +997,10 @@ int s;
 			for (i=0; i<j; i++)
 				{
 				c=(SSL_CIPHER *)sk_value(sk,i);
-				BIO_printf(io,"%s:%-25s",
+				BIO_printf(io,"%-11s:%-25s",
 					SSL_CIPHER_get_version(c),
 					SSL_CIPHER_get_name(c));
-				if ((((i+1)%3) == 0) && (i+1 != j))
+				if ((((i+1)%2) == 0) && (i+1 != j))
 					BIO_puts(io,"\n");
 				}
 			BIO_puts(io,"\n");
@@ -917,7 +1013,7 @@ int s;
 					{
 					if (*p == ':')
 						{
-						BIO_write(io,space,15-j);
+						BIO_write(io,space,26-j);
 						i++;
 						j=0;
 						BIO_write(io,((i%3)?" ":"\n"),1);
@@ -935,7 +1031,7 @@ int s;
 				?"---\nReused, "
 				:"---\nNew, "));
 			c=SSL_get_current_cipher(con);
-			BIO_printf(io,"SSLv%d, Cipher is %s\n",
+			BIO_printf(io,"%s, Cipher is %s\n",
 				SSL_CIPHER_get_version(c),
 				SSL_CIPHER_get_name(c));
 			SSL_SESSION_print(io,SSL_get_session(con));
@@ -951,6 +1047,7 @@ int s;
 				}
 			else
 				BIO_puts(io,"no client certificate available\n");
+			BIO_puts(io,"</BODY></HTML>\r\n\r\n");
 			break;
 			}
 		else if ((www == 2) && (strncmp("GET ",buf,4) == 0))
@@ -969,6 +1066,7 @@ int s;
 					(strncmp(&(e[-1]),"/../",4) == 0))
 					dot=1;
 				}
+			
 
 			if (*e == '\0')
 				{
@@ -1028,18 +1126,31 @@ int s;
 			else
 				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
 			/* send the file */
+			total_bytes=0;
 			for (;;)
 				{
 				i=BIO_read(file,buf,1024);
 				if (i <= 0) break;
 
+				total_bytes+=i;
+				fprintf(stderr,"%d\n",i);
+				if (total_bytes > 3*1024)
+					{
+					total_bytes=0;
+					fprintf(stderr,"RENEGOTIATE\n");
+					SSL_renegotiate(con);
+					}
+
 				for (j=0; j<i; )
 					{
+#ifdef RENEG
+{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }
+#endif
 					k=BIO_write(io,&(buf[j]),i-j);
 					if (k <= 0)
 						{
 						if (!BIO_should_retry(io))
-							break;
+							goto write_error;
 						else
 							{
 							BIO_printf(bio_s_out,"rwrite W BLOCK\n");
@@ -1051,6 +1162,7 @@ int s;
 						}
 					}
 				}
+write_error:
 			BIO_free(file);
 			break;
 			}
@@ -1068,12 +1180,13 @@ int s;
 			break;
 		}
 end:
-#if 0
+#if 1
 	/* make sure we re-use sessions */
 	SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
 	/* This kills performace */
-	SSL_shutdown(con);
+/*	SSL_shutdown(con); A shutdown gets sent in the
+ *	BIO_free_all(io) procession */
 #endif
 
 err:
@@ -1082,7 +1195,7 @@ err:
 		BIO_printf(bio_s_out,"ACCEPT\n");
 
 	if (io != NULL) BIO_free_all(io);
-/*	if (ssl_bio != NULL) BIO_free(ssl_bio); */
+/*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
 	return(ret);
 	}
 
@@ -1100,7 +1213,7 @@ int export;
 			BIO_flush(bio_err);
 			}
 #ifndef NO_RSA
-		rsa_tmp=RSA_generate_key(512,RSA_F4,NULL);
+		rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
 #endif
 		if (!s_quiet)
 			{
diff --git a/apps/s_socket.c b/apps/s_socket.c
index 810061e29..4bc3fde92 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -1,5 +1,5 @@
 /* apps/s_socket.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -262,7 +262,7 @@ int port;
 		*sock=s;
 
 #ifdef FIONBIO
-		socket_ioctl(s,FIONBIO,&l);
+		BIO_socket_ioctl(s,FIONBIO,&l);
 #endif
 		}
 	else
@@ -306,18 +306,19 @@ int (*cb)();
 			}
 		i=(*cb)(name,sock);
 		if (name != NULL) Free(name);
-		SHUTDOWN(sock);
+		SHUTDOWN2(sock);
 		if (i < 0)
 			{
-			SHUTDOWN(accept_socket);
+			SHUTDOWN2(accept_socket);
 			return(i);
 			}
 		}
 	}
 
-int init_server(sock, port)
+int init_server_long(sock, port, ip)
 int *sock;
 int port;
+char *ip;
 	{
 	int ret=0;
 	struct sockaddr_in server;
@@ -328,7 +329,10 @@ int port;
 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
 	server.sin_port=htons((unsigned short)port);
-	server.sin_addr.s_addr=INADDR_ANY;
+	if (ip == NULL)
+		server.sin_addr.s_addr=INADDR_ANY;
+	else
+		memcpy(&server.sin_addr.s_addr,ip,4);
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 
 	if (s == INVALID_SOCKET) goto err;
@@ -339,7 +343,8 @@ int port;
 #endif
 		goto err;
 		}
-	if (listen(s,5) == -1) goto err;
+	/* Make it 128 for linux */
+	if (listen(s,128) == -1) goto err;
 	i=0;
 	*sock=s;
 	ret=1;
@@ -351,6 +356,13 @@ err:
 	return(ret);
 	}
 
+int init_server(sock,port)
+int *sock;
+int port;
+	{
+	return(init_server_long(sock, port, NULL));
+	}
+
 int do_accept(acc_sock, sock, host)
 int acc_sock;
 int *sock;
@@ -399,9 +411,14 @@ redoit:
 */
 
 	if (host == NULL) goto end;
+#ifndef BIT_FIELD_LIMITS
 	/* I should use WSAAsyncGetHostByName() under windows */
 	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
 		sizeof(from.sin_addr.s_addr),AF_INET);
+#else
+	h1=gethostbyaddr((char *)&from.sin_addr,
+		sizeof(struct in_addr),AF_INET);
+#endif
 	if (h1 == NULL)
 		{
 		BIO_printf(bio_err,"bad gethostbyaddr\n");
@@ -435,38 +452,6 @@ end:
 	return(1);
 	}
 
-int socket_ioctl(fd,type,arg)
-int fd;
-long type;
-unsigned long *arg;
-	{
-	int i,err;
-#ifdef WINDOWS
-	i=ioctlsocket(fd,type,arg);
-#else
-	i=ioctl(fd,type,arg);
-#endif
-	if (i < 0)
-		{
-#ifdef WINDOWS
-		err=WSAGetLastError();
-#else
-		err=errno;
-#endif
-		BIO_printf(bio_err,"ioctl on socket failed:error %d\n",err);
-		}
-	return(i);
-	}
-
-int sock_err()
-	{
-#ifdef WINDOWS
-	return(WSAGetLastError());
-#else
-	return(errno);
-#endif
-	}
-
 int extract_host_port(str,host_ptr,ip,port_ptr)
 char *str;
 char **host_ptr;
diff --git a/apps/s_time.c b/apps/s_time.c
index 853a9dcc4..7571c208d 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -1,5 +1,5 @@
 /* apps/s_time.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#undef NO_SHUTDOWN
+#define NO_SHUTDOWN
 
 /*-----------------------------------------
    cntime - SSL client connection timer program
@@ -67,7 +67,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "x509.h"
@@ -154,10 +154,12 @@ extern int verify_error;
 static void s_time_usage(void);
 static int parseArgs( int argc, char **argv );
 static SSL *doConnection( SSL *scon );
+static void s_time_init(void);
 #else
 static void s_time_usage();
 static int parseArgs();
 static SSL *doConnection();
+static void s_time_init();
 #endif
 
 
@@ -180,15 +182,38 @@ static char *s_www_path=NULL;
 static long bytes_read=0; 
 static int st_bugs=0;
 static int perform=0;
-
 #ifdef FIONBIO
 static int t_nbio=0;
 #endif
-
 #ifdef WIN32
 static int exitNow = 0;		/* Set when it's time to exit main */
 #endif
 
+static void s_time_init()
+	{
+	host=SSL_CONNECT_NAME;
+	t_cert_file=NULL;
+	t_key_file=NULL;
+	CApath=NULL;
+	CAfile=NULL;
+	tm_cipher=NULL;
+	tm_verify = SSL_VERIFY_NONE;
+	maxTime = SECONDS;
+	tm_ctx=NULL;
+	s_time_meth=NULL;
+	s_www_path=NULL;
+	bytes_read=0; 
+	st_bugs=0;
+	perform=0;
+
+#ifdef FIONBIO
+	t_nbio=0;
+#endif
+#ifdef WIN32
+	exitNow = 0;		/* Set when it's time to exit main */
+#endif
+	}
+
 /***********************************************************************
  * usage - display usage message
  */
@@ -237,6 +262,7 @@ char **argv;
 #endif
 
 	apps_startup();
+	s_time_init();
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -396,6 +422,7 @@ char **argv;
 	long finishtime=0;
 	int ret=1,i;
 	MS_STATIC char buf[1024*8];
+	int ver;
 
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	s_time_meth=SSLv23_client_method();
@@ -412,6 +439,8 @@ char **argv;
 	SSLeay_add_ssl_algorithms();
 	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
 
+	SSL_CTX_set_quiet_shutdown(tm_ctx,1);
+
 	if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
 	SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
 	if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 
@@ -422,9 +451,9 @@ char **argv;
 	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
 		{
-		BIO_printf(bio_err,"error seting default verify locations\n");
+		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
 		ERR_print_errors(bio_err);
-		goto end;
+		/* goto end; */
 		}
 
 	if (tm_cipher == NULL)
@@ -471,11 +500,24 @@ char **argv;
 #else
 		SSL_shutdown(scon);
 #endif
-		SHUTDOWN(SSL_get_fd(scon));
+		SHUTDOWN2(SSL_get_fd(scon));
 
 		nConn += 1;
-		fputc(SSL_session_reused(scon)?'r':
-			(SSL_version(scon))+'0', stdout );
+		if (SSL_session_reused(scon))
+			ver='r';
+		else
+			{
+			ver=SSL_version(scon);
+			if (ver == TLS1_VERSION)
+				ver='t';
+			else if (ver == SSL3_VERSION)
+				ver='3';
+			else if (ver == SSL2_VERSION)
+				ver='2';
+			else
+				ver='*';
+			}
+		fputc(ver,stdout);
 		fflush(stdout);
 
 		SSL_free( scon );
@@ -512,7 +554,7 @@ next:
 #else
 	SSL_shutdown(scon);
 #endif
-	SHUTDOWN(SSL_get_fd(scon));
+	SHUTDOWN2(SSL_get_fd(scon));
 
 	nConn = 0;
 	totalTime = 0.0;
@@ -551,11 +593,24 @@ next:
 #else
 		SSL_shutdown(scon);
 #endif
-		SHUTDOWN(SSL_get_fd(scon));
+		SHUTDOWN2(SSL_get_fd(scon));
 	
 		nConn += 1;
-		fputc(SSL_session_reused(scon)?'r':
-			(SSL_version(scon))+'0', stdout );
+		if (SSL_session_reused(scon))
+			ver='r';
+		else
+			{
+			ver=SSL_version(scon);
+			if (ver == TLS1_VERSION)
+				ver='t';
+			else if (ver == SSL3_VERSION)
+				ver='3';
+			else if (ver == SSL2_VERSION)
+				ver='2';
+			else
+				ver='*';
+			}
+		fputc(ver,stdout);
 		fflush(stdout);
 		}
 	totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
@@ -595,8 +650,8 @@ SSL *scon;
 	if ((conn=BIO_new(BIO_s_connect())) == NULL)
 		return(NULL);
 
-/*	BIO_set_port(conn,port);*/
-	BIO_set_hostname(conn,host);
+/*	BIO_set_conn_port(conn,port);*/
+	BIO_set_conn_hostname(conn,host);
 
 	if (scon == NULL)
 		serverCon=(SSL *)SSL_new(tm_ctx);
diff --git a/apps/sess_id.c b/apps/sess_id.c
index 03a8f46df..2fad36a49 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -1,5 +1,5 @@
 /* apps/sess_id.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -109,7 +109,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
diff --git a/apps/speed.c b/apps/speed.c
index e0aff278f..000393424 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1,5 +1,5 @@
 /* apps/speed.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -73,8 +73,9 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <string.h>
+#include <math.h>
 #include "apps.h"
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "crypto.h"
@@ -122,13 +123,21 @@ struct tms {
 #endif
 #ifndef NO_MD5
 #include "md5.h"
+#include "hmac.h"
+#include "evp.h"
 #endif
-#if !defined(NO_SHA) && !defined(NO_SHA1)
+#ifndef NO_SHA1
 #include "sha.h"
 #endif
+#ifndef NO_RMD160
+#include "ripemd.h"
+#endif
 #ifndef NO_RC4
 #include "rc4.h"
 #endif
+#ifndef NO_RC5
+#include "rc5.h"
+#endif
 #ifndef NO_RC2
 #include "rc2.h"
 #endif
@@ -138,6 +147,9 @@ struct tms {
 #ifndef NO_BLOWFISH
 #include "blowfish.h"
 #endif
+#ifndef NO_CAST
+#include "cast.h"
+#endif
 #ifndef NO_RSA
 #include "rsa.h"
 #endif
@@ -165,7 +177,7 @@ struct tms {
 #endif
 
 #undef BUFSIZE
-#define BUFSIZE	((long)1024*8)
+#define BUFSIZE	((long)1024*8+1)
 int run=0;
 
 #ifndef NOPROTO
@@ -248,13 +260,12 @@ char **argv;
 	{
 	unsigned char *buf=NULL,*buf2=NULL;
 	int ret=1;
-#define ALGOR_NUM	11
+#define ALGOR_NUM	14
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
 	long count,rsa_count;
 	int i,j,k,rsa_num,rsa_num2;
-	unsigned int kk;
 #ifndef NO_MD2
 	unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
@@ -263,13 +274,20 @@ char **argv;
 #endif
 #ifndef NO_MD5
 	unsigned char md5[MD5_DIGEST_LENGTH];
+	unsigned char hmac[MD5_DIGEST_LENGTH];
 #endif
-#if !defined(NO_SHA) || !defined(NO_SHA1)
+#ifndef NO_SHA1
 	unsigned char sha[SHA_DIGEST_LENGTH];
 #endif
+#ifndef NO_RMD160
+	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+#endif
 #ifndef NO_RC4
 	RC4_KEY rc4_ks;
 #endif
+#ifndef NO_RC5
+	RC5_32_KEY rc5_ks;
+#endif
 #ifndef NO_RC2
 	RC2_KEY rc2_ks;
 #endif
@@ -279,6 +297,9 @@ char **argv;
 #ifndef NO_BLOWFISH
 	BF_KEY bf_ks;
 #endif
+#ifndef NO_CAST
+	CAST_KEY cast_ks;
+#endif
 	static unsigned char key16[16]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
@@ -292,21 +313,24 @@ char **argv;
 #define	D_MD2		0
 #define	D_MDC2		1
 #define	D_MD5		2
-#define	D_SHA		3
+#define	D_HMAC		3
 #define	D_SHA1		4
-#define	D_RC4		5
-#define	D_CBC_DES	6
-#define	D_EDE3_DES	7
-#define	D_CBC_IDEA	8
-#define	D_CBC_RC2	9
-#define	D_CBC_BF	10
+#define D_RMD160	5
+#define	D_RC4		6
+#define	D_CBC_DES	7
+#define	D_EDE3_DES	8
+#define	D_CBC_IDEA	9
+#define	D_CBC_RC2	10
+#define	D_CBC_RC5	11
+#define	D_CBC_BF	12
+#define	D_CBC_CAST	13
 	double d,results[ALGOR_NUM][SIZE_NUM];
 	static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
 	long c[ALGOR_NUM][SIZE_NUM];
 	static char *names[ALGOR_NUM]={
-		"md2","mdc2","md5","sha","sha1","rc4",
+		"md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4",
 		"des cbc","des ede3","idea cbc",
-		"rc2 cbc","blowfish cbc"};
+		"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
 #define	R_DSA_512	0
 #define	R_DSA_1024	1
 #define	R_DSA_2048	2
@@ -315,32 +339,32 @@ char **argv;
 #define	R_RSA_2048	2
 #define	R_RSA_4096	3
 	RSA *rsa_key[RSA_NUM];
-	DSA *dsa_key[DSA_NUM];
 	long rsa_c[RSA_NUM][2];
-	long dsa_c[DSA_NUM][2];
 #ifndef NO_RSA
 	double rsa_results[RSA_NUM][2];
-#endif
-#ifndef NO_DSA
-	double dsa_results[DSA_NUM][2];
-#endif
 	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
-	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
 	static unsigned char *rsa_data[RSA_NUM]=
 		{test512,test1024,test2048,test4096};
 	static int rsa_data_length[RSA_NUM]={
 		sizeof(test512),sizeof(test1024),
 		sizeof(test2048),sizeof(test4096)};
-	int doit[ALGOR_NUM];
+#endif
+#ifndef NO_DSA
+	DSA *dsa_key[DSA_NUM];
+	long dsa_c[DSA_NUM][2];
+	double dsa_results[DSA_NUM][2];
+	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
+#endif
 	int rsa_doit[RSA_NUM];
 	int dsa_doit[DSA_NUM];
+	int doit[ALGOR_NUM];
 	int pr_header=0;
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	for (i=0; i<RSA_NUM; i++)
 		rsa_key[i]=NULL;
@@ -383,13 +407,23 @@ char **argv;
 			if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
 		else
 #endif
-#ifndef NO_SHA
-			if (strcmp(*argv,"sha") == 0) doit[D_SHA]=1;
+#ifndef NO_MD5
+			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
 		else
 #endif
 #ifndef NO_SHA1
 			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
 		else
+			if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
+		else
+#endif
+#ifndef NO_RMD160
+			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
+		else
+			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
+		else
+			if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
+		else
 #endif
 #ifndef NO_RC4
 			if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
@@ -429,6 +463,11 @@ char **argv;
 		else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
 		else
 #endif
+#ifndef NO_RC5
+		     if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
+		else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
+		else
+#endif
 #ifndef NO_IDEA
 		     if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
 		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
@@ -437,6 +476,13 @@ char **argv;
 #ifndef NO_BLOWFISH
 		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
+		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
+		else
+#endif
+#ifndef NO_CAST
+		     if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
+		else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
+		else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
 		else
 #endif
 #ifndef NO_DES
@@ -467,17 +513,20 @@ char **argv;
 #endif
 			{
 			BIO_printf(bio_err,"bad value, pick one of\n");
-			BIO_printf(bio_err,"md2      mdc2	md5      sha      sha1\n");
+			BIO_printf(bio_err,"md2      mdc2	md5      hmac      sha1    rmd160\n");
 #ifndef NO_IDEA
 			BIO_printf(bio_err,"idea-cbc ");
 #endif
 #ifndef NO_RC2
 			BIO_printf(bio_err,"rc2-cbc  ");
 #endif
-#ifndef NO_RC2
+#ifndef NO_RC5
+			BIO_printf(bio_err,"rc5-cbc  ");
+#endif
+#ifndef NO_BLOWFISH
 			BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BLOWFISH)
+#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BLOWFISH) && !defined(NO_RC5)
 			BIO_printf(bio_err,"\n");
 #endif
 			BIO_printf(bio_err,"des-cbc  des-ede3 ");
@@ -527,6 +576,14 @@ char **argv;
 			BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);
 			goto end;
 			}
+#if 0
+		else
+			{
+			BIO_printf(bio_err,"Loaded RSA key, %d bit modulus and e= 0x",BN_num_bits(rsa_key[i]->n));
+			BN_print(bio_err,rsa_key[i]->e);
+			BIO_printf(bio_err,"\n");
+			}
+#endif
 		}
 #endif
 
@@ -550,9 +607,15 @@ char **argv;
 #ifndef NO_RC2
 	RC2_set_key(&rc2_ks,16,key16,128);
 #endif
+#ifndef NO_RC5
+	RC5_32_set_key(&rc5_ks,16,key16,12);
+#endif
 #ifndef NO_BLOWFISH
 	BF_set_key(&bf_ks,16,key16);
 #endif
+#ifndef NO_CAST
+	CAST_set_key(&cast_ks,16,key16);
+#endif
 
 	memset(rsa_c,0,sizeof(rsa_c));
 #ifndef SIGALRM
@@ -570,22 +633,26 @@ char **argv;
 	c[D_MD2][0]=count/10;
 	c[D_MDC2][0]=count/10;
 	c[D_MD5][0]=count;
-	c[D_SHA][0]=count;
+	c[D_HMAC][0]=count;
 	c[D_SHA1][0]=count;
+	c[D_RMD160][0]=count;
 	c[D_RC4][0]=count*5;
 	c[D_CBC_DES][0]=count;
 	c[D_EDE3_DES][0]=count/3;
 	c[D_CBC_IDEA][0]=count;
 	c[D_CBC_RC2][0]=count;
+	c[D_CBC_RC5][0]=count;
 	c[D_CBC_BF][0]=count;
+	c[D_CBC_CAST][0]=count;
 
 	for (i=1; i<SIZE_NUM; i++)
 		{
 		c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
 		c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
 		c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
-		c[D_SHA][i]=c[D_SHA][0]*4*lengths[0]/lengths[i];
+		c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
 		c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
+		c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
 		}
 	for (i=1; i<SIZE_NUM; i++)
 		{
@@ -598,7 +665,9 @@ char **argv;
 		c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
 		c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
 		c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
+		c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
+		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
 		}
 	rsa_c[R_RSA_512][0]=count/2000;
 	rsa_c[R_RSA_512][1]=count/400;
@@ -636,7 +705,7 @@ char **argv;
 			}				
 		}
 
-#define COND(d)	(count != (d))
+#define COND(d)	(count < (d))
 #define COUNT(d) (d)
 #else
 #define COND(c)	(run)
@@ -685,7 +754,7 @@ char **argv;
 			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_MD5][j]); count++)
-				MD5(buf,(unsigned long)lengths[j],&(md5[0]));
+				MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD5],d);
@@ -694,19 +763,27 @@ char **argv;
 		}
 #endif
 
-#ifndef NO_SHA
-	if (doit[D_SHA])
+#ifndef NO_MD5
+	if (doit[D_HMAC])
 		{
+		HMAC_CTX hctx;
+		HMAC_Init(&hctx,(unsigned char *)"This is a key...",
+			16,EVP_md5());
+
 		for (j=0; j<SIZE_NUM; j++)
 			{
-			print_message(names[D_SHA],c[D_SHA][j],lengths[j]);
+			print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
 			Time_F(START);
-			for (count=0,run=1; COND(c[D_SHA][j]); count++)
-				SHA(buf,(unsigned long)lengths[j],&(sha[0]));
+			for (count=0,run=1; COND(c[D_HMAC][j]); count++)
+				{
+				HMAC_Init(&hctx,NULL,0,NULL);
+                                HMAC_Update(&hctx,buf,lengths[j]);
+                                HMAC_Final(&hctx,&(hmac[0]),NULL);
+				}
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_SHA],d);
-			results[D_SHA][j]=((double)count)/d*lengths[j];
+				count,names[D_HMAC],d);
+			results[D_HMAC][j]=((double)count)/d*lengths[j];
 			}
 		}
 #endif
@@ -726,6 +803,22 @@ char **argv;
 			}
 		}
 #endif
+#ifndef NO_RMD160
+	if (doit[D_RMD160])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_RMD160][j]); count++)
+				RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
+			d=Time_F(STOP);
+			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+				count,names[D_RMD160],d);
+			results[D_RMD160][j]=((double)count)/d*lengths[j];
+			}
+		}
+#endif
 #ifndef NO_RC4
 	if (doit[D_RC4])
 		{
@@ -816,6 +909,24 @@ char **argv;
 			}
 		}
 #endif
+#ifndef NO_RC5
+	if (doit[D_CBC_RC5])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
+				RC5_32_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&rc5_ks,
+					(unsigned char *)&(iv[0]),RC5_ENCRYPT);
+			d=Time_F(STOP);
+			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+				count,names[D_CBC_RC5],d);
+			results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
+			}
+		}
+#endif
 #ifndef NO_BLOWFISH
 	if (doit[D_CBC_BF])
 		{
@@ -834,6 +945,24 @@ char **argv;
 			}
 		}
 #endif
+#ifndef NO_CAST
+	if (doit[D_CBC_CAST])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
+				CAST_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&cast_ks,
+					(unsigned char *)&(iv[0]),CAST_ENCRYPT);
+			d=Time_F(STOP);
+			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+				count,names[D_CBC_CAST],d);
+			results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
+			}
+		}
+#endif
 
 	RAND_bytes(buf,30);
 #ifndef NO_RSA
@@ -842,6 +971,7 @@ char **argv;
 		if (!rsa_doit[j]) continue;
 		pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
 			RSA_SECONDS);
+/*		RSA_blinding_on(rsa_key[j],NULL); */
 		Time_F(START);
 		for (count=0,run=1; COND(rsa_c[j][0]); count++)
 			{
@@ -861,6 +991,7 @@ char **argv;
 		rsa_results[j][0]=d/(double)count;
 		rsa_count=count;
 
+#if 1
 		pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
 			RSA_SECONDS);
 		Time_F(START);
@@ -880,6 +1011,7 @@ char **argv;
 		BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
 			count,rsa_bits[j],d);
 		rsa_results[j][1]=d/(double)count;
+#endif
 
 		if (rsa_count <= 1)
 			{
@@ -894,6 +1026,8 @@ char **argv;
 #ifndef NO_DSA
 	for (j=0; j<DSA_NUM; j++)
 		{
+		unsigned int kk;
+
 		if (!dsa_doit[j]) continue;
 		DSA_generate_key(dsa_key[j]);
 /*		DSA_sign_setup(dsa_key[j],NULL); */
@@ -966,7 +1100,7 @@ char **argv;
 #ifndef NO_BLOWFISH
 	printf("%s ",BF_options());
 #endif
-	fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_CFLAGS));
+	fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
 
 	if (pr_header)
 		{
@@ -980,7 +1114,7 @@ char **argv;
 	for (k=0; k<ALGOR_NUM; k++)
 		{
 		if (!doit[k]) continue;
-		fprintf(stdout,"%-12s",names[k]);
+		fprintf(stdout,"%-13s",names[k]);
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			if (results[k][j] > 10000)
@@ -995,9 +1129,14 @@ char **argv;
 	for (k=0; k<RSA_NUM; k++)
 		{
 		if (!rsa_doit[k]) continue;
-		if (j) { printf("%18ssign    verify\n"," "); j=0; }
-		fprintf(stdout,"rsa %4d bits %8.4fs %8.4fs",
-			rsa_bits[k],rsa_results[k][0],rsa_results[k][1]);
+		if (j)
+			{
+			printf("%18ssign    verify    sign/s verify/s\n"," ");
+			j=0;
+			}
+		fprintf(stdout,"rsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+			rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
+			1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
 		fprintf(stdout,"\n");
 		}
 #endif
@@ -1006,9 +1145,13 @@ char **argv;
 	for (k=0; k<DSA_NUM; k++)
 		{
 		if (!dsa_doit[k]) continue;
-		if (j) { printf("%18ssign    verify\n"," "); j=0; }
-		fprintf(stdout,"dsa %4d bits %8.4fs %8.4fs",
-			dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
+		if (j)	{
+			printf("%18ssign    verify    sign/s verify/s\n"," ");
+			j=0;
+			}
+		fprintf(stdout,"dsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+			dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
+			1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
 		fprintf(stdout,"\n");
 		}
 #endif
@@ -1066,3 +1209,4 @@ int tm;
 	num=num;
 #endif
 	}
+
diff --git a/apps/ssleay.c b/apps/ssleay.c
index f69f14aa2..eac411b85 100644
--- a/apps/ssleay.c
+++ b/apps/ssleay.c
@@ -1,5 +1,5 @@
 /* apps/ssleay.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,14 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
-#define DEBUG
+#ifndef DEBUG
+#undef DEBUG
+#endif
 
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#ifdef WIN16
-#define APPS_WIN16
-#endif
 #include "bio.h"
 #include "crypto.h"
 #include "lhash.h"
@@ -78,19 +77,22 @@
 #include "s_apps.h"
 #include "err.h"
 
+/*
+#ifdef WINDOWS
+#include "bss_file.c"
+#endif
+*/
 
 #ifndef NOPROTO
 static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
-static void sig_stop(int i);
 #else
 static unsigned long MS_CALLBACK hash();
 static int MS_CALLBACK cmp();
 static LHASH *prog_init();
 static int do_cmd();
-static void sig_stop();
 #endif
 
 LHASH *config=NULL;
@@ -143,7 +145,7 @@ char *Argv[];
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
@@ -224,6 +226,7 @@ char *Argv[];
 			}
 		if (ret != 0)
 			BIO_printf(bio_err,"error in %s\n",argv[0]);
+		BIO_flush(bio_err);
 		}
 	BIO_printf(bio_err,"bad exit\n");
 	ret=1;
diff --git a/apps/testrsa.h b/apps/testrsa.h
index 5f8387823..9a0e811c7 100644
--- a/apps/testrsa.h
+++ b/apps/testrsa.h
@@ -1,5 +1,5 @@
 /* apps/testrsa.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,475 +57,461 @@
  */
 
 static unsigned char test512[]={
-	0x30,0x82,0x01,0x39,0x02,0x01,0x00,0x02,0x40,0x48,
-	0xd3,0xa9,0x8f,0x3b,0x92,0xce,0x20,0xcc,0xc7,0xe8,
-	0x1f,0x28,0x67,0xdb,0xd1,0xb3,0x06,0x94,0x7d,0x9b,
-	0x88,0x05,0x9d,0xf5,0xab,0x36,0xaa,0x3f,0x15,0xcd,
-	0x40,0x0a,0x76,0xfd,0xab,0x33,0xfa,0x07,0x31,0xc8,
-	0x0d,0xa8,0x23,0x60,0x4e,0xd4,0xda,0x2e,0xed,0xbc,
-	0x43,0x8a,0xc0,0xd8,0xd9,0xf4,0xcb,0xfa,0x12,0xa2,
-	0xec,0x49,0x31,0x02,0x03,0x01,0x00,0x01,0x02,0x40,
-	0x02,0x5e,0x80,0x61,0x9c,0x7a,0x86,0x22,0x23,0x07,
-	0x4d,0xd1,0xd5,0xaa,0xab,0x48,0x03,0x1e,0xef,0xad,
-	0xb6,0x65,0x92,0x69,0x35,0x18,0xc0,0xca,0x81,0x0a,
-	0xe0,0x86,0x6f,0xec,0x00,0x0f,0x1d,0x08,0x43,0xc8,
-	0x82,0x7d,0x89,0xc4,0x3a,0xc4,0x44,0x6a,0x10,0xc6,
-	0xdd,0xd0,0x63,0x1c,0x65,0xd6,0x09,0xc5,0x00,0x51,
-	0x2b,0xc3,0x7c,0xc1,0x02,0x21,0x00,0x8f,0x03,0xfc,
-	0x35,0x08,0xae,0x85,0x41,0x35,0x30,0x02,0xbd,0x96,
-	0xaa,0x84,0x60,0x75,0xb5,0x0c,0x2b,0x64,0xbf,0x28,
-	0x26,0xe2,0x76,0xfd,0xec,0xdc,0x94,0x36,0xcd,0x02,
-	0x21,0x00,0x82,0x5c,0x6f,0x13,0x93,0x98,0x41,0xf7,
-	0x81,0x54,0x3f,0xd7,0x8e,0x06,0x64,0xd9,0x29,0x04,
-	0xfc,0x12,0x46,0x17,0xab,0x9a,0x9f,0xa7,0xd3,0x8a,
-	0xa0,0xcd,0x33,0xf5,0x02,0x21,0x00,0x8a,0xf4,0xe7,
-	0x4f,0xac,0x40,0xcd,0xae,0xbe,0xfc,0x08,0x1d,0xa7,
-	0xcf,0xc4,0x51,0x68,0xec,0xe1,0x87,0x24,0x1b,0x6b,
-	0xea,0xe4,0x2d,0x93,0xa9,0x59,0xe5,0x14,0x9d,0x02,
-	0x20,0x70,0x6b,0xd2,0x86,0xe9,0x74,0x16,0xff,0xa1,
-	0x92,0xcc,0x73,0xd2,0x51,0x85,0x4b,0x19,0xea,0xe8,
-	0x8f,0xc1,0xce,0xcb,0xf8,0xce,0xd2,0xe6,0xc5,0xd8,
-	0xa2,0xde,0xb9,0x02,0x20,0x0f,0x73,0xf0,0xf0,0x91,
-	0x53,0xdf,0x4f,0x37,0xf8,0x3f,0x1f,0x82,0x59,0xe3,
-	0xe8,0xaa,0x04,0x64,0xd1,0x51,0x77,0xa8,0x36,0x65,
-	0x8c,0x6d,0x91,0xf8,0xb2,0xc3,0x03,
+	0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00,
+	0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01,
+	0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f,
+	0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde,
+	0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71,
+	0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87,
+	0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83,
+	0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02,
+	0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc,
+	0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66,
+	0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf,
+	0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4,
+	0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf,
+	0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26,
+	0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb,
+	0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9,
+	0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a,
+	0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3,
+	0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2,
+	0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53,
+	0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda,
+	0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8,
+	0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d,
+	0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b,
+	0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01,
+	0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11,
+	0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47,
+	0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4,
+	0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99,
+	0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c,
+	0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb,
+	0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c,
 	};
 
 static unsigned char test1024[]={
-	0x30,0x82,0x02,0x58,0x02,0x01,0x00,0x02,
-	0x81,0x80,0x53,0x66,0xb3,0x9b,0xd1,0xde,
-	0xb6,0x55,0x67,0xdc,0xe1,0x91,0xdb,0xc7,
-	0xf2,0xef,0xcc,0x98,0x48,0xbe,0x22,0xb2,
-	0xa5,0x92,0x88,0xa2,0xe7,0xf6,0x8a,0xea,
-	0xc1,0x5e,0xd8,0xb3,0xd6,0xb8,0x9a,0xb7,
-	0xf8,0xaa,0x9d,0x0a,0xa1,0x9e,0xb5,0x81,
-	0xd4,0xd9,0x86,0x92,0x49,0x1d,0x30,0x50,
-	0x18,0x4f,0x40,0x52,0x3c,0xf2,0xb7,0x14,
-	0x5f,0x06,0x4d,0x92,0xab,0x0d,0xe5,0x61,
-	0x9a,0xb3,0xdf,0xb0,0xaa,0x88,0x7d,0x47,
-	0x78,0xbf,0xd5,0x15,0x88,0x6b,0xe7,0x43,
-	0xd3,0x96,0x15,0xed,0x5b,0x33,0xff,0x9d,
-	0x06,0x88,0xb6,0xe1,0x21,0xcb,0xe8,0xb5,
-	0xe3,0x3c,0xef,0xb6,0xe7,0x89,0xc0,0x44,
-	0x71,0x6b,0x38,0xe2,0x7a,0xd4,0x92,0x49,
-	0x14,0xcf,0x36,0xc1,0x7d,0xa4,0x13,0x7a,
-	0xb7,0x3f,0x02,0x01,0x03,0x02,0x81,0x80,
-	0x37,0x99,0xcd,0x12,0x8b,0xe9,0xce,0xe3,
-	0x9a,0x93,0x41,0x0b,0xe7,0xda,0xa1,0xf5,
-	0x33,0x10,0x30,0x7e,0xc1,0xcc,0x6e,0x61,
-	0xb0,0x6c,0x9a,0xa4,0x5c,0x9c,0x80,0xe9,
-	0xe5,0xcd,0x39,0xd0,0x67,0x25,0x50,0x71,
-	0xbe,0x07,0x16,0x69,0xce,0x56,0x8d,0xe6,
-	0x59,0xb6,0xdb,0x68,0xca,0xe0,0x10,0x34,
-	0xd5,0x8c,0x28,0xa1,0xcf,0x62,0xea,0x03,
-	0x70,0xc5,0x5e,0x5e,0x08,0x04,0xb3,0x37,
-	0x06,0x45,0x20,0xe5,0x69,0x8a,0x49,0x7d,
-	0x05,0x47,0x1a,0x33,0x0d,0xfd,0x7f,0xf7,
-	0x7b,0xac,0x2a,0x07,0xc3,0x04,0xbf,0xb2,
-	0x41,0x26,0xfa,0xf8,0xf1,0x88,0x06,0x25,
-	0xb7,0xe7,0x57,0xe4,0x4c,0xc6,0x57,0xd1,
-	0x6a,0xbb,0x9a,0xdc,0x45,0x5f,0x48,0x6f,
-	0x8d,0x75,0xb5,0x7d,0xd6,0x6a,0x03,0x2b,
-	0x02,0x41,0x00,0x97,0x52,0x4f,0x91,0xe0,
-	0xc1,0x67,0x42,0xb0,0x41,0xf2,0xc5,0x56,
-	0x6f,0x66,0x5e,0x5c,0x4e,0x7f,0xc7,0xaf,
-	0xef,0x2d,0x60,0xbd,0x00,0x3b,0x07,0xed,
-	0xec,0xfa,0x12,0x14,0xd0,0xc1,0x32,0xd3,
-	0x47,0x50,0xb9,0x0f,0xd5,0xbd,0x0d,0xd1,
-	0xcf,0xef,0x71,0x1c,0x0c,0xa4,0x2c,0x74,
-	0x2a,0xed,0x5d,0x9b,0x00,0x68,0xec,0x51,
-	0x33,0x73,0xa1,0x02,0x41,0x00,0x8d,0x18,
-	0x4d,0xee,0xf8,0x99,0x26,0x9e,0xa6,0x07,
-	0x06,0x6b,0x08,0x88,0xa4,0x25,0xf0,0xdc,
-	0x61,0x57,0xa2,0x58,0x66,0x42,0x1f,0x6a,
-	0xe1,0x20,0x6d,0x28,0xec,0xeb,0x40,0x55,
-	0xe8,0x23,0xab,0x22,0x89,0x4b,0x4c,0x06,
-	0x26,0xa5,0x7b,0x4a,0xfe,0x3f,0xfc,0xbc,
-	0x6e,0x5d,0xb6,0x0f,0x3a,0xca,0x47,0x90,
-	0x84,0x7b,0x00,0xa8,0x3e,0xdf,0x02,0x40,
-	0x64,0xe1,0x8a,0x61,0x40,0x80,0xef,0x81,
-	0xca,0xd6,0xa1,0xd8,0xe4,0x4a,0x44,0x3e,
-	0xe8,0x34,0x55,0x2f,0xca,0x9f,0x73,0x95,
-	0xd3,0x55,0x7c,0xaf,0xf3,0xf3,0x51,0x61,
-	0x63,0x35,0xd6,0x21,0xe2,0x2f,0x8b,0x26,
-	0x0a,0x8e,0x7e,0x09,0x36,0x8a,0x9f,0xa0,
-	0xbd,0x5d,0xc2,0xc8,0x4d,0x71,0xf3,0x93,
-	0xbc,0xaa,0xf0,0x9d,0x8b,0x77,0xa2,0x6b,
-	0x02,0x40,0x5e,0x10,0x33,0xf4,0xa5,0xbb,
-	0x6f,0x14,0x6e,0xaf,0x59,0x9c,0xb0,0x5b,
-	0x18,0x19,0x4b,0x3d,0x96,0x3a,0x6c,0x3a,
-	0xee,0xd6,0xbf,0x9c,0x96,0x15,0x9e,0x1b,
-	0x48,0x9c,0xd5,0x8e,0x9a,0xc2,0x72,0x17,
-	0x06,0x32,0x32,0xae,0xc4,0x6e,0x52,0x31,
-	0xfe,0xd5,0x53,0x28,0x49,0x93,0xce,0xb4,
-	0xd1,0xdc,0x2f,0xb5,0xad,0xa7,0x55,0xc5,
-	0x7f,0x3f,0x02,0x40,0x37,0xa4,0xcc,0xd7,
-	0x63,0x63,0x6b,0x53,0xd6,0xf3,0xf2,0xfe,
-	0xeb,0x8d,0x4a,0x3d,0xab,0x97,0xfe,0xf8,
-	0x27,0xc5,0x87,0xc7,0xbf,0x2c,0xef,0xae,
-	0xcb,0x61,0x62,0x5e,0x30,0x86,0x8f,0xb5,
-	0x0e,0xeb,0x9a,0xa9,0x09,0x6a,0x4e,0x1c,
-	0xc7,0x1e,0xa2,0xce,0x8e,0xc2,0xc8,0x15,
-	0x13,0x06,0x47,0x9e,0x7c,0x2a,0x3c,0x62,
-	0x26,0xf0,0x9c,0x86,
+	0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,
+	0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05,
+	0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5,
+	0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55,
+	0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9,
+	0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96,
+	0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37,
+	0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd,
+	0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24,
+	0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23,
+	0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37,
+	0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94,
+	0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b,
+	0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02,
+	0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f,
+	0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0,
+	0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f,
+	0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f,
+	0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88,
+	0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba,
+	0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c,
+	0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43,
+	0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc,
+	0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee,
+	0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d,
+	0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed,
+	0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20,
+	0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c,
+	0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3,
+	0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02,
+	0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4,
+	0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a,
+	0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc,
+	0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2,
+	0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04,
+	0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52,
+	0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38,
+	0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7,
+	0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20,
+	0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4,
+	0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02,
+	0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b,
+	0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52,
+	0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde,
+	0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f,
+	0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66,
+	0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46,
+	0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad,
+	0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80,
+	0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf,
+	0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84,
+	0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60,
+	0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c,
+	0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b,
+	0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c,
+	0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7,
+	0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53,
+	0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9,
+	0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba,
+	0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14,
+	0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45,
 	};
 
 static unsigned char test2048[]={
-	0x30,0x82,0x04,0xa1,0x02,0x01,0x00,0x02,0x82,0x01,
-	0x00,0x7a,0x52,0xa1,0xd0,0xdb,0x8c,0x38,0xcf,0x0f,
-	0x01,0x25,0x98,0xee,0x84,0xc1,0xf3,0x8e,0x90,0xb5,
-	0x85,0x5e,0x5f,0x3a,0x33,0x8f,0xc6,0x49,0xe0,0x07,
-	0xd3,0x66,0x26,0xcc,0x47,0xc3,0x04,0xcf,0x91,0x74,
-	0x65,0x07,0x56,0x35,0x7d,0x0a,0xbf,0xcd,0xd2,0x8a,
-	0xf9,0x05,0x62,0xc0,0x63,0xc2,0x54,0xb8,0x14,0x89,
-	0x88,0x58,0x1c,0xeb,0xbc,0xbf,0xf2,0x0d,0xcb,0x05,
-	0x62,0x1c,0xe9,0x48,0x0f,0x2b,0x8d,0x28,0x67,0x92,
-	0x31,0x86,0xe3,0xa4,0x20,0x80,0xfc,0x5c,0x41,0x9d,
-	0x21,0x6d,0x7f,0x12,0x6b,0x54,0xb1,0x04,0x0f,0x87,
-	0x15,0xd7,0xbf,0xc5,0x6b,0x13,0x81,0x80,0x88,0x1e,
-	0x86,0x16,0x66,0xd9,0xcf,0xa5,0x4e,0xe1,0xcf,0xa4,
-	0x4c,0x38,0xdd,0xf9,0x5d,0x5f,0x30,0xdf,0x0d,0x2b,
-	0xfa,0xa0,0x1f,0xb8,0xe3,0x3c,0x62,0xff,0x13,0xf0,
-	0x61,0xc1,0xcd,0x3c,0xb7,0xc3,0xf7,0xec,0x91,0xcf,
-	0x7c,0x4e,0x11,0x4e,0x96,0x7e,0xe5,0x6c,0x9e,0x1b,
-	0xbe,0x3f,0x71,0xc5,0xb1,0xe6,0xeb,0x7e,0xa3,0x97,
-	0xc1,0xd6,0x1b,0x48,0x4f,0x84,0xaf,0x69,0xc2,0x96,
-	0xed,0xbc,0x81,0xdf,0x5f,0xc6,0xda,0xd3,0x25,0x2d,
-	0xc6,0x9f,0x62,0xd2,0x1c,0xef,0xcb,0x0a,0x75,0xd0,
-	0x23,0x1c,0x3b,0x88,0x22,0x70,0x08,0x05,0x46,0xed,
-	0x8a,0xda,0x45,0x94,0x8d,0x0d,0x9b,0x61,0xf3,0x07,
-	0xdc,0x81,0xaa,0x3c,0xcc,0xad,0x06,0x24,0xd7,0xbc,
-	0x28,0x98,0xb4,0x43,0xe3,0x9b,0x0f,0x93,0xa4,0x6e,
-	0x49,0xea,0x3a,0xe6,0x1e,0x56,0x5a,0xff,0x0c,0x93,
-	0x9e,0x9b,0x28,0x7e,0x63,0xb7,0x71,0x02,0x03,0x01,
-	0x00,0x01,0x02,0x82,0x01,0x00,0x34,0xd9,0x5c,0xb6,
-	0x5b,0x14,0xd3,0x3a,0x8a,0x96,0x09,0x43,0x70,0xd2,
-	0x04,0xe6,0x10,0xd3,0x6e,0xc9,0xc7,0x83,0x47,0x27,
-	0x1d,0xd8,0x22,0xf4,0xdb,0x0c,0xb7,0xd6,0xcd,0x6d,
-	0xb7,0xd1,0x6d,0x48,0xbf,0xcc,0x22,0x86,0x59,0xa7,
-	0xc3,0xac,0x28,0xe5,0xed,0x4b,0x37,0xcb,0x79,0xa9,
-	0xe0,0x3d,0x30,0x27,0x17,0x60,0xc4,0x09,0x02,0xc4,
-	0xd2,0xfd,0x66,0x7e,0x2f,0xbe,0x3b,0x15,0x83,0x1f,
-	0xa2,0xc6,0x63,0x0d,0x94,0x79,0x37,0x79,0x44,0xe1,
-	0x12,0x39,0x76,0x36,0x97,0x07,0xe9,0x41,0xfc,0x98,
-	0x48,0xc8,0x0e,0x24,0x13,0x4e,0x19,0x9f,0xee,0x50,
-	0x9b,0xe5,0xd8,0xbd,0x76,0xca,0xa2,0x05,0x1f,0xd7,
-	0xf9,0xe9,0x01,0xe0,0xef,0x70,0x4b,0x25,0x84,0x66,
-	0x96,0x09,0x0c,0x65,0x0f,0x0b,0xa8,0xd6,0xf5,0xc2,
-	0xe3,0xcb,0x3c,0x43,0x66,0xa4,0x15,0x36,0xa5,0xe2,
-	0x9d,0xe9,0xf7,0x32,0x10,0x0e,0x96,0x57,0xaa,0x84,
-	0xf9,0x4d,0x91,0x37,0x5a,0x80,0x01,0x05,0x63,0x1c,
-	0x6e,0xe6,0x8c,0xf7,0x70,0xc1,0x03,0x4f,0x5d,0xde,
-	0x19,0x90,0x1e,0x53,0x98,0xc9,0xc6,0x41,0x66,0xb0,
-	0xc2,0x6f,0x30,0xfe,0xb1,0x26,0x47,0x82,0x0a,0x7b,
-	0x50,0xf8,0x7c,0x88,0x13,0x4d,0x77,0xa0,0xd0,0xba,
-	0x60,0x87,0x21,0xdd,0x74,0xaa,0x32,0xdb,0xbe,0x23,
-	0xee,0x81,0xc0,0xca,0xc9,0x94,0x2f,0x75,0x78,0x08,
-	0xc4,0x04,0x4e,0x67,0x3c,0xb9,0x99,0xd5,0xe5,0xbc,
-	0x4d,0x6b,0x12,0x59,0xfe,0x55,0xff,0x28,0x0a,0x8d,
-	0x6c,0xb1,0xd3,0x23,0x7c,0x33,0x87,0x35,0xba,0x8c,
-	0xb3,0x51,0x02,0x81,0x81,0x00,0xcb,0xbc,0x6f,0x2c,
-	0xa4,0xbb,0x7b,0x51,0x0e,0xfe,0xdb,0x16,0x83,0x16,
-	0x91,0x4a,0xb9,0x31,0x42,0x81,0x8b,0x39,0x44,0x11,
-	0x8b,0x82,0x6f,0x19,0x58,0xd4,0xba,0x38,0x44,0x95,
-	0xec,0x99,0x32,0x4d,0x98,0xd7,0xad,0x3d,0xd1,0x00,
-	0xd4,0x1e,0x62,0x90,0xc4,0xac,0x65,0x29,0xb7,0x5c,
-	0x7c,0x54,0x55,0x33,0xb9,0x22,0x55,0x61,0xc8,0x08,
-	0xdd,0x5d,0x4d,0xc0,0x19,0xa6,0x89,0x3a,0x33,0x19,
-	0xc7,0x1d,0x43,0x16,0x9e,0x7e,0x47,0xce,0xe3,0xde,
-	0xbb,0x52,0x8d,0xcd,0xe3,0x6a,0xe3,0x79,0x9e,0x27,
-	0x0f,0x6d,0x3b,0x74,0x25,0x39,0xe7,0x87,0x3a,0xad,
-	0x98,0x82,0xfc,0xae,0x7d,0x53,0x41,0x79,0x7e,0xb6,
-	0xdc,0xc5,0x75,0x69,0x47,0xd5,0x83,0x26,0x56,0x32,
-	0xfb,0xdf,0x77,0x9d,0x02,0x81,0x81,0x00,0x99,0xb3,
-	0xb3,0x33,0x1e,0xea,0x65,0x5d,0x57,0x27,0x99,0xad,
-	0xd4,0xb7,0xb5,0x5e,0x6a,0x53,0x9d,0x60,0xe9,0x4f,
-	0xa5,0xd9,0x18,0x24,0x05,0x5b,0xda,0x9a,0x24,0xbe,
-	0xdc,0xb1,0xa9,0x2e,0x18,0xc6,0x54,0xb1,0xff,0x65,
-	0x8a,0xaa,0x2b,0x98,0xab,0x27,0x83,0xe6,0x33,0xf5,
-	0x97,0xa1,0x0b,0x09,0x68,0x98,0x0d,0xa2,0x85,0x06,
-	0x99,0x73,0xec,0x1c,0x6d,0x5c,0x9d,0x23,0x49,0xef,
-	0x05,0xea,0x92,0x99,0xeb,0x0b,0xe8,0x15,0xbc,0x87,
-	0xb3,0x30,0xbf,0x10,0xfe,0x99,0x3b,0xd6,0xe5,0x6c,
-	0x8b,0x58,0xa6,0xfb,0xae,0xe5,0x4f,0x10,0xb0,0x28,
-	0xea,0x85,0x5b,0x9b,0x08,0x38,0x75,0x56,0xc3,0xeb,
-	0x3b,0x47,0xea,0x60,0x86,0x77,0x9b,0x84,0xee,0xc1,
-	0x58,0x60,0x88,0x33,0x18,0xe5,0x02,0x81,0x80,0x17,
-	0x3a,0x74,0xb2,0x72,0x55,0xad,0xc9,0xa0,0x1c,0x0e,
-	0x7e,0x92,0x93,0x90,0x1d,0x24,0xe0,0x28,0xe4,0xfc,
-	0x2a,0x9b,0x48,0x24,0xcf,0xca,0x3a,0xe9,0x95,0xd7,
-	0x65,0x72,0xec,0x64,0xfd,0x52,0x6e,0xe6,0x6e,0x30,
-	0xa2,0x4b,0xa1,0xfc,0x8d,0x3a,0x4f,0xa7,0x1c,0xc0,
-	0xab,0xf0,0xeb,0xea,0x80,0xf2,0xf5,0xe2,0xb5,0xb7,
-	0x66,0x5e,0x98,0x24,0x24,0xef,0x28,0x67,0xc4,0x45,
-	0x01,0x0d,0xb2,0x72,0xb1,0x33,0x64,0xf0,0xcd,0x15,
-	0x02,0xd1,0x98,0x23,0x63,0x56,0x27,0x93,0x36,0x2c,
-	0x99,0x41,0x1e,0xd2,0xf3,0x71,0x43,0xdc,0xba,0xad,
-	0x5b,0x0d,0xa5,0x9d,0x2d,0xd2,0x01,0x52,0xe8,0x9b,
-	0x1e,0x6f,0x04,0x0a,0x47,0xb9,0x0b,0x37,0xd5,0x70,
-	0x0e,0x7e,0xe5,0x71,0x32,0x19,0x41,0x02,0x81,0x80,
-	0x23,0xc3,0x55,0x51,0xf2,0xc2,0x95,0x5d,0x57,0x97,
-	0x26,0x41,0xf5,0x39,0xdd,0xa0,0x9f,0x5a,0xdf,0x46,
-	0x9a,0x62,0xe6,0xf3,0x11,0x93,0xe8,0x0f,0x4c,0x59,
-	0x0b,0x6d,0xc1,0x8a,0x31,0x14,0x41,0xbd,0x7c,0x1d,
-	0x82,0x90,0x8c,0xe8,0x35,0x86,0xab,0x64,0x61,0x63,
-	0x61,0xf9,0xa6,0x13,0x59,0xaf,0x11,0xc0,0x37,0x83,
-	0xf6,0x31,0xe7,0xe8,0xba,0x2a,0x8f,0x23,0xba,0x88,
-	0x68,0x7e,0x8e,0x40,0xdb,0x65,0xa6,0xf4,0x39,0x47,
-	0x3d,0x7b,0xd1,0xac,0xe8,0xf8,0x3a,0x55,0x4b,0x40,
-	0x20,0x57,0xd6,0x40, 0x85,0x72,0x10,0x6a,0xd8,0xaf,
-	0xc8,0x5d,0x6c,0xdc,0x24,0xc9,0x78,0xeb,0x32,0x1a,
-	0x43,0x31,0xeb,0xb4,0x3b,0x0b,0xc4,0x9d,0xf5,0xf8,
-	0xc3,0x59,0x07,0x88,0x46,0x88,0xa5,0x25,0x02,0x81,
-	0x80,0x55,0xf5,0x12,0x2e,0x48,0xce,0xef,0xb3,0x1d,
-	0xbf,0xab,0x06,0xf7,0x09,0x8c,0xf0,0x1a,0xe9,0xfa,
-	0x01,0xf9,0x97,0xa4,0x57,0x6f,0x7a,0x73,0x63,0x2a,
-	0x57,0x30,0x97,0xce,0xf7,0xe5,0xd4,0x8c,0x35,0xa2,
-	0x12,0xb7,0xf3,0xf6,0x66,0x76,0x9e,0x90,0x3f,0xb4,
-	0x70,0x0f,0x99,0x7a,0xc9,0x36,0xcf,0x46,0x74,0x39,
-	0x91,0xf2,0x66,0xa2,0x55,0x19,0x1b,0x70,0xe3,0xd6,
-	0x9a,0x8b,0x94,0x79,0x18,0x8a,0x93,0xcf,0x27,0x2a,
-	0xc1,0xb3,0xda,0x51,0x52,0x9d,0x14,0xb7,0xc9,0x2e,
-	0x2f,0x75,0x6d,0xc9,0xdb,0x8f,0x69,0xa7,0xc9,0x5e,
-	0x1f,0x9d,0x3c,0x6e,0x1f,0xa4,0x08,0x33,0x0a,0x7a,
-	0xde,0x90,0x18,0xf2,0x43,0xf7,0x60,0x8b,0x51,0xa3,
-	0x50,0xf8,0x52,0xfc,0xed,0x5c,0x63,0xbc,0x1a,
+	0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01,
+	0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f,
+	0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27,
+	0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f,
+	0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde,
+	0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a,
+	0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32,
+	0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f,
+	0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab,
+	0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33,
+	0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f,
+	0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4,
+	0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e,
+	0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29,
+	0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b,
+	0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0,
+	0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34,
+	0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1,
+	0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15,
+	0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c,
+	0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66,
+	0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2,
+	0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27,
+	0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15,
+	0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20,
+	0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1,
+	0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03,
+	0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3,
+	0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa,
+	0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c,
+	0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac,
+	0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40,
+	0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3,
+	0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d,
+	0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01,
+	0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4,
+	0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5,
+	0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9,
+	0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6,
+	0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3,
+	0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e,
+	0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46,
+	0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53,
+	0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59,
+	0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab,
+	0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48,
+	0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca,
+	0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35,
+	0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9,
+	0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b,
+	0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f,
+	0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0,
+	0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33,
+	0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7,
+	0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50,
+	0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c,
+	0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8,
+	0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56,
+	0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f,
+	0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04,
+	0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14,
+	0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c,
+	0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06,
+	0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c,
+	0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28,
+	0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80,
+	0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1,
+	0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc,
+	0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63,
+	0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61,
+	0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94,
+	0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95,
+	0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4,
+	0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84,
+	0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94,
+	0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e,
+	0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11,
+	0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1,
+	0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb,
+	0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80,
+	0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5,
+	0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a,
+	0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29,
+	0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72,
+	0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54,
+	0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8,
+	0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d,
+	0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90,
+	0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27,
+	0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28,
+	0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82,
+	0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90,
+	0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81,
+	0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf,
+	0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01,
+	0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16,
+	0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5,
+	0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3,
+	0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc,
+	0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1,
+	0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8,
+	0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31,
+	0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c,
+	0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b,
+	0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32,
+	0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02,
+	0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9,
+	0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84,
+	0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04,
+	0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a,
+	0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd,
+	0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43,
+	0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46,
+	0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41,
+	0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5,
+	0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b,
+	0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55,
+	0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d,
+	0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4,
+	0x95,
 	};
 
 static unsigned char test4096[]={
-	0x30,0x82,0x09,0x28,0x02,0x01,0x00,0x02,0x82,0x02,
-	0x01,0x00,0x92,0x1f,0x39,0xc3,0x7c,0xc2,0xfe,0x5c,
-	0x2c,0x83,0x5d,0x08,0x5e,0x76,0xe6,0x53,0x30,0x86,
-	0x47,0x62,0xe9,0x21,0x22,0x2c,0xeb,0x3b,0xe5,0xb3,
-	0x30,0xbf,0x1c,0x37,0x23,0xe2,0x4b,0x27,0xf2,0x8c,
-	0x6a,0x8c,0xcb,0x54,0xf0,0x47,0x91,0xbc,0x3b,0x41,
-	0x6d,0xa6,0xe3,0x9b,0x25,0x3e,0x2f,0x3d,0x8e,0x67,
-	0x9d,0xe9,0x2b,0x7d,0xcd,0x39,0xf5,0xc9,0x2b,0xd0,
-	0xe5,0xe6,0xe7,0x62,0x1e,0x6c,0xe1,0x8f,0xc2,0xa3,
-	0xc9,0x02,0x11,0xf3,0x51,0x63,0x27,0x25,0x82,0x01,
-	0xaa,0x0a,0x68,0x6d,0x4c,0x02,0x5c,0xaf,0xb1,0x72,
-	0xb5,0xf4,0x53,0x43,0xb1,0x90,0x28,0x1b,0x54,0xdd,
-	0xfd,0x57,0x36,0xac,0xf8,0x44,0x34,0x7a,0x85,0x66,
-	0x37,0x62,0xe9,0x80,0xd2,0xe2,0xdc,0xa0,0xe8,0x76,
-	0x09,0x6d,0xc1,0x38,0xac,0x55,0x57,0x44,0xbe,0x0e,
-	0x81,0x0d,0x81,0x63,0xb7,0x73,0xd7,0xbf,0x5d,0x84,
-	0x2f,0x31,0xdc,0x79,0x69,0xf5,0xa9,0x7e,0x60,0x5b,
-	0xc1,0x92,0x26,0xb1,0xf0,0xdf,0x0c,0xe4,0x76,0xf7,
-	0xa3,0x68,0x79,0x9f,0x14,0x5c,0x52,0x97,0x21,0x76,
-	0xd7,0x19,0x8b,0x47,0xc0,0xb6,0x36,0x01,0xa8,0x73,
-	0x54,0xfc,0x61,0xd1,0x64,0x44,0xd3,0x36,0x4b,0xbe,
-	0xc8,0x26,0xcd,0x24,0xb5,0x35,0xdc,0x5a,0xe9,0x25,
-	0x26,0xb4,0x60,0x19,0x1f,0xc7,0x57,0x47,0xd6,0xf1,
-	0x5a,0xae,0xc8,0x16,0xfd,0xa8,0x85,0x0b,0x3a,0xbd,
-	0xd7,0x4c,0xfb,0xd1,0x75,0xa4,0x86,0x91,0x4a,0xb8,
-	0x0a,0x1b,0x83,0xe4,0xce,0x10,0xd2,0x2b,0xe3,0xe4,
-	0x87,0x8c,0xfd,0xb9,0xfb,0x8d,0xb6,0x70,0xa5,0x2b,
-	0xbe,0xe6,0x43,0x4c,0x44,0x09,0x6b,0xd6,0x5a,0xcc,
-	0x89,0x78,0xb7,0xd8,0xc9,0xa9,0x24,0xe9,0xa6,0x87,
-	0x2f,0xd4,0x3f,0xad,0x98,0x32,0x57,0x19,0xf0,0xdd,
-	0x65,0x2e,0x69,0x5f,0x83,0x24,0x3c,0xea,0xc0,0x36,
-	0x88,0xd2,0x1c,0x27,0x29,0x83,0x80,0xd0,0xdf,0xf1,
-	0x1e,0x2d,0x62,0x4c,0x24,0xb1,0xb8,0xa2,0x70,0xc7,
-	0xc5,0xdf,0x8d,0xea,0xf7,0xea,0xb8,0x68,0x99,0x7c,
-	0xd6,0xf0,0x3b,0x6b,0xb0,0xc5,0xb0,0x0c,0x96,0xfd,
-	0x07,0x46,0x5f,0xc8,0xde,0xb4,0x4f,0x7b,0x0f,0xd1,
-	0x71,0x1e,0x84,0x27,0x93,0x95,0xfc,0x7b,0x3f,0x3a,
-	0xf1,0xe9,0x82,0x4f,0x09,0xc0,0x79,0x35,0xb1,0xe4,
-	0x45,0x87,0x26,0xe7,0xf9,0x9a,0xcd,0x63,0x42,0x98,
-	0x9a,0xf8,0x11,0x20,0xf1,0x42,0xd2,0x31,0xdc,0x03,
-	0xb5,0xa9,0xeb,0x87,0x08,0x2a,0x76,0xb4,0xbf,0x0e,
-	0x5b,0xa9,0x52,0xd5,0x12,0xda,0x87,0xfa,0x01,0x23,
-	0x5b,0x78,0x97,0x73,0xcc,0xf8,0x0e,0xf0,0xde,0x34,
-	0x9f,0xb2,0xcd,0x8c,0x5a,0xce,0xd6,0x3f,0x17,0xe1,
-	0x45,0xd5,0xeb,0xab,0x6a,0x47,0x0f,0x3c,0x02,0xfb,
-	0xa5,0xcd,0x85,0x54,0x07,0x0b,0xba,0x74,0x16,0x87,
-	0x2e,0x9e,0xe5,0x2a,0x80,0x4c,0x27,0xc6,0x9e,0xe2,
-	0xfd,0x60,0xa7,0x89,0x13,0x3e,0x03,0x7f,0x55,0xf5,
-	0xd2,0x67,0xab,0x37,0x40,0xbf,0x33,0x03,0xe2,0xd1,
-	0x60,0xcb,0x48,0xae,0x80,0x30,0x87,0xf6,0xd8,0x34,
-	0xef,0x61,0xb3,0x9b,0x75,0x25,0x2a,0xe9,0xfa,0xb6,
-	0x08,0xbe,0xbf,0x80,0x63,0x46,0x77,0x89,0xe7,0x9c,
-	0xd0,0xe4,0x50,0xa9,0x02,0x03,0x01,0x00,0x01,0x02,
-	0x82,0x02,0x00,0x73,0xcb,0x78,0xfc,0x18,0xbf,0x71,
-	0xd0,0xdb,0x99,0x92,0x3d,0x12,0x97,0x08,0xb9,0x3e,
-	0x07,0xfb,0x44,0x3f,0xd8,0xf8,0xfb,0x3d,0xc2,0xee,
-	0xa9,0x8c,0xe4,0xb5,0xd8,0x60,0x80,0x70,0xec,0x8c,
-	0x42,0x88,0x21,0x60,0xf4,0xc3,0xa1,0x03,0xb5,0x76,
-	0x03,0xc8,0x80,0x6b,0x78,0x44,0x10,0x3e,0x61,0x7a,
-	0x9b,0x54,0x41,0x36,0x2c,0xf0,0x58,0x91,0x15,0x45,
-	0xba,0xba,0xa5,0xbc,0x11,0x3e,0x69,0x2c,0x6a,0xbf,
-	0x65,0x09,0xe2,0xb1,0x14,0xf0,0x17,0x32,0x2b,0x80,
-	0x16,0x0f,0x89,0x45,0xed,0xef,0x41,0x23,0xf0,0x3b,
-	0x1f,0xdb,0x5f,0x6e,0x28,0x83,0xea,0xe8,0x4d,0x98,
-	0x78,0x7e,0xce,0x01,0x4f,0x1b,0x42,0xf9,0x8f,0x6a,
-	0x6d,0x71,0x50,0xda,0x18,0x33,0x86,0x82,0x2e,0xa5,
-	0x68,0xfc,0xd9,0xd4,0x38,0x34,0x21,0x41,0x12,0x01,
-	0xc6,0xfe,0xb0,0x14,0x2c,0x50,0x71,0xe5,0xb4,0x09,
-	0xc8,0xb9,0x99,0xba,0xcd,0x20,0x92,0x04,0x2a,0x58,
-	0xf3,0xfd,0xb6,0xf3,0x21,0x29,0xef,0xa8,0x88,0xd8,
-	0x5a,0x30,0x4d,0x97,0xab,0xdf,0xf7,0xb5,0x9f,0x7c,
-	0x6e,0x6f,0xd1,0x17,0x55,0xda,0x3a,0xcb,0x1b,0x8f,
-	0x41,0x2e,0x44,0xfe,0xc3,0x6f,0xc1,0x36,0xdb,0x9d,
-	0x34,0xe7,0xea,0x0f,0xc1,0x9a,0x34,0xbf,0x95,0xef,
-	0x92,0x78,0x54,0x92,0x9e,0xf6,0x57,0x03,0x2c,0xb4,
-	0x01,0xf9,0xc9,0xee,0x58,0x81,0xd5,0x6c,0xf1,0x54,
-	0x30,0xa3,0x10,0xa7,0xb1,0xfa,0x97,0x51,0xe8,0x8b,
-	0x9c,0xc2,0xad,0xc1,0x5c,0xad,0x8c,0x18,0xf1,0x9d,
-	0x1c,0x39,0xeb,0x1a,0x1a,0xab,0x65,0x47,0x00,0x54,
-	0x89,0x4d,0xf4,0x22,0xaf,0x35,0x8a,0x2b,0x11,0x9d,
-	0x73,0xb3,0x48,0xf9,0xe9,0x9b,0x73,0xa8,0xeb,0x32,
-	0x4f,0xf2,0x33,0x5e,0xc8,0xc7,0xe3,0xdb,0xbf,0xcd,
-	0x8a,0x5b,0xbe,0x19,0x91,0xe1,0x34,0x2c,0x6a,0xd8,
-	0x56,0xe4,0x92,0x89,0x6f,0x9c,0xda,0x4d,0x9e,0xca,
-	0xd4,0x2d,0xbb,0x06,0x4b,0x77,0x79,0xe1,0x2e,0xab,
-	0x2e,0x14,0x0f,0xe3,0x6b,0xc6,0x44,0x18,0xdb,0xd0,
-	0x51,0xb4,0x72,0xf5,0x77,0x57,0xe8,0x9c,0xad,0x35,
-	0xb2,0x6c,0x24,0x8b,0x67,0xcc,0xc2,0x6a,0xfa,0xf0,
-	0xd4,0x40,0x19,0xf1,0x76,0x24,0x42,0x25,0x7b,0x5b,
-	0xe1,0x25,0xde,0xa4,0x4d,0x00,0xf1,0x80,0x02,0xd0,
-	0x09,0x48,0x65,0x76,0x8c,0xb3,0x2d,0xe2,0xad,0x87,
-	0x4f,0xbb,0x76,0xa9,0xac,0xa3,0x1d,0xb9,0x0d,0x4c,
-	0xb3,0xba,0xdf,0x62,0x91,0xb5,0x3b,0x00,0x11,0x2b,
-	0x6f,0x74,0x87,0x6d,0xe8,0xed,0x04,0xc4,0xc9,0xf4,
-	0xc9,0xa3,0xc7,0x0a,0xb8,0x80,0xd8,0x5d,0x30,0x4b,
-	0xdc,0x79,0x4a,0x5b,0xa4,0x7d,0xf5,0xb2,0x16,0x02,
-	0x48,0x6d,0x89,0x3a,0xb6,0x3f,0x2d,0x1f,0x91,0xaa,
-	0xd3,0xc8,0x54,0x17,0x5e,0xb3,0x59,0x05,0xb5,0xf3,
-	0xe5,0x2e,0xb1,0x41,0xd6,0x87,0xa5,0xcb,0xd1,0xeb,
-	0x03,0x35,0x7b,0x94,0x06,0x09,0xbb,0x7b,0x67,0x14,
-	0x83,0x65,0xa1,0x82,0x52,0x70,0xf8,0x3c,0xf2,0x21,
-	0xb7,0x26,0xa8,0xdd,0x56,0x75,0xc8,0xda,0xc8,0x05,
-	0x6f,0xba,0xea,0x6a,0x14,0x0f,0x13,0xc6,0x9d,0xea,
-	0xc3,0xb4,0x95,0x9b,0xc4,0x6b,0x35,0xbd,0x10,0xce,
-	0xb6,0xf6,0x07,0x72,0xbd,0x02,0x82,0x01,0x01,0x00,
-	0xcb,0x3c,0x4c,0xfb,0xcf,0xae,0xa9,0xb8,0x2a,0xcc,
-	0x31,0xa3,0x5d,0xce,0x43,0xbf,0xf9,0x93,0x18,0xcc,
-	0x17,0x50,0x67,0x7e,0x52,0x6c,0xd5,0xbf,0x3e,0xc2,
-	0x99,0x56,0xbc,0x7a,0x1a,0xc5,0x92,0x76,0xb3,0x38,
-	0xbf,0xf4,0xf8,0xae,0x41,0x17,0xb0,0x17,0x1b,0x1a,
-	0x4d,0x6b,0x3d,0x0c,0xc1,0x25,0x5c,0x54,0xa7,0x39,
-	0x2c,0x38,0x72,0x1f,0x0a,0xe9,0xd4,0x5b,0xa4,0x81,
-	0x5d,0xf1,0xc2,0xf7,0xd2,0x5c,0x4c,0x7e,0x24,0x02,
-	0x81,0xa1,0x3a,0xf5,0xd0,0x11,0x15,0x4e,0x03,0x3d,
-	0x82,0xfa,0xcd,0x32,0x89,0x10,0xe1,0x4f,0x47,0x32,
-	0x54,0xfc,0x95,0xf2,0x3a,0x58,0x8e,0xbb,0x9b,0xbf,
-	0x7c,0x5b,0xc0,0x73,0x25,0xdc,0x04,0xf6,0x98,0xc1,
-	0xed,0xa9,0x2a,0x6a,0x7b,0xc4,0x8d,0x2a,0x0f,0x51,
-	0xb3,0xa3,0x75,0x79,0x40,0x76,0xf6,0xbe,0xb2,0xd9,
-	0xc1,0x6e,0xb1,0xfa,0x96,0xd2,0xea,0x07,0xee,0xe9,
-	0xf2,0xdb,0x3f,0x20,0xdc,0xe0,0x63,0xdc,0x86,0x7f,
-	0xbb,0xfb,0x60,0x2f,0xc6,0xaf,0x5f,0x46,0x26,0x39,
-	0xcf,0xc4,0x10,0x60,0xf1,0x24,0x9b,0x49,0x5f,0x91,
-	0x3e,0xac,0x7a,0x53,0x3e,0x84,0x71,0xcd,0x9d,0x45,
-	0x3a,0x75,0x87,0x2c,0x96,0xfb,0x03,0xa5,0xc7,0x59,
-	0x9a,0xaa,0x99,0xcf,0x8e,0x89,0x3a,0xdc,0x26,0x06,
-	0xdf,0x14,0x6a,0x95,0xf7,0x88,0x72,0xcb,0x4e,0x91,
-	0xde,0xeb,0x14,0x23,0xac,0x58,0x69,0x84,0x2b,0xea,
-	0xdf,0xc8,0x35,0xb2,0x01,0x9d,0x7f,0xaa,0x73,0x51,
-	0xf5,0xc7,0x2e,0xba,0xa0,0xb4,0x49,0xb6,0x74,0xa3,
-	0x73,0x17,0xc2,0xfa,0xc8,0xf3,0x02,0x82,0x01,0x01,
-	0x00,0xb8,0x0e,0xf8,0x50,0x74,0x42,0x79,0x90,0xd0,
-	0x47,0x8d,0x48,0x2e,0x84,0x3b,0x30,0xe0,0x26,0x31,
-	0x95,0x54,0x34,0x93,0xa0,0x30,0xd5,0x03,0x50,0xb2,
-	0x19,0xbf,0xe8,0x22,0x1f,0xbe,0x40,0xec,0x94,0xd8,
-	0x21,0x17,0xaa,0x95,0xf9,0x62,0xa5,0xf5,0x25,0xd1,
-	0x72,0x36,0x22,0x67,0x94,0xcf,0xc0,0x06,0x22,0x93,
-	0x0d,0x6a,0x22,0xfe,0xff,0xb3,0xc2,0xde,0x8f,0x5f,
-	0x75,0x84,0xe4,0x88,0xf3,0xe4,0x04,0xbb,0x9c,0x6b,
-	0xb3,0x14,0x9d,0xb7,0xb4,0xa9,0x63,0x3f,0xdc,0xe8,
-	0x0c,0x05,0xa8,0x76,0xab,0xa1,0xbb,0x23,0x1d,0x6a,
-	0xcd,0x31,0xbc,0x19,0xb5,0x49,0xa1,0x71,0xee,0x93,
-	0x46,0x71,0xce,0xba,0xd2,0xa8,0x4e,0x08,0x8d,0x7b,
-	0x85,0x3d,0x77,0x46,0x9a,0x71,0x71,0xeb,0x03,0x5c,
-	0xd2,0x0f,0xb1,0xf4,0x78,0xb4,0xf4,0x8d,0xd4,0xd9,
-	0x9b,0x79,0x99,0xce,0x9b,0xa9,0x38,0xaa,0xd6,0x76,
-	0x9f,0x9c,0xb1,0xbd,0xd3,0x7c,0x18,0x54,0x62,0xbc,
-	0x54,0x2a,0x0f,0xef,0x76,0x39,0xd5,0x10,0x2f,0xbf,
-	0xc5,0x60,0x92,0x21,0x99,0x46,0xbc,0x36,0x65,0x0b,
-	0x31,0xb6,0x6f,0xa8,0x5d,0x8e,0x2f,0xf0,0xed,0x86,
-	0x8c,0xf2,0x2a,0x83,0xa7,0x34,0x11,0x06,0xd9,0x6f,
-	0xb3,0xf5,0x7b,0x31,0x45,0x17,0x5a,0xdc,0x22,0xc3,
-	0xe8,0xe1,0x89,0x78,0xde,0xae,0x49,0x1a,0x5f,0x4d,
-	0x06,0xf6,0xb5,0x23,0x66,0xe0,0x00,0xd6,0x37,0x8d,
-	0xb4,0x5b,0x67,0xb0,0xdb,0x7a,0x10,0x03,0x91,0x64,
-	0xa6,0xaa,0xc6,0x30,0x49,0x3c,0x81,0x72,0x57,0x9f,
-	0xd9,0x72,0xae,0xa9,0xce,0xa6,0xf3,0x02,0x82,0x01,
-	0x01,0x00,0xa3,0x69,0x55,0xe0,0xf6,0xe9,0x52,0xaf,
-	0xb1,0x41,0xc3,0xfb,0xbe,0x56,0x36,0x25,0x6a,0xef,
-	0xfa,0x75,0x47,0x9d,0xaf,0xc9,0x63,0x4e,0xfd,0x42,
-	0xab,0x9c,0xde,0x9c,0x5e,0x29,0xb3,0xd2,0xfe,0x64,
-	0x10,0xd0,0xe5,0x8f,0x7c,0x50,0xe8,0x27,0xba,0xbf,
-	0xa9,0x5c,0x29,0xb9,0xbb,0x39,0xc1,0x27,0x60,0x28,
-	0xf4,0xd8,0x44,0x95,0x12,0x35,0xa1,0x99,0xc7,0xd4,
-	0xf3,0xdd,0xcd,0x02,0xb2,0x28,0x7f,0x6d,0x15,0x58,
-	0x2b,0x6e,0x14,0x7a,0xe6,0x24,0x75,0xea,0xf6,0x7d,
-	0x66,0x9f,0x93,0xec,0x43,0x07,0x8a,0x2c,0x17,0x6d,
-	0x9e,0x2a,0x7b,0x29,0x29,0x0b,0xbe,0x1c,0x2c,0x8f,
-	0xee,0xb8,0x35,0xae,0xb4,0x7c,0x21,0x89,0xda,0x37,
-	0xc9,0x35,0xcc,0xf9,0x43,0x10,0xa1,0x79,0xb5,0xa3,
-	0x86,0xf3,0xc3,0x83,0xff,0xd5,0xc1,0x9e,0xa5,0xe1,
-	0x49,0x7f,0x4b,0x47,0xcd,0x35,0x57,0x06,0x39,0x84,
-	0xad,0x76,0x50,0x7e,0x37,0x31,0x1e,0x48,0x12,0x23,
-	0x63,0xc5,0xdb,0x09,0x51,0x1a,0xb9,0x1f,0x93,0x74,
-	0x9d,0x11,0xc8,0xdb,0xb5,0xeb,0xac,0x99,0x29,0x7f,
-	0x02,0xa7,0x8f,0x84,0x31,0x4b,0x33,0xae,0x5c,0xae,
-	0xdd,0xf0,0xa7,0x03,0x8e,0xef,0xac,0x6a,0x22,0x51,
-	0xae,0x8b,0x7e,0x90,0x03,0xe2,0x5e,0x92,0x3a,0xd0,
-	0x7e,0x86,0xf1,0xe1,0xc1,0x9d,0xd9,0x8d,0x4d,0xf7,
-	0xe8,0xb1,0xe3,0x52,0x93,0x3b,0xe7,0xbc,0xa3,0x02,
-	0xd2,0x29,0x25,0x4c,0x1e,0xd8,0x84,0xf1,0xf5,0x8f,
-	0xc0,0xef,0xba,0xb6,0x2f,0xfd,0x81,0x6f,0xd5,0x01,
-	0x2e,0xa1,0xa9,0xce,0x06,0x49,0x8d,0x3f,0x02,0x82,
-	0x01,0x00,0x16,0x9d,0x20,0x3d,0x22,0x4b,0x98,0x8c,
-	0x06,0x4b,0x04,0x3c,0xbe,0x1a,0x58,0xfb,0x64,0x4e,
-	0xcd,0x00,0xbf,0xdb,0xc5,0xd7,0x84,0xa8,0x67,0x43,
-	0xde,0xdd,0xf3,0x0a,0x1e,0x47,0x30,0x24,0xe1,0xec,
-	0x57,0xb1,0x99,0x2a,0xc8,0x4a,0x5f,0xa8,0x6c,0x3a,
-	0x3d,0x45,0x7f,0x09,0x33,0x18,0xc1,0x7d,0xa2,0x43,
-	0x55,0x35,0xec,0xb8,0x68,0x04,0x1a,0x9d,0xf2,0xa2,
-	0x42,0xe4,0x39,0x73,0xaa,0xaf,0xec,0x6f,0xf8,0x6c,
-	0xfb,0x7e,0x81,0x25,0xef,0x90,0x2e,0xcf,0x96,0xe5,
-	0x19,0x4d,0x80,0xd4,0x75,0xe0,0x18,0x7a,0xd9,0x91,
-	0x9f,0xb1,0x9e,0x4e,0xb2,0x09,0xe8,0x06,0x01,0xed,
-	0x82,0x02,0xc1,0xb0,0xd8,0x9b,0x51,0x3a,0x65,0x2a,
-	0x9c,0xe6,0x7d,0xea,0xcd,0xad,0xe4,0x0a,0x4f,0x09,
-	0x96,0xb9,0xe8,0x5b,0xc0,0xe1,0xa3,0xb9,0xf8,0x43,
-	0x12,0x89,0x5b,0xa3,0x5e,0x13,0x19,0xf3,0x70,0x69,
-	0xf1,0x21,0x23,0x2b,0x63,0x5b,0x3c,0x7f,0xf0,0xbe,
-	0x40,0xcd,0x46,0x6d,0xb6,0xca,0x1b,0xc8,0xe5,0xb8,
-	0x38,0x23,0x93,0xfd,0xe0,0x4a,0xe8,0xb9,0xef,0x24,
-	0xf2,0xff,0x24,0x9f,0x0b,0x5c,0x93,0x3f,0xa8,0xa6,
-	0x46,0x45,0xc2,0xeb,0x1e,0x49,0xc8,0xc7,0xde,0xc3,
-	0x90,0x49,0xd7,0xfb,0x4e,0xce,0x62,0x54,0x33,0x7f,
-	0xc1,0xfa,0x36,0xdb,0xa1,0x12,0x1a,0xef,0xb8,0x61,
-	0xc5,0x20,0xf9,0xe6,0xbf,0x76,0xc0,0x46,0xda,0x0a,
-	0xf1,0x4a,0x1b,0x80,0xdd,0xe5,0xd9,0x55,0x66,0x5a,
-	0xd2,0xb6,0xf7,0x7c,0x6a,0x2a,0x55,0x58,0xc2,0x27,
-	0xa9,0xe8,0x19,0x83,0x04,0x31,0xf3,0xa9,0x02,0x82,
-	0x01,0x00,0x5f,0x4d,0xd9,0x71,0x24,0x28,0x84,0xbd,
-	0x39,0x5a,0x17,0x19,0x78,0x0a,0x95,0x01,0xf7,0x42,
-	0x23,0x16,0xb9,0x86,0x51,0x4b,0xa0,0x59,0x0e,0x30,
-	0xf3,0xa2,0x61,0xbd,0x66,0x4e,0xa7,0x26,0xc0,0xdc,
-	0xa7,0x31,0x94,0x1e,0xc2,0x96,0x41,0xe6,0x91,0x4e,
-	0x6c,0x9a,0xcc,0x80,0xf4,0xb8,0x0a,0x06,0x58,0xb1,
-	0x20,0x16,0x89,0xb0,0xaa,0x2a,0x31,0x0c,0x7c,0xae,
-	0x79,0x1e,0x63,0x9a,0x3c,0x8c,0xc4,0x02,0x51,0x3a,
-	0x58,0x75,0xf7,0xb7,0x2c,0x02,0xc8,0x4c,0x8b,0x09,
-	0xd2,0x69,0xff,0xcd,0xa3,0x5d,0x9b,0x09,0x1c,0x27,
-	0xb5,0xc0,0xf0,0x0c,0xa7,0x54,0xc0,0xef,0x86,0x0b,
-	0x20,0x71,0x46,0x04,0xe4,0x02,0x82,0x7b,0xac,0x26,
-	0x80,0xc3,0xb1,0x22,0x19,0x6f,0xc6,0x3a,0xdd,0xdc,
-	0x68,0x3d,0x95,0x5c,0xff,0xc5,0xbf,0x0c,0xf1,0x8f,
-	0x5e,0xca,0x74,0xd0,0xf3,0xa9,0xe3,0x21,0x34,0x11,
-	0x11,0xd9,0xc1,0x91,0x65,0xc0,0xde,0x54,0x2e,0xb5,
-	0xac,0x17,0xb1,0x46,0x3f,0x8e,0xbe,0xbc,0x48,0x0c,
-	0x96,0x4f,0x48,0x13,0xd4,0x4e,0xb5,0xe4,0xc4,0xbe,
-	0x55,0xe8,0x7b,0x00,0x36,0x1b,0xd0,0x85,0x24,0xdb,
-	0x29,0xaf,0x76,0x82,0xb5,0x90,0xcb,0xb1,0xbd,0xb4,
-	0x45,0x57,0x61,0xcd,0x6e,0xa8,0x23,0xf2,0x7a,0x47,
-	0x4e,0x01,0x52,0x92,0x55,0x61,0xe5,0xd0,0x4e,0x0a,
-	0xe7,0x18,0x65,0xf1,0x33,0x2b,0x71,0xf3,0x4b,0x8b,
-	0xdb,0x28,0x63,0x65,0x9b,0x02,0x5d,0x00,0xc1,0xd1,
-	0x26,0x9d,0x2a,0x15,0x12,0xf2,0xc8,0xd9,0xb9,0x87,
-	0x56,0x2c,0xe7,0xa6,0x6d,0xc2,0xd7,0x6b,
+	0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02,
+	0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43,
+	0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21,
+	0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44,
+	0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28,
+	0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41,
+	0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7,
+	0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd,
+	0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e,
+	0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b,
+	0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6,
+	0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf,
+	0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d,
+	0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e,
+	0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0,
+	0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99,
+	0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90,
+	0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8,
+	0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a,
+	0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda,
+	0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca,
+	0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28,
+	0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7,
+	0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb,
+	0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26,
+	0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c,
+	0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03,
+	0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1,
+	0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09,
+	0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83,
+	0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95,
+	0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc,
+	0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36,
+	0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5,
+	0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc,
+	0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8,
+	0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa,
+	0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca,
+	0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e,
+	0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56,
+	0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48,
+	0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46,
+	0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b,
+	0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe,
+	0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3,
+	0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69,
+	0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe,
+	0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3,
+	0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f,
+	0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed,
+	0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4,
+	0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3,
+	0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02,
+	0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f,
+	0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb,
+	0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd,
+	0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5,
+	0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17,
+	0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52,
+	0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c,
+	0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f,
+	0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12,
+	0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61,
+	0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8,
+	0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4,
+	0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e,
+	0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50,
+	0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea,
+	0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16,
+	0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae,
+	0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6,
+	0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c,
+	0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a,
+	0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e,
+	0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb,
+	0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5,
+	0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6,
+	0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe,
+	0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14,
+	0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88,
+	0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7,
+	0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19,
+	0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40,
+	0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b,
+	0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69,
+	0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9,
+	0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c,
+	0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62,
+	0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2,
+	0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9,
+	0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25,
+	0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d,
+	0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab,
+	0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f,
+	0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c,
+	0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda,
+	0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd,
+	0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54,
+	0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41,
+	0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7,
+	0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1,
+	0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d,
+	0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65,
+	0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28,
+	0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01,
+	0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d,
+	0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14,
+	0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc,
+	0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37,
+	0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81,
+	0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94,
+	0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e,
+	0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9,
+	0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c,
+	0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24,
+	0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc,
+	0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1,
+	0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc,
+	0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84,
+	0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77,
+	0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21,
+	0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6,
+	0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa,
+	0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14,
+	0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39,
+	0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06,
+	0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3,
+	0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35,
+	0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97,
+	0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed,
+	0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01,
+	0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8,
+	0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4,
+	0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94,
+	0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4,
+	0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d,
+	0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c,
+	0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e,
+	0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1,
+	0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc,
+	0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55,
+	0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61,
+	0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92,
+	0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80,
+	0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13,
+	0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48,
+	0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed,
+	0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9,
+	0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a,
+	0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35,
+	0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7,
+	0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c,
+	0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47,
+	0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8,
+	0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7,
+	0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc,
+	0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82,
+	0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b,
+	0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef,
+	0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6,
+	0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80,
+	0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac,
+	0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b,
+	0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35,
+	0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c,
+	0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e,
+	0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a,
+	0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd,
+	0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5,
+	0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc,
+	0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30,
+	0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f,
+	0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c,
+	0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe,
+	0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f,
+	0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91,
+	0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9,
+	0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf,
+	0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76,
+	0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0,
+	0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78,
+	0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10,
+	0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82,
+	0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00,
+	0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25,
+	0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3,
+	0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b,
+	0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79,
+	0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94,
+	0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8,
+	0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38,
+	0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0,
+	0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44,
+	0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b,
+	0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf,
+	0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f,
+	0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28,
+	0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97,
+	0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f,
+	0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48,
+	0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35,
+	0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84,
+	0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a,
+	0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b,
+	0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e,
+	0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55,
+	0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16,
+	0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c,
+	0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82,
+	0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05,
+	0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3,
+	0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e,
+	0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43,
+	0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e,
+	0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a,
+	0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed,
+	0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7,
+	0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c,
+	0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b,
+	0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e,
+	0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95,
+	0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11,
+	0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb,
+	0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e,
+	0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a,
+	0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc,
+	0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35,
+	0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21,
+	0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a,
+	0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70,
+	0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01,
+	0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c,
+	0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26,
+	0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55,
+	0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17,
 	};
diff --git a/apps/verify.c b/apps/verify.c
index 809f4c43f..8cd675ff0 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -1,5 +1,5 @@
 /* apps/verify.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -97,7 +97,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	argc--;
 	argv++;
diff --git a/apps/version.c b/apps/version.c
index a84943329..fcf1f08cf 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -1,5 +1,5 @@
 /* apps/version.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -77,7 +77,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	if (argc == 1) version=1;
 	for (i=1; i<argc; i++)
@@ -121,6 +121,7 @@ char **argv;
 #ifndef NO_BLOWFISH
 		printf("%s ",BF_options());
 #endif
+		printf("\n");
 		}
 	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
 end:
diff --git a/apps/x509.c b/apps/x509.c
index ec20654ba..f5e8be106 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1,5 +1,5 @@
 /* apps/x509.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -344,7 +344,7 @@ bad:
 			}
 
 		if (infile == NULL)
-			BIO_set_fp(in,stdin,BIO_NOCLOSE);
+			BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
 		else
 			{
 			if (BIO_read_filename(in,infile) <= 0)
@@ -416,7 +416,7 @@ bad:
 
 	if (!noout || text)
 		{
-		OBJ_create_and_add_object("2.99999.3",
+		OBJ_create("2.99999.3",
 			"SET.ex3","SET x509v3 extension 3");
 
 		out=BIO_new(BIO_s_file());
@@ -625,7 +625,7 @@ bad:
 
 				BIO_printf(bio_err,"Generating certificate request\n");
 
-				rq=X509_to_X509_REQ(x,pk);
+				rq=X509_to_X509_REQ(x,pk,EVP_md5());
 				EVP_PKEY_free(pk);
 				if (rq == NULL)
 					{
@@ -812,9 +812,11 @@ int days;
 	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
 		goto end;
 
-	/* don't save DSA parameters in child if parent has them. */
+	/* don't save DSA parameters in child if parent has them
+	 * and the parents and the childs are the same. */
 	upkey=X509_get_pubkey(x);
-	if (!EVP_PKEY_missing_parameters(pkey))
+	if (!EVP_PKEY_missing_parameters(pkey) &&
+		(EVP_PKEY_cmp_parameters(pkey,upkey) == 0))
 		{
 		EVP_PKEY_save_parameters(upkey,0);
 		/* Force a re-write */
diff --git a/bugs/alpha.c b/bugs/alpha.c
index 419379bb6..701d6a7c7 100644
--- a/bugs/alpha.c
+++ b/bugs/alpha.c
@@ -1,5 +1,5 @@
 /* bugs/alpha.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/bugs/stream.c b/bugs/stream.c
index 155b7b975..50a388499 100644
--- a/bugs/stream.c
+++ b/bugs/stream.c
@@ -1,5 +1,5 @@
 /* bugs/stream.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl
index 9cb45e4b5..efdbba38a 100644
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -24,10 +24,13 @@ EX_LIBS=
  
 CFLAGS= $(INCLUDE) $(CFLAG) -DCFLAGS=" \"$(CC) $(CFLAG)\" "
 
+ERR=crypto
+ERRC=cpt_err
+
 LIBS=
 
-SDIRS=	md sha mdc2 \
-	des rc4 rc2 idea bf \
+SDIRS=	md2 md5 sha mdc2 hmac ripemd \
+	des rc2 rc4 rc5 idea bf cast \
 	bn rsa dsa dh \
 	buffer bio stack lhash rand err objects \
 	evp pem x509 \
@@ -36,8 +39,8 @@ SDIRS=	md sha mdc2 \
 GENERAL=Makefile README
 
 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c cversion.c
-LIBOBJ= cryptlib.o mem.o cversion.o
+LIBSRC=	cryptlib.c mem.c cversion.c ex_data.c $(ERRC).c
+LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o $(ERRC).o
 
 SRC= $(LIBSRC)
 
@@ -58,7 +61,7 @@ subdirs:
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making all in $$i..."; \
-	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' AR='${AR}' all ); \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' all ); \
 	done;
 
 files:
@@ -72,7 +75,7 @@ files:
 links:
 	/bin/rm -f Makefile 
 	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../include $(EXHEADER) ;
+	$(TOP)/util/mklink.sh ../include $(HEADER) ;
 	$(TOP)/util/mklink.sh ../test $(TEST) ;
 	$(TOP)/util/mklink.sh ../apps $(APPS) ;
 	$(TOP)/util/point.sh Makefile.ssl Makefile;
@@ -146,7 +149,9 @@ dclean:
 	done;
 
 errors:
-	perl ./err/err_code.pl */*.c ../ssl/*.c ../rsaref/*.c
+	perl ./err/err_code.pl -conf err/ssleay.ec *.c */*.c ../ssl/*.c ../rsaref/*.c
+	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+	perl err/err_genc.pl -s $(ERR).h $(ERRC).c
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making errors in $$i..."; \
diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl
index a39e009d2..30751bd15 100644
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -35,7 +35,8 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c \
 	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
 	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
 	a_hdr.c x_pkey.c a_bool.c x_exten.c \
-	asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c
+	asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c \
+	evp_asn1.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o \
 	a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
 	a_sign.o a_digest.o a_verify.o \
@@ -49,7 +50,8 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o \
 	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
 	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
 	a_hdr.o x_pkey.o a_bool.o x_exten.o \
-	asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o
+	asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o \
+	evp_asn1.o
 
 SRC= $(LIBSRC)
 
@@ -113,6 +115,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index eb99ebca2..2c1012065 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_bitstr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -156,3 +156,49 @@ err:
 	return(NULL);
 	}
 
+/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
+ */
+int ASN1_BIT_STRING_set_bit(a,n,value)
+ASN1_BIT_STRING *a;
+int n;
+int value;
+	{
+	int w,v,iv;
+	unsigned char *c;
+
+	w=n/8;
+	v=1<<(7-(n&0x07));
+	iv= ~v;
+
+	if (a == NULL) return(0);
+	if ((a->length < (w+1)) || (a->data == NULL))
+		{
+		if (!value) return(1); /* Don't need to set */
+		if (a->data == NULL)
+			c=(unsigned char *)Malloc(w+1);
+		else
+			c=(unsigned char *)Realloc(a->data,w+1);
+		if (c == NULL) return(0);
+		a->data=c;
+		a->length=w+1;
+		c[w]=0;
+		}
+	a->data[w]=((a->data[w])&iv)|v;
+	while ((a->length > 0) && (a->data[a->length-1] == 0))
+		a->length--;
+	return(1);
+	}
+
+int ASN1_BIT_STRING_get_bit(a,n)
+ASN1_BIT_STRING *a;
+int n;
+	{
+	int w,v;
+
+	w=n/8;
+	v=1<<(7-(n&0x07));
+	if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))
+		return(0);
+	return((a->data[w]&v) != 0);
+	}
+
diff --git a/crypto/asn1/a_bool.c b/crypto/asn1/a_bool.c
index 83607b58e..41a95aa27 100644
--- a/crypto/asn1/a_bool.c
+++ b/crypto/asn1/a_bool.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_bool.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c
index 0c9132498..14168d61a 100644
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_bytes.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -67,14 +67,14 @@
  */
 
 static unsigned long tag2bit[32]={
-0,	0,	0,	0,	/* tags  0 -  3 */
+0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
 B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
 B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
 B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags 12-15 */
 0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
 B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
 0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
 	};
 
 #ifndef NOPROTO
@@ -97,13 +97,6 @@ int type;
 	int inf,tag,xclass;
 	int i=0;
 
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
-		}
-	else
-		ret=(*a);
-
 	p= *pp;
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
 	if (inf & 0x80) goto err;
@@ -118,6 +111,18 @@ int type;
 		i=ASN1_R_WRONG_TYPE;
 		goto err;
 		}
+
+	/* If a bit-string, exit early */
+	if (tag == V_ASN1_BIT_STRING)
+		return(d2i_ASN1_BIT_STRING(a,pp,length));
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+		}
+	else
+		ret=(*a);
+
 	if (len != 0)
 		{
 		s=(unsigned char *)Malloc((int)len+1);
@@ -157,6 +162,10 @@ int xclass;
 	unsigned char *p;
 
 	if (a == NULL)  return(0);
+
+	if (tag == V_ASN1_BIT_STRING)
+		return(i2d_ASN1_BIT_STRING(a,pp));
+		
 	ret=a->length;
 	r=ASN1_object_size(0,ret,tag);
 	if (pp == NULL) return(r);
@@ -229,7 +238,7 @@ int Pclass;
 		{
 		if (len != 0)
 			{
-			if (ret->length < len)
+			if ((ret->length < len) || (ret->data == NULL))
 				{
 				if (ret->data != NULL) Free((char *)ret->data);
 				s=(unsigned char *)Malloc((int)len);
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index 5c9c9cf09..d952836a9 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_d2i_fp.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,7 +63,7 @@
 
 #define HEADER_SIZE   8
 
-#ifndef WIN16
+#ifndef NO_FP_API
 char *ASN1_d2i_fp(xnew,d2i,in,x)
 char *(*xnew)();
 char *(*d2i)();
@@ -108,6 +108,7 @@ unsigned char **x;
 		return(NULL);
 		}
 
+	ERR_clear_error();
 	for (;;)
 		{
 		if (want >= (len-off))
diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
index 8f395d958..8ddb65b0d 100644
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_digest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c
index 51ed105ff..961b4cb06 100644
--- a/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_dup.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/a_hdr.c b/crypto/asn1/a_hdr.c
index b7de335fc..4fb7a5fa7 100644
--- a/crypto/asn1/a_hdr.c
+++ b/crypto/asn1/a_hdr.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_hdr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c
index eab127e6e..66c3df68d 100644
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_i2d_fp.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,7 +61,7 @@
 #include "buffer.h"
 #include "asn1_mac.h"
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int ASN1_i2d_fp(i2d,out,x)
 int (*i2d)();
 FILE *out;
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index ce0921d59..df79cf99b 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_int.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -251,7 +251,8 @@ ASN1_INTEGER *a;
 	
 	if (a->length > sizeof(long))
 		{
-		return(0xFFFFFFFFL);
+		/* hmm... a bit ugly */
+		return(0xffffffffL);
 		}
 	if (a->data == NULL)
 		return(0);
diff --git a/crypto/asn1/a_meth.c b/crypto/asn1/a_meth.c
index 0beb958aa..513625c30 100644
--- a/crypto/asn1/a_meth.c
+++ b/crypto/asn1/a_meth.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_meth.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index 897915cf4..5a7eeef8d 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_object.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -64,7 +64,7 @@
 
 /* ASN1err(ASN1_F_ASN1_OBJECT_NEW,ASN1_R_EXPECTING_AN_OBJECT); 
  * ASN1err(ASN1_F_D2I_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER); 
- * ASN1err(ASN1_F_I2A_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER);
+ * ASN1err(ASN1_F_I2T_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER);
  */
 
 int i2d_ASN1_OBJECT(a, pp)
@@ -180,19 +180,23 @@ err:
 	return(0);
 	}
 
-int i2a_ASN1_OBJECT(bp,a)
-BIO *bp;
+int i2t_ASN1_OBJECT(buf,buf_len,a)
+char *buf;
+int buf_len;
 ASN1_OBJECT *a;
 	{
-	int j,i,idx=0,n=0,len,nid,reason=ERR_R_BUF_LIB;
+	int i,idx=0,n=0,len,nid;
 	unsigned long l;
 	unsigned char *p;
-	char buf[20];
 	char *s;
+	char tbuf[32];
+
+	if (buf_len <= 0) return(0);
 
 	if ((a == NULL) || (a->data == NULL))
 		{
-		return(BIO_write(bp,"NULL",4));
+		buf[0]='\0';
+		return(0);
 		}
 
 	nid=OBJ_obj2nid(a);
@@ -215,10 +219,11 @@ ASN1_OBJECT *a;
 		if (i > 2) i=2;
 		l-=(long)(i*40);
 
-		sprintf(buf,"%d.%ld",i,l);
-		i=strlen(buf);
-		if (BIO_write(bp,buf,i) != i)
-				goto err;
+		sprintf(tbuf,"%d.%ld",i,l);
+		i=strlen(tbuf);
+		strncpy(buf,tbuf,buf_len);
+		buf_len-=i;
+		buf+=i;
 		n+=i;
 
 		l=0;
@@ -227,9 +232,12 @@ ASN1_OBJECT *a;
 			l|=p[idx]&0x7f;
 			if (!(p[idx] & 0x80))
 				{
-				sprintf(buf,".%ld",l);
-				i=strlen(buf);
-				if (BIO_write(bp,buf,i) != i) goto err;
+				sprintf(tbuf,".%ld",l);
+				i=strlen(tbuf);
+				if (buf_len > 0)
+					strncpy(buf,tbuf,buf_len);
+				buf_len-=i;
+				buf+=i;
 				n+=i;
 				l=0;
 				}
@@ -241,14 +249,26 @@ ASN1_OBJECT *a;
 		s=(char *)OBJ_nid2ln(nid);
 		if (s == NULL)
 			s=(char *)OBJ_nid2sn(nid);
-		j=strlen(s);
-		if (BIO_write(bp,s,j) != j) goto err;
-		n=j;
+		strncpy(buf,s,buf_len);
+		n=strlen(s);
 		}
+	buf[buf_len-1]='\0';
 	return(n);
-err:
-	ASN1err(ASN1_F_I2A_ASN1_OBJECT,reason);
-	return(-1);
+	}
+
+int i2a_ASN1_OBJECT(bp,a)
+BIO *bp;
+ASN1_OBJECT *a;
+	{
+	char buf[80];
+	int i;
+
+	if ((a == NULL) || (a->data == NULL))
+		return(BIO_write(bp,"NULL",4));
+	i=i2t_ASN1_OBJECT(buf,80,a);
+	if (i > 80) i=80;
+	BIO_write(bp,buf,i);
+	return(i);
 	}
 
 ASN1_OBJECT *d2i_ASN1_OBJECT(a, pp, length)
diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c
index e4ef15a99..be3f172a8 100644
--- a/crypto/asn1/a_octet.c
+++ b/crypto/asn1/a_octet.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_octet.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c
index a1bbc35ca..3023361de 100644
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_print.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/a_set.c b/crypto/asn1/a_set.c
index 5752fbb5f..17c49946c 100644
--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_set.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index 2925ce3ad..02188e68c 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_sign.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index abaf70dcb..7c0004084 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_type.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -115,6 +115,9 @@ unsigned char **pp;
 	case V_ASN1_UNIVERSALSTRING:
 		r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
 		break;
+	case V_ASN1_BMPSTRING:
+		r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp);
+		break;
 	case V_ASN1_UTCTIME:
 		r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
 		break;
@@ -213,6 +216,11 @@ long length;
 			M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
+	case V_ASN1_BMPSTRING:
+		if ((ret->value.bmpstring=
+			M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
 	case V_ASN1_UTCTIME:
 		if ((ret->value.utctime=
 			d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
index cc3c692fc..17a7abbb6 100644
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_utctm.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -152,6 +152,28 @@ err:
 	return(0);
 	}
 
+int ASN1_UTCTIME_set_string(s,str)
+ASN1_UTCTIME *s;
+char *str;
+	{
+	ASN1_UTCTIME t;
+
+	t.type=V_ASN1_UTCTIME;
+	t.length=strlen(str);
+	t.data=(unsigned char *)str;
+	if (ASN1_UTCTIME_check(&t))
+		{
+		if (s != NULL)
+			{
+			ASN1_STRING_set((ASN1_STRING *)s,
+				(unsigned char *)str,t.length);
+			}
+		return(1);
+		}
+	else
+		return(0);
+	}
+
 ASN1_UTCTIME *ASN1_UTCTIME_set(s, t)
 ASN1_UTCTIME *s;
 time_t t;
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 567552f78..03fc63dbe 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/a_verify.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/asn1.err b/crypto/asn1/asn1.err
index cbf27ab5f..c8b701148 100644
--- a/crypto/asn1/asn1.err
+++ b/crypto/asn1/asn1.err
@@ -18,108 +18,111 @@
 #define ASN1_F_ASN1_SIGN				 114
 #define ASN1_F_ASN1_STRING_NEW				 115
 #define ASN1_F_ASN1_STRING_TYPE_NEW			 116
-#define ASN1_F_ASN1_TYPE_NEW				 117
-#define ASN1_F_ASN1_UTCTIME_NEW				 118
-#define ASN1_F_ASN1_VERIFY				 119
-#define ASN1_F_BN_TO_ASN1_INTEGER			 120
-#define ASN1_F_D2I_ASN1_BIT_STRING			 121
-#define ASN1_F_D2I_ASN1_BOOLEAN				 122
-#define ASN1_F_D2I_ASN1_BYTES				 123
-#define ASN1_F_D2I_ASN1_HEADER				 124
-#define ASN1_F_D2I_ASN1_INTEGER				 125
-#define ASN1_F_D2I_ASN1_OBJECT				 126
-#define ASN1_F_D2I_ASN1_OCTET_STRING			 127
-#define ASN1_F_D2I_ASN1_PRINT_TYPE			 128
-#define ASN1_F_D2I_ASN1_SET				 129
-#define ASN1_F_D2I_ASN1_TYPE				 130
-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 131
-#define ASN1_F_D2I_ASN1_UTCTIME				 132
-#define ASN1_F_D2I_DHPARAMS				 133
-#define ASN1_F_D2I_DSAPARAMS				 134
-#define ASN1_F_D2I_DSAPRIVATEKEY			 135
-#define ASN1_F_D2I_DSAPUBLICKEY				 136
-#define ASN1_F_D2I_NETSCAPE_PKEY			 137
-#define ASN1_F_D2I_NETSCAPE_RSA				 138
-#define ASN1_F_D2I_NETSCAPE_RSA_2			 139
-#define ASN1_F_D2I_NETSCAPE_SPKAC			 140
-#define ASN1_F_D2I_NETSCAPE_SPKI			 141
-#define ASN1_F_D2I_PKCS7				 142
-#define ASN1_F_D2I_PKCS7_DIGEST				 143
-#define ASN1_F_D2I_PKCS7_ENCRYPT			 144
-#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 145
-#define ASN1_F_D2I_PKCS7_ENVELOPE			 146
-#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 147
-#define ASN1_F_D2I_PKCS7_RECIP_INFO			 148
-#define ASN1_F_D2I_PKCS7_SIGNED				 149
-#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 150
-#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 151
-#define ASN1_F_D2I_PRIVATEKEY				 152
-#define ASN1_F_D2I_PUBLICKEY				 153
-#define ASN1_F_D2I_RSAPRIVATEKEY			 154
-#define ASN1_F_D2I_RSAPUBLICKEY				 155
-#define ASN1_F_D2I_X509					 156
-#define ASN1_F_D2I_X509_ALGOR				 157
-#define ASN1_F_D2I_X509_ATTRIBUTE			 158
-#define ASN1_F_D2I_X509_CINF				 159
-#define ASN1_F_D2I_X509_CRL				 160
-#define ASN1_F_D2I_X509_CRL_INFO			 161
-#define ASN1_F_D2I_X509_EXTENSION			 162
-#define ASN1_F_D2I_X509_KEY				 163
-#define ASN1_F_D2I_X509_NAME				 164
-#define ASN1_F_D2I_X509_NAME_ENTRY			 165
-#define ASN1_F_D2I_X509_PKEY				 166
-#define ASN1_F_D2I_X509_PUBKEY				 167
-#define ASN1_F_D2I_X509_REQ				 168
-#define ASN1_F_D2I_X509_REQ_INFO			 169
-#define ASN1_F_D2I_X509_REVOKED				 170
-#define ASN1_F_D2I_X509_SIG				 171
-#define ASN1_F_D2I_X509_VAL				 172
-#define ASN1_F_I2A_ASN1_OBJECT				 173
-#define ASN1_F_I2D_ASN1_HEADER				 174
-#define ASN1_F_I2D_DHPARAMS				 175
-#define ASN1_F_I2D_DSAPARAMS				 176
-#define ASN1_F_I2D_DSAPRIVATEKEY			 177
-#define ASN1_F_I2D_DSAPUBLICKEY				 178
-#define ASN1_F_I2D_NETSCAPE_RSA				 179
-#define ASN1_F_I2D_PKCS7				 180
-#define ASN1_F_I2D_PRIVATEKEY				 181
-#define ASN1_F_I2D_PUBLICKEY				 182
-#define ASN1_F_I2D_RSAPRIVATEKEY			 183
-#define ASN1_F_I2D_RSAPUBLICKEY				 184
-#define ASN1_F_I2D_X509_ATTRIBUTE			 185
-#define ASN1_F_NETSCAPE_PKEY_NEW			 186
-#define ASN1_F_NETSCAPE_SPKAC_NEW			 187
-#define ASN1_F_NETSCAPE_SPKI_NEW			 188
-#define ASN1_F_PKCS7_DIGEST_NEW				 189
-#define ASN1_F_PKCS7_ENCRYPT_NEW			 190
-#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 191
-#define ASN1_F_PKCS7_ENVELOPE_NEW			 192
-#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 193
-#define ASN1_F_PKCS7_NEW				 194
-#define ASN1_F_PKCS7_RECIP_INFO_NEW			 195
-#define ASN1_F_PKCS7_SIGNED_NEW				 196
-#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 197
-#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 198
-#define ASN1_F_X509_ALGOR_NEW				 199
-#define ASN1_F_X509_ATTRIBUTE_NEW			 200
-#define ASN1_F_X509_CINF_NEW				 201
-#define ASN1_F_X509_CRL_INFO_NEW			 202
-#define ASN1_F_X509_CRL_NEW				 203
-#define ASN1_F_X509_DHPARAMS_NEW			 204
-#define ASN1_F_X509_EXTENSION_NEW			 205
-#define ASN1_F_X509_INFO_NEW				 206
-#define ASN1_F_X509_KEY_NEW				 207
-#define ASN1_F_X509_NAME_ENTRY_NEW			 208
-#define ASN1_F_X509_NAME_NEW				 209
-#define ASN1_F_X509_NEW					 210
-#define ASN1_F_X509_PKEY_NEW				 211
-#define ASN1_F_X509_PUBKEY_NEW				 212
-#define ASN1_F_X509_REQ_INFO_NEW			 213
-#define ASN1_F_X509_REQ_NEW				 214
-#define ASN1_F_X509_REVOKED_NEW				 215
-#define ASN1_F_X509_SIG_NEW				 216
-#define ASN1_F_X509_VAL_FREE				 217
-#define ASN1_F_X509_VAL_NEW				 218
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
+#define ASN1_F_ASN1_TYPE_NEW				 119
+#define ASN1_F_ASN1_UTCTIME_NEW				 120
+#define ASN1_F_ASN1_VERIFY				 121
+#define ASN1_F_BN_TO_ASN1_INTEGER			 122
+#define ASN1_F_D2I_ASN1_BIT_STRING			 123
+#define ASN1_F_D2I_ASN1_BMPSTRING			 124
+#define ASN1_F_D2I_ASN1_BOOLEAN				 125
+#define ASN1_F_D2I_ASN1_BYTES				 126
+#define ASN1_F_D2I_ASN1_HEADER				 127
+#define ASN1_F_D2I_ASN1_INTEGER				 128
+#define ASN1_F_D2I_ASN1_OBJECT				 129
+#define ASN1_F_D2I_ASN1_OCTET_STRING			 130
+#define ASN1_F_D2I_ASN1_PRINT_TYPE			 131
+#define ASN1_F_D2I_ASN1_SET				 132
+#define ASN1_F_D2I_ASN1_TYPE				 133
+#define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
+#define ASN1_F_D2I_ASN1_UTCTIME				 135
+#define ASN1_F_D2I_DHPARAMS				 136
+#define ASN1_F_D2I_DSAPARAMS				 137
+#define ASN1_F_D2I_DSAPRIVATEKEY			 138
+#define ASN1_F_D2I_DSAPUBLICKEY				 139
+#define ASN1_F_D2I_NETSCAPE_PKEY			 140
+#define ASN1_F_D2I_NETSCAPE_RSA				 141
+#define ASN1_F_D2I_NETSCAPE_RSA_2			 142
+#define ASN1_F_D2I_NETSCAPE_SPKAC			 143
+#define ASN1_F_D2I_NETSCAPE_SPKI			 144
+#define ASN1_F_D2I_PKCS7				 145
+#define ASN1_F_D2I_PKCS7_DIGEST				 146
+#define ASN1_F_D2I_PKCS7_ENCRYPT			 147
+#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 148
+#define ASN1_F_D2I_PKCS7_ENVELOPE			 149
+#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 150
+#define ASN1_F_D2I_PKCS7_RECIP_INFO			 151
+#define ASN1_F_D2I_PKCS7_SIGNED				 152
+#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 153
+#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 154
+#define ASN1_F_D2I_PRIVATEKEY				 155
+#define ASN1_F_D2I_PUBLICKEY				 156
+#define ASN1_F_D2I_RSAPRIVATEKEY			 157
+#define ASN1_F_D2I_RSAPUBLICKEY				 158
+#define ASN1_F_D2I_X509					 159
+#define ASN1_F_D2I_X509_ALGOR				 160
+#define ASN1_F_D2I_X509_ATTRIBUTE			 161
+#define ASN1_F_D2I_X509_CINF				 162
+#define ASN1_F_D2I_X509_CRL				 163
+#define ASN1_F_D2I_X509_CRL_INFO			 164
+#define ASN1_F_D2I_X509_EXTENSION			 165
+#define ASN1_F_D2I_X509_KEY				 166
+#define ASN1_F_D2I_X509_NAME				 167
+#define ASN1_F_D2I_X509_NAME_ENTRY			 168
+#define ASN1_F_D2I_X509_PKEY				 169
+#define ASN1_F_D2I_X509_PUBKEY				 170
+#define ASN1_F_D2I_X509_REQ				 171
+#define ASN1_F_D2I_X509_REQ_INFO			 172
+#define ASN1_F_D2I_X509_REVOKED				 173
+#define ASN1_F_D2I_X509_SIG				 174
+#define ASN1_F_D2I_X509_VAL				 175
+#define ASN1_F_I2D_ASN1_HEADER				 176
+#define ASN1_F_I2D_DHPARAMS				 177
+#define ASN1_F_I2D_DSAPARAMS				 178
+#define ASN1_F_I2D_DSAPRIVATEKEY			 179
+#define ASN1_F_I2D_DSAPUBLICKEY				 180
+#define ASN1_F_I2D_NETSCAPE_RSA				 181
+#define ASN1_F_I2D_PKCS7				 182
+#define ASN1_F_I2D_PRIVATEKEY				 183
+#define ASN1_F_I2D_PUBLICKEY				 184
+#define ASN1_F_I2D_RSAPRIVATEKEY			 185
+#define ASN1_F_I2D_RSAPUBLICKEY				 186
+#define ASN1_F_I2D_X509_ATTRIBUTE			 187
+#define ASN1_F_I2T_ASN1_OBJECT				 188
+#define ASN1_F_NETSCAPE_PKEY_NEW			 189
+#define ASN1_F_NETSCAPE_SPKAC_NEW			 190
+#define ASN1_F_NETSCAPE_SPKI_NEW			 191
+#define ASN1_F_PKCS7_DIGEST_NEW				 192
+#define ASN1_F_PKCS7_ENCRYPT_NEW			 193
+#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
+#define ASN1_F_PKCS7_ENVELOPE_NEW			 195
+#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 196
+#define ASN1_F_PKCS7_NEW				 197
+#define ASN1_F_PKCS7_RECIP_INFO_NEW			 198
+#define ASN1_F_PKCS7_SIGNED_NEW				 199
+#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
+#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
+#define ASN1_F_X509_ALGOR_NEW				 202
+#define ASN1_F_X509_ATTRIBUTE_NEW			 203
+#define ASN1_F_X509_CINF_NEW				 204
+#define ASN1_F_X509_CRL_INFO_NEW			 205
+#define ASN1_F_X509_CRL_NEW				 206
+#define ASN1_F_X509_DHPARAMS_NEW			 207
+#define ASN1_F_X509_EXTENSION_NEW			 208
+#define ASN1_F_X509_INFO_NEW				 209
+#define ASN1_F_X509_KEY_NEW				 210
+#define ASN1_F_X509_NAME_ENTRY_NEW			 211
+#define ASN1_F_X509_NAME_NEW				 212
+#define ASN1_F_X509_NEW					 213
+#define ASN1_F_X509_PKEY_NEW				 214
+#define ASN1_F_X509_PUBKEY_NEW				 215
+#define ASN1_F_X509_REQ_INFO_NEW			 216
+#define ASN1_F_X509_REQ_NEW				 217
+#define ASN1_F_X509_REVOKED_NEW				 218
+#define ASN1_F_X509_SIG_NEW				 219
+#define ASN1_F_X509_VAL_FREE				 220
+#define ASN1_F_X509_VAL_NEW				 221
 
 /* Reason codes. */
 #define ASN1_R_BAD_CLASS				 100
@@ -133,46 +136,47 @@
 #define ASN1_R_BN_LIB					 108
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 109
 #define ASN1_R_BUFFER_TOO_SMALL				 110
-#define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_ERROR_STACK				 112
-#define ASN1_R_EXPECTING_AN_INTEGER			 113
-#define ASN1_R_EXPECTING_AN_OBJECT			 114
-#define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
-#define ASN1_R_EXPECTING_A_BIT_STRING			 116
-#define ASN1_R_EXPECTING_A_BOOLEAN			 117
-#define ASN1_R_EXPECTING_A_SEQUENCE			 118
-#define ASN1_R_EXPECTING_A_UTCTIME			 119
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 120
-#define ASN1_R_HEADER_TOO_LONG				 121
-#define ASN1_R_INVALID_DIGIT				 122
-#define ASN1_R_INVALID_SEPARATOR			 123
-#define ASN1_R_INVALID_TIME_FORMAT			 124
-#define ASN1_R_IV_TOO_LARGE				 125
-#define ASN1_R_LENGTH_ERROR				 126
-#define ASN1_R_LENGTH_MISMATCH				 127
-#define ASN1_R_MISSING_EOS				 128
-#define ASN1_R_MISSING_SECOND_NUMBER			 129
-#define ASN1_R_NON_HEX_CHARACTERS			 130
-#define ASN1_R_NOT_ENOUGH_DATA				 131
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 132
-#define ASN1_R_PARSING					 133
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 134
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 135
-#define ASN1_R_SHORT_LINE				 136
-#define ASN1_R_STRING_TOO_SHORT				 137
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 138
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 139
-#define ASN1_R_TOO_LONG					 140
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 141
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 142
-#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 143
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 144
-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 145
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 146
-#define ASN1_R_UNSUPPORTED_CIPHER			 147
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 148
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 149
-#define ASN1_R_UTCTIME_TOO_LONG				 150
-#define ASN1_R_WRONG_PRINTABLE_TYPE			 151
-#define ASN1_R_WRONG_TAG				 152
-#define ASN1_R_WRONG_TYPE				 153
+#define ASN1_R_DATA_IS_WRONG				 111
+#define ASN1_R_DECODING_ERROR				 112
+#define ASN1_R_ERROR_STACK				 113
+#define ASN1_R_EXPECTING_AN_INTEGER			 114
+#define ASN1_R_EXPECTING_AN_OBJECT			 115
+#define ASN1_R_EXPECTING_AN_OCTET_STRING		 116
+#define ASN1_R_EXPECTING_A_BIT_STRING			 117
+#define ASN1_R_EXPECTING_A_BOOLEAN			 118
+#define ASN1_R_EXPECTING_A_SEQUENCE			 119
+#define ASN1_R_EXPECTING_A_UTCTIME			 120
+#define ASN1_R_FIRST_NUM_TOO_LARGE			 121
+#define ASN1_R_HEADER_TOO_LONG				 122
+#define ASN1_R_INVALID_DIGIT				 123
+#define ASN1_R_INVALID_SEPARATOR			 124
+#define ASN1_R_INVALID_TIME_FORMAT			 125
+#define ASN1_R_IV_TOO_LARGE				 126
+#define ASN1_R_LENGTH_ERROR				 127
+#define ASN1_R_LENGTH_MISMATCH				 128
+#define ASN1_R_MISSING_EOS				 129
+#define ASN1_R_MISSING_SECOND_NUMBER			 130
+#define ASN1_R_NON_HEX_CHARACTERS			 131
+#define ASN1_R_NOT_ENOUGH_DATA				 132
+#define ASN1_R_ODD_NUMBER_OF_CHARS			 133
+#define ASN1_R_PARSING					 134
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 135
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 136
+#define ASN1_R_SHORT_LINE				 137
+#define ASN1_R_STRING_TOO_SHORT				 138
+#define ASN1_R_TAG_VALUE_TOO_HIGH			 139
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 140
+#define ASN1_R_TOO_LONG					 141
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 142
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 143
+#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 144
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 145
+#define ASN1_R_UNKNOWN_OBJECT_TYPE			 146
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 147
+#define ASN1_R_UNSUPPORTED_CIPHER			 148
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 149
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 150
+#define ASN1_R_UTCTIME_TOO_LONG				 151
+#define ASN1_R_WRONG_PRINTABLE_TYPE			 152
+#define ASN1_R_WRONG_TAG				 153
+#define ASN1_R_WRONG_TYPE				 154
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index cdc342946..9793db365 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -1,5 +1,5 @@
 /* crypto/asn1/asn1.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -86,6 +86,8 @@ extern "C" {
 #define V_ASN1_OCTET_STRING		4
 #define V_ASN1_NULL			5
 #define V_ASN1_OBJECT			6
+#define V_ASN1_OBJECT_DESCRIPTOR	7
+#define V_ASN1_EXTERNAL			8
 #define V_ASN1_REAL			9
 #define V_ASN1_ENUMERATED		10	/* microsoft weirdness */
 #define V_ASN1_SEQUENCE			16
@@ -103,6 +105,7 @@ extern "C" {
 #define V_ASN1_VISIBLESTRING		26	/* alias */
 #define V_ASN1_GENERALSTRING		27	/**/
 #define V_ASN1_UNIVERSALSTRING		28	/**/
+#define V_ASN1_BMPSTRING		30
 
 /* For use with d2i_ASN1_type_bytes() */
 #define B_ASN1_NUMERICSTRING	0x0001
@@ -115,6 +118,8 @@ extern "C" {
 #define B_ASN1_GENERALSTRING	0x0080
 #define B_ASN1_UNIVERSALSTRING	0x0100
 #define B_ASN1_OCTET_STRING	0x0200
+#define B_ASN1_BIT_STRING	0x0400
+#define B_ASN1_BMPSTRING	0x0800
 #define B_ASN1_UNKNOWN		0x1000
 
 #ifndef DEBUG
@@ -126,8 +131,10 @@ extern "C" {
 #define ASN1_T61STRING		ASN1_STRING
 #define ASN1_IA5STRING		ASN1_STRING
 #define ASN1_UTCTIME		ASN1_STRING
+#define ASN1_GENERALIZEDTIME	ASN1_STRING
 #define ASN1_GENERALSTRING	ASN1_STRING
 #define ASN1_UNIVERSALSTRING	ASN1_STRING
+#define ASN1_BMPSTRING		ASN1_STRING
 
 #else
 
@@ -187,6 +194,13 @@ typedef struct asn1_universalstring_st
 	unsigned char *data;
 	} ASN1_UNIVERSALSTRING;
 
+typedef struct asn1_bmpstring_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_BMPSTRING;
+
 typedef struct asn1_utctime_st
 	{
 	int length;
@@ -194,6 +208,13 @@ typedef struct asn1_utctime_st
 	unsigned char *data;
 	} ASN1_UTCTIME;
 
+typedef struct asn1_generalizedtime_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_GENERALIZEDTIME;
+
 #endif
 
 typedef struct asn1_ctx_st
@@ -247,8 +268,10 @@ typedef struct asn1_type_st
 		ASN1_T61STRING *	t61string;
 		ASN1_IA5STRING *	ia5string;
 		ASN1_GENERALSTRING *	generalstring;
+		ASN1_BMPSTRING *	bmpstring;
 		ASN1_UNIVERSALSTRING *	universalstring;
 		ASN1_UTCTIME *		utctime;
+		ASN1_GENERALIZEDTIME *	generalizedtime;
 		/* set and sequence are left complete and still
 		 * contain the set or sequence bytes */
 		ASN1_STRING *		set;
@@ -272,6 +295,7 @@ typedef struct asn1_header_st
 	ASN1_METHOD *meth;
 	} ASN1_HEADER;
 
+#define ASN1_STRING_length(x)	((x)->length)
 #define ASN1_STRING_type(x)	((x)->type)
 #define ASN1_STRING_data(x)	((x)->data)
 
@@ -321,7 +345,9 @@ typedef struct asn1_header_st
 			B_ASN1_PRINTABLESTRING| \
 			B_ASN1_T61STRING| \
 			B_ASN1_IA5STRING| \
+			B_ASN1_BIT_STRING| \
 			B_ASN1_UNIVERSALSTRING|\
+			B_ASN1_BMPSTRING|\
 			B_ASN1_UNKNOWN)
 
 #define ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING_STRING *)\
@@ -362,7 +388,16 @@ typedef struct asn1_header_st
 /* d2i_ASN1_UTCTIME() is a function */
 /* ASN1_UTCTIME_set() is a function */
 /* ASN1_UTCTIME_check() is a function */
-/* ASN1_UTCTIME_set() is a function */
+
+#define ASN1_GENERALIZEDTIME_new()	(ASN1_GENERALIZEDTIME *)\
+		ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
+#define ASN1_GENERALIZEDTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_GENERALIZEDTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup(\
+	(ASN1_STRING *)a)
+/* DOES NOT EXIST YET i2d_ASN1_GENERALIZEDTIME() is a function */
+/* DOES NOT EXIST YET d2i_ASN1_GENERALIZEDTIME() is a function */
+/* DOES NOT EXIST YET ASN1_GENERALIZEDTIME_set() is a function */
+/* DOES NOT EXIST YET ASN1_GENERALIZEDTIME_check() is a function */
 
 #define ASN1_GENERALSTRING_new()	(ASN1_GENERALSTRING *)\
 		ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
@@ -384,6 +419,16 @@ typedef struct asn1_header_st
 		(ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
 		((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
 
+#define ASN1_BMPSTRING_new()	(ASN1_BMPSTRING *)\
+		ASN1_STRING_type_new(V_ASN1_BMPSTRING)
+#define ASN1_BMPSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_BMPSTRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_BMPSTRING(a,pp,l) \
+		(ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
+
 #ifndef NOPROTO
 ASN1_TYPE *	ASN1_TYPE_new(void );
 void		ASN1_TYPE_free(ASN1_TYPE *a);
@@ -408,6 +453,9 @@ int 		ASN1_STRING_set(ASN1_STRING *str,unsigned char *data, int len);
 int		i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
 ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
 			long length);
+int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
+
 
 int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
 int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
@@ -418,6 +466,7 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
 
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
 
 int		i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp);
 ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
@@ -451,6 +500,7 @@ int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
 int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
 int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
 #endif
+int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
 
 int a2d_ASN1_OBJECT(unsigned char *out,int olen, char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
@@ -486,7 +536,7 @@ int ASN1_object_size(int constructed, int length, int tag);
 /* Used to implement other functions */
 char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
 
-#ifndef WIN16
+#ifndef NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
 int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
 #endif
@@ -515,6 +565,15 @@ ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
 ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
 ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
 
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
+	unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
+	unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+	unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
+	unsigned char *data, int max_len);
+
 #else
 
 ASN1_TYPE *	ASN1_TYPE_new();
@@ -536,12 +595,15 @@ int 		ASN1_STRING_cmp();
 int 		ASN1_STRING_set();
 int		i2d_ASN1_BIT_STRING();
 ASN1_BIT_STRING *d2i_ASN1_BIT_STRING();
+int		ASN1_BIT_STRING_set_bit();
+int		ASN1_BIT_STRING_get_bit();
 int		i2d_ASN1_BOOLEAN();
 int 		d2i_ASN1_BOOLEAN();
 int		i2d_ASN1_INTEGER();
 ASN1_INTEGER *d2i_ASN1_INTEGER();
 int ASN1_UTCTIME_check();
 ASN1_UTCTIME *ASN1_UTCTIME_set();
+int ASN1_UTCTIME_set_string();
 int		i2d_ASN1_OCTET_STRING();
 ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING();
 int i2d_ASN1_PRINTABLE();
@@ -570,7 +632,7 @@ int ASN1_check_infinite_end();
 void ASN1_put_object();
 int ASN1_object_size();
 char *ASN1_dup();
-#ifndef WIN16
+#ifndef NO_FP_API
 char *ASN1_d2i_fp();
 int ASN1_i2d_fp();
 #endif
@@ -583,6 +645,7 @@ int ASN1_parse();
 int i2a_ASN1_INTEGER();
 int a2i_ASN1_INTEGER();
 int i2a_ASN1_OBJECT();
+int i2t_ASN1_OBJECT();
 int a2i_ASN1_STRING();
 int i2a_ASN1_STRING();
 
@@ -597,6 +660,12 @@ ASN1_METHOD *ASN1_IA5STRING_asn1_meth();
 ASN1_METHOD *ASN1_BIT_STRING_asn1_meth();
 
 int ASN1_UNIVERSALSTRING_to_string();
+
+int ASN1_TYPE_set_octetstring();
+int ASN1_TYPE_get_octetstring();
+int ASN1_TYPE_set_int_octetstring();
+int ASN1_TYPE_get_int_octetstring();
+
 #endif
 
 /* BEGIN ERROR CODES */
@@ -620,108 +689,111 @@ int ASN1_UNIVERSALSTRING_to_string();
 #define ASN1_F_ASN1_SIGN				 114
 #define ASN1_F_ASN1_STRING_NEW				 115
 #define ASN1_F_ASN1_STRING_TYPE_NEW			 116
-#define ASN1_F_ASN1_TYPE_NEW				 117
-#define ASN1_F_ASN1_UTCTIME_NEW				 118
-#define ASN1_F_ASN1_VERIFY				 119
-#define ASN1_F_BN_TO_ASN1_INTEGER			 120
-#define ASN1_F_D2I_ASN1_BIT_STRING			 121
-#define ASN1_F_D2I_ASN1_BOOLEAN				 122
-#define ASN1_F_D2I_ASN1_BYTES				 123
-#define ASN1_F_D2I_ASN1_HEADER				 124
-#define ASN1_F_D2I_ASN1_INTEGER				 125
-#define ASN1_F_D2I_ASN1_OBJECT				 126
-#define ASN1_F_D2I_ASN1_OCTET_STRING			 127
-#define ASN1_F_D2I_ASN1_PRINT_TYPE			 128
-#define ASN1_F_D2I_ASN1_SET				 129
-#define ASN1_F_D2I_ASN1_TYPE				 130
-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 131
-#define ASN1_F_D2I_ASN1_UTCTIME				 132
-#define ASN1_F_D2I_DHPARAMS				 133
-#define ASN1_F_D2I_DSAPARAMS				 134
-#define ASN1_F_D2I_DSAPRIVATEKEY			 135
-#define ASN1_F_D2I_DSAPUBLICKEY				 136
-#define ASN1_F_D2I_NETSCAPE_PKEY			 137
-#define ASN1_F_D2I_NETSCAPE_RSA				 138
-#define ASN1_F_D2I_NETSCAPE_RSA_2			 139
-#define ASN1_F_D2I_NETSCAPE_SPKAC			 140
-#define ASN1_F_D2I_NETSCAPE_SPKI			 141
-#define ASN1_F_D2I_PKCS7				 142
-#define ASN1_F_D2I_PKCS7_DIGEST				 143
-#define ASN1_F_D2I_PKCS7_ENCRYPT			 144
-#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 145
-#define ASN1_F_D2I_PKCS7_ENVELOPE			 146
-#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 147
-#define ASN1_F_D2I_PKCS7_RECIP_INFO			 148
-#define ASN1_F_D2I_PKCS7_SIGNED				 149
-#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 150
-#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 151
-#define ASN1_F_D2I_PRIVATEKEY				 152
-#define ASN1_F_D2I_PUBLICKEY				 153
-#define ASN1_F_D2I_RSAPRIVATEKEY			 154
-#define ASN1_F_D2I_RSAPUBLICKEY				 155
-#define ASN1_F_D2I_X509					 156
-#define ASN1_F_D2I_X509_ALGOR				 157
-#define ASN1_F_D2I_X509_ATTRIBUTE			 158
-#define ASN1_F_D2I_X509_CINF				 159
-#define ASN1_F_D2I_X509_CRL				 160
-#define ASN1_F_D2I_X509_CRL_INFO			 161
-#define ASN1_F_D2I_X509_EXTENSION			 162
-#define ASN1_F_D2I_X509_KEY				 163
-#define ASN1_F_D2I_X509_NAME				 164
-#define ASN1_F_D2I_X509_NAME_ENTRY			 165
-#define ASN1_F_D2I_X509_PKEY				 166
-#define ASN1_F_D2I_X509_PUBKEY				 167
-#define ASN1_F_D2I_X509_REQ				 168
-#define ASN1_F_D2I_X509_REQ_INFO			 169
-#define ASN1_F_D2I_X509_REVOKED				 170
-#define ASN1_F_D2I_X509_SIG				 171
-#define ASN1_F_D2I_X509_VAL				 172
-#define ASN1_F_I2A_ASN1_OBJECT				 173
-#define ASN1_F_I2D_ASN1_HEADER				 174
-#define ASN1_F_I2D_DHPARAMS				 175
-#define ASN1_F_I2D_DSAPARAMS				 176
-#define ASN1_F_I2D_DSAPRIVATEKEY			 177
-#define ASN1_F_I2D_DSAPUBLICKEY				 178
-#define ASN1_F_I2D_NETSCAPE_RSA				 179
-#define ASN1_F_I2D_PKCS7				 180
-#define ASN1_F_I2D_PRIVATEKEY				 181
-#define ASN1_F_I2D_PUBLICKEY				 182
-#define ASN1_F_I2D_RSAPRIVATEKEY			 183
-#define ASN1_F_I2D_RSAPUBLICKEY				 184
-#define ASN1_F_I2D_X509_ATTRIBUTE			 185
-#define ASN1_F_NETSCAPE_PKEY_NEW			 186
-#define ASN1_F_NETSCAPE_SPKAC_NEW			 187
-#define ASN1_F_NETSCAPE_SPKI_NEW			 188
-#define ASN1_F_PKCS7_DIGEST_NEW				 189
-#define ASN1_F_PKCS7_ENCRYPT_NEW			 190
-#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 191
-#define ASN1_F_PKCS7_ENVELOPE_NEW			 192
-#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 193
-#define ASN1_F_PKCS7_NEW				 194
-#define ASN1_F_PKCS7_RECIP_INFO_NEW			 195
-#define ASN1_F_PKCS7_SIGNED_NEW				 196
-#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 197
-#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 198
-#define ASN1_F_X509_ALGOR_NEW				 199
-#define ASN1_F_X509_ATTRIBUTE_NEW			 200
-#define ASN1_F_X509_CINF_NEW				 201
-#define ASN1_F_X509_CRL_INFO_NEW			 202
-#define ASN1_F_X509_CRL_NEW				 203
-#define ASN1_F_X509_DHPARAMS_NEW			 204
-#define ASN1_F_X509_EXTENSION_NEW			 205
-#define ASN1_F_X509_INFO_NEW				 206
-#define ASN1_F_X509_KEY_NEW				 207
-#define ASN1_F_X509_NAME_ENTRY_NEW			 208
-#define ASN1_F_X509_NAME_NEW				 209
-#define ASN1_F_X509_NEW					 210
-#define ASN1_F_X509_PKEY_NEW				 211
-#define ASN1_F_X509_PUBKEY_NEW				 212
-#define ASN1_F_X509_REQ_INFO_NEW			 213
-#define ASN1_F_X509_REQ_NEW				 214
-#define ASN1_F_X509_REVOKED_NEW				 215
-#define ASN1_F_X509_SIG_NEW				 216
-#define ASN1_F_X509_VAL_FREE				 217
-#define ASN1_F_X509_VAL_NEW				 218
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
+#define ASN1_F_ASN1_TYPE_NEW				 119
+#define ASN1_F_ASN1_UTCTIME_NEW				 120
+#define ASN1_F_ASN1_VERIFY				 121
+#define ASN1_F_BN_TO_ASN1_INTEGER			 122
+#define ASN1_F_D2I_ASN1_BIT_STRING			 123
+#define ASN1_F_D2I_ASN1_BMPSTRING			 124
+#define ASN1_F_D2I_ASN1_BOOLEAN				 125
+#define ASN1_F_D2I_ASN1_BYTES				 126
+#define ASN1_F_D2I_ASN1_HEADER				 127
+#define ASN1_F_D2I_ASN1_INTEGER				 128
+#define ASN1_F_D2I_ASN1_OBJECT				 129
+#define ASN1_F_D2I_ASN1_OCTET_STRING			 130
+#define ASN1_F_D2I_ASN1_PRINT_TYPE			 131
+#define ASN1_F_D2I_ASN1_SET				 132
+#define ASN1_F_D2I_ASN1_TYPE				 133
+#define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
+#define ASN1_F_D2I_ASN1_UTCTIME				 135
+#define ASN1_F_D2I_DHPARAMS				 136
+#define ASN1_F_D2I_DSAPARAMS				 137
+#define ASN1_F_D2I_DSAPRIVATEKEY			 138
+#define ASN1_F_D2I_DSAPUBLICKEY				 139
+#define ASN1_F_D2I_NETSCAPE_PKEY			 140
+#define ASN1_F_D2I_NETSCAPE_RSA				 141
+#define ASN1_F_D2I_NETSCAPE_RSA_2			 142
+#define ASN1_F_D2I_NETSCAPE_SPKAC			 143
+#define ASN1_F_D2I_NETSCAPE_SPKI			 144
+#define ASN1_F_D2I_PKCS7				 145
+#define ASN1_F_D2I_PKCS7_DIGEST				 146
+#define ASN1_F_D2I_PKCS7_ENCRYPT			 147
+#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 148
+#define ASN1_F_D2I_PKCS7_ENVELOPE			 149
+#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 150
+#define ASN1_F_D2I_PKCS7_RECIP_INFO			 151
+#define ASN1_F_D2I_PKCS7_SIGNED				 152
+#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 153
+#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 154
+#define ASN1_F_D2I_PRIVATEKEY				 155
+#define ASN1_F_D2I_PUBLICKEY				 156
+#define ASN1_F_D2I_RSAPRIVATEKEY			 157
+#define ASN1_F_D2I_RSAPUBLICKEY				 158
+#define ASN1_F_D2I_X509					 159
+#define ASN1_F_D2I_X509_ALGOR				 160
+#define ASN1_F_D2I_X509_ATTRIBUTE			 161
+#define ASN1_F_D2I_X509_CINF				 162
+#define ASN1_F_D2I_X509_CRL				 163
+#define ASN1_F_D2I_X509_CRL_INFO			 164
+#define ASN1_F_D2I_X509_EXTENSION			 165
+#define ASN1_F_D2I_X509_KEY				 166
+#define ASN1_F_D2I_X509_NAME				 167
+#define ASN1_F_D2I_X509_NAME_ENTRY			 168
+#define ASN1_F_D2I_X509_PKEY				 169
+#define ASN1_F_D2I_X509_PUBKEY				 170
+#define ASN1_F_D2I_X509_REQ				 171
+#define ASN1_F_D2I_X509_REQ_INFO			 172
+#define ASN1_F_D2I_X509_REVOKED				 173
+#define ASN1_F_D2I_X509_SIG				 174
+#define ASN1_F_D2I_X509_VAL				 175
+#define ASN1_F_I2D_ASN1_HEADER				 176
+#define ASN1_F_I2D_DHPARAMS				 177
+#define ASN1_F_I2D_DSAPARAMS				 178
+#define ASN1_F_I2D_DSAPRIVATEKEY			 179
+#define ASN1_F_I2D_DSAPUBLICKEY				 180
+#define ASN1_F_I2D_NETSCAPE_RSA				 181
+#define ASN1_F_I2D_PKCS7				 182
+#define ASN1_F_I2D_PRIVATEKEY				 183
+#define ASN1_F_I2D_PUBLICKEY				 184
+#define ASN1_F_I2D_RSAPRIVATEKEY			 185
+#define ASN1_F_I2D_RSAPUBLICKEY				 186
+#define ASN1_F_I2D_X509_ATTRIBUTE			 187
+#define ASN1_F_I2T_ASN1_OBJECT				 188
+#define ASN1_F_NETSCAPE_PKEY_NEW			 189
+#define ASN1_F_NETSCAPE_SPKAC_NEW			 190
+#define ASN1_F_NETSCAPE_SPKI_NEW			 191
+#define ASN1_F_PKCS7_DIGEST_NEW				 192
+#define ASN1_F_PKCS7_ENCRYPT_NEW			 193
+#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
+#define ASN1_F_PKCS7_ENVELOPE_NEW			 195
+#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 196
+#define ASN1_F_PKCS7_NEW				 197
+#define ASN1_F_PKCS7_RECIP_INFO_NEW			 198
+#define ASN1_F_PKCS7_SIGNED_NEW				 199
+#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
+#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
+#define ASN1_F_X509_ALGOR_NEW				 202
+#define ASN1_F_X509_ATTRIBUTE_NEW			 203
+#define ASN1_F_X509_CINF_NEW				 204
+#define ASN1_F_X509_CRL_INFO_NEW			 205
+#define ASN1_F_X509_CRL_NEW				 206
+#define ASN1_F_X509_DHPARAMS_NEW			 207
+#define ASN1_F_X509_EXTENSION_NEW			 208
+#define ASN1_F_X509_INFO_NEW				 209
+#define ASN1_F_X509_KEY_NEW				 210
+#define ASN1_F_X509_NAME_ENTRY_NEW			 211
+#define ASN1_F_X509_NAME_NEW				 212
+#define ASN1_F_X509_NEW					 213
+#define ASN1_F_X509_PKEY_NEW				 214
+#define ASN1_F_X509_PUBKEY_NEW				 215
+#define ASN1_F_X509_REQ_INFO_NEW			 216
+#define ASN1_F_X509_REQ_NEW				 217
+#define ASN1_F_X509_REVOKED_NEW				 218
+#define ASN1_F_X509_SIG_NEW				 219
+#define ASN1_F_X509_VAL_FREE				 220
+#define ASN1_F_X509_VAL_NEW				 221
 
 /* Reason codes. */
 #define ASN1_R_BAD_CLASS				 100
@@ -735,49 +807,50 @@ int ASN1_UNIVERSALSTRING_to_string();
 #define ASN1_R_BN_LIB					 108
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 109
 #define ASN1_R_BUFFER_TOO_SMALL				 110
-#define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_ERROR_STACK				 112
-#define ASN1_R_EXPECTING_AN_INTEGER			 113
-#define ASN1_R_EXPECTING_AN_OBJECT			 114
-#define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
-#define ASN1_R_EXPECTING_A_BIT_STRING			 116
-#define ASN1_R_EXPECTING_A_BOOLEAN			 117
-#define ASN1_R_EXPECTING_A_SEQUENCE			 118
-#define ASN1_R_EXPECTING_A_UTCTIME			 119
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 120
-#define ASN1_R_HEADER_TOO_LONG				 121
-#define ASN1_R_INVALID_DIGIT				 122
-#define ASN1_R_INVALID_SEPARATOR			 123
-#define ASN1_R_INVALID_TIME_FORMAT			 124
-#define ASN1_R_IV_TOO_LARGE				 125
-#define ASN1_R_LENGTH_ERROR				 126
-#define ASN1_R_LENGTH_MISMATCH				 127
-#define ASN1_R_MISSING_EOS				 128
-#define ASN1_R_MISSING_SECOND_NUMBER			 129
-#define ASN1_R_NON_HEX_CHARACTERS			 130
-#define ASN1_R_NOT_ENOUGH_DATA				 131
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 132
-#define ASN1_R_PARSING					 133
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 134
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 135
-#define ASN1_R_SHORT_LINE				 136
-#define ASN1_R_STRING_TOO_SHORT				 137
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 138
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 139
-#define ASN1_R_TOO_LONG					 140
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 141
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 142
-#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 143
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 144
-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 145
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 146
-#define ASN1_R_UNSUPPORTED_CIPHER			 147
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 148
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 149
-#define ASN1_R_UTCTIME_TOO_LONG				 150
-#define ASN1_R_WRONG_PRINTABLE_TYPE			 151
-#define ASN1_R_WRONG_TAG				 152
-#define ASN1_R_WRONG_TYPE				 153
+#define ASN1_R_DATA_IS_WRONG				 111
+#define ASN1_R_DECODING_ERROR				 112
+#define ASN1_R_ERROR_STACK				 113
+#define ASN1_R_EXPECTING_AN_INTEGER			 114
+#define ASN1_R_EXPECTING_AN_OBJECT			 115
+#define ASN1_R_EXPECTING_AN_OCTET_STRING		 116
+#define ASN1_R_EXPECTING_A_BIT_STRING			 117
+#define ASN1_R_EXPECTING_A_BOOLEAN			 118
+#define ASN1_R_EXPECTING_A_SEQUENCE			 119
+#define ASN1_R_EXPECTING_A_UTCTIME			 120
+#define ASN1_R_FIRST_NUM_TOO_LARGE			 121
+#define ASN1_R_HEADER_TOO_LONG				 122
+#define ASN1_R_INVALID_DIGIT				 123
+#define ASN1_R_INVALID_SEPARATOR			 124
+#define ASN1_R_INVALID_TIME_FORMAT			 125
+#define ASN1_R_IV_TOO_LARGE				 126
+#define ASN1_R_LENGTH_ERROR				 127
+#define ASN1_R_LENGTH_MISMATCH				 128
+#define ASN1_R_MISSING_EOS				 129
+#define ASN1_R_MISSING_SECOND_NUMBER			 130
+#define ASN1_R_NON_HEX_CHARACTERS			 131
+#define ASN1_R_NOT_ENOUGH_DATA				 132
+#define ASN1_R_ODD_NUMBER_OF_CHARS			 133
+#define ASN1_R_PARSING					 134
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 135
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 136
+#define ASN1_R_SHORT_LINE				 137
+#define ASN1_R_STRING_TOO_SHORT				 138
+#define ASN1_R_TAG_VALUE_TOO_HIGH			 139
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 140
+#define ASN1_R_TOO_LONG					 141
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 142
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 143
+#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 144
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 145
+#define ASN1_R_UNKNOWN_OBJECT_TYPE			 146
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 147
+#define ASN1_R_UNSUPPORTED_CIPHER			 148
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 149
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 150
+#define ASN1_R_UTCTIME_TOO_LONG				 151
+#define ASN1_R_WRONG_PRINTABLE_TYPE			 152
+#define ASN1_R_WRONG_TAG				 153
+#define ASN1_R_WRONG_TYPE				 154
  
 #ifdef  __cplusplus
 }
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index 5e6a41b95..03c2858e7 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -60,6 +60,7 @@
 #include "asn1.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA ASN1_str_functs[]=
 	{
 {ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),	"a2d_ASN1_OBJECT"},
@@ -79,11 +80,14 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_SIGN"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),	"ASN1_STRING_new"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),	"ASN1_TYPE_new"},
 {ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0),	"ASN1_UTCTIME_NEW"},
 {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_VERIFY"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"d2i_ASN1_BIT_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),	"D2I_ASN1_BMPSTRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0),	"d2i_ASN1_BOOLEAN"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),	"d2i_ASN1_bytes"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),	"d2i_ASN1_HEADER"},
@@ -135,7 +139,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0),	"D2I_X509_REVOKED"},
 {ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),	"D2I_X509_SIG"},
 {ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),	"D2I_X509_VAL"},
-{ERR_PACK(0,ASN1_F_I2A_ASN1_OBJECT,0),	"i2a_ASN1_OBJECT"},
 {ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0),	"i2d_ASN1_HEADER"},
 {ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),	"I2D_DHPARAMS"},
 {ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),	"I2D_DSAPARAMS"},
@@ -148,6 +151,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),	"I2D_RSAPRIVATEKEY"},
 {ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0),	"I2D_RSAPUBLICKEY"},
 {ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),	"I2D_X509_ATTRIBUTE"},
+{ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0),	"i2t_ASN1_OBJECT"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),	"NETSCAPE_PKEY_NEW"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_NEW"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_NEW"},
@@ -197,6 +201,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_BN_LIB                           ,"bn lib"},
 {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
 {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
+{ASN1_R_DATA_IS_WRONG                    ,"data is wrong"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
 {ASN1_R_ERROR_STACK                      ,"error stack"},
 {ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
@@ -243,14 +248,19 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_ASN1_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index bdd706bcf..ff30b2583 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/asn1_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -69,7 +69,7 @@ static int asn1_get_length();
 static void asn1_put_length();
 #endif
 
-char *ASN1_version="ASN1 part of SSLeay 0.8.1b 29-Jun-1998";
+char *ASN1_version="ASN1 part of SSLeay 0.9.0b 29-Jun-1998";
 
 int ASN1_check_infinite_end(p,len)
 unsigned char **p;
@@ -133,8 +133,8 @@ long omax;
 #ifdef undef
 	fprintf(stderr,"p=%d + *plength=%d > omax=%d + *pp=%d  (%d > %d)\n", 
 		p,*plength,omax,*pp,(p+ *plength),omax+ *pp);
-#endif
 
+#endif
 	if ((p+ *plength) > (omax+ *pp))
 		{
 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
@@ -431,3 +431,14 @@ ASN1_STRING *a,*b;
 		return(i);
 	}
 
+void asn1_add_error(address,offset)
+unsigned char *address;
+int offset;
+	{
+	char buf1[16],buf2[16];
+
+	sprintf(buf1,"%lu",(unsigned long)address);
+	sprintf(buf2,"%d",offset);
+	ERR_add_error_data(4,"address=",buf1," offset=",buf2);
+	}
+
diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
index e4ce0aaa7..4fba70e4b 100644
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -1,5 +1,5 @@
 /* crypto/asn1/asn1_mac.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -91,6 +91,7 @@ extern "C" {
 	M_ASN1_D2I_Finish_2(a); \
 err:\
 	ASN1err((e),c.error); \
+	asn1_add_error(*pp,(int)(c.q- *pp)); \
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
 	return(NULL)
 
@@ -257,7 +258,7 @@ err:\
 			{ \
 			unsigned char *q=p; \
 			f(a,&p); \
-			*q=(V_ASN1_CONTEXT_SPECIFIC|t); \
+			*q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
 			}
 
 #define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
@@ -307,8 +308,10 @@ err:\
 
 #ifndef NOPROTO
 int asn1_GetSequence(ASN1_CTX *c, long *length);
+void asn1_add_error(unsigned char *address,int offset);
 #else 
 int asn1_GetSequence();
+void asn1_add_error();
 #endif
 
 #ifdef  __cplusplus
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index c6cbe1dfa..3906227d2 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/asn1_par.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -144,7 +144,8 @@ int indent;
 		p="GENERALSTRING";
 	else if (tag == V_ASN1_UNIVERSALSTRING)
 		p="UNIVERSALSTRING";
-
+	else if (tag == V_ASN1_BMPSTRING)
+		p="BMPSTRING";
 	else
 		p2="(unknown)";
 		
@@ -184,6 +185,7 @@ int indent;
 	int nl,hl,j,r;
 	ASN1_OBJECT *o=NULL;
 	ASN1_OCTET_STRING *os=NULL;
+	/* ASN1_BMPSTRING *bmp=NULL;*/
 
 	p= *pp;
 	tot=p+length;
@@ -299,6 +301,10 @@ int indent;
 					}
 				BIO_printf(bp,":%d",ii);
 				}
+			else if (tag == V_ASN1_BMPSTRING)
+				{
+				/* do the BMP thang */
+				}
 			else if (tag == V_ASN1_OCTET_STRING)
 				{
 				int i,printable=1;
diff --git a/crypto/asn1/d2i_dhp.c b/crypto/asn1/d2i_dhp.c
index 6ae3e0efa..616a30810 100644
--- a/crypto/asn1/d2i_dhp.c
+++ b/crypto/asn1/d2i_dhp.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/d2i_dhp.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/d2i_dsap.c b/crypto/asn1/d2i_dsap.c
index d0732af23..2c8ac7bbc 100644
--- a/crypto/asn1/d2i_dsap.c
+++ b/crypto/asn1/d2i_dsap.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/d2i_dsap.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 0b60aee4c..b9eaa9629 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/d2i_pr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index 142742e84..5d6192f1e 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/d2i_pu.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/d2i_r_pr.c b/crypto/asn1/d2i_r_pr.c
index af95f30a5..0c53aa94b 100644
--- a/crypto/asn1/d2i_r_pr.c
+++ b/crypto/asn1/d2i_r_pr.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/d2i_r_pr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/d2i_r_pu.c b/crypto/asn1/d2i_r_pu.c
index 0febef6b3..778b792b1 100644
--- a/crypto/asn1/d2i_r_pu.c
+++ b/crypto/asn1/d2i_r_pu.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/d2i_r_pu.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/d2i_s_pr.c b/crypto/asn1/d2i_s_pr.c
index 987db4e3c..32ff8ba4b 100644
--- a/crypto/asn1/d2i_s_pr.c
+++ b/crypto/asn1/d2i_s_pr.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/d2i_s_pr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/d2i_s_pu.c b/crypto/asn1/d2i_s_pu.c
index dfffa8203..1002f41cd 100644
--- a/crypto/asn1/d2i_s_pu.c
+++ b/crypto/asn1/d2i_s_pu.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/d2i_s_pu.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c
index f786b12d6..4817c45cb 100644
--- a/crypto/asn1/f_int.c
+++ b/crypto/asn1/f_int.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/f_int.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c
index 68001c324..ab2837824 100644
--- a/crypto/asn1/f_string.c
+++ b/crypto/asn1/f_string.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/f_string.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/i2d_dhp.c b/crypto/asn1/i2d_dhp.c
index 087b6b8f6..a454025ce 100644
--- a/crypto/asn1/i2d_dhp.c
+++ b/crypto/asn1/i2d_dhp.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/i2d_dhp.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/i2d_dsap.c b/crypto/asn1/i2d_dsap.c
index e051c9988..94ecff152 100644
--- a/crypto/asn1/i2d_dsap.c
+++ b/crypto/asn1/i2d_dsap.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/i2d_dsap.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
index 361beb9fd..b6b821d73 100644
--- a/crypto/asn1/i2d_pr.c
+++ b/crypto/asn1/i2d_pr.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/i2d_pr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c
index 2694cd442..1b854252b 100644
--- a/crypto/asn1/i2d_pu.c
+++ b/crypto/asn1/i2d_pu.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/i2d_pu.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/i2d_r_pr.c b/crypto/asn1/i2d_r_pr.c
index fa9389760..aadbb92d8 100644
--- a/crypto/asn1/i2d_r_pr.c
+++ b/crypto/asn1/i2d_r_pr.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/i2d_r_pr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/i2d_r_pu.c b/crypto/asn1/i2d_r_pu.c
index 31dc8363b..3c54f6709 100644
--- a/crypto/asn1/i2d_r_pu.c
+++ b/crypto/asn1/i2d_r_pu.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/i2d_r_pu.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/i2d_s_pr.c b/crypto/asn1/i2d_s_pr.c
index 0c0a5c6f5..6e9530554 100644
--- a/crypto/asn1/i2d_s_pr.c
+++ b/crypto/asn1/i2d_s_pr.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/i2d_s_pr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/i2d_s_pu.c b/crypto/asn1/i2d_s_pu.c
index cfb7c11f8..5cf287706 100644
--- a/crypto/asn1/i2d_s_pu.c
+++ b/crypto/asn1/i2d_s_pu.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/i2d_s_pu.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 6353d18c5..5110c91be 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/n_pkey.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -81,14 +81,11 @@ typedef struct netscape_pkey_st
  * ASN1err(ASN1_F_NETSCAPE_PKEY_NEW,ASN1_R_DECODING_ERROR);
  */
 #ifndef NOPROTO
-static RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
-	int (*cb)());
 static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp);
 static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length);
 static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
 static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
 #else
-static RSA *d2i_Netscape_RSA_2();
 static int i2d_NETSCAPE_PKEY();
 static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY();
 static NETSCAPE_PKEY *NETSCAPE_PKEY_new();
@@ -183,6 +180,8 @@ int (*cb)();
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
 		strlen((char *)buf),1,key,NULL);
 	memset(buf,0,256);
+
+	EVP_CIPHER_CTX_init(&ctx);
 	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
 	EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);
 	EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);
@@ -234,7 +233,7 @@ int (*cb)();
 	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
 	}
 
-static RSA *d2i_Netscape_RSA_2(a,pp,length,cb)
+RSA *d2i_Netscape_RSA_2(a,pp,length,cb)
 RSA **a;
 unsigned char **pp;
 long length;
@@ -274,6 +273,8 @@ int (*cb)();
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
 		strlen((char *)buf),1,key,NULL);
 	memset(buf,0,256);
+
+	EVP_CIPHER_CTX_init(&ctx);
 	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
 	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
 	EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
diff --git a/crypto/asn1/p7_dgst.c b/crypto/asn1/p7_dgst.c
index 206c2a6bb..f71ed8eb1 100644
--- a/crypto/asn1/p7_dgst.c
+++ b/crypto/asn1/p7_dgst.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/p7_dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/p7_enc.c b/crypto/asn1/p7_enc.c
index ce4bedb11..874dd7838 100644
--- a/crypto/asn1/p7_enc.c
+++ b/crypto/asn1/p7_enc.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/p7_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/p7_enc_c.c b/crypto/asn1/p7_enc_c.c
index b27d44353..2860d3e92 100644
--- a/crypto/asn1/p7_enc_c.c
+++ b/crypto/asn1/p7_enc_c.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/p7_enc_c.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/p7_evp.c b/crypto/asn1/p7_evp.c
index a41d09db7..4db0a7fe6 100644
--- a/crypto/asn1/p7_evp.c
+++ b/crypto/asn1/p7_evp.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/p7_evp.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/p7_i_s.c b/crypto/asn1/p7_i_s.c
index 413c7e1e6..9b00c556d 100644
--- a/crypto/asn1/p7_i_s.c
+++ b/crypto/asn1/p7_i_s.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/p7_i_s.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/p7_lib.c b/crypto/asn1/p7_lib.c
index b745df094..2134e0974 100644
--- a/crypto/asn1/p7_lib.c
+++ b/crypto/asn1/p7_lib.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/p7_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/p7_recip.c b/crypto/asn1/p7_recip.c
index e4ebda006..f02233f5a 100644
--- a/crypto/asn1/p7_recip.c
+++ b/crypto/asn1/p7_recip.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/p7_recip.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -113,6 +113,7 @@ PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new()
 	M_ASN1_New(ret->issuer_and_serial,PKCS7_ISSUER_AND_SERIAL_new);
 	M_ASN1_New(ret->key_enc_algor,X509_ALGOR_new);
 	M_ASN1_New(ret->enc_key,ASN1_OCTET_STRING_new);
+	ret->cert=NULL;
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_PKCS7_RECIP_INFO_NEW);
 	}
@@ -125,6 +126,7 @@ PKCS7_RECIP_INFO *a;
 	PKCS7_ISSUER_AND_SERIAL_free(a->issuer_and_serial);
 	X509_ALGOR_free(a->key_enc_algor);
 	ASN1_OCTET_STRING_free(a->enc_key);
+	if (a->cert != NULL) X509_free(a->cert);
 	Free((char *)a);
 	}
 
diff --git a/crypto/asn1/p7_s_e.c b/crypto/asn1/p7_s_e.c
index df5fa3ff8..d34421145 100644
--- a/crypto/asn1/p7_s_e.c
+++ b/crypto/asn1/p7_s_e.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/p7_s_e.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/p7_signd.c b/crypto/asn1/p7_signd.c
index 23dc7ce26..40f9a44fa 100644
--- a/crypto/asn1/p7_signd.c
+++ b/crypto/asn1/p7_signd.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/p7_signd.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/p7_signi.c b/crypto/asn1/p7_signi.c
index d6682e035..0da92169f 100644
--- a/crypto/asn1/p7_signi.c
+++ b/crypto/asn1/p7_signi.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/p7_signi.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/pkcs8.c b/crypto/asn1/pkcs8.c
index bd0d19153..03fdadd51 100644
--- a/crypto/asn1/pkcs8.c
+++ b/crypto/asn1/pkcs8.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/pkcs8.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -122,6 +122,9 @@ X509 *a;
 	if (a == NULL) return;
 
 	i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);
+#ifdef REF_PRINT
+	REF_PRINT("X509_KEY",a);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
index 09a5abec6..bc518d59a 100644
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/t_pkey.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -82,7 +82,7 @@ static int print();
 #endif
 
 #ifndef NO_RSA
-#ifndef WIN16
+#ifndef NO_FP_API
 int RSA_print_fp(fp,x,off)
 FILE *fp;
 RSA *x;
@@ -153,7 +153,7 @@ err:
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-#ifndef WIN16
+#ifndef NO_FP_API
 int DSA_print_fp(fp,x,off)
 FILE *fp;
 DSA *x;
@@ -283,7 +283,7 @@ int off;
 	}
 
 #ifndef NO_DH
-#ifndef WIN16
+#ifndef NO_FP_API
 int DHparams_print_fp(fp,x)
 FILE *fp;
 DH *x;
@@ -329,15 +329,18 @@ DH *x;
 			(int)x->length) <= 0) goto err;
 		}
 	ret=1;
+	if (0)
+		{
 err:
+		DHerr(DH_F_DHPARAMS_PRINT,reason);
+		}
 	if (m != NULL) Free((char *)m);
-	DHerr(DH_F_DHPARAMS_PRINT,reason);
 	return(ret);
 	}
 #endif
 
 #ifndef NO_DSA
-#ifndef WIN16
+#ifndef NO_FP_API
 int DSAparams_print_fp(fp,x)
 FILE *fp;
 DSA *x;
diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index 922f6b392..7df749a48 100644
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/t_req.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,7 +63,7 @@
 #include "objects.h"
 #include "x509.h"
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int X509_REQ_print_fp(fp,x)
 FILE *fp;
 X509_REQ *x;
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index 8ff0a8516..b10fbbb99 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/t_x509.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -69,7 +69,7 @@
 #include "objects.h"
 #include "x509.h"
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int X509_print_fp(fp,x)
 FILE *fp;
 X509 *x;
@@ -304,7 +304,7 @@ ASN1_UTCTIME *tm;
 	for (i=0; i<10; i++)
 		if ((v[i] > '9') || (v[i] < '0')) goto err;
 	y= (v[0]-'0')*10+(v[1]-'0');
-	if (y < 70) y+=100;
+	if (y < 50) y+=100;
 	M= (v[2]-'0')*10+(v[3]-'0');
 	if ((M > 12) || (M < 1)) goto err;
 	d= (v[4]-'0')*10+(v[5]-'0');
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index 1a23812c9..0ed2c87b6 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_algor.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/x_attrib.c b/crypto/asn1/x_attrib.c
index bce6f3aad..e52ced862 100644
--- a/crypto/asn1/x_attrib.c
+++ b/crypto/asn1/x_attrib.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_attrib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/x_cinf.c b/crypto/asn1/x_cinf.c
index e5cc2af72..4fc2cc9f6 100644
--- a/crypto/asn1/x_cinf.c
+++ b/crypto/asn1/x_cinf.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_cinf.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 22cb99fb0..13acdab42 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_crl.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -130,7 +130,8 @@ unsigned char **pp;
 	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
 	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
 	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME);
+	if (a->nextUpdate != NULL)
+		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); }
 	M_ASN1_I2D_len_SEQ_opt(a->revoked,i2d_X509_REVOKED);
 	M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
 		V_ASN1_SEQUENCE,v1);
@@ -144,7 +145,8 @@ unsigned char **pp;
 	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
 	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
 	M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME);
+	if (a->nextUpdate != NULL)
+		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME); }
 	M_ASN1_I2D_put_SEQ_opt(a->revoked,i2d_X509_REVOKED);
 	M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
 		V_ASN1_SEQUENCE,v1);
@@ -175,7 +177,7 @@ long length;
 	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
 	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
 	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_get(ret->nextUpdate,d2i_ASN1_UTCTIME);
+	M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME);
 	if (ret->revoked != NULL)
 		{
 		while (sk_num(ret->revoked))
@@ -264,7 +266,7 @@ X509_CRL_INFO *X509_CRL_INFO_new()
 	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
 	M_ASN1_New(ret->issuer,X509_NAME_new);
 	M_ASN1_New(ret->lastUpdate,ASN1_UTCTIME_new);
-	M_ASN1_New(ret->nextUpdate,ASN1_UTCTIME_new);
+	ret->nextUpdate=NULL;
 	M_ASN1_New(ret->revoked,sk_new_null);
 	M_ASN1_New(ret->extensions,sk_new_null);
 	ret->revoked->comp=(int (*)())X509_REVOKED_cmp;
@@ -303,7 +305,8 @@ X509_CRL_INFO *a;
 	X509_ALGOR_free(a->sig_alg);
 	X509_NAME_free(a->issuer);
 	ASN1_UTCTIME_free(a->lastUpdate);
-	ASN1_UTCTIME_free(a->nextUpdate);
+	if (a->nextUpdate)
+		ASN1_UTCTIME_free(a->nextUpdate);
 	sk_pop_free(a->revoked,X509_REVOKED_free);
 	sk_pop_free(a->extensions,X509_EXTENSION_free);
 	Free((char *)a);
@@ -317,6 +320,9 @@ X509_CRL *a;
 	if (a == NULL) return;
 
 	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+	REF_PRINT("X509_CRL",a);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
diff --git a/crypto/asn1/x_exten.c b/crypto/asn1/x_exten.c
index 89daf3f22..54ffe2f00 100644
--- a/crypto/asn1/x_exten.c
+++ b/crypto/asn1/x_exten.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_exten.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -108,6 +108,10 @@ long length;
 	M_ASN1_D2I_start_sequence();
 	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
 
+	if ((ret->argp != NULL) && (ret->ex_free != NULL))
+		ret->ex_free(ret);
+	ret->argl=0;
+	ret->argp=NULL;
 	ret->netscape_hack=0;
 	if ((c.slen != 0) &&
 		(M_ASN1_next == (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN)))
@@ -132,6 +136,9 @@ X509_EXTENSION *X509_EXTENSION_new()
 	M_ASN1_New(ret->value,ASN1_OCTET_STRING_new);
 	ret->critical=0;
 	ret->netscape_hack=0;
+	ret->argl=0L;
+	ret->argp=NULL;
+	ret->ex_free=NULL;
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_EXTENSION_NEW);
 	}
@@ -140,6 +147,8 @@ void X509_EXTENSION_free(a)
 X509_EXTENSION *a;
 	{
 	if (a == NULL) return;
+	if ((a->argp != NULL) && (a->ex_free != NULL))
+		a->ex_free(a);
 	ASN1_OBJECT_free(a->object);
 	ASN1_OCTET_STRING_free(a->value);
 	Free((char *)a);
diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c
index e46c67298..b55f0ce77 100644
--- a/crypto/asn1/x_info.c
+++ b/crypto/asn1/x_info.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_info.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -92,6 +92,9 @@ X509_INFO *x;
 	if (x == NULL) return;
 
 	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
+#ifdef REF_PRINT
+	REF_PRINT("X509_INFO",x);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
index c03f9169c..28b9c34b5 100644
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_name.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
index ced975b40..1d4d92612 100644
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_pkey.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -136,6 +136,9 @@ X509_PKEY *x;
 	if (x == NULL) return;
 
 	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
+#ifdef REF_PRINT
+	REF_PRINT("X509_PKEY",x);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index b1a2499d3..a309cf74a 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_pubkey.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -211,12 +211,16 @@ X509_PUBKEY *key;
 	long j;
 	int type;
 	unsigned char *p;
+#ifndef NO_DSA
 	X509_ALGOR *a;
+#endif
+
+	if (key == NULL) goto err;
+
+	if (key->pkey != NULL) return(key->pkey);
+
+	if (key->public_key == NULL) goto err;
 
-	if (key->pkey != NULL)
-		{
-		return(key->pkey);
-		}
 	type=OBJ_obj2nid(key->algor->algorithm);
 	p=key->public_key->data;
         j=key->public_key->length;
diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c
index 02b31add1..ff0be13d3 100644
--- a/crypto/asn1/x_req.c
+++ b/crypto/asn1/x_req.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_req.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -226,6 +226,9 @@ X509_REQ *a;
 	if (a == NULL) return;
 
 	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_REQ);
+#ifdef REF_PRINT
+	REF_PRINT("X509_REQ",a);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c
index 186c404e8..f0a2e4c27 100644
--- a/crypto/asn1/x_sig.c
+++ b/crypto/asn1/x_sig.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_sig.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c
index bfeb0659a..4a80df44b 100644
--- a/crypto/asn1/x_spki.c
+++ b/crypto/asn1/x_spki.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_spki.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c
index e2e4d0043..a9c390f88 100644
--- a/crypto/asn1/x_val.c
+++ b/crypto/asn1/x_val.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_val.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index d80a5cbc0..bc466ce0f 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -1,5 +1,5 @@
 /* crypto/asn1/x_x509.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -137,6 +137,9 @@ X509 *a;
 	if (a == NULL) return;
 
 	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+	REF_PRINT("X509",a);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
diff --git a/crypto/bf/Makefile.ssl b/crypto/bf/Makefile.ssl
index 1a44992a1..236671f23 100644
--- a/crypto/bf/Makefile.ssl
+++ b/crypto/bf/Makefile.ssl
@@ -25,8 +25,8 @@ TEST=bftest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c 
-LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cbc.o bf_cfb64.o bf_ofb64.o
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c 
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
 
 SRC= $(LIBSRC)
 
@@ -46,23 +46,26 @@ lib:	$(LIBOBJ)
 	@touch lib
 
 # elf
-asm/bx86-elf.o: asm/bx86-cpp.s asm/bx86unix.cpp
+asm/bx86-elf.o: asm/bx86unix.cpp
 	$(CPP) -DELF asm/bx86unix.cpp | as -o asm/bx86-elf.o
 
 # solaris
-asm/bx86-sol.o: asm/bx86-cpp.s asm/bx86unix.cpp
+asm/bx86-sol.o: asm/bx86unix.cpp
 	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
 	as -o asm/bx86-sol.o asm/bx86-sol.s
 	rm -f asm/bx86-sol.s
 
 # a.out
-asm/bx86-out.o: asm/bx86-cpp.s asm/bx86unix.cpp
+asm/bx86-out.o: asm/bx86unix.cpp
 	$(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o
 
 # bsdi
-asm/bx86bsdi.o: asm/bx86-cpp.s asm/bx86unix.cpp
+asm/bx86bsdi.o: asm/bx86unix.cpp
 	$(CPP) -DBSDI asm/bx86unix.cpp | as -o asm/bx86bsdi.o
 
+asm/bx86unix.cpp:
+	(cd asm; perl bf-586.pl cpp >bx86unix.cpp)
+
 files:
 	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
@@ -73,10 +76,6 @@ links:
 	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
 	$(TOP)/util/mklink.sh ../../test $(TEST)
 	$(TOP)/util/mklink.sh ../../apps $(APPS)
-	/bin/rm -f asm/x86ms.pl asm/x86unix.pl
-	$(TOP)/util/point.sh ../../perlasm/x86ms.pl asm/x86ms.pl
-	$(TOP)/util/point.sh ../../perlasm/x86unix.pl asm/x86unix.pl
-
 
 install:
 	@for i in $(EXHEADER) ; \
diff --git a/crypto/bf/Makefile.uni b/crypto/bf/Makefile.uni
index 851729547..9ba5b0c85 100644
--- a/crypto/bf/Makefile.uni
+++ b/crypto/bf/Makefile.uni
@@ -7,6 +7,8 @@
 # make x86-solaris
 # make x86-bdsi
 
+DIR=	bf
+TOP=	.
 # use BF_PTR2 for intel boxes,
 # BF_PTR for sparc and MIPS/SGI
 # use nothing for Alpha and HP.
@@ -42,14 +44,14 @@ MANDIR=/usr/local/man
 MAN1=1
 MAN3=3
 SHELL=/bin/sh
-LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cbc.o bf_cfb64.o bf_ofb64.o
-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
 
 GENERAL=Makefile Makefile.ssl Makefile.uni asm bf_locl.org README \
 	COPYRIGHT blowfish.doc INSTALL
-   
-TESTING=    bftest bfspeed
-TESTING_SRC=bftest.c bfspeed.c
+
+TESTING=    bftest bfspeed bf_opts
+TESTING_SRC=bftest.c bfspeed.c bf_opts.c
 HEADERS=bf_locl.h blowfish.h bf_pi.h
 
 ALL=	$(GENERAL) $(TESTING_SRC) $(LIBSRC) $(HEADERS)
@@ -77,23 +79,26 @@ x86-bsdi:
 	$(MAKE) BF_ENC='asm/bx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
 
 # elf
-asm/bx86-elf.o: asm/bx86-cpp.s asm/bx86unix.cpp
+asm/bx86-elf.o: asm/bx86unix.cpp
 	$(CPP) -DELF asm/bx86unix.cpp | $(AS) -o asm/bx86-elf.o
 
 # solaris
-asm/bx86-sol.o: asm/bx86-cpp.s asm/bx86unix.cpp
+asm/bx86-sol.o: asm/bx86unix.cpp
 	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
 	as -o asm/bx86-sol.o asm/bx86-sol.s
 	rm -f asm/bx86-sol.s
 
 # a.out
-asm/bx86-out.o: asm/bx86-cpp.s asm/bx86unix.cpp
+asm/bx86-out.o: asm/bx86unix.cpp
 	$(CPP) -DOUT asm/bx86unix.cpp | $(AS) -o asm/bx86-out.o
 
 # bsdi
-asm/bx86bsdi.o: asm/bx86-cpp.s asm/bx86unix.cpp
+asm/bx86bsdi.o: asm/bx86unix.cpp
 	$(CPP) -DBSDI asm/bx86unix.cpp | $(AS) -o asm/bx86bsdi.o
 
+asm/bx86unix.cpp:
+	(cd asm; perl bf-586.pl cpp >bx86unix.cpp)
+	
 test:	all
 	./bftest
 
@@ -110,6 +115,9 @@ bftest: bftest.o $(BLIB)
 bfspeed: bfspeed.o $(BLIB)
 	$(CC) $(CFLAGS) -o bfspeed bfspeed.o $(BLIB)
 
+bf_opts: bf_opts.o $(BLIB)
+	$(CC) $(CFLAGS) -o bf_opts bf_opts.o $(BLIB)
+
 tags:
 	ctags $(TESTING_SRC) $(LIBBF)
 
@@ -157,4 +165,5 @@ install: $(BLIB)
 	    cp blowfish.h $(INCDIR)/blowfish.h; \
 	    chmod 644 $(INCDIR)/blowfish.h; \
 	fi
+
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/bf/asm/b-win32.asm b/crypto/bf/asm/b-win32.asm
index bef272eeb..138c99d0a 100644
--- a/crypto/bf/asm/b-win32.asm
+++ b/crypto/bf/asm/b-win32.asm
@@ -1,662 +1,906 @@
-	; Don't even think of reading this code

-	; It was automatically generated by bf586.pl

-	; Which is a perl program used to generate the x86 assember for

-	; any of elf, a.out, Win32, or Solaris

-	; It can be found in SSLeay 0.7.0+

-	; eric <eay@cryptsoft.com>

-	; 

-	TITLE	bfx86xxxx.asm

-        .386

-.model FLAT

-_TEXT	SEGMENT

-PUBLIC	_BF_encrypt

-_BF_encrypt PROC NEAR

-	push	ebp

-	push	ebx

-	push	esi

-	push	edi

-	; 

-	; Load the 2 words

-	mov	eax,		DWORD PTR 20[esp]

-	mov	ecx,		DWORD PTR [eax]

-	mov	edx,		DWORD PTR 4[eax]

-	; 

-	; P pointer, s and enc flag

-	mov	edi,		DWORD PTR 24[esp]

-	xor	eax,		eax

-	xor	ebx,		ebx

-	mov	ebp,		DWORD PTR 28[esp]

-	cmp	ebp,		0

-	je	$L000start_decrypt

-	xor	ecx,		DWORD PTR [edi]

-	; 

-	; Round 0

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 4[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 1

-	ror	edx,		16

-	mov	esi,		DWORD PTR 8[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 2

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 12[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 3

-	ror	edx,		16

-	mov	esi,		DWORD PTR 16[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 4

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 20[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 5

-	ror	edx,		16

-	mov	esi,		DWORD PTR 24[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 6

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 28[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 7

-	ror	edx,		16

-	mov	esi,		DWORD PTR 32[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 8

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 36[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 9

-	ror	edx,		16

-	mov	esi,		DWORD PTR 40[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 10

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 44[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 11

-	ror	edx,		16

-	mov	esi,		DWORD PTR 48[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 12

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 52[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 13

-	ror	edx,		16

-	mov	esi,		DWORD PTR 56[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 14

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 60[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 15

-	ror	edx,		16

-	mov	esi,		DWORD PTR 64[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	xor	edx,		DWORD PTR 68[edi]

-	mov	eax,		DWORD PTR 20[esp]

-	mov	DWORD PTR [eax],edx

-	mov	DWORD PTR 4[eax],ecx

-	pop	edi

-	pop	esi

-	pop	ebx

-	pop	ebp

-	ret

-$L000start_decrypt:

-	xor	ecx,		DWORD PTR 68[edi]

-	; 

-	; Round 16

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 64[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 15

-	ror	edx,		16

-	mov	esi,		DWORD PTR 60[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 14

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 56[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 13

-	ror	edx,		16

-	mov	esi,		DWORD PTR 52[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 12

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 48[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 11

-	ror	edx,		16

-	mov	esi,		DWORD PTR 44[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 10

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 40[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 9

-	ror	edx,		16

-	mov	esi,		DWORD PTR 36[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 8

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 32[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 7

-	ror	edx,		16

-	mov	esi,		DWORD PTR 28[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 6

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 24[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 5

-	ror	edx,		16

-	mov	esi,		DWORD PTR 20[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 4

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 16[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 3

-	ror	edx,		16

-	mov	esi,		DWORD PTR 12[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	; 

-	; Round 2

-	ror	ecx,		16

-	mov	esi,		DWORD PTR 8[edi]

-	mov	al,		ch

-	mov	bl,		cl

-	ror	ecx,		16

-	xor	edx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		ch

-	mov	bl,		cl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	edx,		esi

-	; 

-	; Round 1

-	ror	edx,		16

-	mov	esi,		DWORD PTR 4[edi]

-	mov	al,		dh

-	mov	bl,		dl

-	ror	edx,		16

-	xor	ecx,		esi

-	mov	esi,		DWORD PTR 72[eax*4+edi]

-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]

-	mov	al,		dh

-	mov	bl,		dl

-	add	esi,		ebp

-	mov	eax,		DWORD PTR 2120[eax*4+edi]

-	xor	esi,		eax

-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]

-	add	esi,		ebp

-	xor	eax,		eax

-	xor	ecx,		esi

-	xor	edx,		DWORD PTR [edi]

-	mov	eax,		DWORD PTR 20[esp]

-	mov	DWORD PTR [eax],edx

-	mov	DWORD PTR 4[eax],ecx

-	pop	edi

-	pop	esi

-	pop	ebx

-	pop	ebp

-	ret

-_BF_encrypt ENDP

-_TEXT	ENDS

-END

+	; Don't even think of reading this code
+	; It was automatically generated by bf-586.pl
+	; Which is a perl program used to generate the x86 assember for
+	; any of elf, a.out, BSDI,Win32, or Solaris
+	; eric <eay@cryptsoft.com>
+	; 
+	TITLE	bf-586.asm
+        .486
+.model FLAT
+_TEXT	SEGMENT
+PUBLIC	_BF_encrypt
+
+_BF_encrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	mov	ebx,		DWORD PTR 12[esp]
+	mov	ebp,		DWORD PTR 16[esp]
+	push	esi
+	push	edi
+	; Load the 2 words
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	xor	eax,		eax
+	mov	ebx,		DWORD PTR [ebp]
+	xor	ecx,		ecx
+	xor	edi,		ebx
+	; 
+	; Round 0
+	mov	edx,		DWORD PTR 4[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 1
+	mov	edx,		DWORD PTR 8[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 2
+	mov	edx,		DWORD PTR 12[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 3
+	mov	edx,		DWORD PTR 16[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 4
+	mov	edx,		DWORD PTR 20[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 5
+	mov	edx,		DWORD PTR 24[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 6
+	mov	edx,		DWORD PTR 28[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 7
+	mov	edx,		DWORD PTR 32[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 8
+	mov	edx,		DWORD PTR 36[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 9
+	mov	edx,		DWORD PTR 40[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 10
+	mov	edx,		DWORD PTR 44[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 11
+	mov	edx,		DWORD PTR 48[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 12
+	mov	edx,		DWORD PTR 52[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 13
+	mov	edx,		DWORD PTR 56[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 14
+	mov	edx,		DWORD PTR 60[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 15
+	mov	edx,		DWORD PTR 64[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	; Load parameter 0 (16) enc=1
+	mov	eax,		DWORD PTR 20[esp]
+	xor	edi,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	esi,		edx
+	mov	DWORD PTR 4[eax],edi
+	mov	DWORD PTR [eax],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_BF_encrypt ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_BF_decrypt
+
+_BF_decrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	mov	ebx,		DWORD PTR 12[esp]
+	mov	ebp,		DWORD PTR 16[esp]
+	push	esi
+	push	edi
+	; Load the 2 words
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	xor	eax,		eax
+	mov	ebx,		DWORD PTR 68[ebp]
+	xor	ecx,		ecx
+	xor	edi,		ebx
+	; 
+	; Round 16
+	mov	edx,		DWORD PTR 64[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 15
+	mov	edx,		DWORD PTR 60[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 14
+	mov	edx,		DWORD PTR 56[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 13
+	mov	edx,		DWORD PTR 52[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 12
+	mov	edx,		DWORD PTR 48[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 11
+	mov	edx,		DWORD PTR 44[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 10
+	mov	edx,		DWORD PTR 40[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 9
+	mov	edx,		DWORD PTR 36[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 8
+	mov	edx,		DWORD PTR 32[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 7
+	mov	edx,		DWORD PTR 28[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 6
+	mov	edx,		DWORD PTR 24[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 5
+	mov	edx,		DWORD PTR 20[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 4
+	mov	edx,		DWORD PTR 16[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 3
+	mov	edx,		DWORD PTR 12[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 2
+	mov	edx,		DWORD PTR 8[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 1
+	mov	edx,		DWORD PTR 4[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	; Load parameter 0 (1) enc=0
+	mov	eax,		DWORD PTR 20[esp]
+	xor	edi,		ebx
+	mov	edx,		DWORD PTR [ebp]
+	xor	esi,		edx
+	mov	DWORD PTR 4[eax],edi
+	mov	DWORD PTR [eax],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_BF_decrypt ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_BF_cbc_encrypt
+
+_BF_cbc_encrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	mov	ebp,		DWORD PTR 28[esp]
+	; getting iv ptr from parameter 4
+	mov	ebx,		DWORD PTR 36[esp]
+	mov	esi,		DWORD PTR [ebx]
+	mov	edi,		DWORD PTR 4[ebx]
+	push	edi
+	push	esi
+	push	edi
+	push	esi
+	mov	ebx,		esp
+	mov	esi,		DWORD PTR 36[esp]
+	mov	edi,		DWORD PTR 40[esp]
+	; getting encrypt flag from parameter 5
+	mov	ecx,		DWORD PTR 56[esp]
+	; get and push parameter 3
+	mov	eax,		DWORD PTR 48[esp]
+	push	eax
+	push	ebx
+	cmp	ecx,		0
+	jz	$L000decrypt
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	jz	$L001encrypt_finish
+L002encrypt_loop:
+	mov	ecx,		DWORD PTR [esi]
+	mov	edx,		DWORD PTR 4[esi]
+	xor	eax,		ecx
+	xor	ebx,		edx
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_BF_encrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L002encrypt_loop
+$L001encrypt_finish:
+	mov	ebp,		DWORD PTR 52[esp]
+	and	ebp,		7
+	jz	$L003finish
+	xor	ecx,		ecx
+	xor	edx,		edx
+	mov	ebp,		DWORD PTR $L004cbc_enc_jmp_table[ebp*4]
+	jmp	 ebp
+L005ej7:
+	mov	dh,		BYTE PTR 6[esi]
+	shl	edx,		8
+L006ej6:
+	mov	dh,		BYTE PTR 5[esi]
+L007ej5:
+	mov	dl,		BYTE PTR 4[esi]
+L008ej4:
+	mov	ecx,		DWORD PTR [esi]
+	jmp	$L009ejend
+L010ej3:
+	mov	ch,		BYTE PTR 2[esi]
+	shl	ecx,		8
+L011ej2:
+	mov	ch,		BYTE PTR 1[esi]
+L012ej1:
+	mov	cl,		BYTE PTR [esi]
+$L009ejend:
+	xor	eax,		ecx
+	xor	ebx,		edx
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_BF_encrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	jmp	$L003finish
+$L000decrypt:
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	jz	$L013decrypt_finish
+L014decrypt_loop:
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_BF_decrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	ecx,		DWORD PTR 16[esp]
+	mov	edx,		DWORD PTR 20[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR [edi],ecx
+	mov	DWORD PTR 4[edi],edx
+	mov	DWORD PTR 16[esp],eax
+	mov	DWORD PTR 20[esp],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L014decrypt_loop
+$L013decrypt_finish:
+	mov	ebp,		DWORD PTR 52[esp]
+	and	ebp,		7
+	jz	$L003finish
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_BF_decrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	ecx,		DWORD PTR 16[esp]
+	mov	edx,		DWORD PTR 20[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+L015dj7:
+	ror	edx,		16
+	mov	BYTE PTR 6[edi],dl
+	shr	edx,		16
+L016dj6:
+	mov	BYTE PTR 5[edi],dh
+L017dj5:
+	mov	BYTE PTR 4[edi],dl
+L018dj4:
+	mov	DWORD PTR [edi],ecx
+	jmp	$L019djend
+L020dj3:
+	ror	ecx,		16
+	mov	BYTE PTR 2[edi],cl
+	shl	ecx,		16
+L021dj2:
+	mov	BYTE PTR 1[esi],ch
+L022dj1:
+	mov	BYTE PTR [esi],	cl
+$L019djend:
+	jmp	$L003finish
+$L003finish:
+	mov	ecx,		DWORD PTR 60[esp]
+	add	esp,		24
+	mov	DWORD PTR [ecx],eax
+	mov	DWORD PTR 4[ecx],ebx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+$L004cbc_enc_jmp_table:
+	DD	0
+	DD	L012ej1
+	DD	L011ej2
+	DD	L010ej3
+	DD	L008ej4
+	DD	L007ej5
+	DD	L006ej6
+	DD	L005ej7
+L023cbc_dec_jmp_table:
+	DD	0
+	DD	L022dj1
+	DD	L021dj2
+	DD	L020dj3
+	DD	L018dj4
+	DD	L017dj5
+	DD	L016dj6
+	DD	L015dj7
+_BF_cbc_encrypt ENDP
+_TEXT	ENDS
+END
diff --git a/crypto/bf/asm/bx86unix.cpp b/crypto/bf/asm/bx86unix.cpp
index dcb10d23d..cdaa26937 100644
--- a/crypto/bf/asm/bx86unix.cpp
+++ b/crypto/bf/asm/bx86unix.cpp
@@ -1,24 +1,37 @@
+/* Run the C pre-processor over this file with one of the following defined
+ * ELF - elf object files,
+ * OUT - a.out object files,
+ * BSDI - BSDI style a.out object files
+ * SOL - Solaris style elf
+ */
 
-#define TYPE(a,b)	.type	a,b
-#define SIZE(a,b)	.size	a,b
+#define TYPE(a,b)       .type   a,b
+#define SIZE(a,b)       .size   a,b
+
+#if defined(OUT) || defined(BSDI)
+#define BF_encrypt _BF_encrypt
+#define BF_decrypt _BF_decrypt
+#define BF_cbc_encrypt _BF_cbc_encrypt
+
+#endif
 
 #ifdef OUT
-#define OK		1
-#define BF_encrypt	_BF_encrypt
-#define ALIGN		4
+#define OK	1
+#define ALIGN	4
 #endif
 
 #ifdef BSDI
-#define OK		1
-#define BF_encrypt	_BF_encrypt
-#define ALIGN		4
+#define OK              1
+#define ALIGN           4
 #undef SIZE
 #undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b)
 #endif
 
 #if defined(ELF) || defined(SOL)
-#define OK		1
-#define ALIGN		16
+#define OK              1
+#define ALIGN           16
 #endif
 
 #ifndef OK
@@ -29,5 +42,935 @@ SOL - solaris systems, which are elf with strange comment lines
 BSDI - a.out with a very primative version of as.
 #endif
 
-#include "bx86-cpp.s" 
+/* Let the Assembler begin :-) */
+	/* Don't even think of reading this code */
+	/* It was automatically generated by bf-586.pl */
+	/* Which is a perl program used to generate the x86 assember for */
+	/* any of elf, a.out, BSDI,Win32, or Solaris */
+	/* eric <eay@cryptsoft.com> */
+
+	.file	"bf-586.s"
+	.version	"01.01"
+gcc2_compiled.:
+.text
+	.align ALIGN
+.globl BF_encrypt
+	TYPE(BF_encrypt,@function)
+BF_encrypt:
+
+	pushl	%ebp
+	pushl	%ebx
+	movl	12(%esp),	%ebx
+	movl	16(%esp),	%ebp
+	pushl	%esi
+	pushl	%edi
+	/* Load the 2 words */
+	movl	(%ebx),		%edi
+	movl	4(%ebx),	%esi
+	xorl	%eax,		%eax
+	movl	(%ebp),		%ebx
+	xorl	%ecx,		%ecx
+	xorl	%ebx,		%edi
+
+	/* Round 0 */
+	movl	4(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 1 */
+	movl	8(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 2 */
+	movl	12(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 3 */
+	movl	16(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 4 */
+	movl	20(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 5 */
+	movl	24(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 6 */
+	movl	28(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 7 */
+	movl	32(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 8 */
+	movl	36(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 9 */
+	movl	40(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 10 */
+	movl	44(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 11 */
+	movl	48(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 12 */
+	movl	52(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 13 */
+	movl	56(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 14 */
+	movl	60(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 15 */
+	movl	64(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	/* Load parameter 0 (16) enc=1 */
+	movl	20(%esp),	%eax
+	xorl	%ebx,		%edi
+	movl	68(%ebp),	%edx
+	xorl	%edx,		%esi
+	movl	%edi,		4(%eax)
+	movl	%esi,		(%eax)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.BF_encrypt_end:
+	SIZE(BF_encrypt,.BF_encrypt_end-BF_encrypt)
+.ident	"BF_encrypt"
+.text
+	.align ALIGN
+.globl BF_decrypt
+	TYPE(BF_decrypt,@function)
+BF_decrypt:
+
+	pushl	%ebp
+	pushl	%ebx
+	movl	12(%esp),	%ebx
+	movl	16(%esp),	%ebp
+	pushl	%esi
+	pushl	%edi
+	/* Load the 2 words */
+	movl	(%ebx),		%edi
+	movl	4(%ebx),	%esi
+	xorl	%eax,		%eax
+	movl	68(%ebp),	%ebx
+	xorl	%ecx,		%ecx
+	xorl	%ebx,		%edi
+
+	/* Round 16 */
+	movl	64(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 15 */
+	movl	60(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 14 */
+	movl	56(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 13 */
+	movl	52(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 12 */
+	movl	48(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 11 */
+	movl	44(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 10 */
+	movl	40(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 9 */
+	movl	36(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 8 */
+	movl	32(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 7 */
+	movl	28(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 6 */
+	movl	24(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 5 */
+	movl	20(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 4 */
+	movl	16(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 3 */
+	movl	12(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%edi
+
+	/* Round 2 */
+	movl	8(%ebp),	%edx
+	movl	%edi,		%ebx
+	xorl	%edx,		%esi
+	shrl	$16,		%ebx
+	movl	%edi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	xorl	%eax,		%eax
+	xorl	%ebx,		%esi
+
+	/* Round 1 */
+	movl	4(%ebp),	%edx
+	movl	%esi,		%ebx
+	xorl	%edx,		%edi
+	shrl	$16,		%ebx
+	movl	%esi,		%edx
+	movb	%bh,		%al
+	andl	$255,		%ebx
+	movb	%dh,		%cl
+	andl	$255,		%edx
+	movl	72(%ebp,%eax,4),%eax
+	movl	1096(%ebp,%ebx,4),%ebx
+	addl	%eax,		%ebx
+	movl	2120(%ebp,%ecx,4),%eax
+	xorl	%eax,		%ebx
+	movl	3144(%ebp,%edx,4),%edx
+	addl	%edx,		%ebx
+	/* Load parameter 0 (1) enc=0 */
+	movl	20(%esp),	%eax
+	xorl	%ebx,		%edi
+	movl	(%ebp),		%edx
+	xorl	%edx,		%esi
+	movl	%edi,		4(%eax)
+	movl	%esi,		(%eax)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.BF_decrypt_end:
+	SIZE(BF_decrypt,.BF_decrypt_end-BF_decrypt)
+.ident	"BF_decrypt"
+.text
+	.align ALIGN
+.globl BF_cbc_encrypt
+	TYPE(BF_cbc_encrypt,@function)
+BF_cbc_encrypt:
 
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+	movl	28(%esp),	%ebp
+	/* getting iv ptr from parameter 4 */
+	movl	36(%esp),	%ebx
+	movl	(%ebx),		%esi
+	movl	4(%ebx),	%edi
+	pushl	%edi
+	pushl	%esi
+	pushl	%edi
+	pushl	%esi
+	movl	%esp,		%ebx
+	movl	36(%esp),	%esi
+	movl	40(%esp),	%edi
+	/* getting encrypt flag from parameter 5 */
+	movl	56(%esp),	%ecx
+	/* get and push parameter 3 */
+	movl	48(%esp),	%eax
+	pushl	%eax
+	pushl	%ebx
+	cmpl	$0,		%ecx
+	jz	.L000decrypt
+	andl	$4294967288,	%ebp
+	movl	8(%esp),	%eax
+	movl	12(%esp),	%ebx
+	jz	.L001encrypt_finish
+.L002encrypt_loop:
+	movl	(%esi),		%ecx
+	movl	4(%esi),	%edx
+	xorl	%ecx,		%eax
+	xorl	%edx,		%ebx
+.byte 15
+.byte 200		/* bswapl  %eax */
+.byte 15
+.byte 203		/* bswapl  %ebx */
+	movl	%eax,		8(%esp)
+	movl	%ebx,		12(%esp)
+	call	BF_encrypt
+	movl	8(%esp),	%eax
+	movl	12(%esp),	%ebx
+.byte 15
+.byte 200		/* bswapl  %eax */
+.byte 15
+.byte 203		/* bswapl  %ebx */
+	movl	%eax,		(%edi)
+	movl	%ebx,		4(%edi)
+	addl	$8,		%esi
+	addl	$8,		%edi
+	subl	$8,		%ebp
+	jnz	.L002encrypt_loop
+.L001encrypt_finish:
+	movl	52(%esp),	%ebp
+	andl	$7,		%ebp
+	jz	.L003finish
+	xorl	%ecx,		%ecx
+	xorl	%edx,		%edx
+	movl	.L004cbc_enc_jmp_table(,%ebp,4),%ebp
+	jmp	*%ebp
+.L005ej7:
+	movb	6(%esi),	%dh
+	sall	$8,		%edx
+.L006ej6:
+	movb	5(%esi),	%dh
+.L007ej5:
+	movb	4(%esi),	%dl
+.L008ej4:
+	movl	(%esi),		%ecx
+	jmp	.L009ejend
+.L010ej3:
+	movb	2(%esi),	%ch
+	sall	$8,		%ecx
+.L011ej2:
+	movb	1(%esi),	%ch
+.L012ej1:
+	movb	(%esi),		%cl
+.L009ejend:
+	xorl	%ecx,		%eax
+	xorl	%edx,		%ebx
+.byte 15
+.byte 200		/* bswapl  %eax */
+.byte 15
+.byte 203		/* bswapl  %ebx */
+	movl	%eax,		8(%esp)
+	movl	%ebx,		12(%esp)
+	call	BF_encrypt
+	movl	8(%esp),	%eax
+	movl	12(%esp),	%ebx
+.byte 15
+.byte 200		/* bswapl  %eax */
+.byte 15
+.byte 203		/* bswapl  %ebx */
+	movl	%eax,		(%edi)
+	movl	%ebx,		4(%edi)
+	jmp	.L003finish
+.align ALIGN
+.L000decrypt:
+	andl	$4294967288,	%ebp
+	movl	16(%esp),	%eax
+	movl	20(%esp),	%ebx
+	jz	.L013decrypt_finish
+.L014decrypt_loop:
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+.byte 15
+.byte 200		/* bswapl  %eax */
+.byte 15
+.byte 203		/* bswapl  %ebx */
+	movl	%eax,		8(%esp)
+	movl	%ebx,		12(%esp)
+	call	BF_decrypt
+	movl	8(%esp),	%eax
+	movl	12(%esp),	%ebx
+.byte 15
+.byte 200		/* bswapl  %eax */
+.byte 15
+.byte 203		/* bswapl  %ebx */
+	movl	16(%esp),	%ecx
+	movl	20(%esp),	%edx
+	xorl	%eax,		%ecx
+	xorl	%ebx,		%edx
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+	movl	%ecx,		(%edi)
+	movl	%edx,		4(%edi)
+	movl	%eax,		16(%esp)
+	movl	%ebx,		20(%esp)
+	addl	$8,		%esi
+	addl	$8,		%edi
+	subl	$8,		%ebp
+	jnz	.L014decrypt_loop
+.L013decrypt_finish:
+	movl	52(%esp),	%ebp
+	andl	$7,		%ebp
+	jz	.L003finish
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+.byte 15
+.byte 200		/* bswapl  %eax */
+.byte 15
+.byte 203		/* bswapl  %ebx */
+	movl	%eax,		8(%esp)
+	movl	%ebx,		12(%esp)
+	call	BF_decrypt
+	movl	8(%esp),	%eax
+	movl	12(%esp),	%ebx
+.byte 15
+.byte 200		/* bswapl  %eax */
+.byte 15
+.byte 203		/* bswapl  %ebx */
+	movl	16(%esp),	%ecx
+	movl	20(%esp),	%edx
+	xorl	%eax,		%ecx
+	xorl	%ebx,		%edx
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+.L015dj7:
+	rorl	$16,		%edx
+	movb	%dl,		6(%edi)
+	shrl	$16,		%edx
+.L016dj6:
+	movb	%dh,		5(%edi)
+.L017dj5:
+	movb	%dl,		4(%edi)
+.L018dj4:
+	movl	%ecx,		(%edi)
+	jmp	.L019djend
+.L020dj3:
+	rorl	$16,		%ecx
+	movb	%cl,		2(%edi)
+	sall	$16,		%ecx
+.L021dj2:
+	movb	%ch,		1(%esi)
+.L022dj1:
+	movb	%cl,		(%esi)
+.L019djend:
+	jmp	.L003finish
+.align ALIGN
+.L003finish:
+	movl	60(%esp),	%ecx
+	addl	$24,		%esp
+	movl	%eax,		(%ecx)
+	movl	%ebx,		4(%ecx)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.align ALIGN
+.L004cbc_enc_jmp_table:
+	.long 0
+	.long .L012ej1
+	.long .L011ej2
+	.long .L010ej3
+	.long .L008ej4
+	.long .L007ej5
+	.long .L006ej6
+	.long .L005ej7
+.align ALIGN
+.L023cbc_dec_jmp_table:
+	.long 0
+	.long .L022dj1
+	.long .L021dj2
+	.long .L020dj3
+	.long .L018dj4
+	.long .L017dj5
+	.long .L016dj6
+	.long .L015dj7
+.BF_cbc_encrypt_end:
+	SIZE(BF_cbc_encrypt,.BF_cbc_encrypt_end-BF_cbc_encrypt)
+.ident	"desasm.pl"
diff --git a/crypto/bf/asm/readme b/crypto/bf/asm/readme
index 71e4bb2d5..2385fa381 100644
--- a/crypto/bf/asm/readme
+++ b/crypto/bf/asm/readme
@@ -1,3 +1,10 @@
-If you want more of an idea of how this all works,
-have a read of the readme file in SSLeay/crypto/des/asm.
-SSLeay can be found at ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL.
+There are blowfish assembler generation scripts.
+bf-586.pl version is for the pentium and
+bf-686.pl is my original version, which is faster on the pentium pro.
+
+When using a bf-586.pl, the pentium pro/II is %8 slower than using
+bf-686.pl.  When using a bf-686.pl, the pentium is %16 slower
+than bf-586.pl
+
+So the default is bf-586.pl
+
diff --git a/crypto/bf/bf_cbc.c b/crypto/bf/bf_cbc.c
index 3d05d27cf..e0fa9ad76 100644
--- a/crypto/bf/bf_cbc.c
+++ b/crypto/bf/bf_cbc.c
@@ -1,5 +1,5 @@
 /* crypto/bf/bf_cbc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -85,7 +85,7 @@ int encrypt;
 			tin1^=tout1;
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_encrypt(tin,ks,BF_ENCRYPT);
+			BF_encrypt(tin,ks);
 			tout0=tin[0];
 			tout1=tin[1];
 			l2n(tout0,out);
@@ -98,7 +98,7 @@ int encrypt;
 			tin1^=tout1;
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_encrypt(tin,ks,BF_ENCRYPT);
+			BF_encrypt(tin,ks);
 			tout0=tin[0];
 			tout1=tin[1];
 			l2n(tout0,out);
@@ -118,7 +118,7 @@ int encrypt;
 			n2l(in,tin1);
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_encrypt(tin,ks,BF_DECRYPT);
+			BF_decrypt(tin,ks);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2n(tout0,out);
@@ -132,7 +132,7 @@ int encrypt;
 			n2l(in,tin1);
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_encrypt(tin,ks,BF_DECRYPT);
+			BF_decrypt(tin,ks);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2nn(tout0,tout1,out,l+8);
diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
index 92fc68261..f9c66e7ce 100644
--- a/crypto/bf/bf_cfb64.c
+++ b/crypto/bf/bf_cfb64.c
@@ -1,5 +1,5 @@
 /* crypto/bf/bf_cfb64.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -88,7 +88,7 @@ int encrypt;
 				{
 				n2l(iv,v0); ti[0]=v0;
 				n2l(iv,v1); ti[1]=v1;
-				BF_encrypt((BF_LONG *)ti,schedule,BF_ENCRYPT);
+				BF_encrypt((BF_LONG *)ti,schedule);
 				iv=(unsigned char *)ivec;
 				t=ti[0]; l2n(t,iv);
 				t=ti[1]; l2n(t,iv);
@@ -108,7 +108,7 @@ int encrypt;
 				{
 				n2l(iv,v0); ti[0]=v0;
 				n2l(iv,v1); ti[1]=v1;
-				BF_encrypt((BF_LONG *)ti,schedule,BF_ENCRYPT);
+				BF_encrypt((BF_LONG *)ti,schedule);
 				iv=(unsigned char *)ivec;
 				t=ti[0]; l2n(t,iv);
 				t=ti[1]; l2n(t,iv);
diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c
index 7840352dc..6d16360bd 100644
--- a/crypto/bf/bf_ecb.c
+++ b/crypto/bf/bf_ecb.c
@@ -1,5 +1,5 @@
 /* crypto/bf/bf_ecb.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -64,7 +64,7 @@
  * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
  */
 
-char *BF_version="BlowFish part of SSLeay 0.8.1b 29-Jun-1998";
+char *BF_version="BlowFish part of SSLeay 0.9.0b 29-Jun-1998";
 
 char *BF_options()
 	{
@@ -87,7 +87,10 @@ int encrypt;
 
 	n2l(in,l); d[0]=l;
 	n2l(in,l); d[1]=l;
-	BF_encrypt(d,ks,encrypt);
+	if (encrypt)
+		BF_encrypt(d,ks);
+	else
+		BF_decrypt(d,ks);
 	l=d[0]; l2n(l,out);
 	l=d[1]; l2n(l,out);
 	l=d[0]=d[1]=0;
diff --git a/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c
index 9bcc2169c..66a8604c5 100644
--- a/crypto/bf/bf_enc.c
+++ b/crypto/bf/bf_enc.c
@@ -1,5 +1,5 @@
 /* crypto/bf/bf_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -69,10 +69,9 @@ If you set BF_ROUNDS to some value other than 16 or 20, you will have
 to modify the code.
 #endif
 
-void BF_encrypt(data,key,encrypt)
+void BF_encrypt(data,key)
 BF_LONG *data;
 BF_KEY *key;
-int encrypt;
 	{
 	register BF_LONG l,r,*p,*s;
 
@@ -81,60 +80,162 @@ int encrypt;
 	l=data[0];
 	r=data[1];
 
-	if (encrypt)
-		{
-		l^=p[0];
-		BF_ENC(r,l,s,p[ 1]);
-		BF_ENC(l,r,s,p[ 2]);
-		BF_ENC(r,l,s,p[ 3]);
-		BF_ENC(l,r,s,p[ 4]);
-		BF_ENC(r,l,s,p[ 5]);
-		BF_ENC(l,r,s,p[ 6]);
-		BF_ENC(r,l,s,p[ 7]);
-		BF_ENC(l,r,s,p[ 8]);
-		BF_ENC(r,l,s,p[ 9]);
-		BF_ENC(l,r,s,p[10]);
-		BF_ENC(r,l,s,p[11]);
-		BF_ENC(l,r,s,p[12]);
-		BF_ENC(r,l,s,p[13]);
-		BF_ENC(l,r,s,p[14]);
-		BF_ENC(r,l,s,p[15]);
-		BF_ENC(l,r,s,p[16]);
+	l^=p[0];
+	BF_ENC(r,l,s,p[ 1]);
+	BF_ENC(l,r,s,p[ 2]);
+	BF_ENC(r,l,s,p[ 3]);
+	BF_ENC(l,r,s,p[ 4]);
+	BF_ENC(r,l,s,p[ 5]);
+	BF_ENC(l,r,s,p[ 6]);
+	BF_ENC(r,l,s,p[ 7]);
+	BF_ENC(l,r,s,p[ 8]);
+	BF_ENC(r,l,s,p[ 9]);
+	BF_ENC(l,r,s,p[10]);
+	BF_ENC(r,l,s,p[11]);
+	BF_ENC(l,r,s,p[12]);
+	BF_ENC(r,l,s,p[13]);
+	BF_ENC(l,r,s,p[14]);
+	BF_ENC(r,l,s,p[15]);
+	BF_ENC(l,r,s,p[16]);
 #if BF_ROUNDS == 20
-		BF_ENC(r,l,s,p[17]);
-		BF_ENC(l,r,s,p[18]);
-		BF_ENC(r,l,s,p[19]);
-		BF_ENC(l,r,s,p[20]);
+	BF_ENC(r,l,s,p[17]);
+	BF_ENC(l,r,s,p[18]);
+	BF_ENC(r,l,s,p[19]);
+	BF_ENC(l,r,s,p[20]);
 #endif
-		r^=p[BF_ROUNDS+1];
-		}
-	else
-		{
-		l^=p[BF_ROUNDS+1];
+	r^=p[BF_ROUNDS+1];
+
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+	}
+
+#ifndef BF_DEFAULT_OPTIONS
+
+void BF_decrypt(data,key)
+BF_LONG *data;
+BF_KEY *key;
+	{
+	register BF_LONG l,r,*p,*s;
+
+	p=key->P;
+	s= &(key->S[0]);
+	l=data[0];
+	r=data[1];
+
+	l^=p[BF_ROUNDS+1];
 #if BF_ROUNDS == 20
-		BF_ENC(r,l,s,p[20]);
-		BF_ENC(l,r,s,p[19]);
-		BF_ENC(r,l,s,p[18]);
-		BF_ENC(l,r,s,p[17]);
+	BF_ENC(r,l,s,p[20]);
+	BF_ENC(l,r,s,p[19]);
+	BF_ENC(r,l,s,p[18]);
+	BF_ENC(l,r,s,p[17]);
 #endif
-		BF_ENC(r,l,s,p[16]);
-		BF_ENC(l,r,s,p[15]);
-		BF_ENC(r,l,s,p[14]);
-		BF_ENC(l,r,s,p[13]);
-		BF_ENC(r,l,s,p[12]);
-		BF_ENC(l,r,s,p[11]);
-		BF_ENC(r,l,s,p[10]);
-		BF_ENC(l,r,s,p[ 9]);
-		BF_ENC(r,l,s,p[ 8]);
-		BF_ENC(l,r,s,p[ 7]);
-		BF_ENC(r,l,s,p[ 6]);
-		BF_ENC(l,r,s,p[ 5]);
-		BF_ENC(r,l,s,p[ 4]);
-		BF_ENC(l,r,s,p[ 3]);
-		BF_ENC(r,l,s,p[ 2]);
-		BF_ENC(l,r,s,p[ 1]);
-		r^=p[0];
-		}
+	BF_ENC(r,l,s,p[16]);
+	BF_ENC(l,r,s,p[15]);
+	BF_ENC(r,l,s,p[14]);
+	BF_ENC(l,r,s,p[13]);
+	BF_ENC(r,l,s,p[12]);
+	BF_ENC(l,r,s,p[11]);
+	BF_ENC(r,l,s,p[10]);
+	BF_ENC(l,r,s,p[ 9]);
+	BF_ENC(r,l,s,p[ 8]);
+	BF_ENC(l,r,s,p[ 7]);
+	BF_ENC(r,l,s,p[ 6]);
+	BF_ENC(l,r,s,p[ 5]);
+	BF_ENC(r,l,s,p[ 4]);
+	BF_ENC(l,r,s,p[ 3]);
+	BF_ENC(r,l,s,p[ 2]);
+	BF_ENC(l,r,s,p[ 1]);
+	r^=p[0];
+
 	data[1]=l&0xffffffffL;
 	data[0]=r&0xffffffffL;
 	}
+
+void BF_cbc_encrypt(in, out, length, ks, iv, encrypt)
+unsigned char *in;
+unsigned char *out;
+long length;
+BF_KEY *ks;
+unsigned char *iv;
+int encrypt;
+	{
+	register BF_LONG tin0,tin1;
+	register BF_LONG tout0,tout1,xor0,xor1;
+	register long l=length;
+	BF_LONG tin[2];
+
+	if (encrypt)
+		{
+		n2l(iv,tout0);
+		n2l(iv,tout1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_encrypt(tin,ks);
+			tout0=tin[0];
+			tout1=tin[1];
+			l2n(tout0,out);
+			l2n(tout1,out);
+			}
+		if (l != -8)
+			{
+			n2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_encrypt(tin,ks);
+			tout0=tin[0];
+			tout1=tin[1];
+			l2n(tout0,out);
+			l2n(tout1,out);
+			}
+		l2n(tout0,iv);
+		l2n(tout1,iv);
+		}
+	else
+		{
+		n2l(iv,xor0);
+		n2l(iv,xor1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2n(tout0,out);
+			l2n(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2nn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		l2n(xor0,iv);
+		l2n(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
+#endif
diff --git a/crypto/bf/bf_locl.h b/crypto/bf/bf_locl.h
index 592ece99a..a5663de8c 100644
--- a/crypto/bf/bf_locl.h
+++ b/crypto/bf/bf_locl.h
@@ -87,9 +87,7 @@
 #elif defined( __sgi )                /* Newer MIPS */
 #  define BF_PTR
 #elif defined( i386 )         /* x86 boxes, should be gcc */
-#  define BF_PTR2
 #elif defined( _MSC_VER )     /* x86 boxes, Visual C */
-#  define BF_PTR2
 #endif /* Systems-specific speed defines */
 
 #undef c2l
diff --git a/crypto/bf/bf_locl.org b/crypto/bf/bf_locl.org
index 592ece99a..a5663de8c 100644
--- a/crypto/bf/bf_locl.org
+++ b/crypto/bf/bf_locl.org
@@ -87,9 +87,7 @@
 #elif defined( __sgi )                /* Newer MIPS */
 #  define BF_PTR
 #elif defined( i386 )         /* x86 boxes, should be gcc */
-#  define BF_PTR2
 #elif defined( _MSC_VER )     /* x86 boxes, Visual C */
-#  define BF_PTR2
 #endif /* Systems-specific speed defines */
 
 #undef c2l
diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
index e95aca531..5d844ac76 100644
--- a/crypto/bf/bf_ofb64.c
+++ b/crypto/bf/bf_ofb64.c
@@ -1,5 +1,5 @@
 /* crypto/bf/bf_ofb64.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -92,7 +92,7 @@ int *num;
 		{
 		if (n == 0)
 			{
-			BF_encrypt((BF_LONG *)ti,schedule,BF_ENCRYPT);
+			BF_encrypt((BF_LONG *)ti,schedule);
 			dp=(char *)d;
 			t=ti[0]; l2n(t,dp);
 			t=ti[1]; l2n(t,dp);
diff --git a/crypto/bf/bf_pi.h b/crypto/bf/bf_pi.h
index f5918b361..417b93553 100644
--- a/crypto/bf/bf_pi.h
+++ b/crypto/bf/bf_pi.h
@@ -1,5 +1,5 @@
 /* crypto/bf/bf_pi.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c
index 18ea37f7c..86574c0ac 100644
--- a/crypto/bf/bf_skey.c
+++ b/crypto/bf/bf_skey.c
@@ -1,5 +1,5 @@
 /* crypto/bf/bf_skey.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -103,7 +103,7 @@ unsigned char *data;
 	in[1]=0L;
 	for (i=0; i<(BF_ROUNDS+2); i+=2)
 		{
-		BF_encrypt(in,key,BF_ENCRYPT);
+		BF_encrypt(in,key);
 		p[i  ]=in[0];
 		p[i+1]=in[1];
 		}
@@ -111,7 +111,7 @@ unsigned char *data;
 	p=key->S;
 	for (i=0; i<4*256; i+=2)
 		{
-		BF_encrypt(in,key,BF_ENCRYPT);
+		BF_encrypt(in,key);
 		p[i  ]=in[0];
 		p[i+1]=in[1];
 		}
diff --git a/crypto/bf/bfspeed.c b/crypto/bf/bfspeed.c
index ee20bd00f..640d820dd 100644
--- a/crypto/bf/bfspeed.c
+++ b/crypto/bf/bfspeed.c
@@ -1,5 +1,5 @@
 /* crypto/bf/bfspeed.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -217,7 +217,7 @@ char **argv;
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			BF_encrypt(data,&sch,BF_ENCRYPT);
+			BF_encrypt(data,&sch);
 		d=Time_F(STOP);
 		} while (d < 3.0);
 	ca=count/512;
@@ -235,10 +235,15 @@ char **argv;
 #endif
 
 	Time_F(START);
-	for (count=0,run=1; COND(ca); count++)
+	for (count=0,run=1; COND(ca); count+=4)
+		{
+		BF_set_key(&sch,16,key);
+		BF_set_key(&sch,16,key);
 		BF_set_key(&sch,16,key);
+		BF_set_key(&sch,16,key);
+		}
 	d=Time_F(STOP);
-	printf("%ld blowfish set_key's in %.2f seconds\n",count,d);
+	printf("%ld BF_set_key's in %.2f seconds\n",count,d);
 	a=((double)COUNT(ca))/d;
 
 #ifdef SIGALRM
@@ -248,11 +253,14 @@ char **argv;
 	printf("Doing BF_encrypt %ld times\n",cb);
 #endif
 	Time_F(START);
-	for (count=0,run=1; COND(cb); count++)
+	for (count=0,run=1; COND(cb); count+=4)
 		{
 		BF_LONG data[2];
 
-		BF_encrypt(data,&sch,BF_ENCRYPT);
+		BF_encrypt(data,&sch);
+		BF_encrypt(data,&sch);
+		BF_encrypt(data,&sch);
+		BF_encrypt(data,&sch);
 		}
 	d=Time_F(STOP);
 	printf("%ld BF_encrypt's in %.2f second\n",count,d);
@@ -275,9 +283,9 @@ char **argv;
 		count,BUFSIZE,d);
 	c=((double)COUNT(cc)*BUFSIZE)/d;
 
-	printf("blowfish set_key       per sec = %12.2f (%7.1fuS)\n",a,1.0e6/a);
-	printf("Blowfish raw ecb bytes per sec = %12.2f (%7.1fuS)\n",b,8.0e6/b);
-	printf("Blowfish cbc     bytes per sec = %12.2f (%7.1fuS)\n",c,8.0e6/c);
+	printf("Blowfish set_key       per sec = %12.3f (%9.3fuS)\n",a,1.0e6/a);
+	printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b);
+	printf("Blowfish cbc     bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
 #if defined(LINT) || defined(MSDOS)
 	return(0);
diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c
index 2c678e418..9266cf813 100644
--- a/crypto/bf/bftest.c
+++ b/crypto/bf/bftest.c
@@ -1,5 +1,5 @@
 /* crypto/bf/bftest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,13 +71,13 @@ char *bf_key[2]={
 
 /* big endian */
 BF_LONG bf_plain[2][2]={
-	{0x424c4f57,0x46495348},
-	{0xfedcba98,0x76543210}
+	{0x424c4f57L,0x46495348L},
+	{0xfedcba98L,0x76543210L}
 	};
 
 BF_LONG bf_cipher[2][2]={
-	{0x324ed0fe,0xf413a203},
-	{0xcc91732b,0x8022f684}
+	{0x324ed0feL,0xf413a203L},
+	{0xcc91732bL,0x8022f684L}
 	};
 /************/
 
@@ -317,8 +317,8 @@ static int print_test_data()
 	printf("\niv[8]     = ");
 	for (j=0; j<8; j++)
 		printf("%02X",cbc_iv[j]);
-	printf("\ndata[%d]  = '%s'",strlen(cbc_data)+1,cbc_data);
-	printf("\ndata[%d]  = ",strlen(cbc_data)+1);
+	printf("\ndata[%d]  = '%s'",(int)strlen(cbc_data)+1,cbc_data);
+	printf("\ndata[%d]  = ",(int)strlen(cbc_data)+1);
 	for (j=0; j<strlen(cbc_data)+1; j++)
 		printf("%02X",cbc_data[j]);
 	printf("\n");
@@ -329,13 +329,13 @@ static int print_test_data()
 	printf("\n");
 
 	printf("cfb64 cipher text\n");
-	printf("cipher[%d]= ",strlen(cbc_data)+1);
+	printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
 	for (j=0; j<strlen(cbc_data)+1; j++)
 		printf("%02X",cfb64_ok[j]);
 	printf("\n");
 
 	printf("ofb64 cipher text\n");
-	printf("cipher[%d]= ",strlen(cbc_data)+1);
+	printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
 	for (j=0; j<strlen(cbc_data)+1; j++)
 		printf("%02X",ofb64_ok[j]);
 	printf("\n");
@@ -358,7 +358,7 @@ static int test()
 
 		data[0]=bf_plain[n][0];
 		data[1]=bf_plain[n][1];
-		BF_encrypt(data,&key,BF_ENCRYPT);
+		BF_encrypt(data,&key);
 		if (memcmp(&(bf_cipher[n][0]),&(data[0]),8) != 0)
 			{
 			printf("BF_encrypt error encrypting\n");
@@ -373,7 +373,7 @@ static int test()
 			printf("\n");
 			}
 
-		BF_encrypt(&(data[0]),&key,BF_DECRYPT);
+		BF_decrypt(&(data[0]),&key);
 		if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)
 			{
 			printf("BF_encrypt error decrypting\n");
diff --git a/crypto/bf/blowfish.h b/crypto/bf/blowfish.h
index 24ec81821..c4a8085a2 100644
--- a/crypto/bf/blowfish.h
+++ b/crypto/bf/blowfish.h
@@ -1,5 +1,5 @@
 /* crypto/bf/blowfish.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -86,7 +86,8 @@ typedef struct bf_key_st
 void BF_set_key(BF_KEY *key, int len, unsigned char *data);
 void BF_ecb_encrypt(unsigned char *in,unsigned char *out,BF_KEY *key,
 	int enc);
-void BF_encrypt(BF_LONG *data,BF_KEY *key,int enc);
+void BF_encrypt(BF_LONG *data,BF_KEY *key);
+void BF_decrypt(BF_LONG *data,BF_KEY *key);
 void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
 	BF_KEY *ks, unsigned char *iv, int enc);
 void BF_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
@@ -100,6 +101,7 @@ char *BF_options(void);
 void BF_set_key();
 void BF_ecb_encrypt();
 void BF_encrypt();
+void BF_decrypt();
 void BF_cbc_encrypt();
 void BF_cfb64_encrypt();
 void BF_ofb64_encrypt();
diff --git a/crypto/bio/Makefile.ssl b/crypto/bio/Makefile.ssl
index 9d21a3594..42e11e1c9 100644
--- a/crypto/bio/Makefile.ssl
+++ b/crypto/bio/Makefile.ssl
@@ -35,7 +35,7 @@ LIBOBJ= bio_lib.o bio_cb.o $(ERRC).o \
 
 SRC= $(LIBSRC)
 
-EXHEADER= bio.h
+EXHEADER= bio.h bss_file.c
 HEADER=	$(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -61,7 +61,7 @@ links:
 	$(TOP)/util/mklink.sh ../../apps $(APPS)
 
 install:
-	@for i in $(EXHEADER) ; \
+	@for i in $(EXHEADER) bss_file.c ; \
 	do  \
 	(cp $$i $(INSTALLTOP)/include/$$i; \
 	chmod 644 $(INSTALLTOP)/include/$$i ); \
@@ -87,6 +87,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c
index 287aff2a5..db84ad3d4 100644
--- a/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
@@ -1,5 +1,5 @@
 /* crypto/bio/b_dump.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 0296296a7..cdadeb839 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -1,5 +1,5 @@
 /* crypto/bio/b_print.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index adab62135..a45909527 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -1,5 +1,5 @@
 /* crypto/bio/b_sock.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,6 +59,7 @@
 #ifndef NO_SOCK
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
@@ -72,17 +73,37 @@
 #define SOCKET_PROTOCOL IPPROTO_TCP
 #endif
 
+#ifdef SO_MAXCONN
+#define MAX_LISTEN  SOMAXCONN
+#elif defined(SO_MAXCONN)
+#define MAX_LISTEN  SO_MAXCONN
+#else
+#define MAX_LISTEN  32
+#endif
+
 #ifdef WINDOWS
 static int wsa_init_done=0;
 #endif
 
-unsigned long BIO_ghbn_hits=0L;
-unsigned long BIO_ghbn_miss=0L;
+static unsigned long BIO_ghbn_hits=0L;
+static unsigned long BIO_ghbn_miss=0L;
+
+#define GHBN_NUM	4
+static struct ghbn_cache_st
+	{
+	char name[129];
+	struct hostent *ent;
+	unsigned long order;
+	} ghbn_cache[GHBN_NUM];
 
 #ifndef NOPROTO
 static int get_ip(char *str,unsigned char *ip);
+static void ghbn_free(struct hostent *a);
+static struct hostent *ghbn_dup(struct hostent *a);
 #else
 static int get_ip();
+static void ghbn_free();
+static struct hostent *ghbn_dup();
 #endif
 
 int BIO_get_host_ip(str,ip)
@@ -97,6 +118,7 @@ unsigned char *ip;
 	if (i < 0)
 		{
 		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
+		ERR_add_error_data(2,"host=",str);
 		return(0);
 		}
 	else
@@ -107,6 +129,7 @@ unsigned char *ip;
 		if (he == NULL)
 			{
 			BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
+			ERR_add_error_data(2,"host=",str);
 			return(0);
 			}
 
@@ -114,6 +137,7 @@ unsigned char *ip;
 		if ((short)he->h_addrtype != AF_INET)
 			{
 			BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+			ERR_add_error_data(2,"host=",str);
 			return(0);
 			}
 		for (i=0; i<4; i++)
@@ -162,7 +186,8 @@ short *port_ptr;
 #endif
 			else
 				{
-				SYSerr(SYS_F_GETSERVBYNAME,errno);
+				SYSerr(SYS_F_GETSERVBYNAME,get_last_socket_error());
+				ERR_add_error_data(3,"service='",str,"'");
 				return(0);
 				}
 			return(1);
@@ -186,23 +211,128 @@ int sock;
 		return(j);
 	}
 
-#define GHBN_NUM	4
-static struct ghbn_cache_st
+long BIO_ghbn_ctrl(cmd,iarg,parg)
+int cmd;
+int iarg;
+char *parg;
 	{
-	char name[128];
-	struct hostent ent;
-	unsigned long order;
-	} ghbn_cache[GHBN_NUM];
+	int i;
+	char **p;
+
+	switch (cmd)
+		{
+	case BIO_GHBN_CTRL_HITS:
+		return(BIO_ghbn_hits);
+		break;
+	case BIO_GHBN_CTRL_MISSES:
+		return(BIO_ghbn_miss);
+		break;
+	case BIO_GHBN_CTRL_CACHE_SIZE:
+		return(GHBN_NUM);
+		break;
+	case BIO_GHBN_CTRL_GET_ENTRY:
+		if ((iarg >= 0) && (iarg <GHBN_NUM) &&
+			(ghbn_cache[iarg].order > 0))
+			{
+			p=(char **)parg;
+			if (p == NULL) return(0);
+			*p=ghbn_cache[iarg].name;
+			ghbn_cache[iarg].name[128]='\0';
+			return(1);
+			}
+		return(0);
+		break;
+	case BIO_GHBN_CTRL_FLUSH:
+		for (i=0; i<GHBN_NUM; i++)
+			ghbn_cache[i].order=0;
+		break;
+	default:
+		return(0);
+		}
+	return(1);
+	}
+
+static struct hostent *ghbn_dup(a)
+struct hostent *a;
+	{
+	struct hostent *ret;
+	int i,j;
+
+	ret=(struct hostent *)malloc(sizeof(struct hostent));
+	if (ret == NULL) return(NULL);
+	memset(ret,0,sizeof(struct hostent));
+
+	for (i=0; a->h_aliases[i] != NULL; i++)
+		;
+	i++;
+	ret->h_aliases=(char **)malloc(sizeof(char *)*i);
+	memset(ret->h_aliases,0,sizeof(char *)*i);
+	if (ret == NULL) goto err;
+
+	for (i=0; a->h_addr_list[i] != NULL; i++)
+		;
+	i++;
+	ret->h_addr_list=(char **)malloc(sizeof(char *)*i);
+	memset(ret->h_addr_list,0,sizeof(char *)*i);
+	if (ret->h_addr_list == NULL) goto err;
+
+	j=strlen(a->h_name)+1;
+	if ((ret->h_name=malloc(j)) == NULL) goto err;
+	memcpy((char *)ret->h_name,a->h_name,j);
+	for (i=0; a->h_aliases[i] != NULL; i++)
+		{
+		j=strlen(a->h_aliases[i])+1;
+		if ((ret->h_aliases[i]=malloc(j)) == NULL) goto err;
+		memcpy(ret->h_aliases[i],a->h_aliases[i],j);
+		}
+	ret->h_length=a->h_length;
+	ret->h_addrtype=a->h_addrtype;
+	for (i=0; a->h_addr_list[i] != NULL; i++)
+		{
+		if ((ret->h_addr_list[i]=malloc(a->h_length)) == NULL)
+			goto err;
+		memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
+		}
+	return(ret);
+err:	
+	if (ret != NULL)
+		ghbn_free(ret);
+	return(NULL);
+	}
+
+static void ghbn_free(a)
+struct hostent *a;
+	{
+	int i;
+
+	if (a->h_aliases != NULL)
+		{
+		for (i=0; a->h_aliases[i] != NULL; i++)
+			free(a->h_aliases[i]);
+		free(a->h_aliases);
+		}
+	if (a->h_addr_list != NULL)
+		{
+		for (i=0; a->h_addr_list[i] != NULL; i++)
+			free(a->h_addr_list[i]);
+		free(a->h_addr_list);
+		}
+	if (a->h_name != NULL) free((char *)a->h_name);
+	free(a);
+	}
 
 struct hostent *BIO_gethostbyname(name)
 char *name;
 	{
 	struct hostent *ret;
-	int i,lowi=0;
+	int i,lowi=0,j;
 	unsigned long low= (unsigned long)-1;
 
+/*	return(gethostbyname(name)); */
+
 	CRYPTO_w_lock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
-	if (strlen(name) < 128)
+	j=strlen(name);
+	if (j < 128)
 		{
 		for (i=0; i<GHBN_NUM; i++)
 			{
@@ -225,16 +355,22 @@ char *name;
 		{
 		BIO_ghbn_miss++;
 		ret=gethostbyname(name);
+
 		if (ret == NULL) return(NULL);
+		if (j > 128) return(ret); /* too big to cache */
+
 		/* else add to cache */
+		if (ghbn_cache[lowi].ent != NULL)
+			ghbn_free(ghbn_cache[lowi].ent);
+
 		strncpy(ghbn_cache[lowi].name,name,128);
-		memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
+		ghbn_cache[lowi].ent=ghbn_dup(ret);
 		ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
 		}
 	else
 		{
 		BIO_ghbn_hits++;
-		ret= &(ghbn_cache[i].ent);
+		ret= ghbn_cache[i].ent;
 		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
@@ -284,22 +420,11 @@ int fd;
 long type;
 unsigned long *arg;
 	{
-	int i,err;
+	int i;
 
-#ifdef WINDOWS
 	i=ioctlsocket(fd,type,arg);
-#else
-	i=ioctl(fd,type,arg);
-#endif
 	if (i < 0)
-		{
-#ifdef WINDOWS
-		err=WSAGetLastError();
-#else
-		err=errno;
-#endif
-		SYSerr(SYS_F_IOCTLSOCKET,err);
-		}
+		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
 	return(i);
 	}
 
@@ -401,28 +526,22 @@ char *host;
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET)
 		{
-#ifdef WINDOWS
-		errno=WSAGetLastError();
-#endif
-		SYSerr(SYS_F_SOCKET,errno);
-		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
+		SYSerr(SYS_F_SOCKET,get_last_socket_error());
+		ERR_add_error_data(3,"port='",host,"'");
+		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET);
 		goto err;
 		}
 	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
 		{
-#ifdef WINDOWS
-		errno=WSAGetLastError();
-#endif
-		SYSerr(SYS_F_BIND,errno);
+		SYSerr(SYS_F_BIND,get_last_socket_error());
+		ERR_add_error_data(3,"port='",host,"'");
 		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
 		goto err;
 		}
-	if (listen(s,5) == -1)
+	if (listen(s,MAX_LISTEN) == -1)
 		{
-#ifdef WINDOWS
-		errno=WSAGetLastError();
-#endif
-		SYSerr(SYS_F_LISTEN,errno);
+		SYSerr(SYS_F_BIND,get_last_socket_error());
+		ERR_add_error_data(3,"port='",host,"'");
 		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_LISTEN_SOCKET);
 		goto err;
 		}
@@ -457,10 +576,7 @@ char **addr;
 	ret=accept(sock,(struct sockaddr *)&from,&len);
 	if (ret == INVALID_SOCKET)
 		{
-#ifdef WINDOWS
-		errno=WSAGetLastError();
-#endif
-		SYSerr(SYS_F_ACCEPT,errno);
+		SYSerr(SYS_F_ACCEPT,get_last_socket_error());
 		BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
 		goto end;
 		}
diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c
index ac3ba14fe..7912b8847 100644
--- a/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bf_buff.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -84,7 +84,8 @@ static int buffer_free();
 
 static BIO_METHOD methods_buffer=
 	{
-	BIO_TYPE_BUFFER,"buffer",
+	BIO_TYPE_BUFFER,
+	"buffer",
 	buffer_write,
 	buffer_read,
 	buffer_puts,
@@ -329,6 +330,19 @@ char *ptr;
 		if (ret == 0)
 			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
+	case BIO_C_SET_BUFF_READ_DATA:
+		if (num > ctx->ibuf_size)
+			{
+			p1=Malloc((int)num);
+			if (p1 == NULL) goto malloc_error;
+			if (ctx->ibuf != NULL) Free(ctx->ibuf);
+			ctx->ibuf=p1;
+			}
+		ctx->ibuf_off=0;
+		ctx->ibuf_len=(int)num;
+		memcpy(ctx->ibuf,ptr,(int)num);
+		ret=1;
+		break;
 	case BIO_C_SET_BUFF_SIZE:
 		if (ptr != NULL)
 			{
@@ -354,16 +368,15 @@ char *ptr;
 		if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
 			{
 			p1=(char *)Malloc((int)num);
-			if (p1 == NULL) { ret=0; break; }
+			if (p1 == NULL) goto malloc_error;
 			}
 		if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
 			{
 			p2=(char *)Malloc((int)num);
 			if (p2 == NULL)
 				{
-				ret=0;
 				if (p1 != ctx->ibuf) Free(p1);
-				break;
+				goto malloc_error;
 				}
 			}
 		if (ctx->ibuf != p1)
@@ -391,7 +404,10 @@ char *ptr;
 
 	case BIO_CTRL_FLUSH:
 		if (ctx->obuf_len <= 0)
+			{
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 			break;
+			}
 
 		for (;;)
 			{
@@ -428,6 +444,9 @@ fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_
 		break;
 		}
 	return(ret);
+malloc_error:
+	BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE);
+	return(0);
 	}
 
 static int buffer_gets(b,buf,size)
@@ -436,32 +455,36 @@ char *buf;
 int size;
 	{
 	BIO_F_BUFFER_CTX *ctx;
-	int num=0,i;
+	int num=0,i,flag;
 	char *p;
 
 	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-	size--;
+	size--; /* reserve space for a '\0' */
 	BIO_clear_retry_flags(b);
 
 	for (;;)
 		{
-		if (ctx->ibuf_len != 0)
+		if (ctx->ibuf_len > 0)
 			{
 			p= &(ctx->ibuf[ctx->ibuf_off]);
-			for (i=0; (i<ctx->ibuf_len) && (i<(size-1)); i++)
+			flag=0;
+			for (i=0; (i<ctx->ibuf_len) && (i<size); i++)
 				{
 				*(buf++)=p[i];
-				if (p[i] == '\n') break;
+				if (p[i] == '\n')
+					{
+					flag=1;
+					i++;
+					break;
+					}
 				}
 			num+=i;
 			size-=i;
 			ctx->ibuf_len-=i;
 			ctx->ibuf_off+=i;
-			if (p[i] == '\n')
+			if ((flag) || (i == size))
 				{
-				buf[i+1]='\0';
-				ctx->ibuf_len--;
-				ctx->ibuf_off++;
+				*buf='\0';
 				return(num);
 				}
 			}
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
index b493100ba..034b3024d 100644
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bf_nbio.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -93,7 +93,8 @@ typedef struct nbio_test_st
 
 static BIO_METHOD methods_nbiof=
 	{
-	BIO_TYPE_NBIO_TEST,"non-blocking IO test filter",
+	BIO_TYPE_NBIO_TEST,
+	"non-blocking IO test filter",
 	nbiof_write,
 	nbiof_read,
 	nbiof_puts,
@@ -237,6 +238,7 @@ char *ptr;
 		BIO_copy_next_retry(b);
 		break;
 	case BIO_CTRL_DUP:
+		ret=0L;
 		break;
 	default:
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c
index 9864f4a03..a47a65741 100644
--- a/crypto/bio/bf_null.c
+++ b/crypto/bio/bf_null.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bf_null.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -85,7 +85,8 @@ static int nullf_free();
 
 static BIO_METHOD methods_nullf=
 	{
-	BIO_TYPE_NULL_FILTER,"NULL filter",
+	BIO_TYPE_NULL_FILTER,
+	"NULL filter",
 	nullf_write,
 	nullf_read,
 	nullf_puts,
@@ -166,6 +167,7 @@ char *ptr;
 		BIO_copy_next_retry(b);
 		break;
 	case BIO_CTRL_DUP:
+		ret=0L;
 		break;
 	default:
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
diff --git a/crypto/bio/bio.err b/crypto/bio/bio.err
index 3363971b3..6e2f2b63c 100644
--- a/crypto/bio/bio.err
+++ b/crypto/bio/bio.err
@@ -14,10 +14,12 @@
 #define BIO_F_BIO_READ					 110
 #define BIO_F_BIO_SOCK_INIT				 111
 #define BIO_F_BIO_WRITE					 112
-#define BIO_F_CONN_STATE				 113
-#define BIO_F_FILE_CTRL					 114
-#define BIO_F_MEM_WRITE					 115
-#define BIO_F_WSASTARTUP				 116
+#define BIO_F_BUFFER_CTRL				 113
+#define BIO_F_CONN_STATE				 114
+#define BIO_F_FILE_CTRL					 115
+#define BIO_F_MEM_WRITE					 116
+#define BIO_F_SSL_NEW					 117
+#define BIO_F_WSASTARTUP				 118
 
 /* Reason codes. */
 #define BIO_R_ACCEPT_ERROR				 100
@@ -29,15 +31,16 @@
 #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106
 #define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107
 #define BIO_R_INVALID_IP_ADDRESS			 108
-#define BIO_R_NBIO_CONNECT_ERROR			 109
-#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 110
-#define BIO_R_NO_HOSTHNAME_SPECIFIED			 111
-#define BIO_R_NO_PORT_DEFINED				 112
-#define BIO_R_NO_PORT_SPECIFIED				 113
-#define BIO_R_NULL_PARAMETER				 114
-#define BIO_R_UNABLE_TO_BIND_SOCKET			 115
-#define BIO_R_UNABLE_TO_CREATE_SOCKET			 116
-#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 117
-#define BIO_R_UNINITALISED				 118
-#define BIO_R_UNSUPPORTED_METHOD			 119
-#define BIO_R_WSASTARTUP				 120
+#define BIO_R_KEEPALIVE					 109
+#define BIO_R_NBIO_CONNECT_ERROR			 110
+#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 111
+#define BIO_R_NO_HOSTHNAME_SPECIFIED			 112
+#define BIO_R_NO_PORT_DEFINED				 113
+#define BIO_R_NO_PORT_SPECIFIED				 114
+#define BIO_R_NULL_PARAMETER				 115
+#define BIO_R_UNABLE_TO_BIND_SOCKET			 116
+#define BIO_R_UNABLE_TO_CREATE_SOCKET			 117
+#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 118
+#define BIO_R_UNINITALISED				 119
+#define BIO_R_UNSUPPORTED_METHOD			 120
+#define BIO_R_WSASTARTUP				 121
diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h
index 0b2c6e77e..300b330e0 100644
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -1,5 +1,5 @@
 /* crypto/bio/bio.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,6 +63,8 @@
 extern "C" {
 #endif
 
+#include "crypto.h"
+
 /* These are the 'types' of BIOs */
 #define BIO_TYPE_NONE		0
 #define BIO_TYPE_MEM		(1|0x0400)
@@ -78,7 +80,7 @@ extern "C" {
 #define BIO_TYPE_BASE64		(11|0x0200)		/* filter */
 #define BIO_TYPE_CONNECT	(12|0x0400|0x0100)	/* socket - connect */
 #define BIO_TYPE_ACCEPT		(13|0x0400|0x0100)	/* socket for accept */
-#define BIO_TYPE_PROXY_CLIENT	(14|0x0400)		/* client proxy BIO */
+#define BIO_TYPE_PROXY_CLIENT	(14|0x0200)		/* client proxy BIO */
 #define BIO_TYPE_PROXY_SERVER	(15|0x0200)		/* server proxy BIO */
 #define BIO_TYPE_NBIO_TEST	(16|0x0200)		/* server proxy BIO */
 #define BIO_TYPE_NULL_FILTER	(17|0x0200)
@@ -107,6 +109,9 @@ extern "C" {
 #define BIO_CTRL_FLUSH		11  /* opt - 'flush' buffered output */
 #define BIO_CTRL_DUP		12  /* man - extra stuff for 'duped' BIO */
 #define BIO_CTRL_WPENDING	13  /* opt - number of bytes still to write */
+/* callback is int cb(BIO *bio,state,ret); */
+#define BIO_CTRL_SET_CALLBACK	14  /* opt - set callback function */
+#define BIO_CTRL_GET_CALLBACK	15  /* opt - set callback function */
 
 #define BIO_CTRL_SET_FILENAME	30	/* BIO_s_file special */
 
@@ -122,12 +127,24 @@ extern "C" {
 #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
 #define BIO_FLAGS_SHOULD_RETRY	0x08
 
+/* Used in BIO_gethostbyname() */
+#define BIO_GHBN_CTRL_HITS		1
+#define BIO_GHBN_CTRL_MISSES		2
+#define BIO_GHBN_CTRL_CACHE_SIZE	3
+#define BIO_GHBN_CTRL_GET_ENTRY		4
+#define BIO_GHBN_CTRL_FLUSH		5
+
 /* Mostly used in the SSL BIO */
-#define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
-#define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
-#define BIO_FLAGS_PROTOCOL_STARTUP	0x40
+/* Not used anymore
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
+ * #define BIO_FLAGS_PROTOCOL_STARTUP	0x40
+ */
+
+#define BIO_FLAGS_BASE64_NO_NL	0x100
 
 #define BIO_set_flags(b,f) ((b)->flags|=(f))
+#define BIO_get_flags(b) ((b)->flags)
 #define BIO_set_retry_special(b) \
 		((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
 #define BIO_set_retry_read(b) \
@@ -232,7 +249,7 @@ typedef struct bio_st
 	unsigned long num_read;
 	unsigned long num_write;
 
-	char *app_data;
+	CRYPTO_EX_DATA ex_data;
 	} BIO;
 
 typedef struct bio_f_buffer_ctx_struct
@@ -250,6 +267,17 @@ typedef struct bio_f_buffer_ctx_struct
 	int obuf_off;		/* write/read offset */
 	} BIO_F_BUFFER_CTX;
 
+/* connect BIO stuff */
+#define BIO_CONN_S_BEFORE		1
+#define BIO_CONN_S_GET_IP		2
+#define BIO_CONN_S_GET_PORT		3
+#define BIO_CONN_S_CREATE_SOCKET	4
+#define BIO_CONN_S_CONNECT		5
+#define BIO_CONN_S_OK			6
+#define BIO_CONN_S_BLOCKED_CONNECT	7
+#define BIO_CONN_S_NBIO			8
+#define BIO_CONN_get_param_hostname	BIO_ctrl
+
 #define BIO_number_read(b)	((b)->num_read)
 #define BIO_number_written(b)	((b)->num_write)
 
@@ -275,19 +303,40 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_C_SSL_MODE				119
 #define BIO_C_GET_MD_CTX			120
 #define BIO_C_GET_PROXY_PARAM			121
-
-#define BIO_set_app_data(s,arg)		((s)->app_data=(char *)arg)
-#define BIO_get_app_data(s)		((s)->app_data)
+#define BIO_C_SET_BUFF_READ_DATA		122 /* data to read first */
+#define BIO_C_GET_CONNECT			123
+#define BIO_C_GET_ACCEPT			124
+#define BIO_C_SET_SSL_RENEGOTIATE_BYTES		125
+#define BIO_C_GET_SSL_NUM_RENEGOTIATES		126
+#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT	127
+
+#define BIO_set_app_data(s,arg)		BIO_set_ex_data(s,0,(char *)arg)
+#define BIO_get_app_data(s)		BIO_get_ex_data(s,0)
+
+int BIO_get_ex_num(BIO *bio);
+int BIO_set_ex_data(BIO *bio,int idx,char *data);
+char *BIO_get_ex_data(BIO *bio,int idx);
+void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)());
+int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
 
 /* BIO_s_connect_socket() */
-#define BIO_set_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
-#define BIO_set_port(b,port)	BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
+#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+#define BIO_set_conn_ip(b,ip)	  BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
+#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
+#define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
+#define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
+#define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
+#define BIO_get_conn_int port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
+
 #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
 
 /* BIO_s_accept_socket() */
 #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
+#define BIO_get_accept_port(b)	BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
 /* #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
-#define BIO_set_nbio_accpet(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
+#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
 #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
 
 #define BIO_do_connect(b)	BIO_do_handshake(b)
@@ -302,12 +351,14 @@ typedef struct bio_f_buffer_ctx_struct
 /* BIO *BIO_get_filter_bio(BIO *bio); */
 #define BIO_set_proxy_cb(b,cb) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(char *)(cb))
 #define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
+#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
 
 #define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
 #define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
 #define BIO_get_url(b,url)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
+#define BIO_get_no_connect_return(b)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
 
-#define BIO_set_fd(b,fd,c)	BIO_ctrl_int(b,BIO_C_SET_FD,c,fd)
+#define BIO_set_fd(b,fd,c)	BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
 #define BIO_get_fd(b,c)		BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
 
 #define BIO_set_fp(b,fp,c)	BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
@@ -320,9 +371,19 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
 		BIO_CLOSE|BIO_FP_APPEND,name)
 
+/* WARNING WARNING, this ups the reference count on the read bio of the
+ * SSL structure.  This is because the ssl read BIO is now pointed to by
+ * the next_bio field in the bio.  So when you free the BIO, make sure
+ * you are doing a BIO_free_all() to catch the underlying BIO. */
 #define BIO_set_ssl(b,ssl,c)	BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
 #define BIO_get_ssl(b,sslp)	BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
 #define BIO_set_ssl_mode(b,client)	BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+#define BIO_set_ssl_renegotiate_bytes(b,num) \
+	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+#define BIO_get_num_renegotiates(b) \
+	BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
+#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
 
 /* defined in evp.h */
 /* #define BIO_set_md(b,md)	BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
@@ -333,11 +394,12 @@ typedef struct bio_f_buffer_ctx_struct
 /* For the BIO_f_buffer() type */
 #define BIO_get_buffer_num_lines(b)	BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
 #define BIO_set_buffer_size(b,size)	BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
-#define BIO_set_read_buffer_size(b,size) BIO_ctrl_int(b,BIO_C_SET_BUFF_SIZE,size,0)
-#define BIO_set_write_buffer_size(b,size) BIO_ctrl_int(b,BIO_C_SET_BUFF_SIZE,size,1)
+#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
 
 /* Don't use the next one unless you know what you are doing :-) */
-#define BIO_dup_state(b,ret)	BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)ret)
+#define BIO_dup_state(b,ret)	BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
 
 #define BIO_reset(b)		(int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
 #define BIO_eof(b)		(int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
@@ -346,10 +408,50 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_pending(b)		(int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
 #define BIO_wpending(b)		(int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
 #define BIO_flush(b)		(int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0,(char *)cbp)
+#define BIO_set_info_callback(b,cb) (int)BIO_ctrl(b,BIO_CTRL_SET_CALLBACK,0,(char *)cb)
 
 /* For the BIO_f_buffer() type */
 #define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
 
+#ifdef NO_STDIO
+#define NO_FP_API
+#endif
+
+#ifndef NOPROTO
+#  if defined(WIN16) && defined(_WINDLL)
+BIO_METHOD *BIO_s_file_internal(void);
+BIO *BIO_new_file_internal(char *filename, char *mode);
+BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
+#    define BIO_s_file	BIO_s_file_internal
+#    define BIO_new_file	BIO_new_file_internal
+#    define BIO_new_fp	BIO_new_fp_internal
+#  else /* FP_API */
+BIO_METHOD *BIO_s_file(void );
+BIO *BIO_new_file(char *filename, char *mode);
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+#    define BIO_s_file_internal		BIO_s_file
+#    define BIO_new_file_internal	BIO_new_file
+#    define BIO_new_fp_internal		BIO_s_file
+#  endif /* FP_API */
+#else
+#  if defined(WIN16) && defined(_WINDLL)
+BIO_METHOD *BIO_s_file_internal();
+BIO *BIO_new_file_internal();
+BIO *BIO_new_fp_internal();
+#    define BIO_s_file	BIO_s_file_internal
+#    define BIO_new_file	BIO_new_file_internal
+#    define BIO_new_fp	BIO_new_fp_internal
+#  else /* FP_API */
+BIO_METHOD *BIO_s_file();
+BIO *BIO_new_file();
+BIO *BIO_new_fp();
+#    define BIO_s_file_internal		BIO_s_file
+#    define BIO_new_file_internal	BIO_new_file
+#    define BIO_new_fp_internal		BIO_s_file
+#  endif /* FP_API */
+#endif
+
 #ifndef NOPROTO
 BIO *	BIO_new(BIO_METHOD *type);
 int	BIO_set(BIO *a,BIO_METHOD *type);
@@ -359,7 +461,8 @@ int	BIO_gets(BIO *bp,char *buf, int size);
 int	BIO_write(BIO *b, char *data, int len);
 int	BIO_puts(BIO *bp,char *buf);
 long	BIO_ctrl(BIO *bp,int cmd,long larg,char *parg);
-long	BIO_ctrl_int(BIO *bp,int cmd,long larg,int iarg);
+char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
+long	BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
 BIO *	BIO_push(BIO *b,BIO *append);
 BIO *	BIO_pop(BIO *b);
 void	BIO_free_all(BIO *a);
@@ -376,12 +479,6 @@ long _far _loadds BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,
 	long argl,long ret);
 #endif
 
-#if !defined(WIN16) || defined(APPS_WIN16)
-BIO_METHOD *BIO_s_file(void);
-#else
-BIO_METHOD *BIO_s_file_internal_w16(void);
-#endif
-
 BIO_METHOD *BIO_s_mem(void);
 BIO_METHOD *BIO_s_socket(void);
 BIO_METHOD *BIO_s_connect(void);
@@ -411,10 +508,6 @@ int BIO_set_tcp_ndelay(int sock,int turn_on);
 
 void ERR_load_BIO_strings(void );
 
-#if !defined(WIN16) || defined(APPS_WIN16)
-BIO *BIO_new_file(char *filename, char *mode);
-BIO *BIO_new_fp(FILE *stream, int close_flag);
-#endif
 BIO *BIO_new_socket(int sock, int close_flag);
 BIO *BIO_new_fd(int fd, int close_flag);
 BIO *BIO_new_connect(char *host_port);
@@ -422,6 +515,8 @@ BIO *BIO_new_accept(char *host_port);
 
 void BIO_copy_next_retry(BIO *b);
 
+long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
+
 #else
 
 BIO *	BIO_new();
@@ -431,8 +526,9 @@ int	BIO_read();
 int	BIO_gets();
 int	BIO_write();
 int	BIO_puts();
+char *	BIO_ptr_ctrl();
 long	BIO_ctrl();
-long	BIO_ctrl_int();
+long	BIO_int_ctrl();
 BIO *	BIO_push();
 BIO *	BIO_pop();
 void	BIO_free_all();
@@ -447,12 +543,6 @@ long BIO_debug_callback();
 long _far _loadds BIO_debug_callback();
 #endif
 
-#if !defined(WIN16) || defined(APPS_WIN16)
-BIO_METHOD *BIO_s_file();
-#else
-BIO_METHOD *BIO_s_file_internal_w16();
-#endif
-
 BIO_METHOD *BIO_s_mem();
 BIO_METHOD *BIO_s_socket();
 BIO_METHOD *BIO_s_connect();
@@ -482,10 +572,6 @@ int BIO_set_tcp_ndelay();
 
 void ERR_load_BIO_strings();
 
-#if !defined(WIN16) || defined(APPS_WIN16)
-BIO *BIO_new_file();
-BIO *BIO_new_fp();
-#endif
 BIO *BIO_new_socket();
 BIO *BIO_new_fd();
 BIO *BIO_new_connect();
@@ -493,6 +579,8 @@ BIO *BIO_new_accept();
 
 void BIO_copy_next_retry();
 
+int BIO_ghbn_ctrl();
+
 #endif
 
 /* Tim Hudson's portable varargs stuff */
@@ -562,10 +650,12 @@ int BIO_printf();
 #define BIO_F_BIO_READ					 110
 #define BIO_F_BIO_SOCK_INIT				 111
 #define BIO_F_BIO_WRITE					 112
-#define BIO_F_CONN_STATE				 113
-#define BIO_F_FILE_CTRL					 114
-#define BIO_F_MEM_WRITE					 115
-#define BIO_F_WSASTARTUP				 116
+#define BIO_F_BUFFER_CTRL				 113
+#define BIO_F_CONN_STATE				 114
+#define BIO_F_FILE_CTRL					 115
+#define BIO_F_MEM_WRITE					 116
+#define BIO_F_SSL_NEW					 117
+#define BIO_F_WSASTARTUP				 118
 
 /* Reason codes. */
 #define BIO_R_ACCEPT_ERROR				 100
@@ -577,18 +667,19 @@ int BIO_printf();
 #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106
 #define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107
 #define BIO_R_INVALID_IP_ADDRESS			 108
-#define BIO_R_NBIO_CONNECT_ERROR			 109
-#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 110
-#define BIO_R_NO_HOSTHNAME_SPECIFIED			 111
-#define BIO_R_NO_PORT_DEFINED				 112
-#define BIO_R_NO_PORT_SPECIFIED				 113
-#define BIO_R_NULL_PARAMETER				 114
-#define BIO_R_UNABLE_TO_BIND_SOCKET			 115
-#define BIO_R_UNABLE_TO_CREATE_SOCKET			 116
-#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 117
-#define BIO_R_UNINITALISED				 118
-#define BIO_R_UNSUPPORTED_METHOD			 119
-#define BIO_R_WSASTARTUP				 120
+#define BIO_R_KEEPALIVE					 109
+#define BIO_R_NBIO_CONNECT_ERROR			 110
+#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 111
+#define BIO_R_NO_HOSTHNAME_SPECIFIED			 112
+#define BIO_R_NO_PORT_DEFINED				 113
+#define BIO_R_NO_PORT_SPECIFIED				 114
+#define BIO_R_NULL_PARAMETER				 115
+#define BIO_R_UNABLE_TO_BIND_SOCKET			 116
+#define BIO_R_UNABLE_TO_CREATE_SOCKET			 117
+#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 118
+#define BIO_R_UNINITALISED				 119
+#define BIO_R_UNSUPPORTED_METHOD			 120
+#define BIO_R_WSASTARTUP				 121
  
 #ifdef  __cplusplus
 }
diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
index 2f98cd125..bc6ed9eda 100644
--- a/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bio_cb.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -87,10 +87,16 @@ long ret;
 		sprintf(p,"Free - %s\n",bio->method->name);
 		break;
 	case BIO_CB_READ:
-		sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+			sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
+		else
+			sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name);
 		break;
 	case BIO_CB_WRITE:
-		sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+			sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
+		else
+			sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name);
 		break;
 	case BIO_CB_PUTS:
 		sprintf(p,"puts() - %s\n",bio->method->name);
@@ -124,7 +130,7 @@ long ret;
 	b=(BIO *)bio->cb_arg;
 	if (b != NULL)
 		BIO_write(b,buf,strlen(buf));
-#ifndef WIN16
+#if !defined(NO_STDIO) && !defined(WIN16)
 	else
 		fputs(buf,stderr);
 #endif
diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c
index b78878fcb..37e14ca10 100644
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@@ -60,6 +60,7 @@
 #include "bio.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA BIO_str_functs[]=
 	{
 {ERR_PACK(0,BIO_F_ACPT_STATE,0),	"ACPT_STATE"},
@@ -75,9 +76,11 @@ static ERR_STRING_DATA BIO_str_functs[]=
 {ERR_PACK(0,BIO_F_BIO_READ,0),	"BIO_read"},
 {ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0),	"BIO_sock_init"},
 {ERR_PACK(0,BIO_F_BIO_WRITE,0),	"BIO_write"},
+{ERR_PACK(0,BIO_F_BUFFER_CTRL,0),	"BUFFER_CTRL"},
 {ERR_PACK(0,BIO_F_CONN_STATE,0),	"CONN_STATE"},
 {ERR_PACK(0,BIO_F_FILE_CTRL,0),	"FILE_CTRL"},
 {ERR_PACK(0,BIO_F_MEM_WRITE,0),	"MEM_WRITE"},
+{ERR_PACK(0,BIO_F_SSL_NEW,0),	"SSL_NEW"},
 {ERR_PACK(0,BIO_F_WSASTARTUP,0),	"WSASTARTUP"},
 {0,NULL},
 	};
@@ -93,6 +96,7 @@ static ERR_STRING_DATA BIO_str_reasons[]=
 {BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"},
 {BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"},
 {BIO_R_INVALID_IP_ADDRESS                ,"invalid ip address"},
+{BIO_R_KEEPALIVE                         ,"keepalive"},
 {BIO_R_NBIO_CONNECT_ERROR                ,"nbio connect error"},
 {BIO_R_NO_ACCEPT_PORT_SPECIFIED          ,"no accept port specified"},
 {BIO_R_NO_HOSTHNAME_SPECIFIED            ,"no hosthname specified"},
@@ -108,14 +112,19 @@ static ERR_STRING_DATA BIO_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_BIO_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_BIO,BIO_str_functs);
 		ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 78e896f9a..7a66b0892 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bio_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -58,8 +58,13 @@
 
 #include <stdio.h>
 #include <errno.h>
+#include "crypto.h"
 #include "cryptlib.h"
 #include "bio.h"
+#include "stack.h"
+
+static STACK *bio_meth=NULL;
+static int bio_meth_num=0;
 
 BIO *BIO_new(method)
 BIO_METHOD *method;
@@ -89,15 +94,16 @@ BIO_METHOD *method;
 	bio->cb_arg=NULL;
 	bio->init=0;
 	bio->shutdown=1;
-	bio->num=0;
 	bio->flags=0;
 	bio->retry_reason=0;
+	bio->num=0;
 	bio->ptr=NULL;
 	bio->prev_bio=NULL;
 	bio->next_bio=NULL;
 	bio->references=1;
 	bio->num_read=0L;
 	bio->num_write=0L;
+	CRYPTO_new_ex_data(bio_meth,(char *)bio,&bio->ex_data);
 	if (method->create != NULL)
 		if (!method->create(bio))
 			return(0);
@@ -112,7 +118,9 @@ BIO *a;
 	if (a == NULL) return(0);
 
 	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO);
-
+#ifdef REF_PRINT
+	REF_PRINT("BIO",a);
+#endif
         if (i > 0) return(1);
 #ifdef REF_CHECK
 	if (i < 0)
@@ -125,6 +133,8 @@ BIO *a;
 		((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
 			return(i);
 
+	CRYPTO_free_ex_data(bio_meth,(char *)a,&a->ex_data);
+
 	if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
 	ret=a->method->destroy(a);
 	Free(a);
@@ -137,6 +147,7 @@ char *out;
 int outl;
 	{
 	int i;
+	long (*cb)();
 
 	if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))
 		{
@@ -144,8 +155,9 @@ int outl;
 		return(-2);
 		}
 
-	if ((b->callback != NULL) &&
-		((i=(int)b->callback(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))
+	cb=b->callback;
+	if ((cb != NULL) &&
+		((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))
 			return(i);
 
 	if (!b->init)
@@ -157,8 +169,8 @@ int outl;
 	i=b->method->bread(b,out,outl);
 	if (i > 0) b->num_read+=(unsigned long)i;
 
-	if (b->callback != NULL)
-		i=(int)b->callback(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,
+	if (cb != NULL)
+		i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,
 			0L,(long)i);
 	return(i);
 	}
@@ -169,15 +181,20 @@ char *in;
 int inl;
 	{
 	int i;
+	long (*cb)();
+
+	if (b == NULL)
+		return(0);
 
-	if ((b == NULL) || (b->method == NULL) || (b->method->bwrite == NULL))
+	cb=b->callback;
+	if ((b->method == NULL) || (b->method->bwrite == NULL))
 		{
 		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD);
 		return(-2);
 		}
 
-	if ((b->callback != NULL) &&
-		((i=(int)b->callback(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))
+	if ((cb != NULL) &&
+		((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))
 			return(i);
 
 	if (!b->init)
@@ -189,8 +206,8 @@ int inl;
 	i=b->method->bwrite(b,in,inl);
 	if (i > 0) b->num_write+=(unsigned long)i;
 
-	if (b->callback != NULL)
-		i=(int)b->callback(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
+	if (cb != NULL)
+		i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
 			0L,(long)i);
 	return(i);
 	}
@@ -200,6 +217,7 @@ BIO *b;
 char *in;
 	{
 	int i;
+	long (*cb)();
 
 	if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))
 		{
@@ -207,8 +225,10 @@ char *in;
 		return(-2);
 		}
 
-	if ((b->callback != NULL) &&
-		((i=(int)b->callback(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))
+	cb=b->callback;
+
+	if ((cb != NULL) &&
+		((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))
 			return(i);
 
 	if (!b->init)
@@ -219,8 +239,8 @@ char *in;
 
 	i=b->method->bputs(b,in);
 
-	if (b->callback != NULL)
-		i=(int)b->callback(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
+	if (cb != NULL)
+		i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
 			0L,(long)i);
 	return(i);
 	}
@@ -231,6 +251,7 @@ char *in;
 int inl;
 	{
 	int i;
+	long (*cb)();
 
 	if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))
 		{
@@ -238,8 +259,10 @@ int inl;
 		return(-2);
 		}
 
-	if ((b->callback != NULL) &&
-		((i=(int)b->callback(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))
+	cb=b->callback;
+
+	if ((cb != NULL) &&
+		((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))
 			return(i);
 
 	if (!b->init)
@@ -250,13 +273,13 @@ int inl;
 
 	i=b->method->bgets(b,in,inl);
 
-	if (b->callback != NULL)
-		i=(int)b->callback(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,
+	if (cb != NULL)
+		i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,
 			0L,(long)i);
 	return(i);
 	}
 
-long BIO_ctrl_int(b,cmd,larg,iarg)
+long BIO_int_ctrl(b,cmd,larg,iarg)
 BIO *b;
 int cmd;
 long larg;
@@ -268,6 +291,19 @@ int iarg;
 	return(BIO_ctrl(b,cmd,larg,(char *)&i));
 	}
 
+char *BIO_ptr_ctrl(b,cmd,larg)
+BIO *b;
+int cmd;
+long larg;
+	{
+	char *p=NULL;
+
+	if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0)
+		return(NULL);
+	else
+		return(p);
+	}
+
 long BIO_ctrl(b,cmd,larg,parg)
 BIO *b;
 int cmd;
@@ -275,6 +311,7 @@ long larg;
 char *parg;
 	{
 	long ret;
+	long (*cb)();
 
 	if (b == NULL) return(0);
 
@@ -284,14 +321,16 @@ char *parg;
 		return(-2);
 		}
 
-	if ((b->callback != NULL) &&
-		((ret=b->callback(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
+	cb=b->callback;
+
+	if ((cb != NULL) &&
+		((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
 		return(ret);
 
 	ret=b->method->ctrl(b,cmd,larg,parg);
 
-	if (b->callback != NULL)
-		ret=b->callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,
+	if (cb != NULL)
+		ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,
 			larg,ret);
 	return(ret);
 	}
@@ -309,6 +348,7 @@ BIO *b,*bio;
 	lb->next_bio=bio;
 	if (bio != NULL)
 		bio->prev_bio=lb;
+	/* called to do internal processing */
 	BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
 	return(b);
 	}
@@ -420,6 +460,11 @@ BIO *in;
 			BIO_free(new);
 			goto err;
 			}
+
+	        /* copy app data */
+	        if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data))
+	                goto err;
+
 		if (ret == NULL)
 			{
 			eoc=new;
@@ -445,3 +490,30 @@ BIO *b;
 	b->retry_reason=b->next_bio->retry_reason;
 	}
 
+int BIO_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+        bio_meth_num++;
+        return(CRYPTO_get_ex_new_index(bio_meth_num-1,&bio_meth,
+                argl,argp,new_func,dup_func,free_func));
+        }
+
+int BIO_set_ex_data(bio,idx,data)
+BIO *bio;
+int idx;
+char *data;
+	{
+	return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));
+	}
+
+char *BIO_get_ex_data(bio,idx)
+BIO *bio;
+int idx;
+	{
+	return(CRYPTO_get_ex_data(&(bio->ex_data),idx));
+	}
+
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index 251474198..e49902fa9 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bss_acpt.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -121,7 +121,8 @@ void BIO_ACCEPT_free();
 
 static BIO_METHOD methods_acceptp=
 	{
-	BIO_TYPE_ACCEPT,"socket accept",
+	BIO_TYPE_ACCEPT,
+	"socket accept",
 	acpt_write,
 	acpt_read,
 	acpt_puts,
@@ -375,6 +376,7 @@ char *ptr;
 	int *ip;
 	long ret=1;
 	BIO_ACCEPT *data;
+	char **pp;
 
 	data=(BIO_ACCEPT *)b->ptr;
 
@@ -426,6 +428,20 @@ char *ptr;
 		else
 			ret= -1;
 		break;
+	case BIO_C_GET_ACCEPT:
+		if (b->init)
+			{
+			if (ptr != NULL)
+				{
+				pp=(char **)ptr;
+				*pp=data->param_addr;
+				}
+			else
+				ret= -1;
+			}
+		else
+			ret= -1;
+		break;
 	case BIO_CTRL_GET_CLOSE:
 		ret=b->shutdown;
 		break;
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 4e31e3c1f..6e547bf86 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bss_conn.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -88,6 +88,11 @@ typedef struct bio_connect_st
 	/* int socket; this will be kept in bio->num so that it is
 	 * compatable with the bss_sock bio */ 
 	int error;
+
+	/* called when the connection is initially made
+	 *  callback(BIO,state,ret);  The callback should return
+	 * 'ret'.  state is for compatablity with the ssl info_callback */
+	int (*info_callback)();
 	} BIO_CONNECT;
 
 #ifndef NOPROTO
@@ -122,18 +127,10 @@ void BIO_CONNECT_free();
 
 #endif
 
-#define CONN_S_BEFORE		1
-#define CONN_S_GET_IP		2
-#define CONN_S_GET_PORT		3
-#define CONN_S_CREATE_SOCKET	4
-#define CONN_S_CONNECT		5
-#define CONN_S_OK		6
-#define CONN_S_BLOCKED_CONNECT	7
-#define CONN_S_NBIO		8
-
 static BIO_METHOD methods_connectp=
 	{
-	BIO_TYPE_CONNECT,"socket connect",
+	BIO_TYPE_CONNECT,
+	"socket connect",
 	conn_write,
 	conn_read,
 	conn_puts,
@@ -150,143 +147,192 @@ BIO_CONNECT *c;
 	int ret= -1,i;
 	unsigned long l;
 	char *p,*q;
+	int (*cb)()=NULL;
 
-	switch (c->state)
-		{
-	case CONN_S_BEFORE:
-		p=c->param_hostname;
-		if (p == NULL)
-			{
-			BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTHNAME_SPECIFIED);
-			break;
-			}
-		for ( ; *p != '\0'; p++)
-			{
-			if ((*p == ':') || (*p == '/')) break;
-			}
+	if (c->info_callback != NULL)
+		cb=c->info_callback;
 
-		i= *p;
-		if ((i == ':') || (i == '/'))
+	for (;;)
+		{
+		switch (c->state)
 			{
+		case BIO_CONN_S_BEFORE:
+			p=c->param_hostname;
+			if (p == NULL)
+				{
+				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTHNAME_SPECIFIED);
+				goto exit_loop;
+				}
+			for ( ; *p != '\0'; p++)
+				{
+				if ((*p == ':') || (*p == '/')) break;
+				}
 
-			*(p++)='\0';
-			if (i == ':')
+			i= *p;
+			if ((i == ':') || (i == '/'))
 				{
-				for (q=p; *q; q++)
-					if (*q == '/')
-						{
-						*q='\0';
-						break;
-						}
-				if (c->param_port != NULL)
-					Free(c->param_port);
-				c->param_port=BUF_strdup(p);
+
+				*(p++)='\0';
+				if (i == ':')
+					{
+					for (q=p; *q; q++)
+						if (*q == '/')
+							{
+							*q='\0';
+							break;
+							}
+					if (c->param_port != NULL)
+						Free(c->param_port);
+					c->param_port=BUF_strdup(p);
+					}
 				}
-			}
 
-		if (p == NULL)
-			{
-			BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);
+			if (p == NULL)
+				{
+				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);
+				ERR_add_error_data(2,"host=",c->param_hostname);
+				goto exit_loop;
+				}
+			c->state=BIO_CONN_S_GET_IP;
 			break;
-			}
-		c->state=CONN_S_GET_IP;
 
-	case CONN_S_GET_IP:
-		if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0)
+		case BIO_CONN_S_GET_IP:
+			if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0)
+				goto exit_loop;
+			c->state=BIO_CONN_S_GET_PORT;
 			break;
-		c->state=CONN_S_GET_PORT;
 
-	case CONN_S_GET_PORT:
-		if (BIO_get_port(c->param_port,&c->port) <= 0)
+		case BIO_CONN_S_GET_PORT:
+			if (BIO_get_port(c->param_port,&c->port) <= 0)
+				goto exit_loop;
+			c->state=BIO_CONN_S_CREATE_SOCKET;
 			break;
-		c->state=CONN_S_CREATE_SOCKET;
-
-	case CONN_S_CREATE_SOCKET:
-		/* now setup address */
-		memset((char *)&c->them,0,sizeof(c->them));
-		c->them.sin_family=AF_INET;
-		c->them.sin_port=htons((unsigned short)c->port);
-		l=(unsigned long)
-			((unsigned long)c->ip[0]<<24L)|
-			((unsigned long)c->ip[1]<<16L)|
-			((unsigned long)c->ip[2]<< 8L)|
-			((unsigned long)c->ip[3]);
-		c->them.sin_addr.s_addr=htonl(l);
-		c->state=CONN_S_CREATE_SOCKET;
-
-		ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-		if (ret == INVALID_SOCKET)
-			{
-			SYSerr(SYS_F_SOCKET,errno);
-			BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET);
+
+		case BIO_CONN_S_CREATE_SOCKET:
+			/* now setup address */
+			memset((char *)&c->them,0,sizeof(c->them));
+			c->them.sin_family=AF_INET;
+			c->them.sin_port=htons((unsigned short)c->port);
+			l=(unsigned long)
+				((unsigned long)c->ip[0]<<24L)|
+				((unsigned long)c->ip[1]<<16L)|
+				((unsigned long)c->ip[2]<< 8L)|
+				((unsigned long)c->ip[3]);
+			c->them.sin_addr.s_addr=htonl(l);
+			c->state=BIO_CONN_S_CREATE_SOCKET;
+
+			ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+			if (ret == INVALID_SOCKET)
+				{
+				SYSerr(SYS_F_SOCKET,get_last_socket_error());
+				ERR_add_error_data(4,"host=",c->param_hostname,
+					":",c->param_port);
+				BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET);
+				goto exit_loop;
+				}
+			b->num=ret;
+			c->state=BIO_CONN_S_NBIO;
 			break;
-			}
-		b->num=ret;
-		c->state=CONN_S_NBIO;
 
-	case CONN_S_NBIO:
+		case BIO_CONN_S_NBIO:
 #ifdef FIONBIO
-		if (c->nbio)
-			{
-			l=1;
-			ret=BIO_socket_ioctl(b->num,FIONBIO,&l);
-			if (ret < 0)
+			if (c->nbio)
 				{
-				BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);
-				break;
+				l=1;
+				ret=BIO_socket_ioctl(b->num,FIONBIO,&l);
+				if (ret < 0)
+					{
+					BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);
+					ERR_add_error_data(4,"host=",
+						c->param_hostname,
+						":",c->param_port);
+					goto exit_loop;
+					}
 				}
-			}
 #endif
-		c->state=CONN_S_CONNECT;
+			c->state=BIO_CONN_S_CONNECT;
 
-	case CONN_S_CONNECT:
-		BIO_clear_retry_flags(b);
-		ret=connect(b->num,
-			(struct sockaddr *)&c->them,
-			sizeof(c->them));
-		b->retry_reason=0;
-		if (ret < 0)
-			{
-			if (BIO_sock_should_retry(ret))
+#ifdef SO_KEEPALIVE
+			i=1;
+			i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+			if (i < 0)
 				{
-				BIO_set_retry_special(b);
-				c->state=CONN_S_BLOCKED_CONNECT;
-				b->retry_reason=BIO_RR_CONNECT;
+				SYSerr(SYS_F_SOCKET,get_last_socket_error());
+				ERR_add_error_data(4,"host=",c->param_hostname,
+					":",c->param_port);
+				BIOerr(BIO_F_CONN_STATE,BIO_R_KEEPALIVE);
+				goto exit_loop;
+				}
+#endif
+			break;
+
+		case BIO_CONN_S_CONNECT:
+			BIO_clear_retry_flags(b);
+			ret=connect(b->num,
+				(struct sockaddr *)&c->them,
+				sizeof(c->them));
+			b->retry_reason=0;
+			if (ret < 0)
+				{
+				if (BIO_sock_should_retry(ret))
+					{
+					BIO_set_retry_special(b);
+					c->state=BIO_CONN_S_BLOCKED_CONNECT;
+					b->retry_reason=BIO_RR_CONNECT;
+					}
+				else
+					{
+					SYSerr(SYS_F_CONNECT,get_last_socket_error());
+					ERR_add_error_data(4,"host=",
+						c->param_hostname,
+						":",c->param_port);
+					BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR);
+					}
+				goto exit_loop;
 				}
 			else
+				c->state=BIO_CONN_S_OK;
+			break;
+
+		case BIO_CONN_S_BLOCKED_CONNECT:
+			i=BIO_sock_error(b->num);
+			if (i)
 				{
-				SYSerr(SYS_F_CONNECT,errno);
-				BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR);
+				BIO_clear_retry_flags(b);
+				SYSerr(SYS_F_CONNECT,i);
+				ERR_add_error_data(4,"host=",
+					c->param_hostname,
+					":",c->param_port);
+				BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);
+				ret=0;
+				goto exit_loop;
 				}
-			}
-		else
-			{
+			else
+				c->state=BIO_CONN_S_OK;
+			break;
+
+		case BIO_CONN_S_OK:
 			ret=1;
-			c->state=CONN_S_OK;
+			goto exit_loop;
+		default:
+			abort();
+			goto exit_loop;
 			}
-		break;
 
-	case CONN_S_BLOCKED_CONNECT:
-		BIO_clear_retry_flags(b);
-		i=BIO_sock_error(b->num);
-		if (i)
+		if (cb != NULL)
 			{
-			SYSerr(SYS_F_CONNECT,i);
-			BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);
+			if (!(ret=cb((BIO *)b,c->state,ret)))
+				goto end;
 			}
-		else
-			{
-			c->state=CONN_S_OK;
-			ret=1;
-			}
-		break;
+		}
 
-	case CONN_S_OK:
-		ret=1;
-		break;
-	default:
-		abort();
+	if (1)
+		{
+exit_loop:
+		if (cb != NULL)
+			ret=cb((BIO *)b,c->state,ret);
 		}
+end:
 	return(ret);
 	}
 
@@ -296,9 +342,10 @@ BIO_CONNECT *BIO_CONNECT_new()
 
 	if ((ret=(BIO_CONNECT *)Malloc(sizeof(BIO_CONNECT))) == NULL)
 		return(NULL);
-	ret->state=CONN_S_BEFORE;
+	ret->state=BIO_CONN_S_BEFORE;
 	ret->param_hostname=NULL;
 	ret->param_port=NULL;
+	ret->info_callback=NULL;
 	ret->nbio=0;
 	ret->ip[0]=0;
 	ret->ip[1]=0;
@@ -346,7 +393,7 @@ BIO *bio;
 	if (bio->num != INVALID_SOCKET)
 		{
 		/* Only do a shutdown if things were established */
-		if (c->state == CONN_S_OK)
+		if (c->state == BIO_CONN_S_OK)
 			shutdown(bio->num,2);
 # ifdef WINDOWS
 		closesocket(bio->num);
@@ -385,15 +432,16 @@ int outl;
 	BIO_CONNECT *data;
 
 	data=(BIO_CONNECT *)b->ptr;
-	if (data->state != CONN_S_OK)
+	if (data->state != BIO_CONN_S_OK)
 		{
 		ret=conn_state(b,data);
-		if (ret <= 0) return(ret);
+		if (ret <= 0)
+				return(ret);
 		}
 
 	if (out != NULL)
 		{
-		errno=0;
+		clear_socket_error();
 #if defined(WINDOWS)
 		ret=recv(b->num,out,outl,0);
 #else
@@ -418,13 +466,13 @@ int inl;
 	BIO_CONNECT *data;
 
 	data=(BIO_CONNECT *)b->ptr;
-	if (data->state != CONN_S_OK)
+	if (data->state != BIO_CONN_S_OK)
 		{
 		ret=conn_state(b,data);
 		if (ret <= 0) return(ret);
 		}
 
-	errno=0;
+	clear_socket_error();
 #if defined(WINDOWS)
 	ret=send(b->num,in,inl,0);
 #else
@@ -447,6 +495,7 @@ char *ptr;
 	{
 	BIO *dbio;
 	int *ip;
+	char **pptr;
 	long ret=1;
 	BIO_CONNECT *data;
 
@@ -456,17 +505,43 @@ char *ptr;
 		{
 	case BIO_CTRL_RESET:
 		ret=0;
-		data->state=CONN_S_BEFORE;
+		data->state=BIO_CONN_S_BEFORE;
 		conn_close_socket(b);
 		b->flags=0;
 		break;
 	case BIO_C_DO_STATE_MACHINE:
 		/* use this one to start the connection */
-		if (!data->state != CONN_S_OK)
+		if (!data->state != BIO_CONN_S_OK)
 			ret=(long)conn_state(b,data);
 		else
 			ret=1;
 		break;
+	case BIO_C_GET_CONNECT:
+		if (ptr != NULL)
+			{
+			pptr=(char **)ptr;
+			if (num == 0)
+				{
+				*pptr=data->param_hostname;
+
+				}
+			else if (num == 1)
+				{
+				*pptr=data->param_port;
+				}
+			else if (num == 2)
+				{
+				*pptr= (char *)&(data->ip[0]);
+				}
+			else if (num == 3)
+				{
+				*((int *)ptr)=data->port;
+				}
+			if ((!b->init) || (ptr == NULL))
+				*pptr="not initalised";
+			ret=1;
+			}
+		break;
 	case BIO_C_SET_CONNECT:
 		if (ptr != NULL)
 			{
@@ -483,6 +558,10 @@ char *ptr;
 					Free(data->param_port);
 				data->param_port=BUF_strdup(ptr);
 				}
+			else if (num == 2)
+				memcpy(data->ip,ptr,4);
+			else if (num == 3)
+				data->port= *(int *)ptr;
 			}
 		break;
 	case BIO_C_SET_NBIO:
@@ -514,12 +593,23 @@ char *ptr;
 	case BIO_CTRL_DUP:
 		dbio=(BIO *)ptr;
 		if (data->param_port)
-			BIO_set_port(dbio,data->param_port);
+			BIO_set_conn_port(dbio,data->param_port);
 		if (data->param_hostname)
-			BIO_set_hostname(dbio,data->param_hostname);
+			BIO_set_conn_hostname(dbio,data->param_hostname);
 		BIO_set_nbio(dbio,data->nbio);
+		BIO_set_info_callback(dbio,data->info_callback);
 		break;
+	case BIO_CTRL_SET_CALLBACK:
+		data->info_callback=(int (*)())ptr;
+		break;
+	case BIO_CTRL_GET_CALLBACK:
+		{
+		int (**fptr)();
 
+		fptr=(int (**)())ptr;
+		*fptr=data->info_callback;
+		}
+		break;
 	default:
 		ret=0;
 		break;
@@ -545,7 +635,7 @@ char *str;
 
 	ret=BIO_new(BIO_s_connect());
 	if (ret == NULL) return(NULL);
-	if (BIO_set_hostname(ret,str))
+	if (BIO_set_conn_hostname(ret,str))
 		return(ret);
 	else
 		{
diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c
index 06ae229ff..686c4909a 100644
--- a/crypto/bio/bss_fd.c
+++ b/crypto/bio/bss_fd.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bss_fd.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index 33c18e744..1484cf849 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bss_file.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,12 +56,23 @@
  * [including the GNU Public Licence.]
  */
 
+/*
+ * 03-Dec-1997	rdenny@dc3.com  Fix bug preventing use of stdin/stdout
+ *		with binary data (e.g. asn1parse -inform DER < xxx) under
+ *		Windows
+ */
+
+#ifndef HEADER_BSS_FILE_C
+#define HEADER_BSS_FILE_C
+
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
 #include "bio.h"
 #include "err.h"
 
+#if !defined(NO_STDIO)
+
 #ifndef NOPROTO
 static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
 static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
@@ -82,7 +93,8 @@ static int MS_CALLBACK file_free();
 
 static BIO_METHOD methods_filep=
 	{
-	BIO_TYPE_FILE,"FILE pointer",
+	BIO_TYPE_FILE,
+	"FILE pointer",
 	file_write,
 	file_read,
 	file_puts,
@@ -92,7 +104,6 @@ static BIO_METHOD methods_filep=
 	file_free,
 	};
 
-#if !defined(WIN16) || defined(APPS_WIN16)
 BIO *BIO_new_file(filename,mode)
 char *filename;
 char *mode;
@@ -102,17 +113,13 @@ char *mode;
 
 	if ((file=fopen(filename,mode)) == NULL)
 		{
-		SYSerr(SYS_F_FOPEN,errno);
+		SYSerr(SYS_F_FOPEN,get_last_sys_error());
+		ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
 		BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
 		return(NULL);
 		}
-
-	if ((ret=BIO_new(BIO_s_file())) == NULL)
+	if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
 		return(NULL);
-#if 0
-	if ((ret=BIO_new(BIO_s_file_internal_w16())) == NULL)
-		return(NULL);
-#endif
 
 	BIO_set_fp(ret,file,BIO_CLOSE);
 	return(ret);
@@ -126,31 +133,16 @@ int close_flag;
 
 	if ((ret=BIO_new(BIO_s_file())) == NULL)
 		return(NULL);
-#if 0
-	if ((ret=BIO_new(BIO_s_file_internal_w16())) == NULL)
-#endif
 
 	BIO_set_fp(ret,stream,close_flag);
 	return(ret);
 	}
-#endif /* !APPS_WIN16 */
-
-#if !defined(WIN16) || defined(APPS_WIN16)
 
 BIO_METHOD *BIO_s_file()
 	{
 	return(&methods_filep);
 	}
 
-#else
-
-BIO_METHOD *BIO_s_file_internal_w16()
-	{
-	return(&methods_filep);
-	}
-
-#endif
-
 static int MS_CALLBACK file_new(bi)
 BIO *bi;
 	{
@@ -236,6 +228,13 @@ char *ptr;
 		b->shutdown=(int)num;
 		b->ptr=(char *)ptr;
 		b->init=1;
+#if defined(MSDOS) || defined(WINDOWS)
+		/* Set correct text/binary mode */
+		if (num & BIO_FP_TEXT)
+			_setmode(fileno((FILE *)ptr),_O_TEXT);
+		else
+			_setmode(fileno((FILE *)ptr),_O_BINARY);
+#endif
 		break;
 	case BIO_C_SET_FILENAME:
 		file_free(b);
@@ -267,7 +266,8 @@ char *ptr;
 		fp=fopen(ptr,p);
 		if (fp == NULL)
 			{
-			SYSerr(SYS_F_FOPEN,errno);
+			SYSerr(SYS_F_FOPEN,get_last_sys_error());
+			ERR_add_error_data(5,"fopen('",ptr,"','",p,"')");
 			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
 			ret=0;
 			break;
@@ -332,3 +332,8 @@ char *str;
 	return(ret);
 	}
 
+#endif /* NO_STDIO */
+
+#endif /* HEADER_BSS_FILE_C */
+
+
diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index 9b4cf40ac..40c4e39f0 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bss_mem.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -81,7 +81,8 @@ static int mem_free();
 
 static BIO_METHOD mem_method=
 	{
-	BIO_TYPE_MEM,"memory buffer",
+	BIO_TYPE_MEM,
+	"memory buffer",
 	mem_write,
 	mem_read,
 	mem_puts,
diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c
index f93d47112..0791a2471 100644
--- a/crypto/bio/bss_null.c
+++ b/crypto/bio/bss_null.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bss_null.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -81,7 +81,8 @@ static int null_free();
 
 static BIO_METHOD null_method=
 	{
-	BIO_TYPE_NULL,"NULL",
+	BIO_TYPE_NULL,
+	"NULL",
 	null_write,
 	null_read,
 	null_puts,
diff --git a/crypto/bio/bss_rtcp.c b/crypto/bio/bss_rtcp.c
index cd48f7ce9..6eb434dee 100644
--- a/crypto/bio/bss_rtcp.c
+++ b/crypto/bio/bss_rtcp.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bss_rtcp.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -96,7 +96,8 @@ static int rtcp_free(BIO *data);
 
 static BIO_METHOD rtcp_method=
 	{
-	BIO_TYPE_FD,"RTCP",
+	BIO_TYPE_FD,
+	"RTCP",
 	rtcp_write,
 	rtcp_read,
 	rtcp_puts,
diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
index ac9602705..d907a2867 100644
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -1,5 +1,5 @@
 /* crypto/bio/bss_sock.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -107,7 +107,8 @@ int BIO_fd_should_retry();
 #ifndef BIO_FD
 static BIO_METHOD methods_sockp=
 	{
-	BIO_TYPE_SOCKET,"socket",
+	BIO_TYPE_SOCKET,
+	"socket",
 	sock_write,
 	sock_read,
 	sock_puts,
@@ -217,10 +218,11 @@ int outl;
 
 	if (out != NULL)
 		{
-		errno=0;
 #if defined(WINDOWS) && !defined(BIO_FD)
+		clear_socket_error();
 		ret=recv(b->num,out,outl,0);
 #else
+		clear_sys_error();
 		ret=read(b->num,out,outl);
 #endif
 		BIO_clear_retry_flags(b);
@@ -248,10 +250,11 @@ int inl;
 	{
 	int ret;
 	
-	errno=0;
 #if defined(WINDOWS) && !defined(BIO_FD)
+	clear_socket_error();
 	ret=send(b->num,in,inl,0);
 #else
+	clear_sys_error();
 	ret=write(b->num,in,inl);
 #endif
 	BIO_clear_retry_flags(b);
@@ -370,20 +373,25 @@ int BIO_fd_should_retry(i)
 #endif
 int i;
 	{
+	int err;
+
 	if ((i == 0) || (i == -1))
 		{
 #if !defined(BIO_FD) && defined(WINDOWS)
-		errno=WSAGetLastError();
+		err=get_last_socket_error();
+#else
+		err=get_last_sys_error();
 #endif
 
 #if defined(WINDOWS) /* more microsoft stupidity */
-		if ((i == -1) && (errno == 0))
+		if ((i == -1) && (err == 0))
 			return(1);
 #endif
+
 #ifndef BIO_FD
-		return(BIO_sock_non_fatal_error(errno));
+		return(BIO_sock_non_fatal_error(err));
 #else
-		return(BIO_fd_non_fatal_error(errno));
+		return(BIO_fd_non_fatal_error(err));
 #endif
 		}
 	return(0);
@@ -418,6 +426,10 @@ int err;
 # endif
 #endif
 
+#if defined(ENOTCONN)
+	case ENOTCONN:
+#endif
+
 #ifdef EINTR
 	case EINTR:
 #endif
diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl
index cbddd4f3e..9809d26cb 100644
--- a/crypto/bn/Makefile.ssl
+++ b/crypto/bn/Makefile.ssl
@@ -11,9 +11,12 @@ INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
 MAKEDEPEND=	makedepend -f Makefile.ssl
 MAKEFILE=	Makefile.ssl
-BN_MULW=	bn_mulw.o
 AR=		ar r
 
+BN_MULW=	bn_mulw.o
+# or use
+#BN_MULW=	bn86-elf.o
+
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 ERR=bn
@@ -24,12 +27,14 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c \
-	bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c \
-	bn_gcd.c bn_prime.c $(ERRC).c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c
+	bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_blind.c \
+	bn_gcd.c bn_prime.c $(ERRC).c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c \
+	bn_mpi.c
 
 LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o \
-	bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o \
-	bn_gcd.o bn_prime.o $(ERRC).o bn_sqr.o $(BN_MULW) bn_recp.o bn_mont.o
+	bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o bn_blind.o \
+	bn_gcd.o bn_prime.o $(ERRC).o bn_sqr.o $(BN_MULW) bn_recp.o bn_mont.o \
+	bn_mpi.o
 
 
 SRC= $(LIBSRC)
@@ -56,6 +61,27 @@ lib:	$(LIBOBJ)
 	sh $(TOP)/util/ranlib.sh $(LIB)
 	@touch lib
 
+# elf
+asm/bn86-elf.o: asm/bn86unix.cpp
+	$(CPP) -DELF asm/bn86unix.cpp | as -o asm/bn86-elf.o
+
+# solaris
+asm/bn86-sol.o: asm/bn86unix.cpp
+	$(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s
+	as -o asm/bn86-sol.o asm/bn86-sol.s
+	rm -f asm/bn86-sol.s
+
+# a.out
+asm/bn86-out.o: asm/bn86unix.cpp
+	$(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o
+
+# bsdi
+asm/bn86bsdi.o: asm/bn86unix.cpp
+	$(CPP) -DBSDI asm/bn86unix.cpp | as -o asm/bn86bsdi.o
+
+asm/bn86unix.cpp:
+	(cd asm; perl bn-586.pl cpp >bn86unix.cpp )
+
 files:
 	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
@@ -102,6 +128,6 @@ clean:
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # special case .org
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/bn/asm/alpha.s b/crypto/bn/asm/alpha.s
index d56f715ec..1d17b1d61 100644
--- a/crypto/bn/asm/alpha.s
+++ b/crypto/bn/asm/alpha.s
@@ -3,16 +3,15 @@
  # Thanks to tzeruch@ceddec.com for sending me the gcc output for
  # bn_div64.
 	.file	1 "bn_mulw.c"
-	.version	"01.01"
 	.set noat
 gcc2_compiled.:
 __gnu_compiled_c:
 	.text
 	.align 3
-	.globl bn_mul_add_word
-	.ent bn_mul_add_word
-bn_mul_add_word:
-bn_mul_add_word..ng:
+	.globl bn_mul_add_words
+	.ent bn_mul_add_words
+bn_mul_add_words:
+bn_mul_add_words..ng:
 	.frame $30,0,$26,0
 	.prologue 0
 	subq $18,2,$25	# num=-2
@@ -74,12 +73,12 @@ $42:
 	.align 4
 $43:
 	ret $31,($26),1
-	.end bn_mul_add_word
+	.end bn_mul_add_words
 	.align 3
-	.globl bn_mul_word
-	.ent bn_mul_word
-bn_mul_word:
-bn_mul_word..ng:
+	.globl bn_mul_words
+	.ent bn_mul_words
+bn_mul_words:
+bn_mul_words..ng:
 	.frame $30,0,$26,0
 	.prologue 0
 	subq $18,2,$25	# num=-2
@@ -125,7 +124,7 @@ $242:
 	stq $1,0($16)
 $243:
 	ret $31,($26),1
-	.end bn_mul_word
+	.end bn_mul_words
 	.align 3
 	.globl bn_sqr_words
 	.ent bn_sqr_words
@@ -173,6 +172,41 @@ $443:
 	ret $31,($26),1
 	.end bn_sqr_words
 
+	.align 3
+	.globl bn_add_words
+	.ent bn_add_words
+bn_add_words:
+bn_add_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	bis	$31,$31,$8	# carry = 0
+	ble	$19,$900
+$901:
+	ldq	$0,0($17)	# a[0]
+	ldq	$1,0($18)	# a[1]
+
+	addq	$0,$1,$3	# c=a+b;
+	 addq	$17,8,$17	# a++
+
+	cmpult	$3,$1,$7	# did we overflow?
+	 addq	$18,8,$18	# b++
+
+	addq	$8,$3,$3	# c+=carry
+
+	cmpult	$3,$8,$8	# did we overflow?
+	 stq	$3,($16)	# r[0]=c
+
+	addq	$7,$8,$8	# add into overflow
+	 subq	$19,1,$19	# loop--
+
+	addq	$16,8,$16	# r++
+	 bgt	$19,$901
+$900:
+	bis	$8,$8,$0	# return carry
+	ret $31,($26),1
+	.end bn_add_words
+
  #
  # What follows was taken directly from the C compiler with a few
  # hacks to redo the lables.
diff --git a/crypto/bn/asm/pa-risc.s b/crypto/bn/asm/pa-risc.s
index c49c433a8..775130a19 100644
--- a/crypto/bn/asm/pa-risc.s
+++ b/crypto/bn/asm/pa-risc.s
@@ -11,8 +11,8 @@
 	.SUBSPA $CODE$
 
 	.align 4
-	.EXPORT bn_mul_add_word,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
-bn_mul_add_word
+	.EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_add_words
 	.PROC
 	.CALLINFO FRAME=0,CALLS,SAVE_RP
 	.ENTRY
@@ -219,8 +219,8 @@ L$0003
 	.EXIT
 	.PROCEND
 	.align 4
-	.EXPORT bn_mul_word,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
-bn_mul_word
+	.EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_words
 	.PROC
 	.CALLINFO FRAME=0,CALLS,SAVE_RP
 	.ENTRY
diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s
index 5e07b7d2e..c2725996a 100644
--- a/crypto/bn/asm/pa-risc2.s
+++ b/crypto/bn/asm/pa-risc2.s
@@ -11,8 +11,8 @@
 	.SUBSPA $CODE$
 
 	.align 4
-	.EXPORT bn_mul_add_word,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
-bn_mul_add_word
+	.EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_add_words
 	.PROC
 	.CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=4
 	.ENTRY
@@ -117,8 +117,8 @@ L$0011
 	.EXIT
 	.PROCEND
 	.align 4
-	.EXPORT bn_mul_word,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
-bn_mul_word
+	.EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_words
 	.PROC
 	.CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=3
 	.ENTRY
diff --git a/crypto/bn/asm/r3000.s b/crypto/bn/asm/r3000.s
index 5be2a0d0e..e95269afa 100644
--- a/crypto/bn/asm/r3000.s
+++ b/crypto/bn/asm/r3000.s
@@ -55,9 +55,9 @@ __gnu_compiled_c:
 	.byte	0x0
 	.text
 	.align	2
-	.globl	bn_mul_add_word
-	.ent	bn_mul_add_word
-bn_mul_add_word:
+	.globl	bn_mul_add_words
+	.ent	bn_mul_add_words
+bn_mul_add_words:
 	.frame	$sp,0,$31		# vars= 0, regs= 0/0, args= 0, extra= 0
 	.mask	0x00000000,0
 	.fmask	0x00000000,0
@@ -206,11 +206,11 @@ $L3:
 	.set	macro
 	.set	reorder
 
-	.end	bn_mul_add_word
+	.end	bn_mul_add_words
 	.align	2
-	.globl	bn_mul_word
-	.ent	bn_mul_word
-bn_mul_word:
+	.globl	bn_mul_words
+	.ent	bn_mul_words
+bn_mul_words:
 	.frame	$sp,0,$31		# vars= 0, regs= 0/0, args= 0, extra= 0
 	.mask	0x00000000,0
 	.fmask	0x00000000,0
@@ -334,7 +334,7 @@ $L11:
 	.set	macro
 	.set	reorder
 
-	.end	bn_mul_word
+	.end	bn_mul_words
 	.align	2
 	.globl	bn_sqr_words
 	.ent	bn_sqr_words
diff --git a/crypto/bn/asm/sparc.s b/crypto/bn/asm/sparc.s
index 37c5fb194..f9e533caa 100644
--- a/crypto/bn/asm/sparc.s
+++ b/crypto/bn/asm/sparc.s
@@ -2,10 +2,10 @@
 gcc2_compiled.:
 .section	".text"
 	.align 4
-	.global bn_mul_add_word
-	.type	 bn_mul_add_word,#function
+	.global bn_mul_add_words
+	.type	 bn_mul_add_words,#function
 	.proc	016
-bn_mul_add_word:
+bn_mul_add_words:
 	!#PROLOGUE# 0
 	save %sp,-112,%sp
 	!#PROLOGUE# 1
@@ -98,12 +98,12 @@ bn_mul_add_word:
 	ret
 	restore %g0,%i4,%o0
 .LLfe1:
-	.size	 bn_mul_add_word,.LLfe1-bn_mul_add_word
+	.size	 bn_mul_add_words,.LLfe1-bn_mul_add_words
 	.align 4
-	.global bn_mul_word
-	.type	 bn_mul_word,#function
+	.global bn_mul_words
+	.type	 bn_mul_words,#function
 	.proc	016
-bn_mul_word:
+bn_mul_words:
 	!#PROLOGUE# 0
 	save %sp,-112,%sp
 	!#PROLOGUE# 1
@@ -176,7 +176,7 @@ bn_mul_word:
 	ret
 	restore
 .LLfe2:
-	.size	 bn_mul_word,.LLfe2-bn_mul_word
+	.size	 bn_mul_words,.LLfe2-bn_mul_words
 	.align 4
 	.global bn_sqr_words
 	.type	 bn_sqr_words,#function
@@ -234,10 +234,113 @@ bn_sqr_words:
 	nop
 .LLfe3:
 	.size	 bn_sqr_words,.LLfe3-bn_sqr_words
+	.align 4
+	.global bn_add_words
+	.type	 bn_add_words,#function
+	.proc	016
+bn_add_words:
+	!#PROLOGUE# 0
+	save %sp,-112,%sp
+	!#PROLOGUE# 1
+	mov %i0,%o2
+	mov %i1,%o3
+	mov %i2,%o4
+	mov %i3,%i5
+	mov 0,%o0
+	mov 0,%o1
+	add %o2,12,%o7
+	add %o4,12,%g4
+	b .LL42
+	add %o3,12,%g1
+.LL45:
+	add %i5,-1,%i5
+	mov %i4,%g3
+	ld [%g4-8],%i4
+	mov 0,%g2
+	mov %i4,%i1
+	mov 0,%i0
+	addcc %g3,%i1,%g3
+	addx %g2,%i0,%g2
+	addcc %o1,%g3,%o1
+	addx %o0,%g2,%o0
+	st %o1,[%o7-8]
+	mov %o0,%i3
+	mov 0,%i2
+	mov %i2,%o0
+	mov %i3,%o1
+	cmp %i5,0
+	ble .LL43
+	add %i5,-1,%i5
+	ld [%g1-4],%i4
+	mov %i4,%g3
+	ld [%g4-4],%i4
+	mov 0,%g2
+	mov %i4,%i1
+	mov 0,%i0
+	addcc %g3,%i1,%g3
+	addx %g2,%i0,%g2
+	addcc %o1,%g3,%o1
+	addx %o0,%g2,%o0
+	st %o1,[%o7-4]
+	mov %o0,%i3
+	mov 0,%i2
+	mov %i2,%o0
+	mov %i3,%o1
+	cmp %i5,0
+	ble .LL43
+	add %i5,-1,%i5
+	ld [%g1],%i4
+	mov %i4,%g3
+	ld [%g4],%i4
+	mov 0,%g2
+	mov %i4,%i1
+	mov 0,%i0
+	addcc %g3,%i1,%g3
+	addx %g2,%i0,%g2
+	addcc %o1,%g3,%o1
+	addx %o0,%g2,%o0
+	st %o1,[%o7]
+	mov %o0,%i3
+	mov 0,%i2
+	mov %i2,%o0
+	mov %i3,%o1
+	cmp %i5,0
+	ble .LL43
+	add %g1,16,%g1
+	add %o3,16,%o3
+	add %g4,16,%g4
+	add %o4,16,%o4
+	add %o7,16,%o7
+	add %o2,16,%o2
+.LL42:
+	ld [%o3],%i4
+	add %i5,-1,%i5
+	mov %i4,%g3
+	ld [%o4],%i4
+	mov 0,%g2
+	mov %i4,%i1
+	mov 0,%i0
+	addcc %g3,%i1,%g3
+	addx %g2,%i0,%g2
+	addcc %o1,%g3,%o1
+	addx %o0,%g2,%o0
+	st %o1,[%o2]
+	mov %o0,%i3
+	mov 0,%i2
+	mov %i2,%o0
+	mov %i3,%o1
+	cmp %i5,0
+	bg,a .LL45
+	ld [%g1-8],%i4
+.LL43:
+	ret
+	restore %g0,%o1,%o0
+.LLfe4:
+	.size	 bn_add_words,.LLfe4-bn_add_words
 .section	".rodata"
 	.align 8
 .LLC0:
-	.asciz	"Division would overflow\n"
+	.asciz	"Division would overflow (%d)\n"
 .section	".text"
 	.align 4
 	.global bn_div64
@@ -249,20 +352,20 @@ bn_div64:
 	!#PROLOGUE# 1
 	mov 0,%l1
 	cmp %i2,0
-	bne .LL42
+	bne .LL51
 	mov 2,%l0
-	b .LL59
+	b .LL68
 	mov -1,%i0
-.LL42:
+.LL51:
 	call BN_num_bits_word,0
 	mov %i2,%o0
 	mov %o0,%o2
 	cmp %o2,32
-	be .LL43
+	be .LL52
 	mov 1,%o0
 	sll %o0,%o2,%o0
 	cmp %i0,%o0
-	bleu .LL60
+	bleu .LL69
 	mov 32,%o0
 	sethi %hi(__iob+32),%o0
 	or %o0,%lo(__iob+32),%o0
@@ -271,89 +374,89 @@ bn_div64:
 	or %o1,%lo(.LLC0),%o1
 	call abort,0
 	nop
-.LL43:
+.LL52:
 	mov 32,%o0
-.LL60:
+.LL69:
 	cmp %i0,%i2
-	blu .LL44
+	blu .LL53
 	sub %o0,%o2,%o2
 	sub %i0,%i2,%i0
-.LL44:
+.LL53:
 	cmp %o2,0
-	be .LL45
-	sethi %hi(-65536),%o7
-	sll %i2,%o2,%i2
+	be .LL54
 	sll %i0,%o2,%o1
+	sll %i2,%o2,%i2
 	sub %o0,%o2,%o0
 	srl %i1,%o0,%o0
 	or %o1,%o0,%i0
 	sll %i1,%o2,%i1
-.LL45:
+.LL54:
 	srl %i2,16,%g2
 	sethi %hi(65535),%o0
 	or %o0,%lo(65535),%o1
 	and %i2,%o1,%g3
 	mov %o0,%g4
+	sethi %hi(-65536),%o7
 	mov %o1,%g1
-.LL46:
+.LL55:
 	srl %i0,16,%o0
 	cmp %o0,%g2
-	be .LL50
+	be .LL59
 	or %g4,%lo(65535),%o3
 	wr %g0,%g0,%y
 	nop
 	nop
 	nop
 	udiv %i0,%g2,%o3
-.LL50:
+.LL59:
 	and %i1,%o7,%o0
 	srl %o0,16,%o5
 	smul %o3,%g3,%o4
 	smul %o3,%g2,%o2
-.LL51:
+.LL60:
 	sub %i0,%o2,%o1
 	andcc %o1,%o7,%g0
-	bne .LL52
+	bne .LL61
 	sll %o1,16,%o0
 	add %o0,%o5,%o0
 	cmp %o4,%o0
-	bleu .LL52
+	bleu .LL61
 	sub %o4,%g3,%o4
 	sub %o2,%g2,%o2
-	b .LL51
+	b .LL60
 	add %o3,-1,%o3
-.LL52:
+.LL61:
 	smul %o3,%g2,%o2
 	smul %o3,%g3,%o0
 	srl %o0,16,%o1
 	sll %o0,16,%o0
 	and %o0,%o7,%o0
 	cmp %i1,%o0
-	bgeu .LL56
+	bgeu .LL65
 	add %o2,%o1,%o2
 	add %o2,1,%o2
-.LL56:
+.LL65:
 	cmp %i0,%o2
-	bgeu .LL57
+	bgeu .LL66
 	sub %i1,%o0,%i1
 	add %i0,%i2,%i0
 	add %o3,-1,%o3
-.LL57:
+.LL66:
 	addcc %l0,-1,%l0
-	be .LL47
+	be .LL56
 	sub %i0,%o2,%i0
 	sll %o3,16,%l1
 	sll %i0,16,%o0
 	srl %i1,16,%o1
 	or %o0,%o1,%i0
 	and %i1,%g1,%o0
-	b .LL46
+	b .LL55
 	sll %o0,16,%i1
-.LL47:
+.LL56:
 	or %l1,%o3,%i0
-.LL59:
+.LL68:
 	ret
 	restore
-.LLfe4:
-	.size	 bn_div64,.LLfe4-bn_div64
-	.ident	"GCC: (GNU) 2.7.0"
+.LLfe5:
+	.size	 bn_div64,.LLfe5-bn_div64
+	.ident	"GCC: (GNU) 2.7.2.3"
diff --git a/crypto/bn/asm/x86w16.asm b/crypto/bn/asm/x86w16.asm
index 66874913e..74a933a8c 100644
--- a/crypto/bn/asm/x86w16.asm
+++ b/crypto/bn/asm/x86w16.asm
@@ -14,8 +14,8 @@ DGROUP	GROUP	CONST, _BSS, _DATA
 	ASSUME DS: DGROUP, SS: DGROUP
 F_TEXT      SEGMENT
 	ASSUME	CS: F_TEXT
-	PUBLIC	_bn_mul_add_word
-_bn_mul_add_word	PROC FAR
+	PUBLIC	_bn_mul_add_words
+_bn_mul_add_words	PROC FAR
 ; Line 58
 	push	bp
 	push	bx
@@ -133,9 +133,9 @@ $L547:
 	ret	
 	nop	
 
-_bn_mul_add_word	ENDP
-	PUBLIC	_bn_mul_word
-_bn_mul_word	PROC FAR
+_bn_mul_add_words	ENDP
+	PUBLIC	_bn_mul_words
+_bn_mul_words	PROC FAR
 ; Line 76
 	push	bp
 	push	bx
@@ -202,7 +202,7 @@ $L764:
 	pop	bp
 	ret	
 	nop	
-_bn_mul_word	ENDP
+_bn_mul_words	ENDP
 	PUBLIC	_bn_sqr_words
 _bn_sqr_words	PROC FAR
 ; Line 92
diff --git a/crypto/bn/asm/x86w32.asm b/crypto/bn/asm/x86w32.asm
index 0e4452dfa..fc6f91771 100644
--- a/crypto/bn/asm/x86w32.asm
+++ b/crypto/bn/asm/x86w32.asm
@@ -14,8 +14,8 @@ DGROUP	GROUP	CONST, _BSS, _DATA
 	ASSUME DS: DGROUP, SS: DGROUP
 F_TEXT      SEGMENT
 	ASSUME	CS: F_TEXT
-	PUBLIC	_bn_mul_add_word
-_bn_mul_add_word	PROC FAR
+	PUBLIC	_bn_mul_add_words
+_bn_mul_add_words	PROC FAR
 ; Line 58
 	push	bp
 	push	bx
@@ -133,10 +133,10 @@ $L547:
 	pop	bp
 	ret	
 	nop	
+_bn_mul_add_words	ENDP
 
-_bn_mul_add_word	ENDP
-	PUBLIC	_bn_mul_word
-_bn_mul_word	PROC FAR
+	PUBLIC	_bn_mul_words
+_bn_mul_words	PROC FAR
 ; Line 76
 	push	bp
 	push	bx
@@ -206,7 +206,7 @@ $L764:
 	pop	bp
 	ret	
 	nop	
-_bn_mul_word	ENDP
+_bn_mul_words	ENDP
 	PUBLIC	_bn_sqr_words
 _bn_sqr_words	PROC FAR
 ; Line 92
@@ -285,8 +285,8 @@ $L645:
 	pop	bx
 	pop	bp
 	ret	
-
 _bn_sqr_words	ENDP
+
 	PUBLIC	_bn_div64
 _bn_div64	PROC FAR
 	push	bp
@@ -299,5 +299,64 @@ _bn_div64	PROC FAR
 	pop	bp
 	ret	
 _bn_div64	ENDP
+
+	PUBLIC	_bn_add_words
+_bn_add_words	PROC FAR
+; Line 58
+	push	bp
+	push	bx
+	push	esi
+	push	di
+	push	ds
+	push	es
+	mov	bp,sp
+;	w = 28
+;	num = 26
+;	ap = 22
+;	rp = 18
+	xor	esi,esi			;c=0;
+	mov	si,WORD PTR [bp+22]	; load a
+	mov	es,WORD PTR [bp+24]	; load a
+	mov	di,WORD PTR [bp+26]	; load b
+	mov	ds,WORD PTR [bp+28]	; load b
+
+	mov	dx,WORD PTR [bp+30]	; load num
+	dec	dx
+	js	$L547
+	xor	ecx,ecx
+
+$L5477:
+	xor	ebx,ebx
+	mov	eax,DWORD PTR es:[si]	; *a
+	add	eax,ecx
+	adc	ebx,0
+	add	si,4			; a++
+	add	eax,DWORD PTR ds:[di]	; + *b
+	mov	ecx,ebx
+	adc	ecx,0
+	add	di,4
+	mov	bx,WORD PTR [bp+18]
+	mov	ds,WORD PTR [bp+20]
+	mov	DWORD PTR ds:[bx],eax
+	add	bx,4
+	mov	ds,WORD PTR [bp+28]
+	mov	WORD PTR [bp+18],bx
+	dec	dx
+	js	$L547			; Note that we are now testing for -1
+	jmp	$L5477
+	;
+$L547:
+	mov	eax,ecx
+	mov	edx,ecx
+	shr	edx,16
+	pop	es
+	pop	ds
+	pop	di
+	pop	esi
+	pop	bx
+	pop	bp
+	ret	
+	nop	
+_bn_add_words	ENDP
 F_TEXT	ENDS
 END
diff --git a/crypto/bn/bn.err b/crypto/bn/bn.err
index 5fe4b6dbf..7ccc247c4 100644
--- a/crypto/bn/bn.err
+++ b/crypto/bn/bn.err
@@ -1,20 +1,27 @@
 /* Error codes for the BN functions. */
 
 /* Function codes. */
-#define BN_F_BN_BL_CTX_INIT				 100
-#define BN_F_BN_BL_CTX_NEW				 101
-#define BN_F_BN_BN2ASCII				 102
-#define BN_F_BN_CTX_NEW					 103
-#define BN_F_BN_DIV					 104
-#define BN_F_BN_EXPAND2					 105
-#define BN_F_BN_MOD_EXP_MONT				 106
-#define BN_F_BN_MOD_INVERSE				 107
-#define BN_F_BN_MOD_MUL_RECIPROCAL			 108
-#define BN_F_BN_NEW					 109
-#define BN_F_BN_RAND					 110
+#define BN_F_BN_BLINDING_CONVERT			 100
+#define BN_F_BN_BLINDING_INVERT				 101
+#define BN_F_BN_BLINDING_NEW				 102
+#define BN_F_BN_BLINDING_UPDATE				 103
+#define BN_F_BN_BN2DEC					 104
+#define BN_F_BN_BN2HEX					 105
+#define BN_F_BN_CTX_NEW					 106
+#define BN_F_BN_DIV					 107
+#define BN_F_BN_EXPAND2					 108
+#define BN_F_BN_MOD_EXP_MONT				 109
+#define BN_F_BN_MOD_INVERSE				 110
+#define BN_F_BN_MOD_MUL_RECIPROCAL			 111
+#define BN_F_BN_MPI2BN					 112
+#define BN_F_BN_NEW					 113
+#define BN_F_BN_RAND					 114
 
 /* Reason codes. */
 #define BN_R_BAD_RECIPROCAL				 100
 #define BN_R_CALLED_WITH_EVEN_MODULUS			 101
 #define BN_R_DIV_BY_ZERO				 102
-#define BN_R_NO_INVERSE					 103
+#define BN_R_ENCODING_ERROR				 103
+#define BN_R_INVALID_LENGTH				 104
+#define BN_R_NOT_INITALISED				 105
+#define BN_R_NO_INVERSE					 106
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index 9326f4df5..66dde285d 100644
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -121,6 +121,10 @@ extern "C" {
 #define BN_MASK2h	(0xffffffff00000000L)
 #define BN_MASK2h1	(0xffffffff80000000L)
 #define BN_TBIT		(0x8000000000000000L)
+#define BN_DEC_CONV	(10000000000000000000L)
+#define BN_DEC_FMT1	"%lu"
+#define BN_DEC_FMT2	"%019lu"
+#define BN_DEC_NUM	19
 #endif
 
 #ifdef SIXTY_FOUR_BIT
@@ -137,6 +141,10 @@ extern "C" {
 #define BN_MASK2h	(0xffffffff00000000LL)
 #define BN_MASK2h1	(0xffffffff80000000LL)
 #define BN_TBIT		(0x8000000000000000LL)
+#define BN_DEC_CONV	(10000000000000000000L)
+#define BN_DEC_FMT1	"%lu"
+#define BN_DEC_FMT2	"%019lu"
+#define BN_DEC_NUM	19
 #endif
 
 #ifdef THIRTY_TWO_BIT
@@ -156,6 +164,10 @@ extern "C" {
 #define BN_MASK2h1	(0xffff8000L)
 #define BN_MASK2h	(0xffff0000L)
 #define BN_TBIT		(0x80000000L)
+#define BN_DEC_CONV	(1000000000L)
+#define BN_DEC_FMT1	"%lu"
+#define BN_DEC_FMT2	"%09lu"
+#define BN_DEC_NUM	9
 #endif
 
 #ifdef SIXTEEN_BIT
@@ -174,6 +186,10 @@ extern "C" {
 #define BN_MASK2h1	(0xff80)
 #define BN_MASK2h	(0xff00)
 #define BN_TBIT		(0x8000)
+#define BN_DEC_CONV	(100000)
+#define BN_DEC_FMT1	"%u"
+#define BN_DEC_FMT2	"%05u"
+#define BN_DEC_NUM	5
 #endif
 
 #ifdef EIGHT_BIT
@@ -192,6 +208,10 @@ extern "C" {
 #define BN_MASK2h1	(0xf8)
 #define BN_MASK2h	(0xf0)
 #define BN_TBIT		(0x80)
+#define BN_DEC_CONV	(100)
+#define BN_DEC_FMT1	"%u"
+#define BN_DEC_FMT2	"%02u"
+#define BN_DEC_NUM	2
 #endif
 
 #define BN_DEFAULT_BITS	1280
@@ -217,6 +237,14 @@ typedef struct bignum_ctx
 	BIGNUM *bn[BN_CTX_NUM+1];
 	} BN_CTX;
 
+typedef struct bn_blinding_st
+	{
+	int init;
+	BIGNUM *A;
+	BIGNUM *Ai;
+	BIGNUM *mod; /* just a reference */
+	} BN_BLINDING;
+
 /* Used for montgomery multiplication */
 typedef struct bn_mont_ctx_st
         {
@@ -241,6 +269,9 @@ typedef struct bn_mont_ctx_st
 #define BN_one(a)	(BN_set_word((a),1))
 #define BN_zero(a)	(BN_set_word((a),0))
 
+#define BN_ascii2bn(a)	BN_hex2bn(a)
+#define BN_bn2ascii(a)	BN_bn2hex(a)
+
 #define bn_fix_top(a) \
 	{ \
 	BN_ULONG *fix_top_l; \
@@ -248,7 +279,9 @@ typedef struct bn_mont_ctx_st
 		if (*(fix_top_l--)) break; \
 	}
 
-#define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b)))
+#define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?\
+	(n):bn_expand2((n),(b)/BN_BITS2))
+#define bn_wexpand(n,b) (((b) <= (n)->max)?(n):bn_expand2((n),(b)))
 
 
 #ifndef NOPROTO
@@ -264,6 +297,8 @@ void	BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(unsigned char *s,int len,BIGNUM *ret);
 int	BN_bn2bin(BIGNUM *a, unsigned char *to);
+BIGNUM *BN_mpi2bn(unsigned char *s,int len,BIGNUM *ret);
+int	BN_bn2mpi(BIGNUM *a, unsigned char *to);
 int	BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
 void	bn_qsub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
 void	bn_qadd(BIGNUM *r, BIGNUM *a, BIGNUM *b);
@@ -274,7 +309,9 @@ int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
 int	BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
 BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w);
 BN_ULONG BN_div_word(BIGNUM *a, unsigned long w);
+int	BN_mul_word(BIGNUM *a, unsigned long w);
 int	BN_add_word(BIGNUM *a, unsigned long w);
+int	BN_sub_word(BIGNUM *a, unsigned long w);
 int	BN_set_word(BIGNUM *a, unsigned long w);
 unsigned long BN_get_word(BIGNUM *a);
 int	BN_cmp(BIGNUM *a, BIGNUM *b);
@@ -282,8 +319,10 @@ void	BN_free(BIGNUM *a);
 int	BN_is_bit_set(BIGNUM *a, int n);
 int	BN_lshift(BIGNUM *r, BIGNUM *a, int n);
 int	BN_lshift1(BIGNUM *r, BIGNUM *a);
+int	BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx);
 int	BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
-int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx);
 int	BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
 int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
 	BIGNUM *m,BN_CTX *ctx);
@@ -309,20 +348,23 @@ BIGNUM *BN_dup(BIGNUM *a);
 int	BN_ucmp(BIGNUM *a, BIGNUM *b);
 int	BN_set_bit(BIGNUM *a, int n);
 int	BN_clear_bit(BIGNUM *a, int n);
-char *	BN_bn2ascii(BIGNUM *a);
-int 	BN_ascii2bn(BIGNUM **a,char *str);
+char *	BN_bn2hex(BIGNUM *a);
+char *	BN_bn2dec(BIGNUM *a);
+int 	BN_hex2bn(BIGNUM **a,char *str);
+int 	BN_dec2bn(BIGNUM **a,char *str);
 int	BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
 BIGNUM *BN_mod_inverse(BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
 BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add,
-		BIGNUM *rem,void (*callback)(int,int));
-int	BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int),
-		BN_CTX *ctx);
+		BIGNUM *rem,void (*callback)(int,int,char *),char *cb_arg);
+int	BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int,char *),
+		BN_CTX *ctx,char *cb_arg);
 void	ERR_load_BN_strings(void );
 
-BN_ULONG bn_mul_add_word(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-BN_ULONG bn_mul_word(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
 void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
 BN_ULONG bn_div64(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
@@ -331,6 +373,12 @@ int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
 int BN_MONT_CTX_set(BN_MONT_CTX *mont,BIGNUM *modulus,BN_CTX *ctx);
 
+BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+
 #else
 
 BIGNUM *BN_value_one();
@@ -345,6 +393,8 @@ void	BN_clear_free();
 BIGNUM *BN_copy();
 BIGNUM *BN_bin2bn();
 int	BN_bn2bin();
+BIGNUM *BN_mpi2bn();
+int	BN_bn2mpi();
 int	BN_sub();
 void	bn_qsub();
 void	bn_qadd();
@@ -356,6 +406,8 @@ int	BN_sqr();
 BN_ULONG BN_mod_word();
 BN_ULONG BN_div_word();
 int	BN_add_word();
+int	BN_sub_word();
+int	BN_mul_word();
 int	BN_set_word();
 unsigned long BN_get_word();
 int	BN_cmp();
@@ -363,6 +415,7 @@ void	BN_free();
 int	BN_is_bit_set();
 int	BN_lshift();
 int	BN_lshift1();
+int	BN_exp();
 int	BN_mod_exp();
 int	BN_mod_exp_mont();
 int	BN_mod_exp_recp();
@@ -383,18 +436,21 @@ BIGNUM *BN_dup();
 int	BN_ucmp();
 int	BN_set_bit();
 int	BN_clear_bit();
-char *	BN_bn2ascii();
-int 	BN_ascii2bn();
+char *	BN_bn2hex();
+char *	BN_bn2dec();
+int 	BN_hex2bn();
+int 	BN_dec2bn();
 int	BN_gcd();
 BIGNUM *BN_mod_inverse();
 BIGNUM *BN_generate_prime();
 int	BN_is_prime();
 void	ERR_load_BN_strings();
 
-BN_ULONG bn_mul_add_word();
-BN_ULONG bn_mul_word();
+BN_ULONG bn_mul_add_words();
+BN_ULONG bn_mul_words();
 void     bn_sqr_words();
 BN_ULONG bn_div64();
+BN_ULONG bn_add_words();
 
 int BN_mod_mul_montgomery();
 int BN_from_montgomery();
@@ -402,29 +458,42 @@ BN_MONT_CTX *BN_MONT_CTX_new();
 void BN_MONT_CTX_free();
 int BN_MONT_CTX_set();
 
+BN_BLINDING *BN_BLINDING_new();
+void BN_BLINDING_free();
+int BN_BLINDING_update();
+int BN_BLINDING_convert();
+int BN_BLINDING_invert();
+
 #endif
 
 /* BEGIN ERROR CODES */
 /* Error codes for the BN functions. */
 
 /* Function codes. */
-#define BN_F_BN_BL_CTX_INIT				 100
-#define BN_F_BN_BL_CTX_NEW				 101
-#define BN_F_BN_BN2ASCII				 102
-#define BN_F_BN_CTX_NEW					 103
-#define BN_F_BN_DIV					 104
-#define BN_F_BN_EXPAND2					 105
-#define BN_F_BN_MOD_EXP_MONT				 106
-#define BN_F_BN_MOD_INVERSE				 107
-#define BN_F_BN_MOD_MUL_RECIPROCAL			 108
-#define BN_F_BN_NEW					 109
-#define BN_F_BN_RAND					 110
+#define BN_F_BN_BLINDING_CONVERT			 100
+#define BN_F_BN_BLINDING_INVERT				 101
+#define BN_F_BN_BLINDING_NEW				 102
+#define BN_F_BN_BLINDING_UPDATE				 103
+#define BN_F_BN_BN2DEC					 104
+#define BN_F_BN_BN2HEX					 105
+#define BN_F_BN_CTX_NEW					 106
+#define BN_F_BN_DIV					 107
+#define BN_F_BN_EXPAND2					 108
+#define BN_F_BN_MOD_EXP_MONT				 109
+#define BN_F_BN_MOD_INVERSE				 110
+#define BN_F_BN_MOD_MUL_RECIPROCAL			 111
+#define BN_F_BN_MPI2BN					 112
+#define BN_F_BN_NEW					 113
+#define BN_F_BN_RAND					 114
 
 /* Reason codes. */
 #define BN_R_BAD_RECIPROCAL				 100
 #define BN_R_CALLED_WITH_EVEN_MODULUS			 101
 #define BN_R_DIV_BY_ZERO				 102
-#define BN_R_NO_INVERSE					 103
+#define BN_R_ENCODING_ERROR				 103
+#define BN_R_INVALID_LENGTH				 104
+#define BN_R_NOT_INITALISED				 105
+#define BN_R_NO_INVERSE					 106
  
 #ifdef  __cplusplus
 }
diff --git a/crypto/bn/bn.org b/crypto/bn/bn.org
index 9326f4df5..66dde285d 100644
--- a/crypto/bn/bn.org
+++ b/crypto/bn/bn.org
@@ -121,6 +121,10 @@ extern "C" {
 #define BN_MASK2h	(0xffffffff00000000L)
 #define BN_MASK2h1	(0xffffffff80000000L)
 #define BN_TBIT		(0x8000000000000000L)
+#define BN_DEC_CONV	(10000000000000000000L)
+#define BN_DEC_FMT1	"%lu"
+#define BN_DEC_FMT2	"%019lu"
+#define BN_DEC_NUM	19
 #endif
 
 #ifdef SIXTY_FOUR_BIT
@@ -137,6 +141,10 @@ extern "C" {
 #define BN_MASK2h	(0xffffffff00000000LL)
 #define BN_MASK2h1	(0xffffffff80000000LL)
 #define BN_TBIT		(0x8000000000000000LL)
+#define BN_DEC_CONV	(10000000000000000000L)
+#define BN_DEC_FMT1	"%lu"
+#define BN_DEC_FMT2	"%019lu"
+#define BN_DEC_NUM	19
 #endif
 
 #ifdef THIRTY_TWO_BIT
@@ -156,6 +164,10 @@ extern "C" {
 #define BN_MASK2h1	(0xffff8000L)
 #define BN_MASK2h	(0xffff0000L)
 #define BN_TBIT		(0x80000000L)
+#define BN_DEC_CONV	(1000000000L)
+#define BN_DEC_FMT1	"%lu"
+#define BN_DEC_FMT2	"%09lu"
+#define BN_DEC_NUM	9
 #endif
 
 #ifdef SIXTEEN_BIT
@@ -174,6 +186,10 @@ extern "C" {
 #define BN_MASK2h1	(0xff80)
 #define BN_MASK2h	(0xff00)
 #define BN_TBIT		(0x8000)
+#define BN_DEC_CONV	(100000)
+#define BN_DEC_FMT1	"%u"
+#define BN_DEC_FMT2	"%05u"
+#define BN_DEC_NUM	5
 #endif
 
 #ifdef EIGHT_BIT
@@ -192,6 +208,10 @@ extern "C" {
 #define BN_MASK2h1	(0xf8)
 #define BN_MASK2h	(0xf0)
 #define BN_TBIT		(0x80)
+#define BN_DEC_CONV	(100)
+#define BN_DEC_FMT1	"%u"
+#define BN_DEC_FMT2	"%02u"
+#define BN_DEC_NUM	2
 #endif
 
 #define BN_DEFAULT_BITS	1280
@@ -217,6 +237,14 @@ typedef struct bignum_ctx
 	BIGNUM *bn[BN_CTX_NUM+1];
 	} BN_CTX;
 
+typedef struct bn_blinding_st
+	{
+	int init;
+	BIGNUM *A;
+	BIGNUM *Ai;
+	BIGNUM *mod; /* just a reference */
+	} BN_BLINDING;
+
 /* Used for montgomery multiplication */
 typedef struct bn_mont_ctx_st
         {
@@ -241,6 +269,9 @@ typedef struct bn_mont_ctx_st
 #define BN_one(a)	(BN_set_word((a),1))
 #define BN_zero(a)	(BN_set_word((a),0))
 
+#define BN_ascii2bn(a)	BN_hex2bn(a)
+#define BN_bn2ascii(a)	BN_bn2hex(a)
+
 #define bn_fix_top(a) \
 	{ \
 	BN_ULONG *fix_top_l; \
@@ -248,7 +279,9 @@ typedef struct bn_mont_ctx_st
 		if (*(fix_top_l--)) break; \
 	}
 
-#define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b)))
+#define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?\
+	(n):bn_expand2((n),(b)/BN_BITS2))
+#define bn_wexpand(n,b) (((b) <= (n)->max)?(n):bn_expand2((n),(b)))
 
 
 #ifndef NOPROTO
@@ -264,6 +297,8 @@ void	BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(unsigned char *s,int len,BIGNUM *ret);
 int	BN_bn2bin(BIGNUM *a, unsigned char *to);
+BIGNUM *BN_mpi2bn(unsigned char *s,int len,BIGNUM *ret);
+int	BN_bn2mpi(BIGNUM *a, unsigned char *to);
 int	BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
 void	bn_qsub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
 void	bn_qadd(BIGNUM *r, BIGNUM *a, BIGNUM *b);
@@ -274,7 +309,9 @@ int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
 int	BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
 BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w);
 BN_ULONG BN_div_word(BIGNUM *a, unsigned long w);
+int	BN_mul_word(BIGNUM *a, unsigned long w);
 int	BN_add_word(BIGNUM *a, unsigned long w);
+int	BN_sub_word(BIGNUM *a, unsigned long w);
 int	BN_set_word(BIGNUM *a, unsigned long w);
 unsigned long BN_get_word(BIGNUM *a);
 int	BN_cmp(BIGNUM *a, BIGNUM *b);
@@ -282,8 +319,10 @@ void	BN_free(BIGNUM *a);
 int	BN_is_bit_set(BIGNUM *a, int n);
 int	BN_lshift(BIGNUM *r, BIGNUM *a, int n);
 int	BN_lshift1(BIGNUM *r, BIGNUM *a);
+int	BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx);
 int	BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
-int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx);
 int	BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
 int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
 	BIGNUM *m,BN_CTX *ctx);
@@ -309,20 +348,23 @@ BIGNUM *BN_dup(BIGNUM *a);
 int	BN_ucmp(BIGNUM *a, BIGNUM *b);
 int	BN_set_bit(BIGNUM *a, int n);
 int	BN_clear_bit(BIGNUM *a, int n);
-char *	BN_bn2ascii(BIGNUM *a);
-int 	BN_ascii2bn(BIGNUM **a,char *str);
+char *	BN_bn2hex(BIGNUM *a);
+char *	BN_bn2dec(BIGNUM *a);
+int 	BN_hex2bn(BIGNUM **a,char *str);
+int 	BN_dec2bn(BIGNUM **a,char *str);
 int	BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
 BIGNUM *BN_mod_inverse(BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
 BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add,
-		BIGNUM *rem,void (*callback)(int,int));
-int	BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int),
-		BN_CTX *ctx);
+		BIGNUM *rem,void (*callback)(int,int,char *),char *cb_arg);
+int	BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int,char *),
+		BN_CTX *ctx,char *cb_arg);
 void	ERR_load_BN_strings(void );
 
-BN_ULONG bn_mul_add_word(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-BN_ULONG bn_mul_word(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
 void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
 BN_ULONG bn_div64(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
@@ -331,6 +373,12 @@ int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
 int BN_MONT_CTX_set(BN_MONT_CTX *mont,BIGNUM *modulus,BN_CTX *ctx);
 
+BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+
 #else
 
 BIGNUM *BN_value_one();
@@ -345,6 +393,8 @@ void	BN_clear_free();
 BIGNUM *BN_copy();
 BIGNUM *BN_bin2bn();
 int	BN_bn2bin();
+BIGNUM *BN_mpi2bn();
+int	BN_bn2mpi();
 int	BN_sub();
 void	bn_qsub();
 void	bn_qadd();
@@ -356,6 +406,8 @@ int	BN_sqr();
 BN_ULONG BN_mod_word();
 BN_ULONG BN_div_word();
 int	BN_add_word();
+int	BN_sub_word();
+int	BN_mul_word();
 int	BN_set_word();
 unsigned long BN_get_word();
 int	BN_cmp();
@@ -363,6 +415,7 @@ void	BN_free();
 int	BN_is_bit_set();
 int	BN_lshift();
 int	BN_lshift1();
+int	BN_exp();
 int	BN_mod_exp();
 int	BN_mod_exp_mont();
 int	BN_mod_exp_recp();
@@ -383,18 +436,21 @@ BIGNUM *BN_dup();
 int	BN_ucmp();
 int	BN_set_bit();
 int	BN_clear_bit();
-char *	BN_bn2ascii();
-int 	BN_ascii2bn();
+char *	BN_bn2hex();
+char *	BN_bn2dec();
+int 	BN_hex2bn();
+int 	BN_dec2bn();
 int	BN_gcd();
 BIGNUM *BN_mod_inverse();
 BIGNUM *BN_generate_prime();
 int	BN_is_prime();
 void	ERR_load_BN_strings();
 
-BN_ULONG bn_mul_add_word();
-BN_ULONG bn_mul_word();
+BN_ULONG bn_mul_add_words();
+BN_ULONG bn_mul_words();
 void     bn_sqr_words();
 BN_ULONG bn_div64();
+BN_ULONG bn_add_words();
 
 int BN_mod_mul_montgomery();
 int BN_from_montgomery();
@@ -402,29 +458,42 @@ BN_MONT_CTX *BN_MONT_CTX_new();
 void BN_MONT_CTX_free();
 int BN_MONT_CTX_set();
 
+BN_BLINDING *BN_BLINDING_new();
+void BN_BLINDING_free();
+int BN_BLINDING_update();
+int BN_BLINDING_convert();
+int BN_BLINDING_invert();
+
 #endif
 
 /* BEGIN ERROR CODES */
 /* Error codes for the BN functions. */
 
 /* Function codes. */
-#define BN_F_BN_BL_CTX_INIT				 100
-#define BN_F_BN_BL_CTX_NEW				 101
-#define BN_F_BN_BN2ASCII				 102
-#define BN_F_BN_CTX_NEW					 103
-#define BN_F_BN_DIV					 104
-#define BN_F_BN_EXPAND2					 105
-#define BN_F_BN_MOD_EXP_MONT				 106
-#define BN_F_BN_MOD_INVERSE				 107
-#define BN_F_BN_MOD_MUL_RECIPROCAL			 108
-#define BN_F_BN_NEW					 109
-#define BN_F_BN_RAND					 110
+#define BN_F_BN_BLINDING_CONVERT			 100
+#define BN_F_BN_BLINDING_INVERT				 101
+#define BN_F_BN_BLINDING_NEW				 102
+#define BN_F_BN_BLINDING_UPDATE				 103
+#define BN_F_BN_BN2DEC					 104
+#define BN_F_BN_BN2HEX					 105
+#define BN_F_BN_CTX_NEW					 106
+#define BN_F_BN_DIV					 107
+#define BN_F_BN_EXPAND2					 108
+#define BN_F_BN_MOD_EXP_MONT				 109
+#define BN_F_BN_MOD_INVERSE				 110
+#define BN_F_BN_MOD_MUL_RECIPROCAL			 111
+#define BN_F_BN_MPI2BN					 112
+#define BN_F_BN_NEW					 113
+#define BN_F_BN_RAND					 114
 
 /* Reason codes. */
 #define BN_R_BAD_RECIPROCAL				 100
 #define BN_R_CALLED_WITH_EVEN_MODULUS			 101
 #define BN_R_DIV_BY_ZERO				 102
-#define BN_R_NO_INVERSE					 103
+#define BN_R_ENCODING_ERROR				 103
+#define BN_R_INVALID_LENGTH				 104
+#define BN_R_NOT_INITALISED				 105
+#define BN_R_NO_INVERSE					 106
  
 #ifdef  __cplusplus
 }
diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
index ecdb7453b..efb2e312e 100644
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_add.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -81,16 +81,16 @@ BIGNUM *b;
 			{ tmp=a; a=b; b=tmp; }
 
 		/* we are now a - b */
-		if (bn_expand(r,((a->top > b->top)?a->top:b->top)*BN_BITS2)
-			== NULL) return(0);
 
 		if (BN_ucmp(a,b) < 0)
 			{
+			if (bn_wexpand(r,b->top) == NULL) return(0);
 			bn_qsub(r,b,a);
 			r->neg=1;
 			}
 		else
 			{
+			if (bn_wexpand(r,a->top) == NULL) return(0);
 			bn_qsub(r,a,b);
 			r->neg=0;
 			}
@@ -103,12 +103,17 @@ BIGNUM *b;
 		r->neg=0;
 
 	i=(a->top > b->top);
-	if (bn_expand(r,(((i)?a->top:b->top)+1)*BN_BITS2) == NULL) return(0);
 
 	if (i)
+		{
+		if (bn_wexpand(r,a->top+1) == NULL) return(0);
 		bn_qadd(r,a,b);
+		}
 	else
+		{
+		if (bn_wexpand(r,b->top+1) == NULL) return(0);
 		bn_qadd(r,b,a);
+		}
 	return(1);
 	}
 
@@ -120,7 +125,7 @@ BIGNUM *b;
 	{
 	register int i;
 	int max,min;
-	BN_ULONG *ap,*bp,*rp,carry,t1,t2;
+	BN_ULONG *ap,*bp,*rp,carry,t1;
 
 	max=a->top;
 	min=b->top;
@@ -130,32 +135,24 @@ BIGNUM *b;
 	bp=b->d;
 	rp=r->d;
 	carry=0;
-	for (i=0; i<min; i++)
-		{
-		t1= *(ap++);
-		t2= *(bp++);
-		if (carry)
-			{
-			carry=(t2 >= ((~t1)&BN_MASK2));
-			t2=(t1+t2+1)&BN_MASK2;
-			}
-		else
-			{
-			t2=(t1+t2)&BN_MASK2;
-			carry=(t2 < t1);
-			}
-		*(rp++)=t2;
-		}
+
+	carry=bn_add_words(rp,ap,bp,min);
+	rp+=min;
+	ap+=min;
+	bp+=min;
+	i=min;
+
 	if (carry)
 		{
 		while (i < max)
 			{
-			t1= *(ap++);
-			t2=(t1+1)&BN_MASK2;
-			*(rp++)=t2;
-			carry=(t2 < t1);
 			i++;
-			if (!carry) break;
+			t1= *(ap++);
+			if ((*(rp++)=(t1+1)&BN_MASK2) >= t1)
+				{
+				carry=0;
+				break;
+				}
 			}
 		if ((i >= max) && carry)
 			{
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 0ce4d4182..2263bdc7d 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_div.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -132,7 +132,7 @@ BN_CTX *ctx;
 	BN_ULONG d0,d1;
 	int num_n,div_n;
 
-	if (BN_is_zero(num))
+	if (BN_is_zero(divisor))
 		{
 		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
 		return(0);
@@ -184,11 +184,11 @@ BN_CTX *ctx;
 	/* Setup to 'res' */
 	res->neg= (num->neg^divisor->neg);
 	res->top=loop;
-	if (!bn_expand(res,(loop+1)*BN_BITS2)) goto err;
+	if (!bn_wexpand(res,(loop+1))) goto err;
 	resp= &(res->d[loop-1]);
 
 	/* space for temp */
-	if (!bn_expand(tmp,(div_n+1)*BN_BITS2)) goto err;
+	if (!bn_wexpand(tmp,(div_n+1))) goto err;
 
 	if (BN_ucmp(&wnum,sdiv) >= 0)
 		{
@@ -237,9 +237,9 @@ BN_CTX *ctx;
 
 			t3t=LBITS(d0); t3h=HBITS(d0);
 			mul64(t3t,t3h,ql,qh); /* t3=t1-(BN_ULLONG)q*d0; */
-			t3l=(t1l-t3t);
+			t3l=(t1l-t3t)&BN_MASK2;
 			if (t3l > t1l) t3h++;
-			t3h=(t1h-t3h);
+			t3h=(t1h-t3h)&BN_MASK2;
 
 			/*if ((t3>>BN_BITS2) ||
 				(t2 <= ((t3<<BN_BITS2)+wnump[-2])))
@@ -252,7 +252,7 @@ BN_CTX *ctx;
 			}
 #endif
 		}
-		l0=bn_mul_word(tmp->d,sdiv->d,div_n,q);
+		l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
 		tmp->d[div_n]=l0;
 		for (j=div_n+1; j>0; j--)
 			if (tmp->d[j-1]) break;
diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
index 38818d6e6..029ae810d 100644
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -60,17 +60,22 @@
 #include "bn.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA BN_str_functs[]=
 	{
-{ERR_PACK(0,BN_F_BN_BL_CTX_INIT,0),	"BN_BL_CTX_INIT"},
-{ERR_PACK(0,BN_F_BN_BL_CTX_NEW,0),	"BN_BL_CTX_NEW"},
-{ERR_PACK(0,BN_F_BN_BN2ASCII,0),	"BN_bn2ascii"},
+{ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0),	"BN_BLINDING_convert"},
+{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0),	"BN_BLINDING_invert"},
+{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0),	"BN_BLINDING_new"},
+{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0),	"BN_BLINDING_update"},
+{ERR_PACK(0,BN_F_BN_BN2DEC,0),	"BN_bn2dec"},
+{ERR_PACK(0,BN_F_BN_BN2HEX,0),	"BN_bn2hex"},
 {ERR_PACK(0,BN_F_BN_CTX_NEW,0),	"BN_CTX_new"},
 {ERR_PACK(0,BN_F_BN_DIV,0),	"BN_div"},
 {ERR_PACK(0,BN_F_BN_EXPAND2,0),	"bn_expand2"},
 {ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0),	"BN_mod_exp_mont"},
 {ERR_PACK(0,BN_F_BN_MOD_INVERSE,0),	"BN_mod_inverse"},
 {ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0),	"BN_mod_mul_reciprocal"},
+{ERR_PACK(0,BN_F_BN_MPI2BN,0),	"BN_mpi2bn"},
 {ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},
 {ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},
 {0,NULL},
@@ -81,18 +86,26 @@ static ERR_STRING_DATA BN_str_reasons[]=
 {BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
 {BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
 {BN_R_DIV_BY_ZERO                        ,"div by zero"},
+{BN_R_ENCODING_ERROR                     ,"encoding error"},
+{BN_R_INVALID_LENGTH                     ,"invalid length"},
+{BN_R_NOT_INITALISED                     ,"not initalised"},
 {BN_R_NO_INVERSE                         ,"no inverse"},
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_BN_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_BN,BN_str_functs);
 		ERR_load_strings(ERR_LIB_BN,BN_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 0a0db370c..c056a5083 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_exp.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -120,6 +120,38 @@ err:
 
 #endif
 
+/* this one works - simple but works */
+int BN_exp(r,a,p,ctx)
+BIGNUM *r,*a,*p;
+BN_CTX *ctx;
+	{
+	int i,bits,ret=0;
+	BIGNUM *v,*tmp;
+
+	v=ctx->bn[ctx->tos++];
+	tmp=ctx->bn[ctx->tos++];
+
+	if (BN_copy(v,a) == NULL) goto err;
+	bits=BN_num_bits(p);
+
+	if (BN_is_odd(p))
+		{ if (BN_copy(r,a) == NULL) goto err; }
+	else	{ if (BN_one(r)) goto err; }
+
+	for (i=1; i<bits; i++)
+		{
+		if (!BN_sqr(tmp,v,ctx)) goto err;
+		if (BN_is_bit_set(p,i))
+			{
+			if (!BN_mul(tmp,r,v)) goto err;
+			}
+		}
+	ret=1;
+err:
+	ctx->tos-=2;
+	return(ret);
+	}
+
 int BN_mod_exp(r,a,p,m,ctx)
 BIGNUM *r;
 BIGNUM *a;
@@ -137,7 +169,7 @@ BN_CTX *ctx;
 /*	if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
 
 	if (BN_is_odd(m))
-		{ ret=BN_mod_exp_mont(r,a,p,m,ctx); }
+		{ ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); }
 	else
 #endif
 #ifdef RECP_MUL_MOD
@@ -266,17 +298,19 @@ err:
 /* #endif */
 
 /* #ifdef MONT_MUL_MOD */
-int BN_mod_exp_mont(r,a,p,m,ctx)
+int BN_mod_exp_mont(r,a,p,m,ctx,in_mont)
 BIGNUM *r;
 BIGNUM *a;
 BIGNUM *p;
 BIGNUM *m;
 BN_CTX *ctx;
+BN_MONT_CTX *in_mont;
 	{
+#define TABLE_SIZE	16
 	int i,j,bits,ret=0,wstart,wend,window,wvalue;
 	int start=1;
 	BIGNUM *d,*aa;
-	BIGNUM *val[16];
+	BIGNUM *val[TABLE_SIZE];
 	BN_MONT_CTX *mont=NULL;
 
 	if (!(m->d[0] & 1))
@@ -295,8 +329,15 @@ BN_CTX *ctx;
 	/* If this is not done, things will break in the montgomery
 	 * part */
 
-	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-	if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+#if 1
+	if (in_mont != NULL)
+		mont=in_mont;
+	else
+#endif
+		{
+		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+		}
 
 	val[0]=BN_new();
 	if (BN_ucmp(a,m) >= 0)
@@ -309,11 +350,11 @@ BN_CTX *ctx;
 	if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */
 	if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
 
-	if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
+	if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */
 		window=1;
-	else if (bits >= 256)
+	else if (bits > 250)
 		window=5;	/* max size of window */
-	else if (bits >= 128)
+	else if (bits >= 120)
 		window=4;
 	else
 		window=3;
@@ -325,7 +366,7 @@ BN_CTX *ctx;
 		if (!BN_mod_mul_montgomery(val[i],val[i-1],d,mont,ctx))
 			goto err;
 		}
-	for (; i<16; i++)
+	for (; i<TABLE_SIZE; i++)
 		val[i]=NULL;
 
 	start=1;	/* This is used to avoid multiplication etc
@@ -341,8 +382,10 @@ BN_CTX *ctx;
 		if (BN_is_bit_set(p,wstart) == 0)
 			{
 			if (!start)
+				{
 				if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
 				goto err;
+				}
 			if (wstart == 0) break;
 			wstart--;
 			continue;
@@ -388,9 +431,9 @@ BN_CTX *ctx;
 	BN_from_montgomery(r,r,mont,ctx);
 	ret=1;
 err:
-	if (mont != NULL) BN_MONT_CTX_free(mont);
+	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
 	ctx->tos--;
-	for (i=0; i<16; i++)
+	for (i=0; i<TABLE_SIZE; i++)
 		if (val[i] != NULL) BN_clear_free(val[i]);
 	return(ret);
 	}
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 9b0bc2b10..071bba3b4 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_gcd.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
index 4d44651df..edfd78833 100644
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_lcl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -78,31 +78,23 @@ extern "C" {
 		if (*(fix_top_l--)) break; \
 	}
 
-#define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b)))
+/* #define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b))) */
 
 #ifdef BN_LLONG
 #define mul_add(r,a,w,c) { \
 	BN_ULLONG t; \
 	t=(BN_ULLONG)w * (a) + (r) + (c); \
-	(r)=Lw(t); \
+	(r)= Lw(t); \
 	(c)= Hw(t); \
 	}
 
 #define mul(r,a,w,c) { \
 	BN_ULLONG t; \
 	t=(BN_ULLONG)w * (a) + (c); \
-	(r)=Lw(t); \
+	(r)= Lw(t); \
 	(c)= Hw(t); \
 	}
 
-#define bn_mul_words(r1,r2,a,b) \
-	{ \
-	BN_ULLONG t; \
-	t=(BN_ULLONG)(a)*(b); \
-	r1=Lw(t); \
-	r2=Hw(t); \
-	}
-
 #else
 /*************************************************************
  * No long long type
@@ -126,10 +118,10 @@ extern "C" {
 	lt=(bl)*(lt); \
 	m1=(bl)*(ht); \
 	ht =(bh)*(ht); \
-	m+=m1; if ((m&BN_MASK2) < m1) ht+=L2HBITS(1L); \
+	m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS(1L); \
 	ht+=HBITS(m); \
 	m1=L2HBITS(m); \
-	lt+=m1; if ((lt&BN_MASK2) < m1) ht++; \
+	lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
 	(l)=lt; \
 	(h)=ht; \
 	}
@@ -146,7 +138,7 @@ extern "C" {
 	h*=h; \
 	h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
 	m =(m&BN_MASK2l)<<(BN_BITS4+1); \
-	l+=m; if ((l&BN_MASK2) < m) h++; \
+	l=(l+m)&BN_MASK2; if (l < m) h++; \
 	(lo)=l; \
 	(ho)=h; \
 	}
@@ -160,11 +152,11 @@ extern "C" {
 	mul64(l,h,(bl),(bh)); \
  \
 	/* non-multiply part */ \
-	l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+	l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
 	(c)=(r); \
-	l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+	l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
 	(c)=h&BN_MASK2; \
-	(r)=l&BN_MASK2; \
+	(r)=l; \
 	}
 
 #define mul(r,a,bl,bh,c) { \
@@ -181,31 +173,22 @@ extern "C" {
 	(r)=l&BN_MASK2; \
 	}
 
-#define bn_mul_words(r1,r2,a,b) \
-	{ \
-	BN_ULONG l,h,bl,bh; \
- \
-	h=(a); \
-	l=LBITS(h); \
-	h=HBITS(h); \
-	bh=(b); \
-	bl=LBITS(bh); \
-	bh=HBITS(bh); \
- \
-	mul64(l,h,bl,bh); \
- \
-	(r1)=l; \
-	(r2)=h; \
-	}
 #endif
 
 #ifndef NOPROTO
 
 BIGNUM *bn_expand2(BIGNUM *b, int bits);
 
+#ifdef X86_ASM
+void bn_add_words(BN_ULONG *r,BN_ULONG *a,int num);
+#endif
+
 #else
 
 BIGNUM *bn_expand2();
+#ifdef X86_ASM
+BN_ULONG bn_add_words();
+#endif
 
 #endif
 
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 288ebca68..bfe7628ad 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-char *BN_version="Big Number part of SSLeay 0.8.1b 29-Jun-1998";
+char *BN_version="Big Number part of SSLeay 0.9.0b 29-Jun-1998";
 
 BIGNUM *BN_value_one()
 	{
@@ -188,7 +188,7 @@ BIGNUM *a;
 	i=(a->top-1)*BN_BITS2;
 	if (l == 0)
 		{
-#ifndef WIN16
+#if !defined(NO_STDIO) && !defined(WIN16)
 		fprintf(stderr,"BAD TOP VALUE\n");
 #endif
 		abort();
@@ -279,24 +279,23 @@ BN_CTX *c;
 	Free(c);
 	}
 
-BIGNUM *bn_expand2(b, bits)
+BIGNUM *bn_expand2(b, words)
 BIGNUM *b;
-int bits;
+int words;
 	{
 	BN_ULONG *p;
-	register int n;
 
-	while (bits > b->max*BN_BITS2)
+	if (words > b->max)
 		{
-		n=((bits+BN_BITS2-1)/BN_BITS2)*2;
-		p=b->d=(BN_ULONG *)Realloc(b->d,sizeof(BN_ULONG)*(n+1));
+		p=(BN_ULONG *)Realloc(b->d,sizeof(BN_ULONG)*(words+1));
 		if (p == NULL)
 			{
 			BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
 			return(NULL);
 			}
-		memset(&(p[b->max]),0,((n+1)-b->max)*sizeof(BN_ULONG));
-		b->max=n;
+		b->d=p;
+		memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG));
+		b->max=words;
 		}
 	return(b);
 	}
@@ -315,10 +314,53 @@ BIGNUM *BN_copy(a, b)
 BIGNUM *a;
 BIGNUM *b;
 	{
-	if (bn_expand(a,b->top*BN_BITS2) == NULL) return(NULL);
+	int i;
+	BN_ULONG *A,*B;
+
+	if (a == b) return(a);
+	if (bn_wexpand(a,b->top) == NULL) return(NULL);
+
+#if 1
+	A=a->d;
+	B=b->d;
+	for (i=b->top&(~7); i>0; i-=8)
+		{
+		A[0]=B[0];
+		A[1]=B[1];
+		A[2]=B[2];
+		A[3]=B[3];
+		A[4]=B[4];
+		A[5]=B[5];
+		A[6]=B[6];
+		A[7]=B[7];
+		A+=8;
+		B+=8;
+		}
+	switch (b->top&7)
+		{
+	case 7:
+		A[6]=B[6];
+	case 6:
+		A[5]=B[5];
+	case 5:
+		A[4]=B[4];
+	case 4:
+		A[3]=B[3];
+	case 3:
+		A[2]=B[2];
+	case 2:
+		A[1]=B[1];
+	case 1:
+		A[0]=B[0];
+		}
+#else
 	memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
+#endif
+
 /*	memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
 	a->top=b->top;
+	if (a->top == 0)
+		a->d[0]=0;
 	a->neg=b->neg;
 	return(a);
 	}
@@ -507,7 +549,11 @@ int n;
 
 	i=n/BN_BITS2;
 	j=n%BN_BITS2;
-	if (a->top <= i) return(0);
+	if (a->top <= i)
+		{
+		if (bn_expand(a,n) == NULL) return(0);
+		a->top=i+1;
+		}
 
 	a->d[i]|=(1L<<j);
 	return(1);
diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c
index c94241f59..c351aac14 100644
--- a/crypto/bn/bn_mod.c
+++ b/crypto/bn/bn_mod.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_mod.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 932d10b73..e435df61f 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_mont.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -95,8 +95,8 @@ BN_MONT_CTX *mont;
 BN_CTX *ctx;
 	{
 	BIGNUM *n,*t1,*r;
-	BN_ULONG *ap,*np,*rp,k,n0,v,v2;
-	int al,nl,max,i,x;
+	BN_ULONG *ap,*np,*rp,n0,v;
+	int al,nl,max,i,x,ri;
 	int retn=0;
 
 	t1=ctx->bn[ctx->tos];
@@ -105,50 +105,76 @@ BN_CTX *ctx;
 	if (!BN_copy(r,a)) goto err;
 	n=mont->N;
 
-	if (!BN_copy(t1,a)) goto err;
-	BN_mask_bits(t1,mont->ri);
-
-	a=t1;
+	ap=a->d;
+	/* mont->ri is the size of mont->N in bits/words */
+	al=ri=mont->ri/BN_BITS2;
 
-	al=a->top;
 	nl=n->top;
 	if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
 
 	max=(nl+al+1); /* allow for overflow (no?) XXX */
-	if (bn_expand(r,(max)*BN_BITS2) == NULL) goto err;
+	if (bn_wexpand(r,max) == NULL) goto err;
+	if (bn_wexpand(ret,max) == NULL) goto err;
 
 	r->neg=a->neg^n->neg;
-	ap=a->d;
 	np=n->d;
 	rp=r->d;
 
-	/* clear the top bytes of T */
+	/* clear the top words of T */
+#if 1
 	for (i=r->top; i<max; i++) /* memset? XXX */
 		r->d[i]=0;
-/*	memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); */
+#else
+	memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
+#endif
 
 	r->top=max;
 	n0=mont->n0;
 
 	for (i=0; i<nl; i++)
 		{
-		/* This is were part words probably goes wrong */
-		k=(rp[0]*n0)&BN_MASK2;
-		v=bn_mul_add_word(rp,np,nl,k);
-		
-		for (x=nl; v; x++)
+#if 0
+		int x1,x2;
+
+		if (i+4 > nl)
+			{
+			x2=nl;
+			x1=0;
+			}
+		else
 			{
-			v2=rp[x];
-			v2+=v;
-			rp[x]=v2;
-			v=((v2&BN_MASK2) < v)?1:0; /* ever true? XXX */
+			x2=i+4;
+			x1=nl-x2;
+			}
+		v=bn_mul_add_words(&(rp[x1]),&(np[x1]),x2,(rp[x1]*n0)&BN_MASK2);
+#else
+		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+#endif
+
+		if (((rp[nl]+=v)&BN_MASK2) < v)
+			{
+			for (x=(nl+1); (((++rp[x])&BN_MASK2) == 0); x++)
+				;
 			}
 		rp++;
 		}
 	while (r->d[r->top-1] == 0)
 		r->top--;
 
+	/* mont->ri will be a multiple of the word size */
+#if 0
 	BN_rshift(ret,r,mont->ri);
+#else
+	ap=r->d;
+	rp=ret->d;
+	x=ri;
+	al=r->top-x;
+	for (i=0; i<al; i++)
+		{
+		rp[i]=ap[i+x];
+		}
+	ret->top=al;
+#endif
 
 	if (BN_ucmp(ret,mont->N) >= 0)
 		{
diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
index 3c8bf23a7..d0c04e1d4 100644
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,6 +61,7 @@
 #include "bn_lcl.h"
 
 /* r must be different to a and b */
+/* int BN_mmul(r, a, b) */
 int BN_mul(r, a, b)
 BIGNUM *r;
 BIGNUM *a;
@@ -79,21 +80,130 @@ BIGNUM *b;
 		}
 
 	max=(al+bl);
-	if (bn_expand(r,(max)*BN_BITS2) == NULL) return(0);
+	if (bn_wexpand(r,max) == NULL) return(0);
 	r->top=max;
 	r->neg=a->neg^b->neg;
 	ap=a->d;
 	bp=b->d;
 	rp=r->d;
 
-	rp[al]=bn_mul_word(rp,ap,al,*(bp++));
+	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
 	rp++;
 	for (i=1; i<bl; i++)
 		{
-		rp[al]=bn_mul_add_word(rp,ap,al,*(bp++));
+		rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
 		rp++;
 		}
 	if (r->d[max-1] == 0) r->top--;
 	return(1);
 	}
 
+#if 0
+#include "stack.h"
+
+int limit=16;
+
+typedef struct bn_pool_st
+	{
+	int used;
+	int tos;
+	STACK *sk; 
+	} BN_POOL;
+
+BIGNUM *BN_POOL_push(bp)
+BN_POOL *bp;
+	{
+	BIGNUM *ret;
+
+	if (bp->used >= bp->tos)
+		{
+		ret=BN_new();
+		sk_push(bp->sk,(char *)ret);
+		bp->tos++;
+		bp->used++;
+		}
+	else
+		{
+		ret=(BIGNUM *)sk_value(bp->sk,bp->used);
+		bp->used++;
+		}
+	return(ret);
+	}
+
+void BN_POOL_pop(bp,num)
+BN_POOL *bp;
+int num;
+	{
+	bp->used-=num;
+	}
+
+int BN_mul(r,a,b)
+BIGNUM *r,*a,*b;
+	{
+	static BN_POOL bp;
+	static init=1;
+
+	if (init)
+		{
+		bp.used=0;
+		bp.tos=0;
+		bp.sk=sk_new_null();
+		init=0;
+		}
+	return(BN_mm(r,a,b,&bp));
+	}
+
+/* r must be different to a and b */
+int BN_mm(m, A, B, bp)
+BIGNUM *m,*A,*B;
+BN_POOL *bp;
+	{
+	int i,num;
+	int an,bn;
+	BIGNUM *a,*b,*c,*d,*ac,*bd;
+
+	an=A->top;
+	bn=B->top;
+	if ((an <= limit) || (bn <= limit))
+		{
+		return(BN_mmul(m,A,B));
+		}
+
+	a=BN_POOL_push(bp);
+	b=BN_POOL_push(bp);
+	c=BN_POOL_push(bp);
+	d=BN_POOL_push(bp);
+	ac=BN_POOL_push(bp);
+	bd=BN_POOL_push(bp);
+
+	num=(an <= bn)?an:bn;
+	num=1<<(BN_num_bits_word(num-1)-1);
+
+	/* Are going to now chop things into 'num' word chunks. */
+	num*=BN_BITS2;
+
+	BN_copy(a,A);
+	BN_mask_bits(a,num);
+	BN_rshift(b,A,num);
+
+	BN_copy(c,B);
+	BN_mask_bits(c,num);
+	BN_rshift(d,B,num);
+
+	BN_sub(ac ,b,a);
+	BN_sub(bd,c,d);
+	BN_mm(m,ac,bd,bp);
+	BN_mm(ac,a,c,bp);
+	BN_mm(bd,b,d,bp);
+
+	BN_add(m,m,ac);
+	BN_add(m,m,bd);
+	BN_lshift(m,m,num);
+	BN_lshift(bd,bd,num*2);
+
+	BN_add(m,m,ac);
+	BN_add(m,m,bd);
+	BN_POOL_pop(bp,6);
+	return(1);
+	}
+#endif
diff --git a/crypto/bn/bn_mulw.c b/crypto/bn/bn_mulw.c
index d90312739..abfc7e4d6 100644
--- a/crypto/bn/bn_mulw.c
+++ b/crypto/bn/bn_mulw.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_mulw.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -62,7 +62,7 @@
 
 #ifdef BN_LLONG 
 
-BN_ULONG bn_mul_add_word(rp,ap,num,w)
+BN_ULONG bn_mul_add_words(rp,ap,num,w)
 BN_ULONG *rp,*ap;
 int num;
 BN_ULONG w;
@@ -86,7 +86,7 @@ BN_ULONG w;
 	return(c1);
 	} 
 
-BN_ULONG bn_mul_word(rp,ap,num,w)
+BN_ULONG bn_mul_words(rp,ap,num,w)
 BN_ULONG *rp,*ap;
 int num;
 BN_ULONG w;
@@ -138,9 +138,45 @@ int n;
 		}
 	}
 
+BN_ULONG bn_add_words(r,a,b,n)
+BN_ULONG *r,*a,*b;
+int n;
+        {
+	BN_ULLONG ll;
+
+	ll=0;
+	for (;;)
+		{
+		ll+= (BN_ULLONG)a[0]+b[0];
+		r[0]=(BN_ULONG)ll&BN_MASK2;
+		ll>>=BN_BITS2;
+		if (--n <= 0) break;
+
+		ll+= (BN_ULLONG)a[1]+b[1];
+		r[1]=(BN_ULONG)ll&BN_MASK2;
+		ll>>=BN_BITS2;
+		if (--n <= 0) break;
+
+		ll+= (BN_ULLONG)a[2]+b[2];
+		r[2]=(BN_ULONG)ll&BN_MASK2;
+		ll>>=BN_BITS2;
+		if (--n <= 0) break;
+
+		ll+= (BN_ULLONG)a[3]+b[3];
+		r[3]=(BN_ULONG)ll&BN_MASK2;
+		ll>>=BN_BITS2;
+		if (--n <= 0) break;
+
+		a+=4;
+		b+=4;
+		r+=4;
+		}
+	return(ll&BN_MASK2);
+	}
+
 #else
 
-BN_ULONG bn_mul_add_word(rp,ap,num,w)
+BN_ULONG bn_mul_add_words(rp,ap,num,w)
 BN_ULONG *rp,*ap;
 int num;
 BN_ULONG w;
@@ -167,7 +203,7 @@ BN_ULONG w;
 	return(c);
 	} 
 
-BN_ULONG bn_mul_word(rp,ap,num,w)
+BN_ULONG bn_mul_words(rp,ap,num,w)
 BN_ULONG *rp,*ap;
 int num;
 BN_ULONG w;
@@ -217,6 +253,33 @@ int n;
 		}
 	}
 
+BN_ULONG bn_add_words(r,a,b,n)
+BN_ULONG *r,*a,*b;
+int n;
+        {
+	BN_ULONG t1,t2;
+	int carry,i;
+
+	carry=0;
+	for (i=0; i<n; i++)
+		{
+		t1= *(a++);
+		t2= *(b++);
+		if (carry)
+			{
+			carry=(t2 >= ((~t1)&BN_MASK2));
+			t2=(t1+t2+1)&BN_MASK2;
+			}
+		else
+			{
+			t2=(t1+t2)&BN_MASK2;
+			carry=(t2<t1);
+			}
+		*(r++)=t2;
+		}
+	return(carry);
+	}
+
 #endif
 
 #if defined(BN_LLONG) && defined(BN_DIV2W)
@@ -242,7 +305,7 @@ BN_ULONG h,l,d;
 	i=BN_num_bits_word(d);
 	if ((i != BN_BITS2) && (h > (BN_ULONG)1<<i))
 		{
-#ifndef WIN16
+#if !defined(NO_STDIO) && !defined(WIN16)
 		fprintf(stderr,"Division would overflow (%d)\n",i);
 #endif
 		abort();
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 07a828949..0c85f70b5 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_prime.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -69,7 +69,8 @@
 #include "bn_prime.h"
 
 #ifndef NOPROTO
-static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx);
+static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2,
+	BN_MONT_CTX *mont);
 static int probable_prime(BIGNUM *rnd, int bits);
 static int probable_prime_dh(BIGNUM *rnd, int bits,
 	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
@@ -82,12 +83,13 @@ static int probable_prime_dh();
 static int probable_prime_dh_strong();
 #endif
 
-BIGNUM *BN_generate_prime(bits,strong,add,rem,callback)
+BIGNUM *BN_generate_prime(bits,strong,add,rem,callback,cb_arg)
 int bits;
 int strong;
 BIGNUM *add;
 BIGNUM *rem;
-void (*callback)(P_I_I); 
+void (*callback)(P_I_I_P); 
+char *cb_arg;
 	{
 	BIGNUM *rnd=NULL;
 	BIGNUM *ret=NULL;
@@ -120,11 +122,11 @@ loop:
 			}
 		}
 	/* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
-	if (callback != NULL) callback(0,c1++);
+	if (callback != NULL) callback(0,c1++,cb_arg);
 
 	if (!strong)
 		{
-		i=BN_is_prime(rnd,BN_prime_checks,callback,ctx);
+		i=BN_is_prime(rnd,BN_prime_checks,callback,ctx,cb_arg);
 		if (i == -1) goto err;
 		if (i == 0) goto loop;
 		}
@@ -138,15 +140,15 @@ loop:
 
 		for (i=0; i<BN_prime_checks; i++)
 			{
-			j=BN_is_prime(rnd,1,callback,ctx);
+			j=BN_is_prime(rnd,1,callback,ctx,cb_arg);
 			if (j == -1) goto err;
 			if (j == 0) goto loop;
 
-			j=BN_is_prime(t,1,callback,ctx);
+			j=BN_is_prime(t,1,callback,ctx,cb_arg);
 			if (j == -1) goto err;
 			if (j == 0) goto loop;
 
-			if (callback != NULL) callback(2,c1-1);
+			if (callback != NULL) callback(2,c1-1,cb_arg);
 			/* We have a strong prime test pass */
 			}
 		}
@@ -159,60 +161,78 @@ err:
 	return(ret);
 	}
 
-int BN_is_prime(a,checks,callback,ctx_passed)
+int BN_is_prime(a,checks,callback,ctx_passed,cb_arg)
 BIGNUM *a;
 int checks;
-void (*callback)(P_I_I);
+void (*callback)(P_I_I_P);
 BN_CTX *ctx_passed;
+char *cb_arg;
 	{
 	int i,j,c2=0,ret= -1;
 	BIGNUM *check;
-	BN_CTX *ctx;
+	BN_CTX *ctx=NULL,*ctx2=NULL;
+	BN_MONT_CTX *mont=NULL;
 
+	if (!BN_is_odd(a))
+		return(0);
 	if (ctx_passed != NULL)
 		ctx=ctx_passed;
 	else
 		if ((ctx=BN_CTX_new()) == NULL) goto err;
 
+	if ((ctx2=BN_CTX_new()) == NULL) goto err;
+	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+
 	check=ctx->bn[ctx->tos++];
+
+	/* Setup the montgomery structure */
+	if (!BN_MONT_CTX_set(mont,a,ctx2)) goto err;
+
 	for (i=0; i<checks; i++)
 		{
 		if (!BN_rand(check,BN_num_bits(a)-1,0,0)) goto err;
-		j=witness(check,a,ctx);
+		j=witness(check,a,ctx,ctx2,mont);
 		if (j == -1) goto err;
 		if (j)
 			{
 			ret=0;
 			goto err;
 			}
-		if (callback != NULL) callback(1,c2++);
+		if (callback != NULL) callback(1,c2++,cb_arg);
 		}
 	ret=1;
 err:
 	ctx->tos--;
 	if ((ctx_passed == NULL) && (ctx != NULL))
 		BN_CTX_free(ctx);
+	if (ctx2 != NULL)
+		BN_CTX_free(ctx2);
+	if (mont != NULL) BN_MONT_CTX_free(mont);
 		
 	return(ret);
 	}
 
 #define RECP_MUL_MOD
 
-static int witness(a, n,ctx)
+static int witness(a,n,ctx,ctx2,mont)
 BIGNUM *a;
 BIGNUM *n;
-BN_CTX *ctx;
+BN_CTX *ctx,*ctx2;
+BN_MONT_CTX *mont;
 	{
-	int k,i,nb,ret= -1;
-	BIGNUM *d,*dd,*tmp;
-	BIGNUM *d1,*d2,*x,*n1,*inv;
+	int k,i,ret= -1,good;
+	BIGNUM *d,*dd,*tmp,*d1,*d2,*n1;
+	BIGNUM *mont_one,*mont_n1,*mont_a;
 
 	d1=ctx->bn[ctx->tos];
 	d2=ctx->bn[ctx->tos+1];
-	x=ctx->bn[ctx->tos+2];
-	n1=ctx->bn[ctx->tos+3];
-	inv=ctx->bn[ctx->tos+4];
-	ctx->tos+=5;
+	n1=ctx->bn[ctx->tos+2];
+	ctx->tos+=3;
+
+	mont_one=ctx2->bn[ctx2->tos];
+	mont_n1=ctx2->bn[ctx2->tos+1];
+	mont_a=ctx2->bn[ctx2->tos+2];
+	ctx2->tos+=3;
 
 	d=d1;
 	dd=d2;
@@ -220,34 +240,29 @@ BN_CTX *ctx;
 	if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */
 	k=BN_num_bits(n1);
 
-	/* i=BN_num_bits(n); */
-#ifdef RECP_MUL_MOD
-	nb=BN_reciprocal(inv,n,ctx); /**/
-	if (nb == -1) goto err;
-#endif
+	if (!BN_to_montgomery(mont_one,BN_value_one(),mont,ctx2)) goto err;
+	if (!BN_to_montgomery(mont_n1,n1,mont,ctx2)) goto err;
+	if (!BN_to_montgomery(mont_a,a,mont,ctx2)) goto err;
 
+	BN_copy(d,mont_one);
 	for (i=k-1; i>=0; i--)
 		{
-		if (BN_copy(x,d) == NULL) goto err;
-#ifndef RECP_MUL_MOD
-		if (!BN_mod_mul(dd,d,d,n,ctx)) goto err;
-#else
-		if (!BN_mod_mul_reciprocal(dd,d,d,n,inv,nb,ctx)) goto err;
-#endif
-		if (	BN_is_one(dd) &&
-			!BN_is_one(x) &&
-			(BN_cmp(x,n1) != 0))
+		if (	(BN_cmp(d,mont_one) != 0) &&
+			(BN_cmp(d,mont_n1) != 0))
+			good=1;
+		else
+			good=0;
+
+		BN_mod_mul_montgomery(dd,d,d,mont,ctx2);
+		
+		if (good && (BN_cmp(dd,mont_one) == 0))
 			{
 			ret=1;
 			goto err;
 			}
 		if (BN_is_bit_set(n1,i))
 			{
-#ifndef RECP_MUL_MOD
-			if (!BN_mod_mul(d,dd,a,n,ctx)) goto err;
-#else
-			if (!BN_mod_mul_reciprocal(d,dd,a,n,inv,nb,ctx)) goto err; 
-#endif
+			BN_mod_mul_montgomery(d,dd,mont_a,mont,ctx2);
 			}
 		else
 			{
@@ -256,12 +271,13 @@ BN_CTX *ctx;
 			dd=tmp;
 			}
 		}
-	if (BN_is_one(d))
+	if (BN_cmp(d,mont_one) == 0)
 		i=0;
 	else	i=1;
 	ret=i;
 err:
-	ctx->tos-=5;
+	ctx->tos-=3;
+	ctx2->tos-=3;
 	return(ret);
 	}
 
@@ -387,3 +403,71 @@ err:
 	return(ret);
 	}
 
+#if 0
+static int witness(a, n,ctx)
+BIGNUM *a;
+BIGNUM *n;
+BN_CTX *ctx;
+	{
+	int k,i,nb,ret= -1;
+	BIGNUM *d,*dd,*tmp;
+	BIGNUM *d1,*d2,*x,*n1,*inv;
+
+	d1=ctx->bn[ctx->tos];
+	d2=ctx->bn[ctx->tos+1];
+	x=ctx->bn[ctx->tos+2];
+	n1=ctx->bn[ctx->tos+3];
+	inv=ctx->bn[ctx->tos+4];
+	ctx->tos+=5;
+
+	d=d1;
+	dd=d2;
+	if (!BN_one(d)) goto err;
+	if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */
+	k=BN_num_bits(n1);
+
+	/* i=BN_num_bits(n); */
+#ifdef RECP_MUL_MOD
+	nb=BN_reciprocal(inv,n,ctx); /**/
+	if (nb == -1) goto err;
+#endif
+
+	for (i=k-1; i>=0; i--)
+		{
+		if (BN_copy(x,d) == NULL) goto err;
+#ifndef RECP_MUL_MOD
+		if (!BN_mod_mul(dd,d,d,n,ctx)) goto err;
+#else
+		if (!BN_mod_mul_reciprocal(dd,d,d,n,inv,nb,ctx)) goto err;
+#endif
+		if (	BN_is_one(dd) &&
+			!BN_is_one(x) &&
+			(BN_cmp(x,n1) != 0))
+			{
+			ret=1;
+			goto err;
+			}
+		if (BN_is_bit_set(n1,i))
+			{
+#ifndef RECP_MUL_MOD
+			if (!BN_mod_mul(d,dd,a,n,ctx)) goto err;
+#else
+			if (!BN_mod_mul_reciprocal(d,dd,a,n,inv,nb,ctx)) goto err; 
+#endif
+			}
+		else
+			{
+			tmp=d;
+			d=dd;
+			dd=tmp;
+			}
+		}
+	if (BN_is_one(d))
+		i=0;
+	else	i=1;
+	ret=i;
+err:
+	ctx->tos-=5;
+	return(ret);
+	}
+#endif
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index 1d6df587a..6fce0210c 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_prime.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 36bc0d143..2bcc11c85 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_print.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -65,7 +65,7 @@
 static char *Hex="0123456789ABCDEF";
 
 /* Must 'Free' the returned data */
-char *BN_bn2ascii(a)
+char *BN_bn2hex(a)
 BIGNUM *a;
 	{
 	int i,j,v,z=0;
@@ -75,7 +75,7 @@ BIGNUM *a;
 	buf=(char *)Malloc(a->top*BN_BYTES*2+2);
 	if (buf == NULL)
 		{
-		BNerr(BN_F_BN_BN2ASCII,ERR_R_MALLOC_FAILURE);
+		BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 	p=buf;
@@ -100,7 +100,63 @@ err:
 	return(buf);
 	}
 
-int BN_ascii2bn(bn,a)
+/* Must 'Free' the returned data */
+char *BN_bn2dec(a)
+BIGNUM *a;
+	{
+	int i=0,num;
+	char *buf=NULL;
+	char *p;
+	BIGNUM *t=NULL;
+	BN_ULONG *bn_data=NULL,*lp;
+
+	i=BN_num_bits(a)*3;
+	num=(i/10+i/1000+3)+1;
+	bn_data=(BN_ULONG *)Malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
+	buf=(char *)Malloc(num+3);
+	if ((buf == NULL) || (bn_data == NULL))
+		{
+		BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	if ((t=BN_dup(a)) == NULL) goto err;
+
+	p=buf;
+	lp=bn_data;
+	if (t->neg) *(p++)='-';
+	if (t->top == 0)
+		{
+		*(p++)='0';
+		*(p++)='\0';
+		}
+	else
+		{
+		i=0;
+		while (!BN_is_zero(t))
+			{
+			*lp=BN_div_word(t,BN_DEC_CONV);
+			lp++;
+			}
+		lp--;
+		/* We now have a series of blocks, BN_DEC_NUM chars
+		 * in length, where the last one needs trucation.
+		 * The blocks need to be reversed in order. */
+		sprintf(p,BN_DEC_FMT1,*lp);
+		while (*p) p++;
+		while (lp != bn_data)
+			{
+			lp--;
+			sprintf(p,BN_DEC_FMT2,*lp);
+			while (*p) p++;
+			}
+		}
+err:
+	if (bn_data != NULL) Free(bn_data);
+	if (t != NULL) BN_free(t);
+	return(buf);
+	}
+
+int BN_hex2bn(bn,a)
 BIGNUM **bn;
 char *a;
 	{
@@ -168,9 +224,68 @@ err:
 	return(0);
 	}
 
+int BN_dec2bn(bn,a)
+BIGNUM **bn;
+char *a;
+	{
+	BIGNUM *ret=NULL;
+	BN_ULONG l=0;
+	int neg=0,i,j;
+	int num;
+
+	if ((a == NULL) || (*a == '\0')) return(0);
+	if (*a == '-') { neg=1; a++; }
+
+	for (i=0; isdigit(a[i]); i++)
+		;
+
+	num=i+neg;
+	if (bn == NULL) return(num);
+
+	/* a is the start of the digets, and it is 'i' long.
+	 * We chop it into BN_DEC_NUM digets at a time */
+	if (*bn == NULL)
+		{
+		if ((ret=BN_new()) == NULL) return(0);
+		}
+	else
+		{
+		ret= *bn;
+		BN_zero(ret);
+		}
+
+	/* i is the number of digests, a bit of an over expand; */
+	if (bn_expand(ret,i*4) == NULL) goto err;
+
+	j=BN_DEC_NUM-(i%BN_DEC_NUM);
+	if (j == BN_DEC_NUM) j=0;
+	l=0;
+	while (*a)
+		{
+		l*=10;
+		l+= *a-'0';
+		a++;
+		if (++j == BN_DEC_NUM)
+			{
+			BN_mul_word(ret,BN_DEC_CONV);
+			BN_add_word(ret,l);
+			l=0;
+			j=0;
+			}
+		}
+	ret->neg=neg;
+
+	bn_fix_top(ret);
+	*bn=ret;
+	return(num);
+err:
+	if (*bn == NULL) BN_free(ret);
+	return(0);
+	}
+
 #ifndef NO_BIO
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int BN_print_fp(fp, a)
 FILE *fp;
 BIGNUM *a;
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index e3530a5bf..75b6b0493 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_rand.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
index fd9ca4dbf..72cd69d3f 100644
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_recp.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c
index d71188737..944bf1794 100644
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_shift.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -70,12 +70,12 @@ BIGNUM *a;
 	if (r != a)
 		{
 		r->neg=a->neg;
-		if (bn_expand(r,(a->top+1)*BN_BITS2) == NULL) return(0);
+		if (bn_wexpand(r,a->top+1) == NULL) return(0);
 		r->top=a->top;
 		}
 	else
 		{
-		if (bn_expand(r,(a->top+1)*BN_BITS2) == NULL) return(0);
+		if (bn_wexpand(r,a->top+1) == NULL) return(0);
 		}
 	ap=a->d;
 	rp=r->d;
@@ -108,7 +108,7 @@ BIGNUM *a;
 		}
 	if (a != r)
 		{
-		if (bn_expand(r,a->top*BN_BITS2) == NULL) return(0);
+		if (bn_wexpand(r,a->top) == NULL) return(0);
 		r->top=a->top;
 		r->neg=a->neg;
 		}
@@ -135,7 +135,7 @@ int n;
 	BN_ULONG l;
 
 	r->neg=a->neg;
-	if (bn_expand(r,(a->top*BN_BITS2)+n) == NULL) return(0);
+	if (bn_wexpand(r,a->top+(n/BN_BITS2)+1) == NULL) return(0);
 	nw=n/BN_BITS2;
 	lb=n%BN_BITS2;
 	rb=BN_BITS2-lb;
@@ -180,7 +180,7 @@ int n;
 	if (r != a)
 		{
 		r->neg=a->neg;
-		if (bn_expand(r,(a->top-nw+1)*BN_BITS2) == NULL) return(0);
+		if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
 		}
 
 	f= &(a->d[nw]);
diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
index 4c3f0a098..a8464610e 100644
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_sqr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -69,7 +69,7 @@ BN_CTX *ctx;
 	{
 	int i,j,max,al;
 	BIGNUM *tmp;
-	BN_ULONG *ap,*rp,c;
+	BN_ULONG *ap,*rp;
 
 	tmp=ctx->bn[ctx->tos];
 
@@ -81,8 +81,8 @@ BN_CTX *ctx;
 		}
 
 	max=(al*2);
-	if (bn_expand(r,max*BN_BITS2) == NULL) return(0);
-	if (bn_expand(tmp,max*BN_BITS2) == NULL) return(0);
+	if (bn_wexpand(r,1+max) == NULL) return(0);
+	if (bn_wexpand(tmp,1+max) == NULL) return(0);
 
 	r->neg=0;
 
@@ -95,7 +95,7 @@ BN_CTX *ctx;
 	if (--j > 0)
 		{
 		ap++;
-		rp[j]=bn_mul_word(rp,ap,j,ap[-1]);
+		rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
 		rp+=2;
 		}
 
@@ -103,56 +103,17 @@ BN_CTX *ctx;
 		{
 		j--;
 		ap++;
-		rp[j]=bn_mul_add_word(rp,ap,j,ap[-1]);
+		rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
 		rp+=2;
 		}
 
-	/* inlined shift, 2 words at once */
-	j=max;
-	rp=r->d;
-	c=0;
-	for (i=0; i<j; i++)
-		{
-		BN_ULONG t;
+	bn_add_words(r->d,r->d,r->d,max);
 
-		t= *rp;
-		*(rp++)=((t<<1)|c)&BN_MASK2;
-		c=(t & BN_TBIT)?1:0;
-
-#if 0
-		t= *rp;
-		*(rp++)=((t<<1)|c)&BN_MASK2;
-		c=(t & BN_TBIT)?1:0;
-#endif
-		}
-	/* there will not be a carry */
+	/* There will not be a carry */
 
 	bn_sqr_words(tmp->d,a->d,al);
 
-	/* inlined add */
-	ap=tmp->d;
-	rp=r->d;
-	c=0;
-	j=max;
-	for (i=0; i<j; i++)
-		{
-		BN_ULONG t1,t2;
-
-		t1= *(ap++);
-		t2= *rp;
-		if (c)
-			{
-			c=(t2 >= ((~t1)&BN_MASK2));
-			t2=(t1+t2+1)&BN_MASK2;
-			}
-		else
-			{
-			t2=(t1+t2)&BN_MASK2;
-			c=(t2<t1);
-			}
-		*(rp++)=t2;
-		}
-	/* there will be no carry */
+	bn_add_words(r->d,r->d,tmp->d,max);
 
 	r->top=max;
 	if (r->d[max-1] == 0) r->top--;
diff --git a/crypto/bn/bn_sub.c b/crypto/bn/bn_sub.c
index b0febc342..bba80f8af 100644
--- a/crypto/bn/bn_sub.c
+++ b/crypto/bn/bn_sub.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_sub.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -87,12 +87,12 @@ BIGNUM *b;
 		if (carry)
 			{
 			carry=(t1 <= t2);
-			t1=(t1-t2-1);
+			t1=(t1-t2-1)&BN_MASK2;
 			}
 		else
 			{
 			carry=(t1 < t2);
-			t1=(t1-t2);
+			t1=(t1-t2)&BN_MASK2;
 			}
 #if defined(IRIX_CC_BUG) && !defined(LINT)
 		dummy=t1;
@@ -110,9 +110,12 @@ BIGNUM *b;
 			if (t1 > t2) break;
 			}
 		}
+#if 0
 	memcpy(rp,ap,sizeof(*rp)*(max-i));
-/*	for (; i<max; i++)
-		*(rp++)= *(ap++);*/
+#else
+	for (; i<max; i++)
+		*(rp++)= *(ap++);
+#endif
 
 	r->top=max;
 	bn_fix_top(r);
@@ -146,8 +149,9 @@ BIGNUM *b;
 
 	if (add)
 		{
-		i=(a->top > b->top);
-	        if (bn_expand(r,(((i)?a->top:b->top)+1)*BN_BITS2) == NULL)
+		/* As a fast max size, do a a->top | b->top */
+		i=(a->top | b->top)+1;
+	        if (bn_wexpand(r,i) == NULL)
 			return(0);
 		if (i)
 			bn_qadd(r,a,b);
@@ -160,7 +164,7 @@ BIGNUM *b;
 	/* We are actually doing a - b :-) */
 
 	max=(a->top > b->top)?a->top:b->top;
-	if (bn_expand(r,max*BN_BITS2) == NULL) return(0);
+	if (bn_wexpand(r,max) == NULL) return(0);
 	if (BN_ucmp(a,b) < 0)
 		{
 		bn_qsub(r,b,a);
diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c
index b61ddd95c..4b3d0f011 100644
--- a/crypto/bn/bn_word.c
+++ b/crypto/bn/bn_word.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_word.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,11 +71,12 @@ unsigned long w;
 #endif
 	int i;
 
+	w&=BN_MASK2;
 	for (i=a->top-1; i>=0; i--)
 		{
 #ifndef BN_LLONG
-		ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%(int)w;
-		ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%(int)w;
+		ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%(unsigned long)w;
+		ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%(unsigned long)w;
 #else
 		ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
 			(BN_ULLONG)w);
@@ -93,18 +94,15 @@ unsigned long w;
 
 	if (a->top == 0) return(0);
 	ret=0;
+	w&=BN_MASK2;
 	for (i=a->top-1; i>=0; i--)
 		{
-#ifndef BN_LLONG
-		ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%(int)w;
-		ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%(int)w;
-#else
-		BN_ULLONG ll;
-
-		ll=((BN_ULLONG)ret<<(BN_ULONG)BN_BITS2)|a->d[i];
-		a->d[i]=(BN_ULONG)(ll/w);
-		ret=(BN_ULONG)(ll%w);
-#endif
+		BN_ULONG l,d;
+		
+		l=a->d[i];
+		d=bn_div64(ret,l,w);
+		ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
+		a->d[i]=d;
 		}
 	if (a->d[a->top-1] == 0)
 		a->top--;
@@ -118,7 +116,16 @@ unsigned long w;
 	BN_ULONG l;
 	int i;
 
-	if (bn_expand(a,a->top*BN_BITS2+1) == NULL) return(0);
+	if (a->neg)
+		{
+		a->neg=0;
+		i=BN_sub_word(a,w);
+		if (!BN_is_zero(a))
+			a->neg=1;
+		return(i);
+		}
+	w&=BN_MASK2;
+	if (bn_wexpand(a,a->top+1) == NULL) return(0);
 	i=0;
 	for (;;)
 		{
@@ -135,21 +142,63 @@ unsigned long w;
 	return(1);
 	}
 
-#ifdef undef
-BN_ULONG *BN_mod_inverse_word(a)
-BN_ULONG a;
+int BN_sub_word(a, w)
+BIGNUM *a;
+unsigned long w;
 	{
-	BN_ULONG A,B,X,Y,M,D,R,RET,T;
-	int sign,hight=1;
+	int i;
 
-	X=0;
-	Y=1;
-	A=0;
-	B=a;
-	sign=1;
+	if (a->neg)
+		{
+		a->neg=0;
+		i=BN_add_word(a,w);
+		a->neg=1;
+		return(i);
+		}
 
-	while (B != 0)
+	w&=BN_MASK2;
+	if ((a->top == 1) && (a->d[0] < w))
+		{
+		a->d[0]=w-a->d[0];
+		a->neg=1;
+		return(1);
+		}
+	i=0;
+	for (;;)
 		{
+		if (a->d[i] >= w)
+			{
+			a->d[i]-=w;
+			break;
+			}
+		else
+			{
+			a->d[i]=(a->d[i]-w)&BN_MASK2;
+			i++;
+			w=1;
+			}
+		}
+	if ((a->d[i] == 0) && (i == (a->top-1)))
+		a->top--;
+	return(1);
+	}
 
-#endif
+int BN_mul_word(a,w)
+BIGNUM *a;
+unsigned long w;
+	{
+	BN_ULONG ll;
+
+	w&=BN_MASK2;
+	if (a->top)
+		{
+		ll=bn_mul_words(a->d,a->d,a->top,w);
+		if (ll)
+			{
+			if (bn_wexpand(a,a->top+1) == NULL) return(0);
+			a->d[a->top++]=ll;
+			}
+		}
+	return(0);
+	}
 
diff --git a/crypto/bn/bnspeed.c b/crypto/bn/bnspeed.c
index 3b83a26de..f7c2790ff 100644
--- a/crypto/bn/bnspeed.c
+++ b/crypto/bn/bnspeed.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bnspeed.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -58,6 +58,7 @@
 
 /* most of this code has been pilfered from my libdes speed.c program */
 
+#define BASENUM	1000000
 #undef PROG
 #define PROG bnspeed_main
 
@@ -169,8 +170,8 @@ int s;
 	}
 
 #define NUM_SIZES	5
-/*static int sizes[NUM_SIZES]={256,512,1024,2048};*/
-static int sizes[NUM_SIZES]={59,179,299,419,539};
+static int sizes[NUM_SIZES]={128,256,512,1024,2048};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
 
 void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); 
 
@@ -198,34 +199,41 @@ BN_CTX *ctx;
 	{
 	int i,j,k;
 	double tm;
+	long num;
 
 	for (i=0; i<NUM_SIZES; i++)
 		{
+		num=BASENUM;
+		if (i) num/=(i*3);
 		BN_rand(a,sizes[i],1,0);
 		for (j=i; j<NUM_SIZES; j++)
 			{
 			BN_rand(b,sizes[j],1,0);
 			Time_F(START);
-			for (k=0; k<100000; k++)
+			for (k=0; k<num; k++)
 				BN_mul(r,b,a);
 			tm=Time_F(STOP);
-			printf("mul %3d x %3d -> %7.4f\n",sizes[i],sizes[j],tm/10.0);
+			printf("mul %4d x %4d -> %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num);
 			}
 		}
 
 	for (i=0; i<NUM_SIZES; i++)
 		{
+		num=BASENUM;
+		if (i) num/=(i*3);
 		BN_rand(a,sizes[i],1,0);
 		Time_F(START);
-		for (k=0; k<100000; k++)
+		for (k=0; k<num; k++)
 			BN_sqr(r,a,ctx);
 		tm=Time_F(STOP);
-		printf("sqr %3d x %3d -> %7.4f\n",sizes[i],sizes[i],tm/10.0);
+		printf("sqr %4d x %4d -> %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num);
 		}
 
 	for (i=0; i<NUM_SIZES; i++)
 		{
-		BN_rand(a,sizes[i],1,0);
+		num=BASENUM/10;
+		if (i) num/=(i*3);
+		BN_rand(a,sizes[i]-1,1,0);
 		for (j=i; j<NUM_SIZES; j++)
 			{
 			BN_rand(b,sizes[j],1,0);
@@ -233,7 +241,7 @@ BN_CTX *ctx;
 			for (k=0; k<100000; k++)
 				BN_div(r, NULL, b, a,ctx);
 			tm=Time_F(STOP);
-			printf("div %3d / %3d -> %7.4f\n",sizes[j],sizes[i],tm/10.0);
+			printf("div %4d / %4d -> %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num);
 			}
 		}
 	}
diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index 7a2f0b8d6..9ebd68b42 100644
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -1,5 +1,5 @@
 /* crypto/bn/bntest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,15 +59,17 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef WIN16
-#define APPS_WIN16
-#endif
+#include "e_os.h"
 #include "bio.h"
 #include "bn.h"
 #include "rand.h"
 #include "x509.h"
 #include "err.h"
 
+#ifdef WINDOWS
+#include "../bio/bss_file.c"
+#endif
+
 #ifndef NOPROTO
 int test_add (BIO *bp);
 int test_sub (BIO *bp);
@@ -102,9 +104,9 @@ int rand_neg();
 
 static int results=0;
 
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
-#include "../bio/bss_file.c"
+#include "bss_file.c"
 #endif
 
 int main(argc,argv)
@@ -178,20 +180,20 @@ char *argv[];
 	if (!test_rshift(out)) goto err;
 	fflush(stdout);
 
-	fprintf(stderr,"test BN_div\n");
-	if (!test_div(out,ctx)) goto err;
-	fflush(stdout);
-
-	fprintf(stderr,"test BN_mod\n");
-	if (!test_mod(out,ctx)) goto err;
+	fprintf(stderr,"test BN_sqr\n");
+	if (!test_sqr(out,ctx)) goto err;
 	fflush(stdout);
 
 	fprintf(stderr,"test BN_mul\n");
 	if (!test_mul(out)) goto err;
 	fflush(stdout);
 
-	fprintf(stderr,"test BN_sqr\n");
-	if (!test_sqr(out,ctx)) goto err;
+	fprintf(stderr,"test BN_div\n");
+	if (!test_div(out,ctx)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_mod\n");
+	if (!test_mod(out,ctx)) goto err;
 	fflush(stdout);
 
 	fprintf(stderr,"test BN_mod_mul\n");
diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c
index 4880df111..67dc95d72 100644
--- a/crypto/bn/exptest.c
+++ b/crypto/bn/exptest.c
@@ -1,5 +1,5 @@
 /* crypto/bn/exptest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,6 +63,9 @@
 #include "bn.h"
 #include "rand.h"
 #include "err.h"
+#ifdef WINDOWS
+#include "../bio/bss_file.c"
+#endif
 
 #define NUM_BITS	(BN_BITS*2)
 
@@ -87,11 +90,8 @@ char *argv[];
 		(a == NULL) || (b == NULL))
 		goto err;
 
-#ifdef WIN16
-	out=BIO_new(BIO_s_file_internal_w16());
-#else
 	out=BIO_new(BIO_s_file());
-#endif
+
 	if (out == NULL) exit(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
@@ -112,7 +112,7 @@ char *argv[];
 		BN_mod(a,a,m,ctx);
 		BN_mod(b,b,m,ctx);
 
-		ret=BN_mod_exp_mont(r_mont,a,b,m,ctx);
+		ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
 		if (ret <= 0)
 			{ printf("BN_mod_exp_mont() problems\n"); exit(1); }
 
diff --git a/crypto/buffer/Makefile.ssl b/crypto/buffer/Makefile.ssl
index 35367933b..a5f150e52 100644
--- a/crypto/buffer/Makefile.ssl
+++ b/crypto/buffer/Makefile.ssl
@@ -79,6 +79,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c
index 8cb9f3305..ff988852c 100644
--- a/crypto/buffer/buf_err.c
+++ b/crypto/buffer/buf_err.c
@@ -60,6 +60,7 @@
 #include "buffer.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA BUF_str_functs[]=
 	{
 {ERR_PACK(0,BUF_F_BUF_MEM_GROW,0),	"BUF_MEM_grow"},
@@ -69,13 +70,18 @@ static ERR_STRING_DATA BUF_str_functs[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_BUF_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_BUF,BUF_str_functs);
+#endif
+
 		}
 	}
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index df7e2fad2..7e8af9e2f 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -1,5 +1,5 @@
 /* crypto/buffer/buffer.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -94,7 +94,11 @@ int len;
 	char *ret;
 	unsigned int n;
 
-	if (str->length >= len) return(len);
+	if (str->length >= len)
+		{
+		str->length=len;
+		return(len);
+		}
 	if (str->max >= len)
 		{
 		memset(&(str->data[str->length]),0,len-str->length);
@@ -126,6 +130,8 @@ char *str;
 	char *ret;
 	int n;
 
+	if (str == NULL) return(NULL);
+
 	n=strlen(str);
 	ret=Malloc(n+1);
 	if (ret == NULL) 
diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h
index 87c9071e4..417548c04 100644
--- a/crypto/buffer/buffer.h
+++ b/crypto/buffer/buffer.h
@@ -1,5 +1,5 @@
 /* crypto/buffer/buffer.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -65,9 +65,9 @@ extern "C" {
 
 typedef struct buf_mem_st
 	{
-	int length;
+	int length;	/* current number of bytes */
 	char *data;
-	int max;
+	int max;	/* size of buffer */
 	} BUF_MEM;
 
 #ifndef NOPROTO
diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl
index 878ac70b1..00e917aa4 100644
--- a/crypto/conf/Makefile.ssl
+++ b/crypto/conf/Makefile.ssl
@@ -80,6 +80,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/conf/cnf_save.c b/crypto/conf/cnf_save.c
index 8524802e1..c9018de10 100644
--- a/crypto/conf/cnf_save.c
+++ b/crypto/conf/cnf_save.c
@@ -1,5 +1,5 @@
 /* crypto/conf/cnf_save.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/conf/conf.c b/crypto/conf/conf.c
index 68243e9f0..9e84300c5 100644
--- a/crypto/conf/conf.c
+++ b/crypto/conf/conf.c
@@ -1,5 +1,5 @@
 /* crypto/conf/conf.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -95,7 +95,7 @@ static CONF_VALUE *get_section();
 
 #define scan_esc(p)	((*(++p) == '\0')?(p):(++p))
 
-char *CONF_version="CONF part of SSLeay 0.8.1b 29-Jun-1998";
+char *CONF_version="CONF part of SSLeay 0.9.0b 29-Jun-1998";
 
 LHASH *CONF_load(h,file,line)
 LHASH *h;
@@ -124,7 +124,9 @@ long *line;
 	in=fopen(file,"rb");
 	if (in == NULL)
 		{
-		SYSerr(SYS_F_FOPEN,errno);
+		SYSerr(SYS_F_FOPEN,get_last_sys_error());
+		ERR_set_error_data(BUF_strdup(file),
+			ERR_TXT_MALLOCED|ERR_TXT_STRING);
 		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
 		goto err;
 		}
@@ -706,13 +708,13 @@ char *section;
 	v->value=(char *)sk;
 	
 	vv=(CONF_VALUE *)lh_insert(conf,(char *)v);
-#ifndef WIN16
 	if (vv != NULL)
 		{
+#if !defined(NO_STDIO) && !defined(WIN16)
 		fprintf(stderr,"internal fault\n");
+#endif
 		abort();
 		}
-#endif
 	ok=1;
 err:
 	if (!ok)
diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
index a23ec9542..1446226a1 100644
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -1,5 +1,5 @@
 /* crypto/conf/conf.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c
index b88c5b760..a8db8f266 100644
--- a/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
@@ -60,6 +60,7 @@
 #include "conf.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA CONF_str_functs[]=
 	{
 {ERR_PACK(0,CONF_F_CONF_LOAD,0),	"CONF_load"},
@@ -77,14 +78,19 @@ static ERR_STRING_DATA CONF_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_CONF_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_CONF,CONF_str_functs);
 		ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/conf/conf_lcl.h b/crypto/conf/conf_lcl.h
index 8ae7ce073..4e5644ed7 100644
--- a/crypto/conf/conf_lcl.h
+++ b/crypto/conf/conf_lcl.h
@@ -1,5 +1,5 @@
 /* crypto/conf/conf_lcl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/conf/test.c b/crypto/conf/test.c
index 17185926a..899ee2a06 100644
--- a/crypto/conf/test.c
+++ b/crypto/conf/test.c
@@ -1,5 +1,5 @@
 /* crypto/conf/test.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/cryptall.h b/crypto/cryptall.h
index 8eb085540..65a46452a 100644
--- a/crypto/cryptall.h
+++ b/crypto/cryptall.h
@@ -1,5 +1,5 @@
 /* crypto/cryptall.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 12cf0733e..9a7e80b7f 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -1,5 +1,5 @@
 /* crypto/cryptlib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -62,6 +62,10 @@
 #include "crypto.h"
 #include "date.h"
 
+#if defined(WIN32) || defined(WIN16)
+static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
+#endif
+
 /* real #defines in crypto.h, keep these upto date */
 static char* lock_names[CRYPTO_NUM_LOCKS] =
 	{
@@ -83,10 +87,13 @@ static char* lock_names[CRYPTO_NUM_LOCKS] =
 	"ssl",
 	"rand",
 	"debug_malloc",
-	"bio_gethostbyname",
 	"BIO",
+	"bio_gethostbyname",
+	"RSA_blinding",
 	};
 
+static STACK *app_locks=NULL;
+
 #ifndef NOPROTO
 static void (MS_FAR *locking_callback)(int mode,int type,
 	char *file,int line)=NULL;
@@ -99,6 +106,34 @@ static int (MS_FAR *add_lock_callback)()=NULL;
 static unsigned long (MS_FAR *id_callback)()=NULL;
 #endif
 
+int CRYPTO_get_new_lockid(name)
+char *name;
+	{
+	char *str;
+	int i;
+
+	/* A hack to make Visual C++ 5.0 work correctly when linking as
+	 * a DLL using /MT. Without this, the application cannot use
+	 * and floating point printf's.
+	 * It also seems to be needed for Visual C 1.5 (win16) */
+#if defined(WIN32) || defined(WIN16)
+	SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
+#endif
+
+	if (app_locks == NULL)
+		if ((app_locks=sk_new_null()) == NULL)
+			CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+			return(0);
+	if ((str=BUF_strdup(name)) == NULL)
+		return(0);
+	i=sk_push(app_locks,str);
+	if (!i)
+		Free(str);
+	else
+		i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
+	return(i);
+	}
+
 void (*CRYPTO_get_locking_callback(P_V))(P_I_I_P_I)
 	{
 	return(locking_callback);
@@ -232,9 +267,14 @@ int line;
 char *CRYPTO_get_lock_name(type)
 int type;
 	{
-	if ((type < 0) || (type >= CRYPTO_NUM_LOCKS))
+	if (type < 0)
+		return("ERROR");
+	else if (type < CRYPTO_NUM_LOCKS)
+		return(lock_names[type]);
+	else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
 		return("ERROR");
-	return(lock_names[type]);
+	else
+		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
 	}
 
 #ifdef _DLL
diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
index cce9a999f..7208f9e4e 100644
--- a/crypto/cryptlib.h
+++ b/crypto/cryptlib.h
@@ -1,5 +1,5 @@
 /* crypto/cryptlib.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -66,7 +66,7 @@
 extern "C" {
 #endif
 
-#ifdef FLAT_INC
+/* #ifdef FLAT_INC */
 
 #include "e_os.h"
 #include "crypto.h"
@@ -74,6 +74,7 @@ extern "C" {
 #include "bio.h" 
 #include "err.h"
 
+/*
 #else
 
 #include "../e_os.h"
@@ -82,6 +83,7 @@ extern "C" {
 #include "bio/bio.h"
 #include "err/err.h"
 #endif
+*/
 
 #define X509_CERT_AREA		"/usr/local/ssl"
 #define X509_CERT_DIR		"/usr/local/ssl/certs"
diff --git a/crypto/crypto.c b/crypto/crypto.c
index 16c4af47d..7f89c5a60 100644
--- a/crypto/crypto.c
+++ b/crypto/crypto.c
@@ -1,5 +1,5 @@
 /* crypto/crypto.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,6 +60,7 @@
  * BN_ASM */
 #ifndef BN_ASM
 #undef BN_ASM
+#define X86_ASM
 #endif
 
 #ifndef DES_ASM
@@ -95,9 +96,11 @@
 #define CRYPTO_PEM_SUBSET
 #define CRYPTO_RAND_SUBSET
 #define CRYPTO_RC_SUBSET
-#define CRYPTO_BF_SUBSET
+#define CRYPTO_BLOWFISH_SUBSET
+#define CRYPTO_CAST_SUBSET
 #define CRYPTO_RSA_SUBSET
 #define CRYPTO_SHA_SUBSET
+#define CRYPTO_HMAC_SUBSET
 #define CRYPTO_SHA1_SUBSET
 #define CRYPTO_STACK_SUBSET
 #define CRYPTO_TXT_DB_SUBSET
@@ -213,6 +216,7 @@
 #include "asn1/x_val.c"
 #include "asn1/x_x509.c"
 #endif
+
 #ifdef CRYPTO_BN_SUBSET
 #include "bn/bn_add.c"
 #include "bn/bn_div.c"
@@ -234,7 +238,9 @@
 #include "bn/bn_word.c"
 #include "bn/bn_print.c"
 #include "bn/bn_err.c"
+#include "bn/bn_blind.c"
 #endif
+
 #ifdef CRYPTO_BIO_SUBSET
 #include "bio/bf_buff.c"
 #include "bio/bf_null.c"
@@ -256,14 +262,17 @@
 #include "bio/b_dump.c"
 #include "bio/bio_err.c"
 #endif
+
 #ifdef CRYPTO_BUFFER_SUBSET
 #include "buffer/buf_err.c"
 #include "buffer/buffer.c"
 #endif
+
 #ifdef CRYPTO_CONF_SUBSET
 #include "conf/conf.c"
 #include "conf/conf_err.c"
 #endif
+
 #ifdef CRYPTO_DES_SUBSET
 #include "des/read_pwd.c"
 #ifndef NO_DES
@@ -271,12 +280,9 @@
 #include "des/fcrypt_b.c"
 #include "des/des_enc.c"
 #endif
-#include "des/ncbc_enc.c"
-#include "des/cbc3_enc.c"
 #include "des/cbc_cksm.c"
 #include "des/xcbc_enc.c"
 #include "des/cbc_enc.c"
-#include "des/ede_enc.c"
 #include "des/cfb64ede.c"
 #include "des/cfb64enc.c"
 #include "des/cfb_enc.c"
@@ -298,6 +304,7 @@
 #include "des/supp.c"
 #endif
 #endif
+
 #ifdef CRYPTO_DH_SUBSET
 #ifndef NO_DH
 #include "dh/dh_check.c"
@@ -307,6 +314,7 @@
 #include "dh/dh_lib.c"
 #endif
 #endif
+
 #ifdef CRYPTO_DSA_SUBSET
 #ifndef NO_DSA
 #include "dsa/dsa_gen.c"
@@ -317,11 +325,13 @@
 #include "dsa/dsa_err.c"
 #endif
 #endif
+
 #ifdef CRYPTO_ERROR_SUBSET
 #include "err/err.c"
 #include "err/err_all.c"
 #include "err/err_prn.c"
 #endif
+
 #ifdef CRYPTO_EVP_SUBSET
 #include "evp/bio_md.c"
 #include "evp/bio_b64.c"
@@ -357,6 +367,12 @@
 #include "evp/e_ecb_bf.c"
 #include "evp/e_ofb_bf.c"
 #endif
+#ifndef NO_CAST
+#include "evp/e_cbc_c.c"
+#include "evp/e_cfb_c.c"
+#include "evp/e_ecb_c.c"
+#include "evp/e_ofb_c.c"
+#endif
 #ifndef NO_RC4
 #include "evp/e_rc4.c"
 #endif
@@ -375,6 +391,7 @@
 #include "evp/p_sign.c"
 #include "evp/p_verify.c"
 #endif
+
 #ifdef CRYPTO_IDEA_SUBSET
 #ifndef NO_IDEA
 #include "idea/i_cbc.c"
@@ -384,34 +401,49 @@
 #include "idea/i_skey.c"
 #endif
 #endif
-#ifdef CRYPTO_BF_SUBSET
+
+#ifdef CRYPTO_BLOWFISH_SUBSET
 #ifndef NO_BLOWFISH
 #include "bf/bf_cfb64.c"
 #include "bf/bf_ecb.c"
 #ifndef BF_ASM
 #include "bf/bf_enc.c"
 #endif
-#include "bf/bf_cbc.c"
 #include "bf/bf_ofb64.c"
 #include "bf/bf_skey.c"
 #endif
 #endif
+
+#ifdef CRYPTO_CAST_SUBSET
+#ifndef NO_CAST
+#include "cast/c_cfb64.c"
+#include "cast/c_ecb.c"
+#ifndef CAST_ASM
+#include "cast/c_enc.c"
+#endif
+#include "cast/c_ofb64.c"
+#include "cast/c_skey.c"
+#endif
+#endif
+
 #ifdef CRYPTO_LHASH_SUBSET
 #include "lhash/lh_stats.c"
 #include "lhash/lhash.c"
 #endif
+
 #ifdef CRYPTO_MD_SUBSET
 #ifndef NO_MD2
-#include "md/md2_dgst.c"
-#include "md/md2_one.c"
+#include "md2/md2_dgst.c"
+#include "md2/md2_one.c"
 #include "evp/m_md2.c"
 #endif
 #ifndef NO_MD5
-#include "md/md5_dgst.c"
-#include "md/md5_one.c"
+#include "md5/md5_dgst.c"
+#include "md5/md5_one.c"
 #include "evp/m_md5.c"
 #endif
 #endif
+
 #ifdef CRYPTO_MDC2_SUBSET
 #ifndef NO_MDC2
 #include "mdc2/mdc2dgst.c"
@@ -419,11 +451,13 @@
 #include "evp/m_mdc2.c"
 #endif
 #endif
+
 #ifdef CRYPTO_OBJECTS_SUBSET
 #include "objects/obj_dat.c"
 #include "objects/obj_err.c"
 #include "objects/obj_lib.c"
 #endif
+
 #ifdef CRYPTO_PEM_SUBSET
 #include "pem/pem_err.c"
 #include "pem/pem_info.c"
@@ -434,23 +468,35 @@
 #include "pem/pem_sign.c"
 #endif
 #endif
+
 #ifdef CRYPTO_RAND_SUBSET
 #include "rand/md_rand.c"
 #include "rand/randfile.c"
 #endif
+
 #ifdef CRYPTO_RC_SUBSET
-#ifndef NO_RC4
+#ifndef NO_RC2
 #include "rc2/rc2_cbc.c"
 #include "rc2/rc2_ecb.c"
 #include "rc2/rc2_skey.c"
 #include "rc2/rc2cfb64.c"
 #include "rc2/rc2ofb64.c"
+#endif
+#ifndef NO_RC4
+#include "rc4/rc4_skey.c"
+#ifndef RC4_ASM
 #include "rc4/rc4_enc.c"
 #endif
 #endif
+#endif
+
+#ifdef CRYPTO_HMAC_SUBSET
+#include "hmac/hmac.c"
+#endif
+
 #ifdef CRYPTO_RSA_SUBSET
 #ifndef NO_RSA
-#include "rsa/rsa_enc.c"
+#include "rsa/rsa_eay.c"
 #include "rsa/rsa_err.c"
 #include "rsa/rsa_gen.c"
 #include "rsa/rsa_lib.c"
@@ -458,6 +504,7 @@
 #include "rsa/rsa_saos.c"
 #endif
 #endif
+
 #ifdef CRYPTO_SHA1_SUBSET
 #ifndef NO_SHA1
 #include "sha/sha1_one.c"
@@ -466,6 +513,7 @@
 #include "evp/m_sha1.c"
 #endif
 #endif
+
 #ifdef CRYPTO_SHA_SUBSET
 #ifndef NO_SHA
 #include "evp/m_dss.c"
@@ -474,12 +522,15 @@
 #include "evp/m_sha.c"
 #endif
 #endif
+
 #ifdef CRYPTO_STACK_SUBSET
 #include "stack/stack.c"
 #endif
+
 #ifdef CRYPTO_TXT_DB_SUBSET
 #include "txt_db/txt_db.c"
 #endif
+
 #ifdef CRYPTO_X509_SUBSET
 #include "x509/x509_cmp.c"
 #include "x509/x509_d2.c"
@@ -504,9 +555,11 @@
 #include "x509/v3_net.c"
 #include "x509/v3_x509.c"
 #endif
-#endif
-#ifdef CRYPTO_PKCS7_SUBSET /* I have an excplicit removal of 7 lines */
+
+
+#ifdef CRYPTO_PKCS7_SUBSET /* I have an explicit removal of 7 lines */
 #include "pkcs7/pk7_lib.c"
 #include "pkcs7/pkcs7err.c"
-#endif
+#include "pkcs7/pk7_doit.c"
+#endif /* CRYPTO_PKCS7_SUBSET */
 
diff --git a/crypto/crypto.h b/crypto/crypto.h
index fd7ff6a77..0a38b5b87 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -1,5 +1,5 @@
 /* crypto/crypto.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,9 +63,11 @@
 extern "C" {
 #endif
 
+#include "stack.h"
+
 /* This is more to be used to check the correct DLL is being used
  * in the MS world. */
-#define SSLEAY_VERSION_NUMBER	0x0800	/* Version 0.5.1c would be 0513 */
+#define SSLEAY_VERSION_NUMBER	0x0902	/* Version 0.5.1c would be 0513 */
 
 #define SSLEAY_VERSION		0
 /* #define SSLEAY_OPTIONS	1 no longer supported */
@@ -95,15 +97,14 @@ extern "C" {
 #define	CRYPTO_LOCK_MALLOC		17
 #define	CRYPTO_LOCK_BIO			18
 #define	CRYPTO_LOCK_BIO_GETHOSTBYNAME	19
-#define	CRYPTO_NUM_LOCKS		20
+#define CRYPTO_LOCK_RSA_BLINDING	20
+#define	CRYPTO_NUM_LOCKS		21
 
 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2
 #define CRYPTO_READ		4
 #define CRYPTO_WRITE		8
 
-/* The following stuff is not being used, it was not finished for
- * SSLeay 0.6.0 */
 #ifndef CRYPTO_w_lock
 #define CRYPTO_w_lock(type)	\
 	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
@@ -133,6 +134,43 @@ typedef struct crypto_mem_st
 	} CRYPTO_MEM_FUNC;
 */
 
+/* predec of the BIO type */
+typedef struct bio_st BIO_dummy;
+
+typedef struct crypto_ex_data_st
+	{
+	STACK *sk;
+	int dummy; /* gcc is screwing up this data structure :-( */
+	} CRYPTO_EX_DATA;
+
+/* This stuff is basically class callback functions
+ * The current classes are SSL_CTX, SSL, SSL_SESION, and a few more */
+typedef struct crypto_ex_data_func_st
+	{
+	long argl;	/* Arbitary long */
+	char *argp;	/* Arbitary char * */
+	/* Called when a new object is created */
+	int (*new_func)(/*char *obj,
+			char *item,int index,long argl,char *argp*/);
+	/* Called when this object is free()ed */
+	void (*free_func)(/*char *obj,
+			char *item,int index,long argl,char *argp*/);
+
+	/* Called when we need to dup this one */
+	int (*dup_func)(/*char *obj_to,char *obj_from,
+			char **new,int index,long argl,char *argp*/);
+	} CRYPTO_EX_DATA_FUNCS;
+
+/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
+ * entry.
+ */
+
+#define CRYPTO_EX_INDEX_BIO		0
+#define CRYPTO_EX_INDEX_SSL		1
+#define CRYPTO_EX_INDEX_SSL_CTX		2
+#define CRYPTO_EX_INDEX_SSL_SESSION	3
+#define CRYPTO_EX_INDEX_X509_STORE	4
+#define CRYPTO_EX_INDEX_X509_STORE_CTX	5
 
 /* Use this for win32 DLL's */
 #define CRYPTO_malloc_init()	CRYPTO_set_mem_functions(\
@@ -163,12 +201,26 @@ typedef struct crypto_mem_st
 #endif /* WIN32 || MFUNC */
 #endif /* MDEBUG */
 
+/* Case insensiteve linking causes problems.... */
+#ifdef WIN16
+#define ERR_load_CRYPTO_strings	ERR_load_CRYPTOlib_strings
+#endif
+
 #ifndef NOPROTO
 
 char *SSLeay_version(int type);
 unsigned long SSLeay(void);
 
+int CRYPTO_get_ex_new_index(int idx,STACK **sk,long argl,char *argp,
+	int (*new_func)(),int (*dup_func)(),void (*free_func)());
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad,int idx,char *val);
+char *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad,int idx);
+int CRYPTO_dup_ex_data(STACK *meth,CRYPTO_EX_DATA *from,CRYPTO_EX_DATA *to);
+void CRYPTO_free_ex_data(STACK *meth,char *obj,CRYPTO_EX_DATA *ad);
+void CRYPTO_new_ex_data(STACK *meth, char *obj, CRYPTO_EX_DATA *ad);
+
 int CRYPTO_mem_ctrl(int mode);
+int CRYPTO_get_new_lockid(char *name);
 void CRYPTO_lock(int mode, int type,char *file,int line);
 void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
 		int line));
@@ -196,21 +248,29 @@ char *CRYPTO_dbg_malloc(int num,char *file,int line);
 char *CRYPTO_dbg_realloc(char *addr,int num,char *file,int line);
 void CRYPTO_dbg_free(char *);
 char *CRYPTO_dbg_remalloc(char *addr,int num,char *file,int line);
-#ifndef WIN16
+#ifndef NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *);
 #endif
-#ifdef HEADER_BIO_H
-void CRYPTO_mem_leaks(BIO *);
-#endif
+void CRYPTO_mem_leaks(struct bio_st *bio);
 /* unsigned long order, char *file, int line, int num_bytes, char *addr */
 void CRYPTO_mem_leaks_cb(void (*cb)());
 
+void ERR_load_CRYPTO_strings(void );
+
 #else 
 
+int CRYPTO_get_ex_new_index();
+int CRYPTO_set_ex_data();
+char *CRYPTO_get_ex_data();
+int CRYPTO_dup_ex_data();
+void CRYPTO_free_ex_data();
+void CRYPTO_new_ex_data();
+
 int CRYPTO_mem_ctrl();
 char *SSLeay_version();
 unsigned long SSLeay();
 
+int CRYPTO_get_new_lockid();
 void CRYPTO_lock();
 void CRYPTO_set_locking_callback();
 void (*CRYPTO_get_locking_callback())();
@@ -232,16 +292,28 @@ char *CRYPTO_dbg_remalloc();
 char *CRYPTO_dbg_malloc();
 char *CRYPTO_dbg_realloc();
 void CRYPTO_dbg_free();
-#ifndef WIN16
+#ifndef NO_FP_API
 void CRYPTO_mem_leaks_fp();
 #endif
 void CRYPTO_mem_leaks();
 void CRYPTO_mem_leaks_cb();
 
+void ERR_load_CRYPTO_strings();
+
 #endif
 
+/* BEGIN ERROR CODES */
+/* Error codes for the CRYPTO functions. */
+
+/* Function codes. */
+#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX		 100
+#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101
+#define CRYPTO_F_CRYPTO_SET_EX_DATA			 102
+
+/* Reason codes. */
+ 
 #ifdef  __cplusplus
 }
 #endif
-
 #endif
+
diff --git a/crypto/cversion.c b/crypto/cversion.c
index d36496dcc..4e823be52 100644
--- a/crypto/cversion.c
+++ b/crypto/cversion.c
@@ -1,5 +1,5 @@
 /* crypto/cversion.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -66,7 +66,7 @@ char *SSLeay_version(t)
 int t;
 	{
 	if (t == SSLEAY_VERSION)
-		return("SSLeay 0.8.1b 29-Jun-1998");
+		return("SSLeay 0.9.0b 29-Jun-1998");
 	if (t == SSLEAY_BUILT_ON)
 		{
 #ifdef DATE
diff --git a/crypto/date.h b/crypto/date.h
index ac96ada60..1cbe8f6ef 100644
--- a/crypto/date.h
+++ b/crypto/date.h
@@ -1 +1 @@
-#define DATE	"Sat Jul 19 04:59:06 EST 1997"
+#define DATE	"Fri Apr 10 01:11:55 EST 1998"
diff --git a/crypto/des/INSTALL b/crypto/des/INSTALL
index 3b8dae6b5..32457d775 100644
--- a/crypto/des/INSTALL
+++ b/crypto/des/INSTALL
@@ -30,13 +30,13 @@ turn on the relevent option in the Makefile
 There are some special Makefile targets that make life easier.
 make cc		- standard cc build
 make gcc	- standard gcc build
-make x86-elf	- x86 assember (elf), linux-elf.
-make x86-out	- x86 assember (a.out), FreeBSD
-make x86-solaris- x86 assember
-make x86-bsdi	- x86 assember (a.out with primative assember).
+make x86-elf	- x86 assembler (elf), linux-elf.
+make x86-out	- x86 assembler (a.out), FreeBSD
+make x86-solaris- x86 assembler
+make x86-bsdi	- x86 assembler (a.out with primative assembler).
 
-If at all possible use the assember (for Windows NT/95, use
-asm/win32.obj to link with).  The x86 assember is very very fast.
+If at all possible use the assembler (for Windows NT/95, use
+asm/win32.obj to link with).  The x86 assembler is very very fast.
 
 A make install will by default install
 libdes.a      in /usr/local/lib/libdes.a
diff --git a/crypto/des/Makefile.lit b/crypto/des/Makefile.lit
index cfd1b40e4..c09f6969d 100644
--- a/crypto/des/Makefile.lit
+++ b/crypto/des/Makefile.lit
@@ -54,10 +54,10 @@ AS=as
 
 # Assember version of des_encrypt*().
 DES_ENC=des_enc.o fcrypt_b.o		# normal C version
-#DES_ENC=asm/dx86-elf.o	asm/cx86-elf.o	# elf format x86
-#DES_ENC=asm/dx86-out.o	asm/cx86-out.o	# a.out format x86
-#DES_ENC=asm/dx86-sol.o	asm/cx86-sol.o	# solaris format x86 
-#DES_ENC=asm/dx86bsdi.o	asm/cx86basi.o	# bsdi format x86 
+#DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
+#DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
+#DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
+#DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
 
 LIBDIR=/usr/local/lib
 BINDIR=/usr/local/bin
@@ -66,8 +66,8 @@ MANDIR=/usr/local/man
 MAN1=1
 MAN3=3
 SHELL=/bin/sh
-OBJ_LIT=ede_enc.o cbc_enc.o ncbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
-OBJ_FULL=cbc3_enc.o cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
 	xcbc_enc.o qud_cksm.o \
 	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
 	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
@@ -76,22 +76,21 @@ OBJ_FULL=cbc3_enc.o cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
 GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
 	des.doc options.txt asm
 GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
-	GNUmakefile des.man DES.pm DES.pod DES.xs Makefile.PL \
+	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
 	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
 	des.org des_locl.org
 TESTING_LIT=	destest speed des_opts
-TESTING_FULL=	destest speed des_opts $(TESTING_LIT)
+TESTING_FULL=	rpw $(TESTING_LIT)
 TESTING_SRC_LIT=destest.c speed.c des_opts.c
 TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT)
 HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
 HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
-LIBDES_LIT=ede_enc.c cbc_enc.c ncbc_enc.c ecb_enc.c fcrypt.c set_key.c \
-	des_enc.c fcrypt_b.c
+LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
 LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \
-	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c  cbc3_enc.c  \
+	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
 	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
 	rand_key.c rpc_enc.c  str2key.c  supp.c \
-	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c 
+	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
 
 PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
 
@@ -115,48 +114,54 @@ gcc:
 	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
 
 x86-elf:
-	$(MAKE) DES_ENC='asm/dx86-elf.o asm/cx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
 
 x86-out:
-	$(MAKE) DES_ENC='asm/dx86-out.o asm/cx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
 
 x86-solaris:
-	$(MAKE) DES_ENC='asm/dx86-sol.o asm/cx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
 
 x86-bsdi:
-	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/cx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
 
 # elf
-asm/dx86-elf.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86-elf.o: asm/dx86unix.cpp
 	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
 
-asm/cx86-elf.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CPP) -DELF asm/cx86unix.cpp | $(AS) -o asm/cx86-elf.o
+asm/yx86-elf.o: asm/yx86unix.cpp
+	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
 
 # solaris
-asm/dx86-sol.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86-sol.o: asm/dx86unix.cpp
 	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
 	as -o asm/dx86-sol.o asm/dx86-sol.s
 	rm -f asm/dx86-sol.s
 
-asm/cx86-sol.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
-	as -o asm/cx86-sol.o asm/cx86-sol.s
-	rm -f asm/cx86-sol.s
+asm/yx86-sol.o: asm/yx86unix.cpp
+	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+	as -o asm/yx86-sol.o asm/yx86-sol.s
+	rm -f asm/yx86-sol.s
 
 # a.out
-asm/dx86-out.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86-out.o: asm/dx86unix.cpp
 	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
 
-asm/cx86-out.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CPP) -DOUT asm/cx86unix.cpp | $(AS) -o asm/cx86-out.o
+asm/yx86-out.o: asm/yx86unix.cpp
+	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
 
 # bsdi
-asm/dx86bsdi.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86bsdi.o: asm/dx86unix.cpp
 	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
 
-asm/cx86bsdi.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CPP) -DBSDI asm/cx86unix.cpp | $(AS) -o asm/cx86bsdi.o
+asm/yx86bsdi.o: asm/yx86unix.cpp
+	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp:
+	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp:
+	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
 
 test:	all
 	./destest
@@ -211,7 +216,7 @@ dclean:
 	mv -f Makefile.new Makefile
 
 # Eric is probably going to choke when he next looks at this --tjh
-install: $(DLIB) des
+install:
 	if test $(INSTALLTOP); then \
 	    echo SSL style install; \
 	    cp $(DLIB) $(INSTALLTOP)/lib; \
@@ -224,8 +229,6 @@ install: $(DLIB) des
 	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
 	    cp des.h $(INSTALLTOP)/include; \
 	    chmod 644 $(INSTALLTOP)/include/des.h; \
-	    cp des $(INSTALLTOP)/bin; \
-	    chmod 755 $(INSTALLTOP)/bin/des; \
 	else \
 	    echo Standalone install; \
 	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
@@ -237,8 +240,6 @@ install: $(DLIB) des
 	      fi; \
 	    fi; \
 	    chmod 644 $(LIBDIR)/$(DLIB); \
-	    cp des $(BINDIR)/des; \
-	    chmod 711 $(BINDIR)/des; \
 	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
 	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
 	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl
index 51bfe7cf3..78b5189ee 100644
--- a/crypto/des/Makefile.ssl
+++ b/crypto/des/Makefile.ssl
@@ -15,7 +15,7 @@ MAKEFILE=	Makefile.ssl
 AR=		ar r
 DES_ENC=	des_enc.o fcrypt_b.o
 # or use
-#DES_ENC=	dx86-elf.o cx86-elf.o
+#DES_ENC=	dx86-elf.o yx86-elf.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
@@ -24,17 +24,17 @@ TEST=destest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	cbc3_enc.c cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
-	ecb3_enc.c ecb_enc.c  ede_enc.c  enc_read.c enc_writ.c \
-	fcrypt.c   ncbc_enc.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+LIBSRC=	cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+	ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+	fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
 	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
 	des_enc.c fcrypt_b.c read2pwd.c \
 	fcrypt.c xcbc_enc.c \
 	str2key.c  cfb64ede.c ofb64ede.c supp.c
 
-LIBOBJ= set_key.o  ecb_enc.o  ede_enc.o  cbc_enc.o  cbc3_enc.o \
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
 	ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
-	enc_read.o enc_writ.o ncbc_enc.o ofb64enc.o \
+	enc_read.o enc_writ.o ofb64enc.o \
 	ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
 	${DES_ENC} read2pwd.o \
 	fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o supp.o
@@ -57,36 +57,42 @@ lib:	$(LIBOBJ)
 	@touch lib
 
 # elf
-asm/dx86-elf.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86-elf.o: asm/dx86unix.cpp
 	$(CPP) -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
 
-asm/cx86-elf.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
+asm/yx86-elf.o: asm/yx86unix.cpp
+	$(CPP) -DELF asm/yx86unix.cpp | as -o asm/yx86-elf.o
 
 # solaris
-asm/dx86-sol.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86-sol.o: asm/dx86unix.cpp
 	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
 	as -o asm/dx86-sol.o asm/dx86-sol.s
 	rm -f asm/dx86-sol.s
 
-asm/cx86-sol.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
-	as -o asm/cx86-sol.o asm/cx86-sol.s
-	rm -f asm/cx86-sol.s
+asm/yx86-sol.o: asm/yx86unix.cpp
+	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+	as -o asm/yx86-sol.o asm/yx86-sol.s
+	rm -f asm/yx86-sol.s
 
 # a.out
-asm/dx86-out.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86-out.o: asm/dx86unix.cpp
 	$(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
 
-asm/cx86-out.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+asm/yx86-out.o: asm/yx86unix.cpp
+	$(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o
 
 # bsdi
-asm/dx86bsdi.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86bsdi.o: asm/dx86unix.cpp
 	$(CPP) -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
 
-asm/cx86bsdi.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CPP) -DBSDI asm/cx86unix.cpp | as -o asm/cx86bsdi.o
+asm/yx86bsdi.o: asm/yx86unix.cpp
+	$(CPP) -DBSDI asm/yx86unix.cpp | as -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp:
+	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp:
+	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
 
 files:
 	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
@@ -95,13 +101,12 @@ links:
 	/bin/rm -f Makefile
 	$(TOP)/util/point.sh Makefile.ssl Makefile
 	/bin/rm -f des.doc
+	/bin/rm -fr asm/perlasm
+	$(TOP)/util/point.sh ../../perlasm asm/perlasm
 	$(TOP)/util/point.sh ../../doc/des.doc des.doc
 	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
 	$(TOP)/util/mklink.sh ../../test $(TEST)
 	$(TOP)/util/mklink.sh ../../apps $(APPS)
-	/bin/rm -f asm/x86ms.pl asm/x86unix.pl
-	$(TOP)/util/point.sh ../../perlasm/x86ms.pl asm/x86ms.pl
-	$(TOP)/util/point.sh ../../perlasm/x86unix.pl asm/x86unix.pl
 
 install: installs
 
diff --git a/crypto/des/Makefile.uni b/crypto/des/Makefile.uni
index 4e29805cf..8f1759748 100644
--- a/crypto/des/Makefile.uni
+++ b/crypto/des/Makefile.uni
@@ -54,10 +54,10 @@ AS=as
 
 # Assember version of des_encrypt*().
 DES_ENC=des_enc.o fcrypt_b.o		# normal C version
-#DES_ENC=asm/dx86-elf.o	asm/cx86-elf.o	# elf format x86
-#DES_ENC=asm/dx86-out.o	asm/cx86-out.o	# a.out format x86
-#DES_ENC=asm/dx86-sol.o	asm/cx86-sol.o	# solaris format x86 
-#DES_ENC=asm/dx86bsdi.o	asm/cx86basi.o	# bsdi format x86 
+#DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
+#DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
+#DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
+#DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
 
 LIBDIR=/usr/local/lib
 BINDIR=/usr/local/bin
@@ -66,9 +66,9 @@ MANDIR=/usr/local/man
 MAN1=1
 MAN3=3
 SHELL=/bin/sh
-OBJ_LIT=ede_enc.o cbc_enc.o ncbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
-OBJ_FULL=cbc3_enc.o cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
-	xcbc_enc.o qud_cksm.o \
+OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+	xcbc_enc.o qud_cksm.o cbc3_enc.o \
 	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
 	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
 	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
@@ -76,19 +76,18 @@ OBJ_FULL=cbc3_enc.o cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
 GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
 	des.doc options.txt asm
 GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
-	GNUmakefile des.man DES.pm DES.pod DES.xs Makefile.PL \
+	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
 	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
 	des.org des_locl.org
 TESTING_LIT=	destest speed des_opts
-TESTING_FULL=	destest speed des_opts $(TESTING_LIT)
+TESTING_FULL=	rpw des $(TESTING_LIT)
 TESTING_SRC_LIT=destest.c speed.c des_opts.c
-TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT)
+TESTING_SRC_FULL=rpw.c des.c $(TESTING_SRC_LIT)
 HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
 HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
-LIBDES_LIT=ede_enc.c cbc_enc.c ncbc_enc.c ecb_enc.c fcrypt.c set_key.c \
-	des_enc.c fcrypt_b.c
-LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \
-	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c  cbc3_enc.c  \
+LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
+LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c cbc3_enc.c \
+	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
 	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
 	rand_key.c rpc_enc.c  str2key.c  supp.c \
 	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
@@ -115,48 +114,54 @@ gcc:
 	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
 
 x86-elf:
-	$(MAKE) DES_ENC='asm/dx86-elf.o asm/cx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
 
 x86-out:
-	$(MAKE) DES_ENC='asm/dx86-out.o asm/cx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
 
 x86-solaris:
-	$(MAKE) DES_ENC='asm/dx86-sol.o asm/cx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
 
 x86-bsdi:
-	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/cx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
 
 # elf
-asm/dx86-elf.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86-elf.o: asm/dx86unix.cpp
 	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
 
-asm/cx86-elf.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CPP) -DELF asm/cx86unix.cpp | $(AS) -o asm/cx86-elf.o
+asm/yx86-elf.o: asm/yx86unix.cpp
+	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
 
 # solaris
-asm/dx86-sol.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86-sol.o: asm/dx86unix.cpp
 	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
 	as -o asm/dx86-sol.o asm/dx86-sol.s
 	rm -f asm/dx86-sol.s
 
-asm/cx86-sol.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
-	as -o asm/cx86-sol.o asm/cx86-sol.s
-	rm -f asm/cx86-sol.s
+asm/yx86-sol.o: asm/yx86unix.cpp
+	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+	as -o asm/yx86-sol.o asm/yx86-sol.s
+	rm -f asm/yx86-sol.s
 
 # a.out
-asm/dx86-out.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86-out.o: asm/dx86unix.cpp
 	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
 
-asm/cx86-out.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CPP) -DOUT asm/cx86unix.cpp | $(AS) -o asm/cx86-out.o
+asm/yx86-out.o: asm/yx86unix.cpp
+	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
 
 # bsdi
-asm/dx86bsdi.o: asm/dx86-cpp.s asm/dx86unix.cpp
+asm/dx86bsdi.o: asm/dx86unix.cpp
 	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
 
-asm/cx86bsdi.o: asm/cx86-cpp.s asm/cx86unix.cpp
-	$(CPP) -DBSDI asm/cx86unix.cpp | $(AS) -o asm/cx86bsdi.o
+asm/yx86bsdi.o: asm/yx86unix.cpp
+	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp:
+	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp:
+	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
 
 test:	all
 	./destest
@@ -189,13 +194,24 @@ tags:
 tar_lit:
 	/bin/mv Makefile Makefile.tmp
 	/bin/cp Makefile.lit Makefile
-	tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \
-		$(GENERAL_LIT) $(TESTING_SRC_LIT)
+	for i in $(HEADERS_LIT) $(LIBDES_LIT) $(GENERAL_LIT) $(TESTING_SRC_LIT) ;\
+	do \
+		n="$$n des/$$i"; \
+	done; \
+	( cd .. ; tar chf - $$n )| gzip > libdes-l.tgz
 	/bin/rm -f Makefile
 	/bin/mv Makefile.tmp Makefile
 
 tar:
-	tar chf libdes.tar $(ALL)
+	mv Makefile Makefile.tmp
+	/bin/cp Makefile.uni Makefile
+	for i in $(ALL) ;\
+	do \
+		n="$$n des/$$i"; \
+	done; \
+	( cd .. ; tar chf - $$n )| gzip > libdes.tgz
+	/bin/rm -f Makefile
+	/bin/mv Makefile.tmp Makefile
 
 shar:
 	shar $(ALL) >libdes.shar
@@ -211,7 +227,7 @@ dclean:
 	mv -f Makefile.new Makefile
 
 # Eric is probably going to choke when he next looks at this --tjh
-install: $(DLIB) des
+install: des
 	if test $(INSTALLTOP); then \
 	    echo SSL style install; \
 	    cp $(DLIB) $(INSTALLTOP)/lib; \
@@ -224,8 +240,6 @@ install: $(DLIB) des
 	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
 	    cp des.h $(INSTALLTOP)/include; \
 	    chmod 644 $(INSTALLTOP)/include/des.h; \
-	    cp des $(INSTALLTOP)/bin; \
-	    chmod 755 $(INSTALLTOP)/bin/des; \
 	else \
 	    echo Standalone install; \
 	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
diff --git a/crypto/des/VERSION b/crypto/des/VERSION
index b5a2fb7ed..f62d8bdac 100644
--- a/crypto/des/VERSION
+++ b/crypto/des/VERSION
@@ -1,13 +1,37 @@
+	Defining SIGACTION causes sigaction() to be used instead of signal().
+	SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it
+	can cause problems.  This should hopefully not affect normal
+	applications.
+
+Version 4.04
+	Fixed a few tests in destest.  Also added x86 assember for
+	des_ncbc_encrypt() which is the standard cbc mode function.
+	This makes a very very large performace difference.
+	Ariel Glenn ariel@columbia.edu reports that the terminal
+	'turn echo off' can return (errno == EINVAL) under solaris
+	when redirection is used.  So I now catch that as well as ENOTTY.
+
+
+Version 4.03
+	Left a static out of enc_write.c, which caused to buffer to be
+	continiously malloc()ed.  Does anyone use these functions?  I keep
+	on feeling like removing them since I only had these in there
+	for a version of kerberised login.  Anyway, this was pointed out
+	by Theo de Raadt <deraadt@cvs.openbsd.org>
+	The 'n' bit ofb code was wrong, it was not shifting the shift
+	register. It worked correctly for n == 64.  Thanks to
+	Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out.
+
 Version 4.02
-	I was doing if (memcmp(weak_keys[i],key,sizeof(key)) == 0)
+	I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
 	when checking for weak keys which is wrong :-(, pointed out by
-	rkus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>.
+	Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>.
 
 Version 4.01
-	Even faster inner loop in the DES assember for x86 and a modification
+	Even faster inner loop in the DES assembler for x86 and a modification
 	for IP/FP which is faster on x86.  Both of these changes are
 	from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  His
-	changes make the assember run %40 faster on a pentium.  This is just
+	changes make the assembler run %40 faster on a pentium.  This is just
 	a case of getting the instruction sequence 'just right'.
 	All credit to 'Svend' :-)
 	Quite a few special x86 'make' targets.
@@ -15,9 +39,9 @@ Version 4.01
 
 Version 4.00
 	After a bit of a pause, I'll up the major version number since this
-	is mostly a performace release.  I've added x86 assember and
+	is mostly a performace release.  I've added x86 assembler and
 	added more options for performance.  A %28 speedup for gcc 
-	on a pentium and the assember is a %50 speedup.
+	on a pentium and the assembler is a %50 speedup.
 	MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
 	Run des_opts to work out which options should be used.
 	DES_RISC1/DES_RISC2 use alternative inner loops which use
@@ -35,7 +59,7 @@ Version 3.26
 	instead of L^=((..)|(..)|(..)..  This should save a register at
 	least.
 	Assember for x86.  The file to replace is des_enc.c, which is replaced
-	by one of the assember files found in asm.  Look at des/asm/readme
+	by one of the assembler files found in asm.  Look at des/asm/readme
 	for more info.
 
 	/* Modification to fcrypt so it can be compiled to support
diff --git a/crypto/des/asm/d-win32.asm b/crypto/des/asm/d-win32.asm
index fc62e3b78..9e3dc9cd8 100644
--- a/crypto/des/asm/d-win32.asm
+++ b/crypto/des/asm/d-win32.asm
@@ -1,27 +1,24 @@
 	; Don't even think of reading this code
-	; It was automatically generated by des-som3.pl
+	; It was automatically generated by des-586.pl
 	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, Win32, or Solaris
-	; It can be found in SSLeay 0.6.5+ or in libdes 3.26+
+	; any of elf, a.out, BSDI,Win32, or Solaris
 	; eric <eay@cryptsoft.com>
-	; The inner loop instruction sequence and the IP/FP modifications
-	; are from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
 	; 
-	TITLE	dx86xxxx.asm
+	TITLE	des-586.asm
         .386
 .model FLAT
 _TEXT	SEGMENT
 PUBLIC	_des_encrypt
-EXTRN	_des_SPtrans:DWORD
+EXTRN   _des_SPtrans:DWORD
 _des_encrypt PROC NEAR
-	push	ebp
-	push	ebx
 	push	esi
 	push	edi
 	; 
 	; Load the 2 words
-	mov	esi,		DWORD PTR 20[esp]
+	mov	esi,		DWORD PTR 12[esp]
 	xor	ecx,		ecx
+	push	ebx
+	push	ebp
 	mov	eax,		DWORD PTR [esi]
 	mov	ebx,		DWORD PTR 28[esp]
 	mov	edi,		DWORD PTR 4[esi]
@@ -63,8 +60,8 @@ _des_encrypt PROC NEAR
 	xor	edi,		eax
 	; 
 	rol	edi,		1
-	cmp	ebx,		0
 	mov	ebp,		DWORD PTR 24[esp]
+	cmp	ebx,		0
 	je	$L000start_decrypt
 	; 
 	; Round 0
@@ -1294,32 +1291,32 @@ $L001end:
 	ror	eax,		4
 	mov	DWORD PTR [edx],eax
 	mov	DWORD PTR 4[edx],esi
+	pop	ebp
+	pop	ebx
 	pop	edi
 	pop	esi
-	pop	ebx
-	pop	ebp
 	ret
 _des_encrypt ENDP
 _TEXT	ENDS
 _TEXT	SEGMENT
 PUBLIC	_des_encrypt2
-EXTRN	_des_SPtrans:DWORD
+EXTRN   _des_SPtrans:DWORD
 _des_encrypt2 PROC NEAR
-	push	ebp
-	push	ebx
 	push	esi
 	push	edi
 	; 
 	; Load the 2 words
-	mov	eax,		DWORD PTR 20[esp]
+	mov	eax,		DWORD PTR 12[esp]
 	xor	ecx,		ecx
+	push	ebx
+	push	ebp
 	mov	esi,		DWORD PTR [eax]
 	mov	ebx,		DWORD PTR 28[esp]
 	rol	esi,		3
 	mov	edi,		DWORD PTR 4[eax]
 	rol	edi,		3
-	cmp	ebx,		0
 	mov	ebp,		DWORD PTR 24[esp]
+	cmp	ebx,		0
 	je	$L002start_decrypt
 	; 
 	; Round 0
@@ -2515,26 +2512,27 @@ $L003end:
 	ror	esi,		3
 	mov	DWORD PTR [eax],edi
 	mov	DWORD PTR 4[eax],esi
+	pop	ebp
+	pop	ebx
 	pop	edi
 	pop	esi
-	pop	ebx
-	pop	ebp
 	ret
 _des_encrypt2 ENDP
 _TEXT	ENDS
 _TEXT	SEGMENT
 PUBLIC	_des_encrypt3
-EXTRN	_des_SPtrans:DWORD
+
 _des_encrypt3 PROC NEAR
-	push	ebp
 	push	ebx
+	mov	ebx,		DWORD PTR 8[esp]
+	push	ebp
 	push	esi
 	push	edi
 	; 
 	; Load the data words
-	mov	ebx,		DWORD PTR 20[esp]
 	mov	edi,		DWORD PTR [ebx]
 	mov	esi,		DWORD PTR 4[ebx]
+	sub	esp,		12
 	; 
 	; IP
 	rol	edi,		4
@@ -2575,24 +2573,24 @@ _des_encrypt3 PROC NEAR
 	ror	edx,		3
 	ror	esi,		2
 	mov	DWORD PTR 4[ebx],esi
-	mov	eax,		DWORD PTR 24[esp]
+	mov	eax,		DWORD PTR 36[esp]
 	mov	DWORD PTR [ebx],edx
-	mov	edi,		DWORD PTR 28[esp]
-	mov	esi,		DWORD PTR 32[esp]
-	push	1
-	push	eax
-	push	ebx
+	mov	edi,		DWORD PTR 40[esp]
+	mov	esi,		DWORD PTR 44[esp]
+	mov	DWORD PTR 8[esp],1
+	mov	DWORD PTR 4[esp],eax
+	mov	DWORD PTR [esp],ebx
 	call	_des_encrypt2
-	push	0
-	push	edi
-	push	ebx
+	mov	DWORD PTR 8[esp],0
+	mov	DWORD PTR 4[esp],edi
+	mov	DWORD PTR [esp],ebx
 	call	_des_encrypt2
-	push	1
-	push	esi
-	push	ebx
+	mov	DWORD PTR 8[esp],1
+	mov	DWORD PTR 4[esp],esi
+	mov	DWORD PTR [esp],ebx
 	call	_des_encrypt2
+	add	esp,		12
 	mov	edi,		DWORD PTR [ebx]
-	add	esp,		36
 	mov	esi,		DWORD PTR 4[ebx]
 	; 
 	; FP
@@ -2637,24 +2635,25 @@ _des_encrypt3 PROC NEAR
 	mov	DWORD PTR 4[ebx],esi
 	pop	edi
 	pop	esi
-	pop	ebx
 	pop	ebp
+	pop	ebx
 	ret
 _des_encrypt3 ENDP
 _TEXT	ENDS
 _TEXT	SEGMENT
 PUBLIC	_des_decrypt3
-EXTRN	_des_SPtrans:DWORD
+
 _des_decrypt3 PROC NEAR
-	push	ebp
 	push	ebx
+	mov	ebx,		DWORD PTR 8[esp]
+	push	ebp
 	push	esi
 	push	edi
 	; 
 	; Load the data words
-	mov	ebx,		DWORD PTR 20[esp]
 	mov	edi,		DWORD PTR [ebx]
 	mov	esi,		DWORD PTR 4[ebx]
+	sub	esp,		12
 	; 
 	; IP
 	rol	edi,		4
@@ -2695,24 +2694,24 @@ _des_decrypt3 PROC NEAR
 	ror	edx,		3
 	ror	esi,		2
 	mov	DWORD PTR 4[ebx],esi
-	mov	esi,		DWORD PTR 24[esp]
+	mov	esi,		DWORD PTR 36[esp]
 	mov	DWORD PTR [ebx],edx
-	mov	edi,		DWORD PTR 28[esp]
-	mov	eax,		DWORD PTR 32[esp]
-	push	0
-	push	eax
-	push	ebx
+	mov	edi,		DWORD PTR 40[esp]
+	mov	eax,		DWORD PTR 44[esp]
+	mov	DWORD PTR 8[esp],0
+	mov	DWORD PTR 4[esp],eax
+	mov	DWORD PTR [esp],ebx
 	call	_des_encrypt2
-	push	1
-	push	edi
-	push	ebx
+	mov	DWORD PTR 8[esp],1
+	mov	DWORD PTR 4[esp],edi
+	mov	DWORD PTR [esp],ebx
 	call	_des_encrypt2
-	push	0
-	push	esi
-	push	ebx
+	mov	DWORD PTR 8[esp],0
+	mov	DWORD PTR 4[esp],esi
+	mov	DWORD PTR [esp],ebx
 	call	_des_encrypt2
+	add	esp,		12
 	mov	edi,		DWORD PTR [ebx]
-	add	esp,		36
 	mov	esi,		DWORD PTR 4[ebx]
 	; 
 	; FP
@@ -2757,9 +2756,377 @@ _des_decrypt3 PROC NEAR
 	mov	DWORD PTR 4[ebx],esi
 	pop	edi
 	pop	esi
-	pop	ebx
 	pop	ebp
+	pop	ebx
 	ret
 _des_decrypt3 ENDP
 _TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_ncbc_encrypt
+
+_des_ncbc_encrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	mov	ebp,		DWORD PTR 28[esp]
+	; getting iv ptr from parameter 4
+	mov	ebx,		DWORD PTR 36[esp]
+	mov	esi,		DWORD PTR [ebx]
+	mov	edi,		DWORD PTR 4[ebx]
+	push	edi
+	push	esi
+	push	edi
+	push	esi
+	mov	ebx,		esp
+	mov	esi,		DWORD PTR 36[esp]
+	mov	edi,		DWORD PTR 40[esp]
+	; getting encrypt flag from parameter 5
+	mov	ecx,		DWORD PTR 56[esp]
+	; get and push parameter 5
+	push	ecx
+	; get and push parameter 3
+	mov	eax,		DWORD PTR 52[esp]
+	push	eax
+	push	ebx
+	cmp	ecx,		0
+	jz	$L004decrypt
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 12[esp]
+	mov	ebx,		DWORD PTR 16[esp]
+	jz	$L005encrypt_finish
+L006encrypt_loop:
+	mov	ecx,		DWORD PTR [esi]
+	mov	edx,		DWORD PTR 4[esi]
+	xor	eax,		ecx
+	xor	ebx,		edx
+	mov	DWORD PTR 12[esp],eax
+	mov	DWORD PTR 16[esp],ebx
+	call	_des_encrypt
+	mov	eax,		DWORD PTR 12[esp]
+	mov	ebx,		DWORD PTR 16[esp]
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L006encrypt_loop
+$L005encrypt_finish:
+	mov	ebp,		DWORD PTR 56[esp]
+	and	ebp,		7
+	jz	$L007finish
+	xor	ecx,		ecx
+	xor	edx,		edx
+	mov	ebp,		DWORD PTR $L008cbc_enc_jmp_table[ebp*4]
+	jmp	 ebp
+L009ej7:
+	mov	dh,		BYTE PTR 6[esi]
+	shl	edx,		8
+L010ej6:
+	mov	dh,		BYTE PTR 5[esi]
+L011ej5:
+	mov	dl,		BYTE PTR 4[esi]
+L012ej4:
+	mov	ecx,		DWORD PTR [esi]
+	jmp	$L013ejend
+L014ej3:
+	mov	ch,		BYTE PTR 2[esi]
+	shl	ecx,		8
+L015ej2:
+	mov	ch,		BYTE PTR 1[esi]
+L016ej1:
+	mov	cl,		BYTE PTR [esi]
+$L013ejend:
+	xor	eax,		ecx
+	xor	ebx,		edx
+	mov	DWORD PTR 12[esp],eax
+	mov	DWORD PTR 16[esp],ebx
+	call	_des_encrypt
+	mov	eax,		DWORD PTR 12[esp]
+	mov	ebx,		DWORD PTR 16[esp]
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	jmp	$L007finish
+$L004decrypt:
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 20[esp]
+	mov	ebx,		DWORD PTR 24[esp]
+	jz	$L017decrypt_finish
+L018decrypt_loop:
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR 12[esp],eax
+	mov	DWORD PTR 16[esp],ebx
+	call	_des_encrypt
+	mov	eax,		DWORD PTR 12[esp]
+	mov	ebx,		DWORD PTR 16[esp]
+	mov	ecx,		DWORD PTR 20[esp]
+	mov	edx,		DWORD PTR 24[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR [edi],ecx
+	mov	DWORD PTR 4[edi],edx
+	mov	DWORD PTR 20[esp],eax
+	mov	DWORD PTR 24[esp],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L018decrypt_loop
+$L017decrypt_finish:
+	mov	ebp,		DWORD PTR 56[esp]
+	and	ebp,		7
+	jz	$L007finish
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR 12[esp],eax
+	mov	DWORD PTR 16[esp],ebx
+	call	_des_encrypt
+	mov	eax,		DWORD PTR 12[esp]
+	mov	ebx,		DWORD PTR 16[esp]
+	mov	ecx,		DWORD PTR 20[esp]
+	mov	edx,		DWORD PTR 24[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+L019dj7:
+	ror	edx,		16
+	mov	BYTE PTR 6[edi],dl
+	shr	edx,		16
+L020dj6:
+	mov	BYTE PTR 5[edi],dh
+L021dj5:
+	mov	BYTE PTR 4[edi],dl
+L022dj4:
+	mov	DWORD PTR [edi],ecx
+	jmp	$L023djend
+L024dj3:
+	ror	ecx,		16
+	mov	BYTE PTR 2[edi],cl
+	shl	ecx,		16
+L025dj2:
+	mov	BYTE PTR 1[esi],ch
+L026dj1:
+	mov	BYTE PTR [esi],	cl
+$L023djend:
+	jmp	$L007finish
+$L007finish:
+	mov	ecx,		DWORD PTR 64[esp]
+	add	esp,		28
+	mov	DWORD PTR [ecx],eax
+	mov	DWORD PTR 4[ecx],ebx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+$L008cbc_enc_jmp_table:
+	DD	0
+	DD	L016ej1
+	DD	L015ej2
+	DD	L014ej3
+	DD	L012ej4
+	DD	L011ej5
+	DD	L010ej6
+	DD	L009ej7
+L027cbc_dec_jmp_table:
+	DD	0
+	DD	L026dj1
+	DD	L025dj2
+	DD	L024dj3
+	DD	L022dj4
+	DD	L021dj5
+	DD	L020dj6
+	DD	L019dj7
+_des_ncbc_encrypt ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_ede3_cbc_encrypt
+
+_des_ede3_cbc_encrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	mov	ebp,		DWORD PTR 28[esp]
+	; getting iv ptr from parameter 6
+	mov	ebx,		DWORD PTR 44[esp]
+	mov	esi,		DWORD PTR [ebx]
+	mov	edi,		DWORD PTR 4[ebx]
+	push	edi
+	push	esi
+	push	edi
+	push	esi
+	mov	ebx,		esp
+	mov	esi,		DWORD PTR 36[esp]
+	mov	edi,		DWORD PTR 40[esp]
+	; getting encrypt flag from parameter 7
+	mov	ecx,		DWORD PTR 64[esp]
+	; get and push parameter 5
+	mov	eax,		DWORD PTR 56[esp]
+	push	eax
+	; get and push parameter 4
+	mov	eax,		DWORD PTR 56[esp]
+	push	eax
+	; get and push parameter 3
+	mov	eax,		DWORD PTR 56[esp]
+	push	eax
+	push	ebx
+	cmp	ecx,		0
+	jz	$L028decrypt
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	jz	$L029encrypt_finish
+L030encrypt_loop:
+	mov	ecx,		DWORD PTR [esi]
+	mov	edx,		DWORD PTR 4[esi]
+	xor	eax,		ecx
+	xor	ebx,		edx
+	mov	DWORD PTR 16[esp],eax
+	mov	DWORD PTR 20[esp],ebx
+	call	_des_encrypt3
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L030encrypt_loop
+$L029encrypt_finish:
+	mov	ebp,		DWORD PTR 60[esp]
+	and	ebp,		7
+	jz	$L031finish
+	xor	ecx,		ecx
+	xor	edx,		edx
+	mov	ebp,		DWORD PTR $L032cbc_enc_jmp_table[ebp*4]
+	jmp	 ebp
+L033ej7:
+	mov	dh,		BYTE PTR 6[esi]
+	shl	edx,		8
+L034ej6:
+	mov	dh,		BYTE PTR 5[esi]
+L035ej5:
+	mov	dl,		BYTE PTR 4[esi]
+L036ej4:
+	mov	ecx,		DWORD PTR [esi]
+	jmp	$L037ejend
+L038ej3:
+	mov	ch,		BYTE PTR 2[esi]
+	shl	ecx,		8
+L039ej2:
+	mov	ch,		BYTE PTR 1[esi]
+L040ej1:
+	mov	cl,		BYTE PTR [esi]
+$L037ejend:
+	xor	eax,		ecx
+	xor	ebx,		edx
+	mov	DWORD PTR 16[esp],eax
+	mov	DWORD PTR 20[esp],ebx
+	call	_des_encrypt3
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	jmp	$L031finish
+$L028decrypt:
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 24[esp]
+	mov	ebx,		DWORD PTR 28[esp]
+	jz	$L041decrypt_finish
+L042decrypt_loop:
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR 16[esp],eax
+	mov	DWORD PTR 20[esp],ebx
+	call	_des_decrypt3
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	ecx,		DWORD PTR 24[esp]
+	mov	edx,		DWORD PTR 28[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR [edi],ecx
+	mov	DWORD PTR 4[edi],edx
+	mov	DWORD PTR 24[esp],eax
+	mov	DWORD PTR 28[esp],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L042decrypt_loop
+$L041decrypt_finish:
+	mov	ebp,		DWORD PTR 60[esp]
+	and	ebp,		7
+	jz	$L031finish
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR 16[esp],eax
+	mov	DWORD PTR 20[esp],ebx
+	call	_des_decrypt3
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	ecx,		DWORD PTR 24[esp]
+	mov	edx,		DWORD PTR 28[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+L043dj7:
+	ror	edx,		16
+	mov	BYTE PTR 6[edi],dl
+	shr	edx,		16
+L044dj6:
+	mov	BYTE PTR 5[edi],dh
+L045dj5:
+	mov	BYTE PTR 4[edi],dl
+L046dj4:
+	mov	DWORD PTR [edi],ecx
+	jmp	$L047djend
+L048dj3:
+	ror	ecx,		16
+	mov	BYTE PTR 2[edi],cl
+	shl	ecx,		16
+L049dj2:
+	mov	BYTE PTR 1[esi],ch
+L050dj1:
+	mov	BYTE PTR [esi],	cl
+$L047djend:
+	jmp	$L031finish
+$L031finish:
+	mov	ecx,		DWORD PTR 76[esp]
+	add	esp,		32
+	mov	DWORD PTR [ecx],eax
+	mov	DWORD PTR 4[ecx],ebx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+$L032cbc_enc_jmp_table:
+	DD	0
+	DD	L040ej1
+	DD	L039ej2
+	DD	L038ej3
+	DD	L036ej4
+	DD	L035ej5
+	DD	L034ej6
+	DD	L033ej7
+L051cbc_dec_jmp_table:
+	DD	0
+	DD	L050dj1
+	DD	L049dj2
+	DD	L048dj3
+	DD	L046dj4
+	DD	L045dj5
+	DD	L044dj6
+	DD	L043dj7
+_des_ede3_cbc_encrypt ENDP
+_TEXT	ENDS
 END
diff --git a/crypto/des/asm/des686.pl b/crypto/des/asm/des686.pl
index efd9f592e..77dc5b51c 100644
--- a/crypto/des/asm/des686.pl
+++ b/crypto/des/asm/des686.pl
@@ -1,230 +1,230 @@
 #!/usr/local/bin/perl
-

-$prog="des686.pl";

-

-# base code is in microsft

-# op dest, source

-# format.

-#

-

-# WILL NOT WORK ANYMORE WITH desboth.pl

-require "desboth.pl";

-

-if (	($ARGV[0] eq "elf"))

-	{ require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "a.out"))

-	{ $aout=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "sol"))

-	{ $sol=1; require "x86unix.pl"; }

-elsif ( ($ARGV[0] eq "cpp"))

-	{ $cpp=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "win32"))

-	{ require "x86ms.pl"; }

-else

-	{

-	print STDERR <<"EOF";

-Pick one target type from

-	elf	- linux, FreeBSD etc

-	a.out	- old linux

-	sol	- x86 solaris

-	cpp	- format so x86unix.cpp can be used

-	win32	- Windows 95/Windows NT

-EOF

-	exit(1);

-	}

-

-&comment("Don't even think of reading this code");

-&comment("It was automatically generated by $prog");

-&comment("Which is a perl program used to generate the x86 assember for");

-&comment("any of elf, a.out, Win32, or Solaris");

-&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");

-&comment("eric <eay\@cryptsoft.com>");

-&comment("");

-

-&file("dx86xxxx");

-

-$L="edi";

-$R="esi";

-

-&des_encrypt("des_encrypt",1);

-&des_encrypt("des_encrypt2",0);

-

-&des_encrypt3("des_encrypt3",1);

-&des_encrypt3("des_decrypt3",0);

-

-&file_end();

-

-sub des_encrypt

-	{

-	local($name,$do_ip)=@_;

-

-	&function_begin($name,3,"EXTRN   _des_SPtrans:DWORD");

-

-	&comment("");

-	&comment("Load the 2 words");

-	&mov("eax",&wparam(0));

-	&mov($L,&DWP(0,"eax","",0));

-	&mov($R,&DWP(4,"eax","",0));

-

-	$ksp=&wparam(1);

-

-	if ($do_ip)

-		{

-		&comment("");

-		&comment("IP");

-		&IP($L,$R,"eax");

-		}

-

-	&comment("");

-	&comment("fixup rotate");

-	&rotl($R,3);

-	&rotl($L,3);

-	&exch($L,$R);

-

-	&comment("");

-	&comment("load counter, key_schedule and enc flag");

-	&mov("eax",&wparam(2));	# get encrypt flag

-	&mov("ebp",&wparam(1));	# get ks

-	&cmp("eax","0");

-	&je(&label("start_decrypt"));

-

-	# encrypting part

-

-	for ($i=0; $i<16; $i+=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");

-

-		&comment("");

-		&comment("Round ".sprintf("%d",$i+1));

-		&D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");

-		}

-	&jmp(&label("end"));

-

-	&set_label("start_decrypt");

-

-	for ($i=15; $i>0; $i-=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");

-		&comment("");

-		&comment("Round ".sprintf("%d",$i-1));

-		&D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");

-		}

-

-	&set_label("end");

-

-	&comment("");

-	&comment("Fixup");

-	&rotr($L,3);		# r

-	&rotr($R,3);		# l

-

-	if ($do_ip)

-		{

-		&comment("");

-		&comment("FP");

-		&FP($R,$L,"eax");

-		}

-

-	&mov("eax",&wparam(0));

-	&mov(&DWP(0,"eax","",0),$L);

-	&mov(&DWP(4,"eax","",0),$R);

-

-	&function_end($name);

-	}

-

-

-# The logic is to load R into 2 registers and operate on both at the same time.

-# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'

-# while also masking the other copy and doing a lookup.  We then also accumulate the

-# L value in 2 registers then combine them at the end.

-sub D_ENCRYPT

-	{

-	local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;

-

-	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));

-	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));

-	&xor(	$u,		$R		);

-	&xor(	$t,		$R		);

-	&rotr(	$t,		4		);

-

-	# the numbers at the end of the line are origional instruction order

-	&mov(	$tmp2,		$u		);			# 1 2

-	&mov(	$tmp1,		$t		);			# 1 1

-	&and(	$tmp2,		"0xfc"		);			# 1 4

-	&and(	$tmp1,		"0xfc"		);			# 1 3

-	&shr(	$t,		8		);			# 1 5

-	&xor(	$L,		&DWP("0x100+$desSP",$tmp1,"",0));	# 1 7

-	&shr(	$u,		8		);			# 1 6

-	&mov(	$tmp1,		&DWP("      $desSP",$tmp2,"",0));	# 1 8

-

-	&mov(	$tmp2,		$u		);			# 2 2

-	&xor(	$L,		$tmp1		);			# 1 9

-	&and(	$tmp2,		"0xfc"		);			# 2 4

-	&mov(	$tmp1,		$t		);			# 2 1

-	&and(	$tmp1,		"0xfc"		);			# 2 3

-	&shr(	$t,		8		);			# 2 5

-	&xor(	$L,		&DWP("0x300+$desSP",$tmp1,"",0));	# 2 7

-	&shr(	$u,		8		);			# 2 6

-	&mov(	$tmp1,		&DWP("0x200+$desSP",$tmp2,"",0));	# 2 8

-	&mov(	$tmp2,		$u		);			# 3 2

-

-	&xor(	$L,		$tmp1		);			# 2 9

-	&and(	$tmp2,		"0xfc"		);			# 3 4

-

-	&mov(	$tmp1,		$t		);			# 3 1 

-	&shr(	$u,		8		);			# 3 6

-	&and(	$tmp1,		"0xfc"		);			# 3 3

-	&shr(	$t,		8		);			# 3 5

-	&xor(	$L,		&DWP("0x500+$desSP",$tmp1,"",0));	# 3 7

-	&mov(	$tmp1,		&DWP("0x400+$desSP",$tmp2,"",0));	# 3 8

-

-	&and(	$t,		"0xfc"		);			# 4 1

-	&xor(	$L,		$tmp1		);			# 3 9

-

-	&and(	$u,		"0xfc"		);			# 4 2

-	&xor(	$L,		&DWP("0x700+$desSP",$t,"",0));		# 4 3

-	&xor(	$L,		&DWP("0x600+$desSP",$u,"",0));		# 4 4

-	}

-

-sub PERM_OP

-	{

-	local($a,$b,$tt,$shift,$mask)=@_;

-

-	&mov(	$tt,		$a		);

-	&shr(	$tt,		$shift		);

-	&xor(	$tt,		$b		);

-	&and(	$tt,		$mask		);

-	&xor(	$b,		$tt		);

-	&shl(	$tt,		$shift		);

-	&xor(	$a,		$tt		);

-	}

-

-sub IP

-	{

-	local($l,$r,$tt)=@_;

-

-	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");

-	&PERM_OP($l,$r,$tt,16,"0x0000ffff");

-	&PERM_OP($r,$l,$tt, 2,"0x33333333");

-	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");

-	&PERM_OP($r,$l,$tt, 1,"0x55555555");

-	}

-

-sub FP

-	{

-	local($l,$r,$tt)=@_;

-

-	&PERM_OP($l,$r,$tt, 1,"0x55555555");

-        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");

-        &PERM_OP($l,$r,$tt, 2,"0x33333333");

-        &PERM_OP($r,$l,$tt,16,"0x0000ffff");

-        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");

-	}

-

-sub n2a

-	{

-	sprintf("%d",$_[0]);

-	}

+
+$prog="des686.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+# WILL NOT WORK ANYMORE WITH desboth.pl
+require "desboth.pl";
+
+if (	($ARGV[0] eq "elf"))
+	{ require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "a.out"))
+	{ $aout=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "sol"))
+	{ $sol=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "cpp"))
+	{ $cpp=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "win32"))
+	{ require "x86ms.pl"; }
+else
+	{
+	print STDERR <<"EOF";
+Pick one target type from
+	elf	- linux, FreeBSD etc
+	a.out	- old linux
+	sol	- x86 solaris
+	cpp	- format so x86unix.cpp can be used
+	win32	- Windows 95/Windows NT
+EOF
+	exit(1);
+	}
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric <eay\@cryptsoft.com>");
+&comment("");
+
+&file("dx86xxxx");
+
+$L="edi";
+$R="esi";
+
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+
+	&comment("");
+	&comment("Load the 2 words");
+	&mov("eax",&wparam(0));
+	&mov($L,&DWP(0,"eax","",0));
+	&mov($R,&DWP(4,"eax","",0));
+
+	$ksp=&wparam(1);
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("IP");
+		&IP_new($L,$R,"eax");
+		}
+
+	&comment("");
+	&comment("fixup rotate");
+	&rotl($R,3);
+	&rotl($L,3);
+	&exch($L,$R);
+
+	&comment("");
+	&comment("load counter, key_schedule and enc flag");
+	&mov("eax",&wparam(2));	# get encrypt flag
+	&mov("ebp",&wparam(1));	# get ks
+	&cmp("eax","0");
+	&je(&label("start_decrypt"));
+
+	# encrypting part
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		}
+
+	&set_label("end");
+
+	&comment("");
+	&comment("Fixup");
+	&rotr($L,3);		# r
+	&rotr($R,3);		# l
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&FP_new($R,$L,"eax");
+		}
+
+	&mov("eax",&wparam(0));
+	&mov(&DWP(0,"eax","",0),$L);
+	&mov(&DWP(4,"eax","",0),$R);
+
+	&function_end($name);
+	}
+
+
+# The logic is to load R into 2 registers and operate on both at the same time.
+# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'
+# while also masking the other copy and doing a lookup.  We then also accumulate the
+# L value in 2 registers then combine them at the end.
+sub D_ENCRYPT
+	{
+	local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;
+
+	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&xor(	$u,		$R		);
+	&xor(	$t,		$R		);
+	&rotr(	$t,		4		);
+
+	# the numbers at the end of the line are origional instruction order
+	&mov(	$tmp2,		$u		);			# 1 2
+	&mov(	$tmp1,		$t		);			# 1 1
+	&and(	$tmp2,		"0xfc"		);			# 1 4
+	&and(	$tmp1,		"0xfc"		);			# 1 3
+	&shr(	$t,		8		);			# 1 5
+	&xor(	$L,		&DWP("0x100+$desSP",$tmp1,"",0));	# 1 7
+	&shr(	$u,		8		);			# 1 6
+	&mov(	$tmp1,		&DWP("      $desSP",$tmp2,"",0));	# 1 8
+
+	&mov(	$tmp2,		$u		);			# 2 2
+	&xor(	$L,		$tmp1		);			# 1 9
+	&and(	$tmp2,		"0xfc"		);			# 2 4
+	&mov(	$tmp1,		$t		);			# 2 1
+	&and(	$tmp1,		"0xfc"		);			# 2 3
+	&shr(	$t,		8		);			# 2 5
+	&xor(	$L,		&DWP("0x300+$desSP",$tmp1,"",0));	# 2 7
+	&shr(	$u,		8		);			# 2 6
+	&mov(	$tmp1,		&DWP("0x200+$desSP",$tmp2,"",0));	# 2 8
+	&mov(	$tmp2,		$u		);			# 3 2
+
+	&xor(	$L,		$tmp1		);			# 2 9
+	&and(	$tmp2,		"0xfc"		);			# 3 4
+
+	&mov(	$tmp1,		$t		);			# 3 1 
+	&shr(	$u,		8		);			# 3 6
+	&and(	$tmp1,		"0xfc"		);			# 3 3
+	&shr(	$t,		8		);			# 3 5
+	&xor(	$L,		&DWP("0x500+$desSP",$tmp1,"",0));	# 3 7
+	&mov(	$tmp1,		&DWP("0x400+$desSP",$tmp2,"",0));	# 3 8
+
+	&and(	$t,		"0xfc"		);			# 4 1
+	&xor(	$L,		$tmp1		);			# 3 9
+
+	&and(	$u,		"0xfc"		);			# 4 2
+	&xor(	$L,		&DWP("0x700+$desSP",$t,"",0));		# 4 3
+	&xor(	$L,		&DWP("0x600+$desSP",$u,"",0));		# 4 4
+	}
+
+sub PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask)=@_;
+
+	&mov(	$tt,		$a		);
+	&shr(	$tt,		$shift		);
+	&xor(	$tt,		$b		);
+	&and(	$tt,		$mask		);
+	&xor(	$b,		$tt		);
+	&shl(	$tt,		$shift		);
+	&xor(	$a,		$tt		);
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
+	&PERM_OP($l,$r,$tt,16,"0x0000ffff");
+	&PERM_OP($r,$l,$tt, 2,"0x33333333");
+	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
+	&PERM_OP($r,$l,$tt, 1,"0x55555555");
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($l,$r,$tt, 1,"0x55555555");
+        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
+        &PERM_OP($l,$r,$tt, 2,"0x33333333");
+        &PERM_OP($r,$l,$tt,16,"0x0000ffff");
+        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
index b94138ce6..288984d13 100644
--- a/crypto/des/asm/desboth.pl
+++ b/crypto/des/asm/desboth.pl
@@ -1,67 +1,79 @@
 #!/usr/local/bin/perl
-

-$L="edi";

-$R="esi";

-

-sub des_encrypt3

-	{

-	local($name,$enc)=@_;

-

-	&function_begin($name,4,"");

-

-	&comment("");

-	&comment("Load the data words");

-	&mov("ebx",&wparam(0));

-	&mov($L,&DWP(0,"ebx","",0));

-	&mov($R,&DWP(4,"ebx","",0));

-

-	&comment("");

-	&comment("IP");

-	&IP_new($L,$R,"edx",0);

-

-	# put them back

-	

-	if ($enc)

-		{

-		&mov(&DWP(4,"ebx","",0),$R);

-		 &mov("eax",&wparam(1));

-		&mov(&DWP(0,"ebx","",0),"edx");

-		 &mov("edi",&wparam(2));

-		 &mov("esi",&wparam(3));

-		}

-	else

-		{

-		&mov(&DWP(4,"ebx","",0),$R);

-		 &mov("esi",&wparam(1));

-		&mov(&DWP(0,"ebx","",0),"edx");

-		 &mov("edi",&wparam(2));

-		 &mov("eax",&wparam(3));

-		}

-	&push(($enc)?"1":"0");

-	&push("eax");

-	&push("ebx");

-	&call("des_encrypt2");

-	&push(($enc)?"0":"1");

-	&push("edi");

-	&push("ebx");

-	&call("des_encrypt2");

-	&push(($enc)?"1":"0");

-	&push("esi");

-	&push("ebx");

-	&call("des_encrypt2");

-

-	&mov($L,&DWP(0,"ebx","",0));

-	&add("esp",36);

-	&mov($R,&DWP(4,"ebx","",0));

-

-	&comment("");

-	&comment("FP");

-	&FP_new($L,$R,"eax",0);

-

-	&mov(&DWP(0,"ebx","",0),"eax");

-	&mov(&DWP(4,"ebx","",0),$R);

-

-	&function_end($name);

-	}

-

-

+
+$L="edi";
+$R="esi";
+
+sub des_encrypt3
+	{
+	local($name,$enc)=@_;
+
+	&function_begin_B($name,"");
+	&push("ebx");
+	&mov("ebx",&wparam(0));
+
+	&push("ebp");
+	&push("esi");
+
+	&push("edi");
+
+	&comment("");
+	&comment("Load the data words");
+	&mov($L,&DWP(0,"ebx","",0));
+	&mov($R,&DWP(4,"ebx","",0));
+	&stack_push(3);
+
+	&comment("");
+	&comment("IP");
+	&IP_new($L,$R,"edx",0);
+
+	# put them back
+	
+	if ($enc)
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("eax",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("esi",&wparam(3));
+		}
+	else
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("esi",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("eax",&wparam(3));
+		}
+	&mov(&swtmp(2),	(($enc)?"1":"0"));
+	&mov(&swtmp(1),	"eax");
+	&mov(&swtmp(0),	"ebx");
+	&call("des_encrypt2");
+	&mov(&swtmp(2),	(($enc)?"0":"1"));
+	&mov(&swtmp(1),	"edi");
+	&mov(&swtmp(0),	"ebx");
+	&call("des_encrypt2");
+	&mov(&swtmp(2),	(($enc)?"1":"0"));
+	&mov(&swtmp(1),	"esi");
+	&mov(&swtmp(0),	"ebx");
+	&call("des_encrypt2");
+
+	&stack_pop(3);
+	&mov($L,&DWP(0,"ebx","",0));
+	&mov($R,&DWP(4,"ebx","",0));
+
+	&comment("");
+	&comment("FP");
+	&FP_new($L,$R,"eax",0);
+
+	&mov(&DWP(0,"ebx","",0),"eax");
+	&mov(&DWP(4,"ebx","",0),$R);
+
+	&pop("edi");
+	&pop("esi");
+	&pop("ebp");
+	&pop("ebx");
+	&ret();
+	&function_end_B($name);
+	}
+
+
diff --git a/crypto/des/asm/dx86unix.cpp b/crypto/des/asm/dx86unix.cpp
index 941cf1f60..6fca9afa1 100644
--- a/crypto/des/asm/dx86unix.cpp
+++ b/crypto/des/asm/dx86unix.cpp
@@ -1,32 +1,41 @@
+/* Run the C pre-processor over this file with one of the following defined
+ * ELF - elf object files,
+ * OUT - a.out object files,
+ * BSDI - BSDI style a.out object files
+ * SOL - Solaris style elf
+ */
 
-#define TYPE(a,b)	.type	a,b
-#define SIZE(a,b)	.size	a,b
+#define TYPE(a,b)       .type   a,b
+#define SIZE(a,b)       .size   a,b
+
+#if defined(OUT) || defined(BSDI)
+#define des_SPtrans _des_SPtrans
+#define des_encrypt _des_encrypt
+#define des_encrypt2 _des_encrypt2
+#define des_encrypt3 _des_encrypt3
+#define des_decrypt3 _des_decrypt3
+#define des_ncbc_encrypt _des_ncbc_encrypt
+#define des_ede3_cbc_encrypt _des_ede3_cbc_encrypt
+
+#endif
 
 #ifdef OUT
-#define OK		1
-#define des_SPtrans	_des_SPtrans
-#define des_encrypt	_des_encrypt
-#define des_encrypt2	_des_encrypt2
-#define des_encrypt3	_des_encrypt3
-#define des_decrypt3	_des_decrypt3
-#define ALIGN		4
+#define OK	1
+#define ALIGN	4
 #endif
 
 #ifdef BSDI
-#define OK		1
-#define des_SPtrans	_des_SPtrans
-#define des_encrypt	_des_encrypt
-#define des_encrypt2	_des_encrypt2
-#define des_encrypt3	_des_encrypt3
-#define des_decrypt3	_des_decrypt3
-#define ALIGN		4
+#define OK              1
+#define ALIGN           4
 #undef SIZE
 #undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b)
 #endif
 
 #if defined(ELF) || defined(SOL)
-#define OK		1
-#define ALIGN		16
+#define OK              1
+#define ALIGN           16
 #endif
 
 #ifndef OK
@@ -37,5 +46,3157 @@ SOL - solaris systems, which are elf with strange comment lines
 BSDI - a.out with a very primative version of as.
 #endif
 
-#include "dx86-cpp.s" 
+/* Let the Assembler begin :-) */
+	/* Don't even think of reading this code */
+	/* It was automatically generated by des-586.pl */
+	/* Which is a perl program used to generate the x86 assember for */
+	/* any of elf, a.out, BSDI,Win32, or Solaris */
+	/* eric <eay@cryptsoft.com> */
+
+	.file	"des-586.s"
+	.version	"01.01"
+gcc2_compiled.:
+.text
+	.align ALIGN
+.globl des_encrypt
+	TYPE(des_encrypt,@function)
+des_encrypt:
+	pushl	%esi
+	pushl	%edi
+
+	/* Load the 2 words */
+	movl	12(%esp),	%esi
+	xorl	%ecx,		%ecx
+	pushl	%ebx
+	pushl	%ebp
+	movl	(%esi),		%eax
+	movl	28(%esp),	%ebx
+	movl	4(%esi),	%edi
+
+	/* IP */
+	roll	$4,		%eax
+	movl	%eax,		%esi
+	xorl	%edi,		%eax
+	andl	$0xf0f0f0f0,	%eax
+	xorl	%eax,		%esi
+	xorl	%eax,		%edi
+
+	roll	$20,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xfff0000f,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$14,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x33333333,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$22,		%esi
+	movl	%esi,		%eax
+	xorl	%edi,		%esi
+	andl	$0x03fc03fc,	%esi
+	xorl	%esi,		%eax
+	xorl	%esi,		%edi
+
+	roll	$9,		%eax
+	movl	%eax,		%esi
+	xorl	%edi,		%eax
+	andl	$0xaaaaaaaa,	%eax
+	xorl	%eax,		%esi
+	xorl	%eax,		%edi
+
+.byte 209
+.byte 199		/* roll $1 %edi */
+	movl	24(%esp),	%ebp
+	cmpl	$0,		%ebx
+	je	.L000start_decrypt
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+	jmp	.L001end
+.L000start_decrypt:
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+.L001end:
+
+	/* FP */
+	movl	20(%esp),	%edx
+.byte 209
+.byte 206		/* rorl $1 %esi */
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$23,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x03fc03fc,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$10,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$18,		%esi
+	movl	%esi,		%edi
+	xorl	%eax,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%eax
+
+	roll	$12,		%edi
+	movl	%edi,		%esi
+	xorl	%eax,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%eax
+
+	rorl	$4,		%eax
+	movl	%eax,		(%edx)
+	movl	%esi,		4(%edx)
+	popl	%ebp
+	popl	%ebx
+	popl	%edi
+	popl	%esi
+	ret
+.des_encrypt_end:
+	SIZE(des_encrypt,.des_encrypt_end-des_encrypt)
+.ident	"desasm.pl"
+.text
+	.align ALIGN
+.globl des_encrypt2
+	TYPE(des_encrypt2,@function)
+des_encrypt2:
+	pushl	%esi
+	pushl	%edi
+
+	/* Load the 2 words */
+	movl	12(%esp),	%eax
+	xorl	%ecx,		%ecx
+	pushl	%ebx
+	pushl	%ebp
+	movl	(%eax),		%esi
+	movl	28(%esp),	%ebx
+	roll	$3,		%esi
+	movl	4(%eax),	%edi
+	roll	$3,		%edi
+	movl	24(%esp),	%ebp
+	cmpl	$0,		%ebx
+	je	.L002start_decrypt
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+	jmp	.L003end
+.L002start_decrypt:
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+.L003end:
+
+	/* Fixup */
+	rorl	$3,		%edi
+	movl	20(%esp),	%eax
+	rorl	$3,		%esi
+	movl	%edi,		(%eax)
+	movl	%esi,		4(%eax)
+	popl	%ebp
+	popl	%ebx
+	popl	%edi
+	popl	%esi
+	ret
+.des_encrypt2_end:
+	SIZE(des_encrypt2,.des_encrypt2_end-des_encrypt2)
+.ident	"desasm.pl"
+.text
+	.align ALIGN
+.globl des_encrypt3
+	TYPE(des_encrypt3,@function)
+des_encrypt3:
+	pushl	%ebx
+	movl	8(%esp),	%ebx
+	pushl	%ebp
+	pushl	%esi
+	pushl	%edi
+
+	/* Load the data words */
+	movl	(%ebx),		%edi
+	movl	4(%ebx),	%esi
+	subl	$12,		%esp
+
+	/* IP */
+	roll	$4,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	roll	$20,		%esi
+	movl	%esi,		%edi
+	xorl	%edx,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%edx
+
+	roll	$14,		%edi
+	movl	%edi,		%esi
+	xorl	%edx,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%edx
+
+	roll	$22,		%edx
+	movl	%edx,		%edi
+	xorl	%esi,		%edx
+	andl	$0x03fc03fc,	%edx
+	xorl	%edx,		%edi
+	xorl	%edx,		%esi
+
+	roll	$9,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	rorl	$3,		%edx
+	rorl	$2,		%esi
+	movl	%esi,		4(%ebx)
+	movl	36(%esp),	%eax
+	movl	%edx,		(%ebx)
+	movl	40(%esp),	%edi
+	movl	44(%esp),	%esi
+	movl	$1,		8(%esp)
+	movl	%eax,		4(%esp)
+	movl	%ebx,		(%esp)
+	call	des_encrypt2
+	movl	$0,		8(%esp)
+	movl	%edi,		4(%esp)
+	movl	%ebx,		(%esp)
+	call	des_encrypt2
+	movl	$1,		8(%esp)
+	movl	%esi,		4(%esp)
+	movl	%ebx,		(%esp)
+	call	des_encrypt2
+	addl	$12,		%esp
+	movl	(%ebx),		%edi
+	movl	4(%ebx),	%esi
+
+	/* FP */
+	roll	$2,		%esi
+	roll	$3,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$23,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x03fc03fc,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$10,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$18,		%esi
+	movl	%esi,		%edi
+	xorl	%eax,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%eax
+
+	roll	$12,		%edi
+	movl	%edi,		%esi
+	xorl	%eax,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%eax
+
+	rorl	$4,		%eax
+	movl	%eax,		(%ebx)
+	movl	%esi,		4(%ebx)
+	popl	%edi
+	popl	%esi
+	popl	%ebp
+	popl	%ebx
+	ret
+.des_encrypt3_end:
+	SIZE(des_encrypt3,.des_encrypt3_end-des_encrypt3)
+.ident	"desasm.pl"
+.text
+	.align ALIGN
+.globl des_decrypt3
+	TYPE(des_decrypt3,@function)
+des_decrypt3:
+	pushl	%ebx
+	movl	8(%esp),	%ebx
+	pushl	%ebp
+	pushl	%esi
+	pushl	%edi
+
+	/* Load the data words */
+	movl	(%ebx),		%edi
+	movl	4(%ebx),	%esi
+	subl	$12,		%esp
+
+	/* IP */
+	roll	$4,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	roll	$20,		%esi
+	movl	%esi,		%edi
+	xorl	%edx,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%edx
+
+	roll	$14,		%edi
+	movl	%edi,		%esi
+	xorl	%edx,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%edx
+
+	roll	$22,		%edx
+	movl	%edx,		%edi
+	xorl	%esi,		%edx
+	andl	$0x03fc03fc,	%edx
+	xorl	%edx,		%edi
+	xorl	%edx,		%esi
+
+	roll	$9,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	rorl	$3,		%edx
+	rorl	$2,		%esi
+	movl	%esi,		4(%ebx)
+	movl	36(%esp),	%esi
+	movl	%edx,		(%ebx)
+	movl	40(%esp),	%edi
+	movl	44(%esp),	%eax
+	movl	$0,		8(%esp)
+	movl	%eax,		4(%esp)
+	movl	%ebx,		(%esp)
+	call	des_encrypt2
+	movl	$1,		8(%esp)
+	movl	%edi,		4(%esp)
+	movl	%ebx,		(%esp)
+	call	des_encrypt2
+	movl	$0,		8(%esp)
+	movl	%esi,		4(%esp)
+	movl	%ebx,		(%esp)
+	call	des_encrypt2
+	addl	$12,		%esp
+	movl	(%ebx),		%edi
+	movl	4(%ebx),	%esi
+
+	/* FP */
+	roll	$2,		%esi
+	roll	$3,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$23,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x03fc03fc,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$10,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$18,		%esi
+	movl	%esi,		%edi
+	xorl	%eax,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%eax
+
+	roll	$12,		%edi
+	movl	%edi,		%esi
+	xorl	%eax,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%eax
+
+	rorl	$4,		%eax
+	movl	%eax,		(%ebx)
+	movl	%esi,		4(%ebx)
+	popl	%edi
+	popl	%esi
+	popl	%ebp
+	popl	%ebx
+	ret
+.des_decrypt3_end:
+	SIZE(des_decrypt3,.des_decrypt3_end-des_decrypt3)
+.ident	"desasm.pl"
+.text
+	.align ALIGN
+.globl des_ncbc_encrypt
+	TYPE(des_ncbc_encrypt,@function)
+des_ncbc_encrypt:
+
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+	movl	28(%esp),	%ebp
+	/* getting iv ptr from parameter 4 */
+	movl	36(%esp),	%ebx
+	movl	(%ebx),		%esi
+	movl	4(%ebx),	%edi
+	pushl	%edi
+	pushl	%esi
+	pushl	%edi
+	pushl	%esi
+	movl	%esp,		%ebx
+	movl	36(%esp),	%esi
+	movl	40(%esp),	%edi
+	/* getting encrypt flag from parameter 5 */
+	movl	56(%esp),	%ecx
+	/* get and push parameter 5 */
+	pushl	%ecx
+	/* get and push parameter 3 */
+	movl	52(%esp),	%eax
+	pushl	%eax
+	pushl	%ebx
+	cmpl	$0,		%ecx
+	jz	.L004decrypt
+	andl	$4294967288,	%ebp
+	movl	12(%esp),	%eax
+	movl	16(%esp),	%ebx
+	jz	.L005encrypt_finish
+.L006encrypt_loop:
+	movl	(%esi),		%ecx
+	movl	4(%esi),	%edx
+	xorl	%ecx,		%eax
+	xorl	%edx,		%ebx
+	movl	%eax,		12(%esp)
+	movl	%ebx,		16(%esp)
+	call	des_encrypt
+	movl	12(%esp),	%eax
+	movl	16(%esp),	%ebx
+	movl	%eax,		(%edi)
+	movl	%ebx,		4(%edi)
+	addl	$8,		%esi
+	addl	$8,		%edi
+	subl	$8,		%ebp
+	jnz	.L006encrypt_loop
+.L005encrypt_finish:
+	movl	56(%esp),	%ebp
+	andl	$7,		%ebp
+	jz	.L007finish
+	xorl	%ecx,		%ecx
+	xorl	%edx,		%edx
+	movl	.L008cbc_enc_jmp_table(,%ebp,4),%ebp
+	jmp	*%ebp
+.L009ej7:
+	movb	6(%esi),	%dh
+	sall	$8,		%edx
+.L010ej6:
+	movb	5(%esi),	%dh
+.L011ej5:
+	movb	4(%esi),	%dl
+.L012ej4:
+	movl	(%esi),		%ecx
+	jmp	.L013ejend
+.L014ej3:
+	movb	2(%esi),	%ch
+	sall	$8,		%ecx
+.L015ej2:
+	movb	1(%esi),	%ch
+.L016ej1:
+	movb	(%esi),		%cl
+.L013ejend:
+	xorl	%ecx,		%eax
+	xorl	%edx,		%ebx
+	movl	%eax,		12(%esp)
+	movl	%ebx,		16(%esp)
+	call	des_encrypt
+	movl	12(%esp),	%eax
+	movl	16(%esp),	%ebx
+	movl	%eax,		(%edi)
+	movl	%ebx,		4(%edi)
+	jmp	.L007finish
+.align ALIGN
+.L004decrypt:
+	andl	$4294967288,	%ebp
+	movl	20(%esp),	%eax
+	movl	24(%esp),	%ebx
+	jz	.L017decrypt_finish
+.L018decrypt_loop:
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+	movl	%eax,		12(%esp)
+	movl	%ebx,		16(%esp)
+	call	des_encrypt
+	movl	12(%esp),	%eax
+	movl	16(%esp),	%ebx
+	movl	20(%esp),	%ecx
+	movl	24(%esp),	%edx
+	xorl	%eax,		%ecx
+	xorl	%ebx,		%edx
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+	movl	%ecx,		(%edi)
+	movl	%edx,		4(%edi)
+	movl	%eax,		20(%esp)
+	movl	%ebx,		24(%esp)
+	addl	$8,		%esi
+	addl	$8,		%edi
+	subl	$8,		%ebp
+	jnz	.L018decrypt_loop
+.L017decrypt_finish:
+	movl	56(%esp),	%ebp
+	andl	$7,		%ebp
+	jz	.L007finish
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+	movl	%eax,		12(%esp)
+	movl	%ebx,		16(%esp)
+	call	des_encrypt
+	movl	12(%esp),	%eax
+	movl	16(%esp),	%ebx
+	movl	20(%esp),	%ecx
+	movl	24(%esp),	%edx
+	xorl	%eax,		%ecx
+	xorl	%ebx,		%edx
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+.L019dj7:
+	rorl	$16,		%edx
+	movb	%dl,		6(%edi)
+	shrl	$16,		%edx
+.L020dj6:
+	movb	%dh,		5(%edi)
+.L021dj5:
+	movb	%dl,		4(%edi)
+.L022dj4:
+	movl	%ecx,		(%edi)
+	jmp	.L023djend
+.L024dj3:
+	rorl	$16,		%ecx
+	movb	%cl,		2(%edi)
+	sall	$16,		%ecx
+.L025dj2:
+	movb	%ch,		1(%esi)
+.L026dj1:
+	movb	%cl,		(%esi)
+.L023djend:
+	jmp	.L007finish
+.align ALIGN
+.L007finish:
+	movl	64(%esp),	%ecx
+	addl	$28,		%esp
+	movl	%eax,		(%ecx)
+	movl	%ebx,		4(%ecx)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.align ALIGN
+.L008cbc_enc_jmp_table:
+	.long 0
+	.long .L016ej1
+	.long .L015ej2
+	.long .L014ej3
+	.long .L012ej4
+	.long .L011ej5
+	.long .L010ej6
+	.long .L009ej7
+.align ALIGN
+.L027cbc_dec_jmp_table:
+	.long 0
+	.long .L026dj1
+	.long .L025dj2
+	.long .L024dj3
+	.long .L022dj4
+	.long .L021dj5
+	.long .L020dj6
+	.long .L019dj7
+.des_ncbc_encrypt_end:
+	SIZE(des_ncbc_encrypt,.des_ncbc_encrypt_end-des_ncbc_encrypt)
+.ident	"desasm.pl"
+.text
+	.align ALIGN
+.globl des_ede3_cbc_encrypt
+	TYPE(des_ede3_cbc_encrypt,@function)
+des_ede3_cbc_encrypt:
 
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+	movl	28(%esp),	%ebp
+	/* getting iv ptr from parameter 6 */
+	movl	44(%esp),	%ebx
+	movl	(%ebx),		%esi
+	movl	4(%ebx),	%edi
+	pushl	%edi
+	pushl	%esi
+	pushl	%edi
+	pushl	%esi
+	movl	%esp,		%ebx
+	movl	36(%esp),	%esi
+	movl	40(%esp),	%edi
+	/* getting encrypt flag from parameter 7 */
+	movl	64(%esp),	%ecx
+	/* get and push parameter 5 */
+	movl	56(%esp),	%eax
+	pushl	%eax
+	/* get and push parameter 4 */
+	movl	56(%esp),	%eax
+	pushl	%eax
+	/* get and push parameter 3 */
+	movl	56(%esp),	%eax
+	pushl	%eax
+	pushl	%ebx
+	cmpl	$0,		%ecx
+	jz	.L028decrypt
+	andl	$4294967288,	%ebp
+	movl	16(%esp),	%eax
+	movl	20(%esp),	%ebx
+	jz	.L029encrypt_finish
+.L030encrypt_loop:
+	movl	(%esi),		%ecx
+	movl	4(%esi),	%edx
+	xorl	%ecx,		%eax
+	xorl	%edx,		%ebx
+	movl	%eax,		16(%esp)
+	movl	%ebx,		20(%esp)
+	call	des_encrypt3
+	movl	16(%esp),	%eax
+	movl	20(%esp),	%ebx
+	movl	%eax,		(%edi)
+	movl	%ebx,		4(%edi)
+	addl	$8,		%esi
+	addl	$8,		%edi
+	subl	$8,		%ebp
+	jnz	.L030encrypt_loop
+.L029encrypt_finish:
+	movl	60(%esp),	%ebp
+	andl	$7,		%ebp
+	jz	.L031finish
+	xorl	%ecx,		%ecx
+	xorl	%edx,		%edx
+	movl	.L032cbc_enc_jmp_table(,%ebp,4),%ebp
+	jmp	*%ebp
+.L033ej7:
+	movb	6(%esi),	%dh
+	sall	$8,		%edx
+.L034ej6:
+	movb	5(%esi),	%dh
+.L035ej5:
+	movb	4(%esi),	%dl
+.L036ej4:
+	movl	(%esi),		%ecx
+	jmp	.L037ejend
+.L038ej3:
+	movb	2(%esi),	%ch
+	sall	$8,		%ecx
+.L039ej2:
+	movb	1(%esi),	%ch
+.L040ej1:
+	movb	(%esi),		%cl
+.L037ejend:
+	xorl	%ecx,		%eax
+	xorl	%edx,		%ebx
+	movl	%eax,		16(%esp)
+	movl	%ebx,		20(%esp)
+	call	des_encrypt3
+	movl	16(%esp),	%eax
+	movl	20(%esp),	%ebx
+	movl	%eax,		(%edi)
+	movl	%ebx,		4(%edi)
+	jmp	.L031finish
+.align ALIGN
+.L028decrypt:
+	andl	$4294967288,	%ebp
+	movl	24(%esp),	%eax
+	movl	28(%esp),	%ebx
+	jz	.L041decrypt_finish
+.L042decrypt_loop:
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+	movl	%eax,		16(%esp)
+	movl	%ebx,		20(%esp)
+	call	des_decrypt3
+	movl	16(%esp),	%eax
+	movl	20(%esp),	%ebx
+	movl	24(%esp),	%ecx
+	movl	28(%esp),	%edx
+	xorl	%eax,		%ecx
+	xorl	%ebx,		%edx
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+	movl	%ecx,		(%edi)
+	movl	%edx,		4(%edi)
+	movl	%eax,		24(%esp)
+	movl	%ebx,		28(%esp)
+	addl	$8,		%esi
+	addl	$8,		%edi
+	subl	$8,		%ebp
+	jnz	.L042decrypt_loop
+.L041decrypt_finish:
+	movl	60(%esp),	%ebp
+	andl	$7,		%ebp
+	jz	.L031finish
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+	movl	%eax,		16(%esp)
+	movl	%ebx,		20(%esp)
+	call	des_decrypt3
+	movl	16(%esp),	%eax
+	movl	20(%esp),	%ebx
+	movl	24(%esp),	%ecx
+	movl	28(%esp),	%edx
+	xorl	%eax,		%ecx
+	xorl	%ebx,		%edx
+	movl	(%esi),		%eax
+	movl	4(%esi),	%ebx
+.L043dj7:
+	rorl	$16,		%edx
+	movb	%dl,		6(%edi)
+	shrl	$16,		%edx
+.L044dj6:
+	movb	%dh,		5(%edi)
+.L045dj5:
+	movb	%dl,		4(%edi)
+.L046dj4:
+	movl	%ecx,		(%edi)
+	jmp	.L047djend
+.L048dj3:
+	rorl	$16,		%ecx
+	movb	%cl,		2(%edi)
+	sall	$16,		%ecx
+.L049dj2:
+	movb	%ch,		1(%esi)
+.L050dj1:
+	movb	%cl,		(%esi)
+.L047djend:
+	jmp	.L031finish
+.align ALIGN
+.L031finish:
+	movl	76(%esp),	%ecx
+	addl	$32,		%esp
+	movl	%eax,		(%ecx)
+	movl	%ebx,		4(%ecx)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.align ALIGN
+.L032cbc_enc_jmp_table:
+	.long 0
+	.long .L040ej1
+	.long .L039ej2
+	.long .L038ej3
+	.long .L036ej4
+	.long .L035ej5
+	.long .L034ej6
+	.long .L033ej7
+.align ALIGN
+.L051cbc_dec_jmp_table:
+	.long 0
+	.long .L050dj1
+	.long .L049dj2
+	.long .L048dj3
+	.long .L046dj4
+	.long .L045dj5
+	.long .L044dj6
+	.long .L043dj7
+.des_ede3_cbc_encrypt_end:
+	SIZE(des_ede3_cbc_encrypt,.des_ede3_cbc_encrypt_end-des_ede3_cbc_encrypt)
+.ident	"desasm.pl"
diff --git a/crypto/des/asm/readme b/crypto/des/asm/readme
index da2561a6b..f8529d930 100644
--- a/crypto/des/asm/readme
+++ b/crypto/des/asm/readme
@@ -1,131 +1,131 @@
-First up, let me say I don't like writing in assembler.  It is not portable,

-dependant on the particular CPU architecture release and is generally a pig

-to debug and get right.  Having said that, the x86 architecture is probably

-the most important for speed due to number of boxes and since

-it appears to be the worst architecture to to get

-good C compilers for.  So due to this, I have lowered myself to do

-assembler for the inner DES routines in libdes :-).

-

-The file to implement in assembler is des_enc.c.  Replace the following

-4 functions

-des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);

-des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);

-des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);

-des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);

-

-They encrypt/decrypt the 64 bits held in 'data' using

-the 'ks' key schedules.   The only difference between the 4 functions is that

-des_encrypt2() does not perform IP() or FP() on the data (this is an

-optimization for when doing triple DES and des_encrypt3() and des_decrypt3()

-perform triple des.  The triple DES routines are in here because it does

-make a big difference to have them located near the des_encrypt2 function

-at link time..

-

-Now as we all know, there are lots of different operating systems running on

-x86 boxes, and unfortunately they normally try to make sure their assembler

-formating is not the same as the other peoples.

-The 4 main formats I know of are

-Microsoft	Windows 95/Windows NT

-Elf		Includes Linux and FreeBSD(?).

-a.out		The older Linux.

-Solaris		Same as Elf but different comments :-(.

-

-Now I was not overly keen to write 4 different copies of the same code,

-so I wrote a few perl routines to output the correct assembler, given

-a target assembler type.  This code is ugly and is just a hack.

-The libraries are x86unix.pl and x86ms.pl.

-des586.pl, des686.pl and des-som[23].pl are the programs to actually

-generate the assembler.

-

-So to generate elf assembler

-perl des-som3.pl elf >dx86-elf.s

-For Windows 95/NT

-perl des-som2.pl win32 >win32.asm

-

-[ update 4 Jan 1996 ]

-I have added another way to do things.

-perl des-som3.pl cpp >dx86-cpp.s

-generates a file that will be included by dx86unix.cpp when it is compiled.

-To build for elf, a.out, solaris, bsdi etc,

-cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o

-cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o

-cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o

-cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o

-This was done to cut down the number of files in the distribution.

-

-Now the ugly part.  I acquired my copy of Intels

-"Optimization's For Intel's 32-Bit Processors" and found a few interesting

-things.  First, the aim of the exersize is to 'extract' one byte at a time

-from a word and do an array lookup.  This involves getting the byte from

-the 4 locations in the word and moving it to a new word and doing the lookup.

-The most obvious way to do this is

-xor	eax,	eax				# clear word

-movb	al,	cl				# get low byte

-xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in word

-movb	al,	ch				# get next byte

-xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in word

-shr	ecx	16

-which seems ok.  For the pentium, this system appears to be the best.

-One has to do instruction interleaving to keep both functional units

-operating, but it is basically very efficient.

-

-Now the crunch.  When a full register is used after a partial write, eg.

-mov	al,	cl

-xor	edi,	DWORD PTR 0x100+des_SP[eax]

-386	- 1 cycle stall

-486	- 1 cycle stall

-586	- 0 cycle stall

-686	- at least 7 cycle stall (page 22 of the above mentioned document).

-

-So the technique that produces the best results on a pentium, according to

-the documentation, will produce hideous results on a pentium pro.

-

-To get around this, des686.pl will generate code that is not as fast on

-a pentium, should be very good on a pentium pro.

-mov	eax,	ecx				# copy word 

-shr	ecx,	8				# line up next byte

-and	eax,	0fch				# mask byte

-xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in array lookup

-mov	eax,	ecx				# get word

-shr	ecx	8				# line up next byte

-and	eax,	0fch				# mask byte

-xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in array lookup

-

-Due to the execution units in the pentium, this actually works quite well.

-For a pentium pro it should be very good.  This is the type of output

-Visual C++ generates.

-

-There is a third option.  instead of using

-mov	al,	ch

-which is bad on the pentium pro, one may be able to use

-movzx	eax,	ch

-which may not incur the partial write penalty.  On the pentium,

-this instruction takes 4 cycles so is not worth using but on the

-pentium pro it appears it may be worth while.  I need access to one to

-experiment :-).

-

-eric (20 Oct 1996)

-

-22 Nov 1996 - I have asked people to run the 2 different version on pentium

-pros and it appears that the intel documentation is wrong.  The

-mov al,bh is still faster on a pentium pro, so just use the des586.pl

-install des686.pl

-

-3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these

-functions into des_enc.c because it does make a massive performance

-difference on some boxes to have the functions code located close to

-the des_encrypt2() function.

-

-9 Jan 1997 - des-som2.pl is now the correct perl script to use for

-pentiums.  It contains an inner loop from

-Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> which does raw ecb DES calls at

-273,000 per second.  He had a previous version at 250,000 and the best

-I was able to get was 203,000.  The content has not changed, this is all

-due to instruction sequencing (and actual instructions choice) which is able

-to keep both functional units of the pentium going.

-We may have lost the ugly register usage restrictions when x86 went 32 bit

-but for the pentium it has been replaced by evil instruction ordering tricks.

-

-13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.

-raw DES at 281,000 per second on a pentium 100.

-

+First up, let me say I don't like writing in assembler.  It is not portable,
+dependant on the particular CPU architecture release and is generally a pig
+to debug and get right.  Having said that, the x86 architecture is probably
+the most important for speed due to number of boxes and since
+it appears to be the worst architecture to to get
+good C compilers for.  So due to this, I have lowered myself to do
+assembler for the inner DES routines in libdes :-).
+
+The file to implement in assembler is des_enc.c.  Replace the following
+4 functions
+des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+
+They encrypt/decrypt the 64 bits held in 'data' using
+the 'ks' key schedules.   The only difference between the 4 functions is that
+des_encrypt2() does not perform IP() or FP() on the data (this is an
+optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
+perform triple des.  The triple DES routines are in here because it does
+make a big difference to have them located near the des_encrypt2 function
+at link time..
+
+Now as we all know, there are lots of different operating systems running on
+x86 boxes, and unfortunately they normally try to make sure their assembler
+formating is not the same as the other peoples.
+The 4 main formats I know of are
+Microsoft	Windows 95/Windows NT
+Elf		Includes Linux and FreeBSD(?).
+a.out		The older Linux.
+Solaris		Same as Elf but different comments :-(.
+
+Now I was not overly keen to write 4 different copies of the same code,
+so I wrote a few perl routines to output the correct assembler, given
+a target assembler type.  This code is ugly and is just a hack.
+The libraries are x86unix.pl and x86ms.pl.
+des586.pl, des686.pl and des-som[23].pl are the programs to actually
+generate the assembler.
+
+So to generate elf assembler
+perl des-som3.pl elf >dx86-elf.s
+For Windows 95/NT
+perl des-som2.pl win32 >win32.asm
+
+[ update 4 Jan 1996 ]
+I have added another way to do things.
+perl des-som3.pl cpp >dx86-cpp.s
+generates a file that will be included by dx86unix.cpp when it is compiled.
+To build for elf, a.out, solaris, bsdi etc,
+cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
+cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+This was done to cut down the number of files in the distribution.
+
+Now the ugly part.  I acquired my copy of Intels
+"Optimization's For Intel's 32-Bit Processors" and found a few interesting
+things.  First, the aim of the exersize is to 'extract' one byte at a time
+from a word and do an array lookup.  This involves getting the byte from
+the 4 locations in the word and moving it to a new word and doing the lookup.
+The most obvious way to do this is
+xor	eax,	eax				# clear word
+movb	al,	cl				# get low byte
+xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in word
+movb	al,	ch				# get next byte
+xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in word
+shr	ecx	16
+which seems ok.  For the pentium, this system appears to be the best.
+One has to do instruction interleaving to keep both functional units
+operating, but it is basically very efficient.
+
+Now the crunch.  When a full register is used after a partial write, eg.
+mov	al,	cl
+xor	edi,	DWORD PTR 0x100+des_SP[eax]
+386	- 1 cycle stall
+486	- 1 cycle stall
+586	- 0 cycle stall
+686	- at least 7 cycle stall (page 22 of the above mentioned document).
+
+So the technique that produces the best results on a pentium, according to
+the documentation, will produce hideous results on a pentium pro.
+
+To get around this, des686.pl will generate code that is not as fast on
+a pentium, should be very good on a pentium pro.
+mov	eax,	ecx				# copy word 
+shr	ecx,	8				# line up next byte
+and	eax,	0fch				# mask byte
+xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in array lookup
+mov	eax,	ecx				# get word
+shr	ecx	8				# line up next byte
+and	eax,	0fch				# mask byte
+xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in array lookup
+
+Due to the execution units in the pentium, this actually works quite well.
+For a pentium pro it should be very good.  This is the type of output
+Visual C++ generates.
+
+There is a third option.  instead of using
+mov	al,	ch
+which is bad on the pentium pro, one may be able to use
+movzx	eax,	ch
+which may not incur the partial write penalty.  On the pentium,
+this instruction takes 4 cycles so is not worth using but on the
+pentium pro it appears it may be worth while.  I need access to one to
+experiment :-).
+
+eric (20 Oct 1996)
+
+22 Nov 1996 - I have asked people to run the 2 different version on pentium
+pros and it appears that the intel documentation is wrong.  The
+mov al,bh is still faster on a pentium pro, so just use the des586.pl
+install des686.pl
+
+3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
+functions into des_enc.c because it does make a massive performance
+difference on some boxes to have the functions code located close to
+the des_encrypt2() function.
+
+9 Jan 1997 - des-som2.pl is now the correct perl script to use for
+pentiums.  It contains an inner loop from
+Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> which does raw ecb DES calls at
+273,000 per second.  He had a previous version at 250,000 and the best
+I was able to get was 203,000.  The content has not changed, this is all
+due to instruction sequencing (and actual instructions choice) which is able
+to keep both functional units of the pentium going.
+We may have lost the ugly register usage restrictions when x86 went 32 bit
+but for the pentium it has been replaced by evil instruction ordering tricks.
+
+13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
+raw DES at 281,000 per second on a pentium 100.
+
diff --git a/crypto/des/cbc3_enc.c b/crypto/des/cbc3_enc.c
index e9bf500f4..92a78b05d 100644
--- a/crypto/des/cbc3_enc.c
+++ b/crypto/des/cbc3_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/cbc3_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -58,7 +58,7 @@
 
 #include "des_locl.h"
 
-/* HAS BUGS? DON'T USE */
+/* HAS BUGS? DON'T USE - this is only present for use in des.c */
 void des_3cbc_encrypt(input, output, length, ks1, ks2, iv1, iv2, enc)
 des_cblock (*input);
 des_cblock (*output);
diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c
index f6b32744e..edfdec8a0 100644
--- a/crypto/des/cbc_cksm.c
+++ b/crypto/des/cbc_cksm.c
@@ -1,5 +1,5 @@
 /* crypto/des/cbc_cksm.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c
index a06f9f99e..a84a53633 100644
--- a/crypto/des/cbc_enc.c
+++ b/crypto/des/cbc_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/cbc_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c
index f62373792..80b8a9eaa 100644
--- a/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
@@ -1,5 +1,5 @@
 /* crypto/des/cfb64ede.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c
index 327e48963..403da479d 100644
--- a/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/cfb64enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c
index fb328328e..342e78569 100644
--- a/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/cfb_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -93,7 +93,7 @@ int enc;
 		if (num == 32)
 			mask0=0xffffffffL;
 		else	mask0=(1L<<num)-1;
-		mask1=0x00000000;
+		mask1=0x00000000L;
 		}
 
 	iv=(unsigned char *)ivec;
diff --git a/crypto/des/des.c b/crypto/des/des.c
index 0376163ff..c1e500547 100644
--- a/crypto/des/des.c
+++ b/crypto/des/des.c
@@ -1,5 +1,5 @@
 /* crypto/des/des.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -99,6 +99,9 @@ void uufwriteEnd(FILE *fp);
 int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
 int uuencode(unsigned char *in,int num,unsigned char *out);
 int uudecode(unsigned char *in,int num,unsigned char *out);
+void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule sk1,des_key_schedule sk2,
+	des_cblock *ivec1,des_cblock *ivec2,int enc);
 #else
 void usage();
 void doencryption();
@@ -107,10 +110,11 @@ void uufwriteEnd();
 int uufread();
 int uuencode();
 int uudecode();
+void des_3cbc_encrypt();
 #endif
 
 #ifdef VMS
-#define EXIT(a) exit(a&0x10000000)
+#define EXIT(a) exit(a&0x10000000L)
 #else
 #define EXIT(a) exit(a)
 #endif
diff --git a/crypto/des/des.h b/crypto/des/des.h
index 1728fe888..a4cf5c877 100644
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -161,9 +161,6 @@ void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
 void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
 	des_key_schedule schedule,des_cblock *ivec,
 	des_cblock *inw,des_cblock *outw,int enc);
-void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule sk1,des_key_schedule sk2,
-	des_cblock *ivec1,des_cblock *ivec2,int enc);
 void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
 	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
 void des_ecb_encrypt(des_cblock *input,des_cblock *output,
@@ -246,7 +243,6 @@ DES_LONG des_cbc_cksum();
 void des_cbc_encrypt();
 void des_ncbc_encrypt();
 void des_xcbc_encrypt();
-void des_3cbc_encrypt();
 void des_cfb_encrypt();
 void des_ede3_cfb64_encrypt();
 void des_ede3_ofb64_encrypt();
diff --git a/crypto/des/des.org b/crypto/des/des.org
index 1728fe888..a4cf5c877 100644
--- a/crypto/des/des.org
+++ b/crypto/des/des.org
@@ -161,9 +161,6 @@ void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
 void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
 	des_key_schedule schedule,des_cblock *ivec,
 	des_cblock *inw,des_cblock *outw,int enc);
-void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule sk1,des_key_schedule sk2,
-	des_cblock *ivec1,des_cblock *ivec2,int enc);
 void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
 	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
 void des_ecb_encrypt(des_cblock *input,des_cblock *output,
@@ -246,7 +243,6 @@ DES_LONG des_cbc_cksum();
 void des_cbc_encrypt();
 void des_ncbc_encrypt();
 void des_xcbc_encrypt();
-void des_3cbc_encrypt();
 void des_cfb_encrypt();
 void des_ede3_cfb64_encrypt();
 void des_ede3_ofb64_encrypt();
diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c
index b04e12dc2..e4db09299 100644
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/des_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -183,8 +183,8 @@ int enc;
 	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
 	 * for pointing this out. */
 	/* clear the top bits on machines with 8byte longs */
-	r=ROTATE(r,29)&0xffffffff;
-	l=ROTATE(l,29)&0xffffffff;
+	r=ROTATE(r,29)&0xffffffffL;
+	l=ROTATE(l,29)&0xffffffffL;
 
 	s=(DES_LONG *)ks;
 	/* I don't know if it is worth the effort of loop unrolling the
@@ -248,8 +248,8 @@ int enc;
 #endif
 		}
 	/* rotate and clear the top bits on machines with 8byte longs */
-	data[0]=ROTATE(l,3)&0xffffffff;
-	data[1]=ROTATE(r,3)&0xffffffff;
+	data[0]=ROTATE(l,3)&0xffffffffL;
+	data[1]=ROTATE(r,3)&0xffffffffL;
 	l=r=t=u=0;
 	}
 
@@ -299,3 +299,204 @@ des_key_schedule ks3;
 	data[1]=r;
 	}
 
+#ifndef DES_DEFAULT_OPTIONS
+
+void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int enc;
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register unsigned char *in,*out;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	in=(unsigned char *)input;
+	out=(unsigned char *)output;
+	iv=(unsigned char *)ivec;
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0; tin[0]=tin0;
+			tin1^=tout1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0; tin[0]=tin0;
+			tin1^=tout1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		iv=(unsigned char *)ivec;
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+
+		iv=(unsigned char *)ivec;
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
+void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_key_schedule ks3;
+des_cblock (*ivec);
+int enc;
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register unsigned char *in,*out;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	in=(unsigned char *)input;
+	out=(unsigned char *)output;
+	iv=(unsigned char *)ivec;
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		iv=(unsigned char *)ivec;
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		register DES_LONG t0,t1;
+
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+
+			t0=tin0;
+			t1=tin1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			tout0^=xor0;
+			tout1^=xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=t0;
+			xor1=t1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			
+			t0=tin0;
+			t1=tin1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+		
+			tout0^=xor0;
+			tout1^=xor1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=t0;
+			xor1=t1;
+			}
+
+		iv=(unsigned char *)ivec;
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
+#endif /* DES_DEFAULT_OPTIONS */
diff --git a/crypto/des/des_opts.c b/crypto/des/des_opts.c
index 8522c28a6..fdf0fbf46 100644
--- a/crypto/des/des_opts.c
+++ b/crypto/des/des_opts.c
@@ -1,5 +1,5 @@
 /* crypto/des/des_opts.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/des_ver.h b/crypto/des/des_ver.h
index 98352bc0d..7041a9271 100644
--- a/crypto/des/des_ver.h
+++ b/crypto/des/des_ver.h
@@ -1,5 +1,5 @@
 /* crypto/des/des_ver.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/destest.c b/crypto/des/destest.c
index 6aa582b19..620c13ba6 100644
--- a/crypto/des/destest.c
+++ b/crypto/des/destest.c
@@ -1,5 +1,5 @@
 /* crypto/des/destest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -222,7 +222,16 @@ static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
 static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
 static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
 static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
-static char cbc_data[40]="7654321 Now is the time for ";
+/* Changed the following text constant to binary so it will work on ebcdic
+ * machines :-) */
+/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
+static char cbc_data[40]={
+	0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
+	0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
+	0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
+	0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
 
 static unsigned char cbc_ok[32]={
 	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
@@ -395,14 +404,17 @@ char *argv[];
 		}
 	memset(cbc_out,0,40);
 	memset(cbc_in,0,40);
-	des_cbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	des_ncbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
 		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)cbc_iv,DES_ENCRYPT);
+		(C_Block *)iv3,DES_ENCRYPT);
 	if (memcmp(cbc_out,cbc_ok,32) != 0)
 		printf("cbc_encrypt encrypt error\n");
-	des_cbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
+
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
 		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)cbc_iv,DES_DECRYPT);
+		(C_Block *)iv3,DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
 		{
 		printf("cbc_encrypt decrypt error\n");
@@ -432,7 +444,7 @@ char *argv[];
 		(long)strlen((char *)cbc_data)+1,ks,
 		(C_Block *)iv3,
 		(C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,32) != 0)
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
 		printf("des_xcbc_encrypt decrypt error\n");
 		err=1;
@@ -458,7 +470,7 @@ char *argv[];
 	memset(cbc_out,0,40);
 	memset(cbc_in,0,40);
 	i=strlen((char *)cbc_data)+1;
-	i=((i+7)/8)*8;
+	/* i=((i+7)/8)*8; */
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
 
 	des_ede3_cbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
@@ -500,7 +512,7 @@ char *argv[];
 		}
 	des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
 		(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,32) != 0)
+	if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
 		{
 		printf("pcbc_encrypt decrypt error\n");
 		err=1;
@@ -554,6 +566,12 @@ char *argv[];
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
 		{
 		printf("ofb_encrypt encrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
+ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
+ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
 		err=1;
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
@@ -562,6 +580,12 @@ char *argv[];
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ofb_encrypt decrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
+ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+plain[8+0], plain[8+1], plain[8+2], plain[8+3],
+plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		err=1;
 		}
 
@@ -636,10 +660,12 @@ char *argv[];
 	printf("Doing quad_cksum\n");
 	cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret,
 		(long)strlen(cbc_data),2,(C_Block *)cbc_iv);
+	j=sizeof(lqret[0])-4;
 	for (i=0; i<4; i++)
 		{
 		lqret[i]=0;
 		memcpy(&(lqret[i]),&(qret[i][0]),4);
+		if (j > 0) lqret[i]=lqret[i]>>(j*8); /* For Cray */
 		}
 	{ /* Big-endian fix */
 	static DES_LONG l=1;
@@ -692,7 +718,7 @@ char *argv[];
 	for (i=0; i<4; i++)
 		{
 		printf(" %d",i);
-		des_cbc_encrypt((C_Block *)&(cbc_out[i]),(C_Block *)cbc_in,
+		des_ncbc_encrypt((C_Block *)&(cbc_out[i]),(C_Block *)cbc_in,
 			(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
 			DES_ENCRYPT);
 		}
@@ -700,7 +726,7 @@ char *argv[];
 	for (i=0; i<4; i++)
 		{
 		printf(" %d",i);
-		des_cbc_encrypt((C_Block *)cbc_out,(C_Block *)&(cbc_in[i]),
+		des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)&(cbc_in[i]),
 			(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
 			DES_ENCRYPT);
 		}
diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c
index 28c0d886b..140f6b528 100644
--- a/crypto/des/ecb3_enc.c
+++ b/crypto/des/ecb3_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/ecb3_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c
index fac4b41b1..acf23fdd0 100644
--- a/crypto/des/ecb_enc.c
+++ b/crypto/des/ecb_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/ecb_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,7 +60,7 @@
 #include "spr.h"
 
 char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay";
-char *DES_version="DES part of SSLeay 0.8.1b 29-Jun-1998";
+char *DES_version="DES part of SSLeay 0.9.0b 29-Jun-1998";
 
 char *des_options()
 	{
diff --git a/crypto/des/ede_enc.c b/crypto/des/ede_enc.c
index 20c3cf34a..9f75dd103 100644
--- a/crypto/des/ede_enc.c
+++ b/crypto/des/ede_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/ede_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -149,7 +149,7 @@ int enc;
 			{
 			c2l(in,tin0);
 			c2l(in,tin1);
-
+			
 			t0=tin0;
 			t1=tin1;
 
@@ -158,13 +158,14 @@ int enc;
 			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
 			tout0=tin[0];
 			tout1=tin[1];
-
+		
 			tout0^=xor0;
 			tout1^=xor1;
 			l2cn(tout0,tout1,out,l+8);
 			xor0=t0;
 			xor1=t1;
 			}
+
 		iv=(unsigned char *)ivec;
 		l2c(xor0,iv);
 		l2c(xor1,iv);
diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c
index 3b254d0fd..e08a904d7 100644
--- a/crypto/des/enc_read.c
+++ b/crypto/des/enc_read.c
@@ -1,5 +1,5 @@
 /* crypto/des/enc_read.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -132,7 +132,9 @@ des_cblock (*iv);
 	while (net_num < HDRSIZE) 
 		{
 		i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num);
+#ifdef EINTR
 		if ((i == -1) && (errno == EINTR)) continue;
+#endif
 		if (i <= 0) return(0);
 		net_num+=i;
 		}
@@ -152,7 +154,9 @@ des_cblock (*iv);
 	while (net_num < rnum)
 		{
 		i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num);
+#ifdef EINTR
 		if ((i == -1) && (errno == EINTR)) continue;
+#endif
 		if (i <= 0) return(0);
 		net_num+=i;
 		}
diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
index 672c74566..29a7330fb 100644
--- a/crypto/des/enc_writ.c
+++ b/crypto/des/enc_writ.c
@@ -1,5 +1,5 @@
 /* crypto/des/enc_writ.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -76,7 +76,7 @@ des_cblock (*iv);
 
 	long rnum;
 	int i,j,k,outnum;
-	char *outbuf=NULL;
+	static char *outbuf=NULL;
 	char shortbuf[8];
 	char *p;
 	static int start=1;
diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c
index db9ad65c1..129beb27d 100644
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
@@ -55,7 +55,7 @@ static unsigned const char cov_2char[64]={
 void fcrypt_body(DES_LONG *out,des_key_schedule ks,
 	DES_LONG Eswap0, DES_LONG Eswap1);
 
-#ifdef PERL5
+#if defined(PERL5) || defined(FreeBSD)
 char *des_crypt(const char *buf,const char *salt);
 #else
 char *crypt(const char *buf,const char *salt);
@@ -69,7 +69,7 @@ char *crypt();
 #endif
 #endif
 
-#ifdef PERL5
+#if defined(PERL5) || defined(FreeBSD)
 char *des_crypt(buf,salt)
 #else
 char *crypt(buf,salt)
diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c
index f929b66cf..1544634bc 100644
--- a/crypto/des/fcrypt_b.c
+++ b/crypto/des/fcrypt_b.c
@@ -1,5 +1,5 @@
 /* crypto/des/fcrypt_b.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c
index b79d96523..1d1a368c2 100644
--- a/crypto/des/ncbc_enc.c
+++ b/crypto/des/ncbc_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/ncbc_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -120,17 +120,6 @@ int enc;
 			xor0=tin0;
 			xor1=tin1;
 			}
-		if (l != -8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2cn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
 		iv=(unsigned char *)ivec;
 		l2c(xor0,iv);
 		l2c(xor1,iv);
diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c
index 6a6b95c76..4b1b0199f 100644
--- a/crypto/des/ofb64ede.c
+++ b/crypto/des/ofb64ede.c
@@ -1,5 +1,5 @@
 /* crypto/des/ofb64ede.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -91,8 +91,8 @@ int *num;
 		{
 		if (n == 0)
 			{
-			ti[0]=v0;
-			ti[1]=v1;
+			/* ti[0]=v0; */
+			/* ti[1]=v1; */
 			des_encrypt3((DES_LONG *)ti,k1,k2,k3);
 			v0=ti[0];
 			v1=ti[1];
diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c
index fe4073981..ea7e61269 100644
--- a/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/ofb64enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c
index 9b2ecb674..4db0cdbd6 100644
--- a/crypto/des/ofb_enc.c
+++ b/crypto/des/ofb_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/ofb_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -72,7 +72,7 @@ long length;
 des_key_schedule schedule;
 des_cblock (*ivec);
 	{
-	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
+	register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
 	register DES_LONG mask0,mask1;
 	register long l=length;
 	register int num=numbits;
@@ -94,7 +94,7 @@ des_cblock (*ivec);
 			mask0=0xffffffffL;
 		else
 			mask0=(1L<<num)-1;
-		mask1=0x00000000;
+		mask1=0x00000000L;
 		}
 
 	iv=(unsigned char *)ivec;
@@ -104,19 +104,36 @@ des_cblock (*ivec);
 	ti[1]=v1;
 	while (l-- > 0)
 		{
+		ti[0]=v0;
+		ti[1]=v1;
 		des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+		vv0=ti[0];
+		vv1=ti[1];
 		c2ln(in,d0,d1,n);
 		in+=n;
-		d0=(d0^ti[0])&mask0;
-		d1=(d1^ti[1])&mask1;
+		d0=(d0^vv0)&mask0;
+		d1=(d1^vv1)&mask1;
 		l2cn(d0,d1,out,n);
 		out+=n;
+
+		if (num == 32)
+			{ v0=v1; v1=vv0; }
+		else if (num == 64)
+				{ v0=vv0; v1=vv1; }
+		else if (num > 32) /* && num != 64 */
+			{
+			v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL;
+			v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL;
+			}
+		else /* num < 32 */
+			{
+			v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+			v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;
+			}
 		}
-	v0=ti[0];
-	v1=ti[1];
 	iv=(unsigned char *)ivec;
 	l2c(v0,iv);
 	l2c(v1,iv);
-	v0=v1=d0=d1=ti[0]=ti[1]=0;
+	v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;
 	}
 
diff --git a/crypto/des/options.txt b/crypto/des/options.txt
index 9fe648816..6e2b50f76 100644
--- a/crypto/des/options.txt
+++ b/crypto/des/options.txt
@@ -3,13 +3,13 @@ instead of the default 4.
 RISC1 and RISC2 are 2 alternatives for the inner loop and
 PTR means to use pointers arithmatic instead of arrays.
 
-FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assember		577,000 4620k/s
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler		577,000 4620k/s
 IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR	496,000 3968k/s
 solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1]	459,400 3672k/s
 FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1	433,000 3468k/s
 solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL 		380,000 3041k/s
-linux - pentium 100mhz - gcc 2.7.0 - assember			281,000 2250k/s
-NT 4.0 - pentium 100mhz - VC 4.2 - assember			281,000 2250k/s
+linux - pentium 100mhz - gcc 2.7.0 - assembler			281,000 2250k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - assembler			281,000 2250k/s
 AIX 4.1? - PPC604 100mhz - cc - UNROLL 				275,000 2200k/s
 IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR		235,300 1882k/s
 IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR			233,700 1869k/s
@@ -20,7 +20,7 @@ HPUX 10 - 9000/887 - cc - UNROLL [3]	 			148,000	1190k/s
 solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL		123,600  989k/s
 IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR			101,000  808k/s
 DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL			 81,000  648k/s
-solaris 2.4 486 50mhz - gcc 2.6.3 - assember			 65,000  522k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - assembler			 65,000  522k/s
 HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR	 76,000	 608k/s
 solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2		 43,500  344k/s
 AIX - old slow one :-) - cc -					 39,000  312k/s
diff --git a/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c
index 8adba1aad..4513207d9 100644
--- a/crypto/des/pcbc_enc.c
+++ b/crypto/des/pcbc_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/pcbc_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/podd.h b/crypto/des/podd.h
index c00cd6ba0..1b2bfe084 100644
--- a/crypto/des/podd.h
+++ b/crypto/des/podd.h
@@ -1,5 +1,5 @@
 /* crypto/des/podd.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/qud_cksm.c b/crypto/des/qud_cksm.c
index 39e8f40fa..8526abf33 100644
--- a/crypto/des/qud_cksm.c
+++ b/crypto/des/qud_cksm.c
@@ -1,5 +1,5 @@
 /* crypto/des/qud_cksm.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/rand_key.c b/crypto/des/rand_key.c
index feb7ba75b..8c30bd029 100644
--- a/crypto/des/rand_key.c
+++ b/crypto/des/rand_key.c
@@ -1,5 +1,5 @@
 /* crypto/des/rand_key.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
index 84136b950..a0d53793e 100644
--- a/crypto/des/read2pwd.c
+++ b/crypto/des/read2pwd.c
@@ -1,5 +1,5 @@
 /* crypto/des/read2pwd.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c
index 75d035cf9..99920f2f8 100644
--- a/crypto/des/read_pwd.c
+++ b/crypto/des/read_pwd.c
@@ -1,5 +1,5 @@
 /* crypto/des/read_pwd.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+/* #define SIGACTION */ /* Define this if you have sigaction() */
 #ifdef WIN16TTY
 #undef WIN16
 #undef _WINDOWS
@@ -164,10 +165,14 @@ static int noecho_fgets();
 #endif
 #endif
 
-#ifndef NOPROTO
-static void (*savsig[NX509_SIG])(int );
+#ifdef SIGACTION
+ static struct sigaction savsig[NX509_SIG];
 #else
-static void (*savsig[NX509_SIG])();
+# ifndef NOPROTO
+  static void (*savsig[NX509_SIG])(int );
+# else
+  static void (*savsig[NX509_SIG])();
+# endif
 #endif
 static jmp_buf save;
 
@@ -242,6 +247,13 @@ int verify;
 			is_a_tty=0;
 		else
 #endif
+#ifdef EINVAL
+		/* Ariel Glenn ariel@columbia.edu reports that solaris
+		 * can return EINVAL instead.  This should be ok */
+		if (errno == EINVAL)
+			is_a_tty=0;
+		else
+#endif
 			return(-1);
 		}
 	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
@@ -359,7 +371,21 @@ static void pushsig()
 	int i;
 
 	for (i=1; i<NX509_SIG; i++)
+		{
+#ifdef SIGUSR1
+		if (i == SIGUSR1)
+			continue;
+#endif
+#ifdef SIGUSR2
+		if (i == SIGUSR2)
+			continue;
+#endif
+#ifdef SIGACTION
+		sigaction(i,NULL,&savsig[i]);
+#else
 		savsig[i]=signal(i,recsig);
+#endif
+		}
 
 #ifdef SIGWINCH
 	signal(SIGWINCH,SIG_DFL);
@@ -371,7 +397,21 @@ static void popsig()
 	int i;
 
 	for (i=1; i<NX509_SIG; i++)
+		{
+#ifdef SIGUSR1
+		if (i == SIGUSR1)
+			continue;
+#endif
+#ifdef SIGUSR2
+		if (i == SIGUSR2)
+			continue;
+#endif
+#ifdef SIGACTION
+		sigaction(i,&savsig[i],NULL);
+#else
 		signal(i,savsig[i]);
+#endif
+		}
 	}
 
 static void recsig(i)
diff --git a/crypto/des/rpc_des.h b/crypto/des/rpc_des.h
index 4d53eea8c..4cbb4d2dc 100644
--- a/crypto/des/rpc_des.h
+++ b/crypto/des/rpc_des.h
@@ -1,5 +1,5 @@
 /* crypto/des/rpc_des.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/rpc_enc.c b/crypto/des/rpc_enc.c
index b7eeb0914..7c1da1f53 100644
--- a/crypto/des/rpc_enc.c
+++ b/crypto/des/rpc_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/rpc_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/rpw.c b/crypto/des/rpw.c
index 93793c6f5..6447ed9cf 100644
--- a/crypto/des/rpw.c
+++ b/crypto/des/rpw.c
@@ -1,5 +1,5 @@
 /* crypto/des/rpw.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c
index 99ac27348..c3bcd7ee2 100644
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
@@ -1,5 +1,5 @@
 /* crypto/des/set_key.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/sk.h b/crypto/des/sk.h
index 240703070..f2ade88c7 100644
--- a/crypto/des/sk.h
+++ b/crypto/des/sk.h
@@ -1,5 +1,5 @@
 /* crypto/des/sk.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/speed.c b/crypto/des/speed.c
index 250b69713..5bbe8b01d 100644
--- a/crypto/des/speed.c
+++ b/crypto/des/speed.c
@@ -1,5 +1,5 @@
 /* crypto/des/speed.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -317,11 +317,11 @@ char **argv;
 	printf("%ld crypts in %.2f second\n",count,e);
 	e=((double)COUNT(ce))/e;
 
-	printf("set_key            per sec = %12.2f (%5.1fuS)\n",a,1.0e6/a);
-	printf("DES raw ecb bytes  per sec = %12.2f (%5.1fuS)\n",b,8.0e6/b);
-	printf("DES cbc bytes      per sec = %12.2f (%5.1fuS)\n",c,8.0e6/c);
-	printf("DES ede cbc bytes  per sec = %12.2f (%5.1fuS)\n",d,8.0e6/d);
-	printf("crypt              per sec = %12.2f (%5.1fuS)\n",e,1.0e6/e);
+	printf("set_key            per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+	printf("DES raw ecb bytes  per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+	printf("DES cbc bytes      per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+	printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
+	printf("crypt              per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
 	exit(0);
 #if defined(LINT) || defined(MSDOS)
 	return(0);
diff --git a/crypto/des/spr.h b/crypto/des/spr.h
index a84d6a723..81813f9f7 100644
--- a/crypto/des/spr.h
+++ b/crypto/des/spr.h
@@ -1,5 +1,5 @@
 /* crypto/des/spr.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index 65a118465..3365c1bcf 100644
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -1,5 +1,5 @@
 /* crypto/des/str2key.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/des/supp.c b/crypto/des/supp.c
index 9340e1ef8..75c101525 100644
--- a/crypto/des/supp.c
+++ b/crypto/des/supp.c
@@ -1,5 +1,5 @@
 /* crypto/des/supp.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -87,7 +87,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: supp.c,v 1.1.1.1 1998/12/21 10:52:29 rse Exp $
+ * $Id: supp.c,v 1.1.1.2 1998/12/21 10:55:04 rse Exp $
  */
 
 #include <stdio.h>
diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c
index fa251170f..031589bf5 100644
--- a/crypto/des/xcbc_enc.c
+++ b/crypto/des/xcbc_enc.c
@@ -1,5 +1,5 @@
 /* crypto/des/xcbc_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl
index 7e0c1e104..dfa7e4525 100644
--- a/crypto/dh/Makefile.ssl
+++ b/crypto/dh/Makefile.ssl
@@ -79,6 +79,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 44978028b..4cc1df265 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -1,5 +1,5 @@
 /* crypto/dh/dh.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -106,13 +106,13 @@ DH *	DH_new(void);
 void	DH_free(DH *dh);
 int	DH_size(DH *dh);
 DH *	DH_generate_parameters(int prime_len,int generator,
-		void (*callback)(int,int));
+		void (*callback)(int,int,char *),char *cb_arg);
 int	DH_check(DH *dh,int *codes);
 int	DH_generate_key(DH *dh);
 int	DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh);
 DH *	d2i_DHparams(DH **a,unsigned char **pp, long length);
 int	i2d_DHparams(DH *a,unsigned char **pp);
-#ifndef WIN16
+#ifndef NO_FP_API
 int	DHparams_print_fp(FILE *fp, DH *x);
 #endif
 #ifdef HEADER_BIO_H
@@ -133,7 +133,7 @@ int	DH_generate_key();
 int	DH_compute_key();
 DH *	d2i_DHparams();
 int	i2d_DHparams();
-#ifndef WIN16
+#ifndef NO_FP_API
 int	DHparams_print_fp();
 #endif
 int	DHparams_print();
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 8da8dc839..65602e494 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -1,5 +1,5 @@
 /* crypto/dh/dh_check.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -104,12 +104,12 @@ int *ret;
 	else
 		*ret|=DH_UNABLE_TO_CHECK_GENERATOR;
 
-	if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx))
+	if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
 		*ret|=DH_CHECK_P_NOT_PRIME;
 	else
 		{
 		if (!BN_rshift1(q,dh->p)) goto err;
-		if (!BN_is_prime(q,BN_prime_checks,NULL,ctx))
+		if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
 			*ret|=DH_CHECK_P_NOT_STRONG_PRIME;
 		}
 	ok=1;
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
index 1950f43f6..9d5c06ac2 100644
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -60,6 +60,7 @@
 #include "dh.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA DH_str_functs[]=
 	{
 {ERR_PACK(0,DH_F_DHPARAMS_PRINT,0),	"DHparams_print"},
@@ -77,14 +78,19 @@ static ERR_STRING_DATA DH_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_DH_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_DH,DH_str_functs);
 		ERR_load_strings(ERR_LIB_DH,DH_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index ff4f18e1e..04c7046a7 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -1,5 +1,5 @@
 /* crypto/dh/dh_gen.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -83,10 +83,11 @@
  * this generator function can take a very very long time to run.
  */
 
-DH *DH_generate_parameters(prime_len,generator,callback)
+DH *DH_generate_parameters(prime_len,generator,callback,cb_arg)
 int prime_len;
 int generator;
-void (*callback)(P_I_I);
+void (*callback)(P_I_I_P);
+char *cb_arg;
 	{
 	BIGNUM *p=NULL,*t1,*t2;
 	DH *ret=NULL;
@@ -125,9 +126,9 @@ void (*callback)(P_I_I);
 	else
 		g=generator;
 	
-	p=BN_generate_prime(prime_len,1,t1,t2,callback);
+	p=BN_generate_prime(prime_len,1,t1,t2,callback,cb_arg);
 	if (p == NULL) goto err;
-	if (callback != NULL) callback(3,0);
+	if (callback != NULL) callback(3,0,cb_arg);
 	ret->p=p;
 	ret->g=BN_new();
 	if (!BN_set_word(ret->g,g)) goto err;
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 12f47c457..7576772bc 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -1,5 +1,5 @@
 /* crypto/dh/dh_key.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 786a2c14b..a300b3839 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -1,5 +1,5 @@
 /* crypto/dh/dh_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,7 +61,7 @@
 #include "bn.h"
 #include "dh.h"
 
-char *DH_version="Diffie-Hellman part of SSLeay 0.8.1b 29-Jun-1998";
+char *DH_version="Diffie-Hellman part of SSLeay 0.9.0b 29-Jun-1998";
 
 DH *DH_new()
 	{
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index b33871588..488f10fd4 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -1,5 +1,5 @@
 /* crypto/dh/dhtest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,8 +59,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef WIN16
-#define APPS_WIN16
+#ifdef WINDOWS
+#include "../bio/bss_file.c" 
 #endif
 #include "crypto.h"
 #include "bio.h"
@@ -74,14 +74,14 @@
 #endif
 
 #ifndef NOPROTO
-static void MS_CALLBACK cb(int p, int n);
+static void MS_CALLBACK cb(int p, int n, char *arg);
 #else
 static void MS_CALLBACK cb();
 #endif
 
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
-#include "../bio/bss_file.c"
+#include "bss_file.c"
 #endif
 
 BIO *out=NULL;
@@ -103,7 +103,7 @@ char *argv[];
 	if (out == NULL) exit(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
-	a=DH_generate_parameters(64,DH_GENERATOR_5,cb);
+	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,(char *)out);
 	if (a == NULL) goto err;
 
 	BIO_puts(out,"\np    =");
@@ -170,9 +170,10 @@ err:
 	return(ret);
 	}
 
-static void MS_CALLBACK cb(p, n)
+static void MS_CALLBACK cb(p, n,arg)
 int p;
 int n;
+char *arg;
 	{
 	char c='*';
 
@@ -180,7 +181,7 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(out,&c,1);
+	BIO_write((BIO *)arg,&c,1);
 #ifdef LINT
 	p=n;
 #endif
diff --git a/crypto/dh/p1024.c b/crypto/dh/p1024.c
index 7f8cd56d5..0c50c24cf 100644
--- a/crypto/dh/p1024.c
+++ b/crypto/dh/p1024.c
@@ -1,5 +1,5 @@
 /* crypto/dh/p1024.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/dh/p192.c b/crypto/dh/p192.c
index c96972c8c..881908169 100644
--- a/crypto/dh/p192.c
+++ b/crypto/dh/p192.c
@@ -1,5 +1,5 @@
 /* crypto/dh/p192.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/dh/p512.c b/crypto/dh/p512.c
index 6105612cf..cc84e8e50 100644
--- a/crypto/dh/p512.c
+++ b/crypto/dh/p512.c
@@ -1,5 +1,5 @@
 /* crypto/dh/p512.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl
index 7b9c9cf4c..2cc4ddb39 100644
--- a/crypto/dsa/Makefile.ssl
+++ b/crypto/dsa/Makefile.ssl
@@ -79,6 +79,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index e5dfafe21..1ca87c1cb 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -1,5 +1,5 @@
 /* crypto/dsa/dsa.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -106,7 +106,6 @@ typedef struct dsa_st
 
 DSA *	DSA_new(void);
 int	DSA_size(DSA *);
-	/* DSA *	DSA_generate_key(int bits, void (*callback)()); */
 	/* next 4 return -1 on error */
 int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
 int	DSA_sign(int type,unsigned char *dgst,int dlen,
@@ -121,7 +120,8 @@ DSA *	d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
 DSA *	d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
 DSA * 	d2i_DSAparams(DSA **a, unsigned char **pp, long length);
 DSA *	DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
-		int *counter_ret, unsigned long *h_ret,void (*callback)());
+		int *counter_ret, unsigned long *h_ret,void
+		(*callback)(),char *cb_arg);
 int	DSA_generate_key(DSA *a);
 int	i2d_DSAPublicKey(DSA *a, unsigned char **pp);
 int 	i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
@@ -131,12 +131,12 @@ int	i2d_DSAparams(DSA *a,unsigned char **pp);
 int	DSAparams_print(BIO *bp, DSA *x);
 int	DSA_print(BIO *bp, DSA *x, int off);
 #endif
-#ifndef WIN16
+#ifndef NO_FP_API
 int	DSAparams_print_fp(FILE *fp, DSA *x);
 int	DSA_print_fp(FILE *bp, DSA *x, int off);
 #endif
 
-int DSA_is_prime(BIGNUM *q,void (*callback)());
+int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg);
 
 #else
 
@@ -163,7 +163,7 @@ int	DSA_is_prime();
 int	DSAparams_print();
 int	DSA_print();
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int	DSAparams_print_fp();
 int	DSA_print_fp();
 #endif
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
index ec0699d28..318e9f31a 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -60,6 +60,7 @@
 #include "dsa.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA DSA_str_functs[]=
 	{
 {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0),	"DSAparams_print"},
@@ -80,14 +81,19 @@ static ERR_STRING_DATA DSA_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_DSA_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
 		ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 2b80104e7..d7d30bf90 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -1,5 +1,5 @@
 /* crypto/dsa/dsa_gen.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -72,13 +72,15 @@
 #include "dsa.h"
 #include "rand.h"
 
-DSA *DSA_generate_parameters(bits,seed_in,seed_len,counter_ret,h_ret,callback)
+DSA *DSA_generate_parameters(bits,seed_in,seed_len,counter_ret,h_ret,callback,
+	cb_arg)
 int bits;
 unsigned char *seed_in;
 int seed_len;
 int *counter_ret;
 unsigned long *h_ret;
 void (*callback)();
+char *cb_arg;
 	{
 	int ok=0;
 	unsigned char seed[SHA_DIGEST_LENGTH];
@@ -120,7 +122,7 @@ void (*callback)();
 		for (;;)
 			{
 			/* step 1 */
-			if (callback != NULL) callback(0,m++);
+			if (callback != NULL) callback(0,m++,cb_arg);
 
 			if (!seed_len)
 				RAND_bytes(seed,SHA_DIGEST_LENGTH);
@@ -147,13 +149,13 @@ void (*callback)();
 			if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort();
 
 			/* step 4 */
-			if (DSA_is_prime(q,callback) > 0) break;
+			if (DSA_is_prime(q,callback,cb_arg) > 0) break;
 			/* do a callback call */
 			/* step 5 */
 			}
 
-		if (callback != NULL) callback(2,0);
-		if (callback != NULL) callback(3,0);
+		if (callback != NULL) callback(2,0,cb_arg);
+		if (callback != NULL) callback(3,0,cb_arg);
 
 		/* step 6 */
 		counter=0;
@@ -196,7 +198,7 @@ void (*callback)();
 			if (BN_cmp(p,test) >= 0)
 				{
 				/* step 11 */
-				if (DSA_is_prime(p,callback) > 0)
+				if (DSA_is_prime(p,callback,cb_arg) > 0)
 					goto end;
 				}
 
@@ -206,11 +208,11 @@ void (*callback)();
 			/* step 14 */
 			if (counter >= 4096) break;
 
-			if (callback != NULL) callback(0,counter);
+			if (callback != NULL) callback(0,counter,cb_arg);
 			}
 		}
 end:
-	if (callback != NULL) callback(2,1);
+	if (callback != NULL) callback(2,1,cb_arg);
 
 	/* We now need to gernerate g */
 	/* Set r0=(p-1)/q */
@@ -227,7 +229,7 @@ end:
 		h++;
 		}
 
-	if (callback != NULL) callback(3,1);
+	if (callback != NULL) callback(3,1,cb_arg);
 
 	ok=1;
 err:
@@ -249,9 +251,10 @@ err:
 	return(ok?ret:NULL);
 	}
 
-int DSA_is_prime(w, callback)
+int DSA_is_prime(w, callback,cb_arg)
 BIGNUM *w;
 void (*callback)();
+char *cb_arg;
 	{
 	int ok= -1,j,i,n;
 	BN_CTX *ctx=NULL,*ctx2=NULL;
@@ -310,7 +313,7 @@ void (*callback)();
 				}
 
 			if (!BN_mod_mul(z,z,z,w,ctx)) goto err;
-			if (callback != NULL) callback(1,j);
+			if (callback != NULL) callback(1,j,cb_arg);
 			}
 		}
 
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 2c7024868..d51ed9395 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -1,5 +1,5 @@
 /* crypto/dsa/dsa_key.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index e666db07f..b647257f9 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -1,5 +1,5 @@
 /* crypto/dsa/dsa_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -64,7 +64,7 @@
 #include "dsa.h"
 #include "asn1.h"
 
-char *DSA_version="\0DSA part of SSLeay 0.8.1b 29-Jun-1998";
+char *DSA_version="\0DSA part of SSLeay 0.9.0b 29-Jun-1998";
 
 DSA *DSA_new()
 	{
@@ -101,6 +101,9 @@ DSA *r;
 	if (r == NULL) return;
 
 	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+	REF_PRINT("DSA",r);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index ebb758feb..6ca1c318f 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -1,5 +1,5 @@
 /* crypto/dsa/dsa_sign.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index a217f8631..0f860984e 100644
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -1,5 +1,5 @@
 /* crypto/dsa/dsa_vrf.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/dsa/dsagen.c b/crypto/dsa/dsagen.c
index 3422d877f..20335de25 100644
--- a/crypto/dsa/dsagen.c
+++ b/crypto/dsa/dsagen.c
@@ -1,5 +1,5 @@
 /* crypto/dsa/dsagen.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -98,8 +98,15 @@ main()
 	unsigned char seed_buf[20];
 	DSA *dsa;
 	int counter,h;
+	BIO *bio_err=NULL;
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
 	memcpy(seed_buf,seed,20);
-	dsa=DSA_generate_key(1024,seed,20,&counter,&h,cb);
+	dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb);
+
+	if (dsa == NULL)
+		DSA_print(bio_err,dsa,0);
 	}
 
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index 894d2dbf0..39bb712c4 100644
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -1,5 +1,5 @@
 /* crypto/dsa/dsatest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,16 +61,12 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#ifdef WIN16
-#define APPS_WIN16
-#endif
 #include "crypto.h"
 #include "rand.h"
 #include "bio.h"
 #include "err.h"
 #include "dsa.h"
-
-#ifdef WIN16
+#ifdef WINDOWS
 #include "../bio/bss_file.c"
 #endif
 
@@ -81,7 +77,7 @@
 #endif
 
 #ifndef NOPROTO
-static void MS_CALLBACK dsa_cb(int p, int n);
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
 #else
 static void MS_CALLBACK dsa_cb();
 #endif
@@ -135,7 +131,8 @@ char **argv;
 
 	BIO_printf(bio_err,"test generation of DSA parameters\n");
 	BIO_printf(bio_err,"expect '.*' followed by 5 lines of '.'s and '+'s\n");
-	dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb);
+	dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,
+		(char *)bio_err);
 
 	BIO_printf(bio_err,"seed\n");
 	for (i=0; i<20; i+=4)
@@ -192,9 +189,10 @@ end:
 	return(0);
 	}
 
-static void MS_CALLBACK dsa_cb(p, n)
+static void MS_CALLBACK dsa_cb(p, n, arg)
 int p;
 int n;
+char *arg;
 	{
 	char c='*';
 	static int ok=0,num=0;
@@ -203,12 +201,12 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) { c='*'; ok++; }
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 
 	if (!ok && (p == 0) && (num > 1))
 		{
-		BIO_printf(bio_err,"error in dsatest\n");
+		BIO_printf((BIO *)arg,"error in dsatest\n");
 		exit(1);
 		}
 	}
diff --git a/crypto/err/Makefile.ssl b/crypto/err/Makefile.ssl
index 9e1e451e5..57c87eb04 100644
--- a/crypto/err/Makefile.ssl
+++ b/crypto/err/Makefile.ssl
@@ -2,7 +2,7 @@
 # SSLeay/crypto/err/Makefile
 #
 
-DIR=	error
+DIR=	err
 TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 6eec77a15..a65192493 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -1,5 +1,5 @@
 /* crypto/err/err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -73,11 +73,16 @@ static unsigned long err_hash(ERR_STRING_DATA *a);
 static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b);
 static unsigned long pid_hash(ERR_STATE *pid);
 static int pid_cmp(ERR_STATE *a,ERR_STATE *pid);
+static unsigned long get_error_values(int inc,char **file,int *line,
+	char **data,int *flags);
+static void ERR_STATE_free(ERR_STATE *s);
 #else
 static unsigned long err_hash();
 static int err_cmp();
 static unsigned long pid_hash();
 static int pid_cmp();
+static void ERR_STATE_free();
+ERR_STATE *s;
 #endif
 
 #ifndef NO_ERR
@@ -147,6 +152,27 @@ static ERR_STRING_DATA ERR_str_reasons[]=
 	};
 #endif
 
+#define err_clear_data(p,i) \
+	if (((p)->err_data[i] != NULL) && \
+		(p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
+		{  \
+		Free((p)->err_data[i]); \
+		(p)->err_data[i]=NULL; \
+		} \
+	(p)->err_data_flags[i]=0;
+
+static void ERR_STATE_free(s)
+ERR_STATE *s;
+	{
+	int i;
+
+	for (i=0; i<ERR_NUM_ERRORS; i++)
+		{
+		err_clear_data(s,i);
+		}
+	Free(s);
+	}
+
 void ERR_load_ERR_strings()
 	{
 	static int init=1;
@@ -211,6 +237,8 @@ void ERR_free_strings()
 	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 	}
 
+/********************************************************/
+
 void ERR_put_error(lib,func,reason,file,line)
 int lib,func,reason;
 char *file;
@@ -226,117 +254,109 @@ int line;
 	es->err_buffer[es->top]=ERR_PACK(lib,func,reason);
 	es->err_file[es->top]=file;
 	es->err_line[es->top]=line;
+	err_clear_data(es,es->top);
 	}
 
 void ERR_clear_error()
 	{
-	int i;
 	ERR_STATE *es;
 
 	es=ERR_get_state();
 
+#if 0
+	/* hmm... is this needed */
 	for (i=0; i<ERR_NUM_ERRORS; i++)
 		{
 		es->err_buffer[i]=0;
 		es->err_file[i]=NULL;
 		es->err_line[i]= -1;
+		err_clear_data(es,i);
 		}
+#endif
 	es->top=es->bottom=0;
 	}
 
-unsigned long ERR_peek_error()
-	{	
-	int i;
-	ERR_STATE *es;
-
-	/* should be fine since only one thread should ever be playing
-	 * with the value returned from this call */
-	es=ERR_get_state();
-
-	if (es->bottom == es->top) return(0);
-	i=(es->bottom+1)%ERR_NUM_ERRORS;
-
-
-	return(es->err_buffer[i]);
-	}
 
 unsigned long ERR_get_error()
-	{
-	int i;
-	unsigned long ret;
-	ERR_STATE *es;
+	{ return(get_error_values(1,NULL,NULL,NULL,NULL)); }
 
-	es=ERR_get_state();
-
-	if (es->bottom == es->top) return(0);
-	i=(es->bottom+1)%ERR_NUM_ERRORS;
-	es->bottom=i;
-	ret=es->err_buffer[i];
-	es->err_buffer[i]=0;
+unsigned long ERR_get_error_line(file,line)
+char **file;
+int *line;
+	{ return(get_error_values(1,file,line,NULL,NULL)); }
 
+unsigned long ERR_get_error_line_data(file,line,data,flags)
+char **file;
+int *line;
+char **data;
+int *flags;
+	{ return(get_error_values(1,file,line,data,flags)); }
 
-	return(ret);
-	}
+unsigned long ERR_peek_error()
+	{ return(get_error_values(0,NULL,NULL,NULL,NULL)); }
 
 unsigned long ERR_peek_error_line(file,line)
 char **file;
 int *line;
-	{	
-	int i=0;
-	ERR_STATE *es;
-
-	es=ERR_get_state();
-
-	if (es->bottom == es->top)
-		{
-		return(0);
-		}
-
-	i=(es->bottom+1)%ERR_NUM_ERRORS;
-	if (es->err_file[i] == NULL)
-		{
-		*file="NA";
-		*line=0;
-		}
-	else
-		{
-		*file=es->err_file[i];
-		*line=es->err_line[i];
-		}
+	{ return(get_error_values(0,file,line,NULL,NULL)); }
 
-	return(es->err_buffer[i]);
-	}
+unsigned long ERR_peek_error_line_data(file,line,data,flags)
+char **file;
+int *line;
+char **data;
+int *flags;
+	{ return(get_error_values(0,file,line,data,flags)); }
 
-unsigned long ERR_get_error_line(file,line)
+static unsigned long get_error_values(inc,file,line,data,flags)
+int inc;
 char **file;
 int *line;
-	{
-	int i;
-	unsigned long ret;
+char **data;
+int *flags;
+	{	
+	int i=0;
 	ERR_STATE *es;
+	unsigned long ret;
 
 	es=ERR_get_state();
 
-	if (es->bottom == es->top)
-		return(0);
-
+	if (es->bottom == es->top) return(0);
 	i=(es->bottom+1)%ERR_NUM_ERRORS;
-	es->bottom=i;
-	ret=  es->err_buffer[i];
-	if (es->err_file[i] == NULL)
+
+	ret=es->err_buffer[i];
+	if (inc)
 		{
-		*file="NA";
-		*line=0;
+		es->bottom=i;
+		es->err_buffer[i]=0;
 		}
-	else
+
+	if ((file != NULL) && (line != NULL))
 		{
-		*file=es->err_file[i];
-		*line=es->err_line[i];
+		if (es->err_file[i] == NULL)
+			{
+			*file="NA";
+			if (line != NULL) *line=0;
+			}
+		else
+			{
+			*file=es->err_file[i];
+			if (line != NULL) *line=es->err_line[i];
+			}
 		}
-	es->err_buffer[i]=0;
-	es->err_file[i]=NULL;
-	es->err_line[i]= -1;
 
+	if (data != NULL)
+		{
+		if (es->err_data[i] == NULL)
+			{
+			*data="";
+			if (flags != NULL) *flags=0;
+			}
+		else
+			{
+			*data=es->err_data[i];
+			if (flags != NULL) *flags=es->err_data_flags[i];
+			}
+		}
 	return(ret);
 	}
 
@@ -498,14 +518,16 @@ unsigned long pid;
 	tmp.pid=pid;
 	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
 	p=(ERR_STATE *)lh_delete(thread_hash,(char *)&tmp);
-	if (p != NULL) Free(p);
 	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	if (p != NULL) ERR_STATE_free(p);
 	}
 
 ERR_STATE *ERR_get_state()
 	{
 	static ERR_STATE fallback;
 	ERR_STATE *ret=NULL,tmp,*tmpp;
+	int i;
 	unsigned long pid;
 
 	pid=(unsigned long)CRYPTO_thread_id();
@@ -539,12 +561,80 @@ ERR_STATE *ERR_get_state()
 		ret->pid=pid;
 		ret->top=0;
 		ret->bottom=0;
+		for (i=0; i<ERR_NUM_ERRORS; i++)
+			{
+			ret->err_data[i]=NULL;
+			ret->err_data_flags[i]=0;
+			}
 		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
 		tmpp=(ERR_STATE *)lh_insert(thread_hash,(char *)ret);
 		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 		if (tmpp != NULL) /* old entry - should not happen */
-			Free(tmpp);
+			{
+			ERR_STATE_free(tmpp);
+			}
 		}
 	return(ret);
 	}
 
+int ERR_get_next_error_library()
+	{
+	static int value=ERR_LIB_USER;
+
+	return(value++);
+	}
+
+void ERR_set_error_data(data,flags)
+char *data;
+int flags;
+	{
+	ERR_STATE *es;
+	int i;
+
+	es=ERR_get_state();
+
+	i=es->top;
+	if (i == 0)
+		i=ERR_NUM_ERRORS-1;
+
+	es->err_data[i]=data;
+	es->err_data_flags[es->top]=flags;
+	}
+
+void ERR_add_error_data( VAR_PLIST(int , num))
+VAR_ALIST
+        {
+        VAR_BDEFN(args, int, num);
+	int i,n,s;
+	char *str,*p,*a;
+
+	s=64;
+	str=Malloc(s+1);
+	if (str == NULL) return;
+	str[0]='\0';
+
+	VAR_INIT(args,int,num);
+	n=0;
+	for (i=0; i<num; i++)
+		{
+		VAR_ARG(args,char *,a);
+		n+=strlen(a);
+		if (n > s)
+			{
+			s=n+20;
+			p=Realloc(str,s+1);
+			if (p == NULL)
+				{
+				Free(str);
+				return;
+				}
+			else
+				str=p;
+			}
+		strcat(str,a);
+		}
+	ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
+
+	VAR_END( args );
+	}
+
diff --git a/crypto/err/err.h b/crypto/err/err.h
index aa3354e2d..75f931be1 100644
--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -1,5 +1,5 @@
 /* crypto/err/err.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -77,11 +77,16 @@ extern "C" {
 
 #include <errno.h>
 
-#define ERR_NUM_ERRORS	10
+#define ERR_TXT_MALLOCED	0x01
+#define ERR_TXT_STRING		0x02
+
+#define ERR_NUM_ERRORS	16
 typedef struct err_state_st
 	{
 	unsigned long pid;
 	unsigned long err_buffer[ERR_NUM_ERRORS];
+	char *err_data[ERR_NUM_ERRORS];
+	int err_data_flags[ERR_NUM_ERRORS];
 	char *err_file[ERR_NUM_ERRORS];
 	int err_line[ERR_NUM_ERRORS];
 	int top,bottom;
@@ -102,6 +107,7 @@ typedef struct err_state_st
 #define ERR_LIB_METH		12
 #define ERR_LIB_ASN1		13
 #define ERR_LIB_CONF		14
+#define ERR_LIB_CRYPTO		15
 #define ERR_LIB_SSL		20
 #define ERR_LIB_SSL23		21
 #define ERR_LIB_SSL2		22
@@ -113,27 +119,28 @@ typedef struct err_state_st
 
 #define ERR_LIB_USER		128
 
-#define SYSerr(f,r)	ERR_PUT_error(ERR_LIB_SYS,(f),(r),ERR_file_name,__LINE__)
-#define BNerr(f,r)	ERR_PUT_error(ERR_LIB_BN,(f),(r),ERR_file_name,__LINE__)
-#define RSAerr(f,r)	ERR_PUT_error(ERR_LIB_RSA,(f),(r),ERR_file_name,__LINE__)
-#define DHerr(f,r)	ERR_PUT_error(ERR_LIB_DH,(f),(r),ERR_file_name,__LINE__)
-#define EVPerr(f,r)	ERR_PUT_error(ERR_LIB_EVP,(f),(r),ERR_file_name,__LINE__)
-#define BUFerr(f,r)	ERR_PUT_error(ERR_LIB_BUF,(f),(r),ERR_file_name,__LINE__)
-#define BIOerr(f,r)	ERR_PUT_error(ERR_LIB_BIO,(f),(r),ERR_file_name,__LINE__)
-#define OBJerr(f,r)	ERR_PUT_error(ERR_LIB_OBJ,(f),(r),ERR_file_name,__LINE__)
-#define PEMerr(f,r)	ERR_PUT_error(ERR_LIB_PEM,(f),(r),ERR_file_name,__LINE__)
-#define DSAerr(f,r)	ERR_PUT_error(ERR_LIB_DSA,(f),(r),ERR_file_name,__LINE__)
-#define X509err(f,r)	ERR_PUT_error(ERR_LIB_X509,(f),(r),ERR_file_name,__LINE__)
-#define METHerr(f,r)	ERR_PUT_error(ERR_LIB_METH,(f),(r),ERR_file_name,__LINE__)
-#define ASN1err(f,r)	ERR_PUT_error(ERR_LIB_ASN1,(f),(r),ERR_file_name,__LINE__)
-#define CONFerr(f,r)	ERR_PUT_error(ERR_LIB_CONF,(f),(r),ERR_file_name,__LINE__)
-#define SSLerr(f,r)	ERR_PUT_error(ERR_LIB_SSL,(f),(r),ERR_file_name,__LINE__)
-#define SSL23err(f,r)	ERR_PUT_error(ERR_LIB_SSL23,(f),(r),ERR_file_name,__LINE__)
-#define SSL2err(f,r)	ERR_PUT_error(ERR_LIB_SSL2,(f),(r),ERR_file_name,__LINE__)
-#define SSL3err(f,r)	ERR_PUT_error(ERR_LIB_SSL3,(f),(r),ERR_file_name,__LINE__)
-#define RSAREFerr(f,r)	ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__)
-#define PROXYerr(f,r)	ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__)
-#define PKCS7err(f,r)	ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__)
+#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),ERR_file_name,__LINE__)
+#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),ERR_file_name,__LINE__)
+#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),ERR_file_name,__LINE__)
+#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),ERR_file_name,__LINE__)
+#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),ERR_file_name,__LINE__)
+#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),ERR_file_name,__LINE__)
+#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),ERR_file_name,__LINE__)
+#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),ERR_file_name,__LINE__)
+#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),ERR_file_name,__LINE__)
+#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),ERR_file_name,__LINE__)
+#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),ERR_file_name,__LINE__)
+#define METHerr(f,r) ERR_PUT_error(ERR_LIB_METH,(f),(r),ERR_file_name,__LINE__)
+#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),ERR_file_name,__LINE__)
+#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),ERR_file_name,__LINE__)
+#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),ERR_file_name,__LINE__)
+#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),ERR_file_name,__LINE__)
+#define SSL23err(f,r) ERR_PUT_error(ERR_LIB_SSL23,(f),(r),ERR_file_name,__LINE__)
+#define SSL2err(f,r) ERR_PUT_error(ERR_LIB_SSL2,(f),(r),ERR_file_name,__LINE__)
+#define SSL3err(f,r) ERR_PUT_error(ERR_LIB_SSL3,(f),(r),ERR_file_name,__LINE__)
+#define RSAREFerr(f,r) ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__)
+#define PROXYerr(f,r) ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__)
+#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__)
 
 /* Borland C seems too stupid to be able to shift and do longs in
  * the pre-processor :-( */
@@ -172,6 +179,7 @@ typedef struct err_state_st
 #define ERR_R_METH_LIB	ERR_LIB_METH
 #define ERR_R_ASN1_LIB	ERR_LIB_ASN1
 #define ERR_R_CONF_LIB	ERR_LIB_CONF
+#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO
 #define ERR_R_SSL_LIB	ERR_LIB_SSL
 #define ERR_R_SSL23_LIB	ERR_LIB_SSL23
 #define ERR_R_SSL2_LIB	ERR_LIB_SSL2
@@ -193,20 +201,27 @@ typedef struct ERR_string_data_st
 
 #ifndef NOPROTO
 void ERR_put_error(int lib, int func,int reason,char *file,int line);
+void ERR_set_error_data(char *data,int flags);
+
 unsigned long ERR_get_error(void );
 unsigned long ERR_get_error_line(char **file,int *line);
+unsigned long ERR_get_error_line_data(char **file,int *line,
+		char **data, int *flags);
 unsigned long ERR_peek_error(void );
 unsigned long ERR_peek_error_line(char **file,int *line);
+unsigned long ERR_peek_error_line_data(char **file,int *line,
+		char **data,int *flags);
 void ERR_clear_error(void );
 char *ERR_error_string(unsigned long e,char *buf);
 char *ERR_lib_error_string(unsigned long e);
 char *ERR_func_error_string(unsigned long e);
 char *ERR_reason_error_string(unsigned long e);
-#ifndef WIN16
+#ifndef NO_FP_API
 void ERR_print_errors_fp(FILE *fp);
 #endif
 #ifdef HEADER_BIO_H
 void ERR_print_errors(BIO *bp);
+void ERR_add_error_data( VAR_PLIST( int, num ) );
 #endif
 void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
 void ERR_load_ERR_strings(void );
@@ -224,9 +239,13 @@ char *ERR_get_string_table(void );
 char *ERR_get_err_state_table(void );
 #endif
 
+int ERR_get_next_error_library(void );
+
 #else
 
 void ERR_put_error();
+void ERR_set_error_data();
+
 unsigned long ERR_get_error();
 unsigned long ERR_get_error_line();
 unsigned long ERR_peek_error();
@@ -236,10 +255,11 @@ char *ERR_error_string();
 char *ERR_lib_error_string();
 char *ERR_func_error_string();
 char *ERR_reason_error_string();
-#ifndef WIN16
+#ifndef NO_FP_API
 void ERR_print_errors_fp();
 #endif
 void ERR_print_errors();
+void ERR_add_error_data();
 void ERR_load_strings();
 void ERR_load_ERR_strings();
 void ERR_load_crypto_strings();
@@ -256,6 +276,8 @@ char *ERR_get_string_table();
 char *ERR_get_err_state_table();
 #endif
 
+int ERR_get_next_error_library();
+
 #endif
 
 #ifdef	__cplusplus
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index d6d8109ea..f874268e1 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -1,5 +1,5 @@
 /* crypto/err/err_all.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -110,6 +110,7 @@ void ERR_load_crypto_strings()
 	ERR_load_OBJ_strings();
 	ERR_load_PEM_strings();
 	ERR_load_X509_strings();
+	ERR_load_CRYPTO_strings();
 	ERR_load_PKCS7_strings();
 #endif
 	}
diff --git a/crypto/err/err_code.pl b/crypto/err/err_code.pl
index 5b893001c..7f4cd7c21 100644
--- a/crypto/err/err_code.pl
+++ b/crypto/err/err_code.pl
@@ -1,79 +1,48 @@
 #!/usr/local/bin/perl
 
-%errfile=(
-	"ERR",	"NONE",
-	"BN",	"bn/bn.err",
-	"RSA",	"rsa/rsa.err",
-	"DSA",	"dsa/dsa.err",
-	"DH",	"dh/dh.err",
-	"EVP",	"evp/evp.err",
-	"BUF",	"buffer/buffer.err",
-	"BIO",	"bio/bio.err",
-	"OBJ",	"objects/objects.err",
-	"PEM",	"pem/pem.err",
-	"X509",	"x509/x509.err",
-	"METH",	"meth/meth.err",
-	"ASN1",	"asn1/asn1.err",
-	"CONF",	"conf/conf.err",
-	"PROXY","proxy/proxy.err",
-	"PKCS7","pkcs7/pkcs7.err",
-	"RSAREF","../rsaref/rsaref.err",
-	"SSL",	"../ssl/ssl.err",
-	"SSL2",	"../ssl/ssl2.err",
-	"SSL3",	"../ssl/ssl3.err",
-	"SSL23","../ssl/ssl23.err",
-	);
-
-$function{'RSAREF_F_RSA_BN2BIN'}=1;
-$function{'RSAREF_F_RSA_PRIVATE_DECRYPT'}=1;
-$function{'RSAREF_F_RSA_PRIVATE_ENCRYPT'}=1;
-$function{'RSAREF_F_RSA_PUBLIC_DECRYPT'}=1;
-$function{'RSAREF_F_RSA_PUBLIC_ENCRYPT'}=1;
-$function{'SSL_F_CLIENT_CERTIFICATE'}=1;
-
-$r_value{'SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE'}=	1010;
-$r_value{'SSL_R_SSLV3_ALERT_BAD_RECORD_MAC'}=	1020;
-$r_value{'SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE'}=1030;
-$r_value{'SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE'}=	1040;
-$r_value{'SSL_R_SSLV3_ALERT_NO_CERTIFICATE'}=	1041;
-$r_value{'SSL_R_SSLV3_ALERT_BAD_CERTIFICATE'}=	1042;
-$r_value{'SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE'}=1043;
-$r_value{'SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED'}=	1044;
-$r_value{'SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED'}=	1045;
-$r_value{'SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN'}=	1046;
-$r_value{'SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER'}=	1047;
-
-$r_value{'RSAREF_R_CONTENT_ENCODING'}=	0x0400;
-$r_value{'RSAREF_R_DATA'}=		0x0401;
-$r_value{'RSAREF_R_DIGEST_ALGORITHM'}=	0x0402;
-$r_value{'RSAREF_R_ENCODING'}=		0x0403;
-$r_value{'RSAREF_R_KEY'}=		0x0404;
-$r_value{'RSAREF_R_KEY_ENCODING'}=	0x0405;
-$r_value{'RSAREF_R_LEN'}=		0x0406;
-$r_value{'RSAREF_R_MODULUS_LEN'}=	0x0407;
-$r_value{'RSAREF_R_NEED_RANDOM'}=	0x0408;
-$r_value{'RSAREF_R_PRIVATE_KEY'}=	0x0409;
-$r_value{'RSAREF_R_PUBLIC_KEY'}=	0x040a;
-$r_value{'RSAREF_R_SIGNATURE'}=		0x040b;
-$r_value{'RSAREF_R_SIGNATURE_ENCODING'}=0x040c;
-$r_value{'RSAREF_R_ENCRYPTION_ALGORITHM'}=0x040d;
-
-$last="";
-while (<>)
+while (@ARGV)
 	{
-	if (/err\(([A-Z0-9]+_F_[0-9A-Z_]+)\s*,\s*([0-9A-Z]+_R_[0-9A-Z_]+)\s*\)/)
+	$in=shift(@ARGV);
+	if ($in =~ /^-conf$/)
 		{
-		if ($1 != $last)
+		$in=shift(@ARGV);
+		open(IN,"<$in") || die "unable to open '$in'\n";
+		while (<IN>)
 			{
-			if ($function{$1} == 0)
+			s/#.*$//;
+			s/\s+$//;
+			next if (/^$/);
+			if (/^L\s+(\S+)\s+(\S+)$/)
+				{ $errfile{$1}=$2; }
+			elsif (/^F\s+(\S+)$/)
+				{ $function{$1}=1; }
+			elsif (/^R\s+(\S+)\s+(\S+)$/)
+				{ $r_value{$1}=$2; }
+			else { die "bad input line: $in:$.\n"; }
+			}
+		close(IN);
+		next;
+		}
+
+	open(IN,"<$in") || die "unable to open '$in'\n";
+	$last="";
+	while (<IN>)
+		{
+		if (/err\(([A-Z0-9]+_F_[0-9A-Z_]+)\s*,\s*([0-9A-Z]+_R_[0-9A-Z_]+)\s*\)/)
+			{
+			if ($1 != $last)
 				{
-				printf STDERR "$. $1 is bad\n";
+				if ($function{$1} == 0)
+					{
+					printf STDERR "$. $1 is bad\n";
+					}
 				}
+			$function{$1}++;
+			$last=$1;
+			$reason{$2}++;
 			}
-		$function{$1}++;
-		$last=$1;
-		$reason{$2}++;
 		}
+	close(IN);
 	}
 
 foreach (keys %function,keys %reason)
@@ -88,7 +57,17 @@ foreach $j (sort keys %prefix)
 	{
 	next if $errfile{$j} eq "NONE";
 	printf STDERR "doing %-6s - ",$j;
-	open(OUT,">$errfile{$j}") || die "unable to open '$errfile{$j}':$!\n";
+	if (defined($errfile{$j}))
+		{
+		open(OUT,">$errfile{$j}") ||
+			die "unable to open '$errfile{$j}':$!\n";
+		$close_file=1;
+		}
+	else
+		{
+		*OUT=*STDOUT;
+		$close=0;
+		}
 	@f=grep(/^${j}_/,@F);
 	@r=grep(/^${j}_/,@R);
 	$num=100;
@@ -119,7 +98,7 @@ foreach $j (sort keys %prefix)
 			}
 		$r_count++;
 		}
-	close(OUT);
+	close(OUT) if $close_file;
 
 	printf STDERR "%3d functions, %3d reasons\n",$f_count,$r_count;
 	}
diff --git a/crypto/err/err_genc.pl b/crypto/err/err_genc.pl
index 6733cfe57..d3251da84 100644
--- a/crypto/err/err_genc.pl
+++ b/crypto/err/err_genc.pl
@@ -1,6 +1,8 @@
 #!/usr/local/bin/perl
 
-($#ARGV == 1) || die "usage: $0 <header file> <output C file>\n";
+if ($ARGV[0] eq "-s") { $static=1; shift @ARGV; }
+
+($#ARGV == 1) || die "usage: $0 [-s] <header file> <output C file>\n";
 open(IN,"<$ARGV[0]") || die "unable to open $ARGV[0]:$!\n";
 open(STDOUT,">$ARGV[1]") || die "unable to open $ARGV[1]:$!\n";
 
@@ -58,19 +60,67 @@ foreach (sort keys %out)
 	print "{0,NULL},\n";
 	print "\t};\n\n";
 	}
+print "#endif\n";
+
+if ($static)
+	{ $lib="ERR_LIB_$type"; }
+else
+	{ $lib="${type}_lib_error_code"; }
+
+$str="";
+$str.="#ifndef NO_ERR\n";
+$str.="\t\tERR_load_strings($lib,${type}_str_functs);\n" if $Func;
+$str.="\t\tERR_load_strings($lib,${type}_str_reasons);\n" if $Reas;
+$str.="#endif\n";
+
+if (!$static)
+	{
+print <<"EOF";
+
+static int ${type}_lib_error_code=0;
+
+void ERR_load_${type}_strings()
+	{
+	static int init=1;
+
+	if (${type}_lib_error_code == 0)
+		${type}_lib_error_code=ERR_get_next_error_library();
+
+	if (init);
+		{;
+		init=0;
+$str
+		}
+	}
 
-print "void ERR_load_${type}_strings()\n";
-print "\t{\n";
-print "\tstatic int init=1;\n\n";
-print "\tif (init)\n";
-print "\t\t{\n";
-print "\t\tinit=0;\n";
-print "\t\tERR_load_strings(ERR_LIB_$type,${type}_str_functs);\n"
-	if $Func;
-print "\t\tERR_load_strings(ERR_LIB_$type,${type}_str_reasons);\n"
-	if $Reas;
-print "\t\t}\n";
-print "\t}\n";
+void ERR_${type}_error(function,reason,file,line)
+int function;
+int reason;
+char *file;
+int line;
+	{
+	if (${type}_lib_error_code == 0)
+		${type}_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(${type}_lib_error_code,function,reason,file,line);
+	}
+EOF
+	}
+else # $static
+	{
+	print <<"EOF";
+
+void ERR_load_${type}_strings()
+	{
+	static int init=1;
+
+	if (init);
+		{;
+		init=0;
+$str
+		}
+	}
+EOF
+	}
 
 sub header
 	{
@@ -143,5 +193,6 @@ EOF
 	print "#include \"err.h\"\n";
 	print "#include \"$header\"\n";
 	print "\n/* BEGIN ERROR CODES */\n";
+	print "#ifndef NO_ERR\n";
 	}
 
diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c
index 16e313879..ecd0e7c4f 100644
--- a/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
@@ -1,5 +1,5 @@
 /* crypto/err/err_prn.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -64,20 +64,22 @@
 #include "err.h"
 #include "crypto.h"
 
-#ifndef WIN16
+#ifndef NO_FP_API
 void ERR_print_errors_fp(fp)
 FILE *fp;
 	{
 	unsigned long l;
 	char buf[200];
-	char *file;
-	int line;
+	char *file,*data;
+	int line,flags;
 	unsigned long es;
 
 	es=CRYPTO_thread_id();
-	while ((l=ERR_get_error_line(&file,&line)) != 0)
-		fprintf(fp,"%lu:%s:%s:%d\n",es,ERR_error_string(l,buf),
-			file,line);
+	while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
+		{
+		fprintf(fp,"%lu:%s:%s:%d:%s\n",es,ERR_error_string(l,buf),
+			file,line,(flags&ERR_TXT_STRING)?data:"");
+		}
 	}
 #endif
 
@@ -87,16 +89,19 @@ BIO *bp;
 	unsigned long l;
 	char buf[256];
 	char buf2[256];
-	char *file;
-	int line;
+	char *file,*data;
+	int line,flags;
 	unsigned long es;
 
 	es=CRYPTO_thread_id();
-	while ((l=ERR_get_error_line(&file,&line)) != 0)
+	while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
 		{
-		sprintf(buf2,"%lu:%s:%s:%d\n",es,ERR_error_string(l,buf),
+		sprintf(buf2,"%lu:%s:%s:%d:",es,ERR_error_string(l,buf),
 			file,line);
 		BIO_write(bp,buf2,strlen(buf2));
+		if (flags & ERR_TXT_STRING)
+			BIO_write(bp,data,strlen(data));
+		BIO_write(bp,"\n",1);
 		}
 	}
 
diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl
index 20338119e..8bf251645 100644
--- a/crypto/evp/Makefile.ssl
+++ b/crypto/evp/Makefile.ssl
@@ -29,10 +29,13 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
 	e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c \
 	e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c \
 	e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c \
+	e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c \
+	e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c \
 	m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c \
-	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c \
+	m_ripemd.c \
+	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
 	bio_md.c bio_b64.c bio_enc.c $(ERRC).c e_null.c \
-	c_all.c
+	c_all.c evp_lib.c
 
 LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o \
 	e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o \
@@ -41,10 +44,13 @@ LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o \
 	e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o \
 	e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o \
 	e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o \
+	e_ecb_c.o e_cbc_c.o e_cfb_c.o e_ofb_c.o \
+	e_ecb_r5.o e_cbc_r5.o e_cfb_r5.o e_ofb_r5.o \
 	m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o \
-	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o \
+	m_ripemd.o \
+	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
 	bio_md.o bio_b64.o bio_enc.o $(ERRC).o e_null.o \
-	c_all.o
+	c_all.o evp_lib.o
 
 SRC= $(LIBSRC)
 
@@ -100,6 +106,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
index e362dc3bf..73172b9a0 100644
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
@@ -1,5 +1,5 @@
 /* crypto/evp/bio_b64.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -81,6 +81,7 @@ static int b64_free();
 #endif
 
 #define B64_BLOCK_SIZE	1024
+#define B64_BLOCK_SIZE2	768
 #define B64_NONE	0
 #define B64_ENCODE	1
 #define B64_DECODE	2
@@ -155,7 +156,7 @@ BIO *b;
 char *out;
 int outl;
 	{
-	int ret=0,i,ii,j,k,x,n,num;
+	int ret=0,i,ii,j,k,x,n,num,ret_code=0;
 	BIO_B64_CTX *ctx;
 	unsigned char *p,*q;
 
@@ -169,6 +170,7 @@ int outl;
 		ctx->encode=B64_DECODE;
 		ctx->buf_len=0;
 		ctx->buf_off=0;
+		ctx->tmp_len=0;
 		EVP_DecodeInit(&(ctx->base64));
 		}
 
@@ -192,6 +194,7 @@ int outl;
 	/* At this point, we have room of outl bytes and an empty
 	 * buffer, so we should read in some more. */
 
+	ret_code=0;
 	while (outl > 0)
 		{
 		if (ctx->cont <= 0) break;
@@ -201,16 +204,24 @@ int outl;
 
 		if (i <= 0)
 			{
+			ret_code=i;
+
 			/* Should be continue next time we are called? */
 			if (!BIO_should_retry(b->next_bio))
 				ctx->cont=i;
+			/* else we should continue when called again */
 			break;
 			}
 		i+=ctx->tmp_len;
 
 		/* We need to scan, a line at a time until we
 		 * have a valid line if we are starting. */
-		if (ctx->start)
+		if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL))
+			{
+			/* ctx->start=1; */
+			ctx->tmp_len=0;
+			}
+		else if (ctx->start)
 			{
 			q=p=(unsigned char *)ctx->tmp;
 			for (j=0; j<i; j++)
@@ -273,13 +284,51 @@ int outl;
 			else
 				ctx->tmp_len=0;
 			}
-		i=EVP_DecodeUpdate(&(ctx->base64),
-			(unsigned char *)ctx->buf,&ctx->buf_len,
-			(unsigned char *)ctx->tmp,i);
+
+		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+			{
+			int z,jj;
+
+			jj=(i>>2)<<2;
+			z=EVP_DecodeBlock((unsigned char *)ctx->buf,
+				(unsigned char *)ctx->tmp,jj);
+			if (jj > 2)
+				{
+				if (ctx->tmp[jj-1] == '=')
+					{
+					z--;
+					if (ctx->tmp[jj-2] == '=')
+						z--;
+					}
+				}
+			/* z is now number of output bytes and jj is the
+			 * number consumed */
+			if (jj != i)
+				{
+				memcpy((unsigned char *)ctx->tmp,
+					(unsigned char *)&(ctx->tmp[jj]),i-jj);
+				ctx->tmp_len=i-jj;
+				}
+			ctx->buf_len=0;
+			if (z > 0)
+				{
+				ctx->buf_len=z;
+				i=1;
+				}
+			else
+				i=z;
+			}
+		else
+			{
+			i=EVP_DecodeUpdate(&(ctx->base64),
+				(unsigned char *)ctx->buf,&ctx->buf_len,
+				(unsigned char *)ctx->tmp,i);
+			}
 		ctx->cont=i;
 		ctx->buf_off=0;
 		if (i < 0)
 			{
+			ret_code=0;
 			ctx->buf_len=0;
 			break;
 			}
@@ -302,7 +351,7 @@ int outl;
 		}
 	BIO_clear_retry_flags(b);
 	BIO_copy_next_retry(b);
-	return((ret == 0)?ctx->cont:ret);
+	return((ret == 0)?ret_code:ret);
 	}
 
 static int b64_write(b,in,inl)
@@ -321,6 +370,7 @@ int inl;
 		ctx->encode=B64_ENCODE;
 		ctx->buf_len=0;
 		ctx->buf_off=0;
+		ctx->tmp_len=0;
 		EVP_EncodeInit(&(ctx->base64));
 		}
 
@@ -344,9 +394,41 @@ int inl;
 	while (inl > 0)
 		{
 		n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
-		EVP_EncodeUpdate(&(ctx->base64),
-			(unsigned char *)ctx->buf,&ctx->buf_len,
-			(unsigned char *)in,n);
+
+		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+			{
+			if (ctx->tmp_len > 0)
+				{
+				n=3-ctx->tmp_len;
+				memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
+				ctx->tmp_len+=n;
+				n=ctx->tmp_len;
+				if (n < 3)
+					break;
+				ctx->buf_len=EVP_EncodeBlock(
+					(unsigned char *)ctx->buf,
+					(unsigned char *)ctx->tmp,n);
+				}
+			else
+				{
+				if (n < 3)
+					{
+					memcpy(&(ctx->tmp[0]),in,n);
+					ctx->tmp_len=n;
+					break;
+					}
+				n-=n%3;
+				ctx->buf_len=EVP_EncodeBlock(
+					(unsigned char *)ctx->buf,
+					(unsigned char *)in,n);
+				}
+			}
+		else
+			{
+			EVP_EncodeUpdate(&(ctx->base64),
+				(unsigned char *)ctx->buf,&ctx->buf_len,
+				(unsigned char *)in,n);
+			}
 		inl-=n;
 		in+=n;
 
@@ -419,7 +501,20 @@ again:
 				break;
 				}
 			}
-		if (ctx->base64.num != 0)
+		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+			{
+			if (ctx->tmp_len != 0)
+				{
+				ctx->buf_len=EVP_EncodeBlock(
+					(unsigned char *)ctx->buf,
+					(unsigned char *)ctx->tmp,
+					ctx->tmp_len);
+				ctx->buf_off=0;
+				ctx->tmp_len=0;
+				goto again;
+				}
+			}
+		else if (ctx->base64.num != 0)
 			{
 			ctx->buf_off=0;
 			EVP_EncodeFinal(&(ctx->base64),
diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
index 6020736fd..6c30ddfc5 100644
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -1,5 +1,5 @@
 /* crypto/evp/bio_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -116,6 +116,7 @@ BIO *bi;
 	BIO_ENC_CTX *ctx;
 
 	ctx=(BIO_ENC_CTX *)Malloc(sizeof(BIO_ENC_CTX));
+	EVP_CIPHER_CTX_init(&ctx->cipher);
 	if (ctx == NULL) return(0);
 
 	ctx->buf_len=0;
@@ -377,6 +378,26 @@ again:
 	return(ret);
 	}
 
+/*
+void BIO_set_cipher_ctx(b,c)
+BIO *b;
+EVP_CIPHER_ctx *c;
+	{
+	if (b == NULL) return;
+
+	if ((b->callback != NULL) &&
+		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+		return;
+
+	b->init=1;
+	ctx=(BIO_ENC_CTX *)b->ptr;
+	memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
+	
+	if (b->callback != NULL)
+		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+	}
+*/
+
 void BIO_set_cipher(b,c,k,i,e)
 BIO *b;
 EVP_CIPHER *c;
diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c
index 0d6508c98..fa5fdc055 100644
--- a/crypto/evp/bio_md.c
+++ b/crypto/evp/bio_md.c
@@ -1,5 +1,5 @@
 /* crypto/evp/bio_md.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
index b618d8d25..e77d1c896 100644
--- a/crypto/evp/c_all.c
+++ b/crypto/evp/c_all.c
@@ -1,5 +1,5 @@
 /* crypto/evp/c_all.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -97,6 +97,7 @@ void SSLeay_add_all_ciphers()
 
 #ifndef NO_RC4
 	EVP_add_cipher(EVP_rc4());
+	EVP_add_cipher(EVP_rc4_40());
 #endif
 
 #ifndef NO_IDEA
@@ -113,6 +114,7 @@ void SSLeay_add_all_ciphers()
 	EVP_add_cipher(EVP_rc2_cfb());
 	EVP_add_cipher(EVP_rc2_ofb());
 	EVP_add_cipher(EVP_rc2_cbc());
+	EVP_add_cipher(EVP_rc2_40_cbc());
 	EVP_add_alias(SN_rc2_cbc,"RC2");
 	EVP_add_alias(SN_rc2_cbc,"rc2");
 #endif
@@ -126,6 +128,28 @@ void SSLeay_add_all_ciphers()
 	EVP_add_alias(SN_bf_cbc,"bf");
 	EVP_add_alias(SN_bf_cbc,"blowfish");
 #endif
+
+#ifndef NO_CAST
+	EVP_add_cipher(EVP_cast5_ecb());
+	EVP_add_cipher(EVP_cast5_cfb());
+	EVP_add_cipher(EVP_cast5_ofb());
+	EVP_add_cipher(EVP_cast5_cbc());
+	EVP_add_alias(SN_cast5_cbc,"CAST");
+	EVP_add_alias(SN_cast5_cbc,"cast");
+	EVP_add_alias(SN_cast5_cbc,"CAST-cbc");
+	EVP_add_alias(SN_cast5_cbc,"cast-cbc");
+#endif
+
+#ifndef NO_RC5
+	EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+	EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+	EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+	EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+	EVP_add_alias(SN_rc5_cbc,"rc5");
+	EVP_add_alias(SN_rc5_cbc,"RC5");
+	EVP_add_alias(SN_rc5_cbc,"rc5-cbc");
+	EVP_add_alias(SN_rc5_cbc,"RC5-cbc");
+#endif
 	}
 
 
@@ -134,8 +158,10 @@ void SSLeay_add_all_digests()
 #ifndef NO_MD2
 	EVP_add_digest(EVP_md2());
 #endif
-#ifndef NO_MD2
+#ifndef NO_MD5
 	EVP_add_digest(EVP_md5());
+	EVP_add_alias(SN_md5,"ssl2-md5");
+	EVP_add_alias(SN_md5,"ssl3-md5");
 #endif
 #ifndef NO_SHA
 	EVP_add_digest(EVP_sha());
@@ -145,11 +171,20 @@ void SSLeay_add_all_digests()
 #endif
 #ifndef NO_SHA1
 	EVP_add_digest(EVP_sha1());
+	EVP_add_alias(SN_sha1,"ssl3-sha1");
 #ifndef NO_DSA
 	EVP_add_digest(EVP_dss1());
+	EVP_add_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+	EVP_add_alias(SN_dsaWithSHA1,"DSS1");
+	EVP_add_alias(SN_dsaWithSHA1,"dss1");
 #endif
 #endif
 #if !defined(NO_MDC2) && !defined(NO_DES)
 	EVP_add_digest(EVP_mdc2());
 #endif
+#ifndef NO_RIPEMD160
+	EVP_add_digest(EVP_ripemd160());
+	EVP_add_alias(SN_ripemd160,"ripemd");
+	EVP_add_alias(SN_ripemd160,"rmd160");
+#endif
 	}
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 035218d43..d65f0036f 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -1,5 +1,5 @@
 /* crypto/evp/digest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/evp/e_cbc_3d.c b/crypto/evp/e_cbc_3d.c
index 3749759e2..5761bf186 100644
--- a/crypto/evp/e_cbc_3d.c
+++ b/crypto/evp/e_cbc_3d.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_cbc_3d.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -80,6 +80,11 @@ static EVP_CIPHER d_cbc_ede_cipher2=
 	8,16,8,
 	des_cbc_ede_init_key,
 	des_cbc_ede_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_get_asn1_iv,
+	EVP_CIPHER_set_asn1_iv,
 	};
 
 static EVP_CIPHER d_cbc_ede_cipher3=
@@ -88,6 +93,11 @@ static EVP_CIPHER d_cbc_ede_cipher3=
 	8,24,8,
 	des_cbc_ede3_init_key,
 	des_cbc_ede_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_des_ede_cbc()
@@ -107,8 +117,8 @@ unsigned char *iv;
 int enc;
 	{
 	if (iv != NULL)
-		memcpy(&(ctx->c.des_ede.oiv[0]),iv,8);
-	memcpy(&(ctx->c.des_ede.iv[0]),&(ctx->c.des_ede.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 
 	if (key != NULL)
 		{
@@ -127,8 +137,8 @@ unsigned char *iv;
 int enc;
 	{
 	if (iv != NULL)
-		memcpy(&(ctx->c.des_ede.oiv[0]),iv,8);
-	memcpy(&(ctx->c.des_ede.iv[0]),&(ctx->c.des_ede.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 
 	if (key != NULL)
 		{
@@ -148,6 +158,6 @@ unsigned int inl;
 		(des_cblock *)in,(des_cblock *)out,
 		(long)inl, ctx->c.des_ede.ks1,
 		ctx->c.des_ede.ks2,ctx->c.des_ede.ks3,
-		(des_cblock *)&(ctx->c.des_ede.iv[0]),
+		(des_cblock *)&(ctx->iv[0]),
 		ctx->encrypt);
 	}
diff --git a/crypto/evp/e_cbc_bf.c b/crypto/evp/e_cbc_bf.c
index d6278e248..be605f4a1 100644
--- a/crypto/evp/e_cbc_bf.c
+++ b/crypto/evp/e_cbc_bf.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_cbc_bf.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,11 @@ static EVP_CIPHER bfish_cbc_cipher=
 	8,EVP_BLOWFISH_KEY_SIZE,8,
 	bf_cbc_init_key,
 	bf_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+	EVP_CIPHER_get_asn1_iv,
+	EVP_CIPHER_set_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_bf_cbc()
@@ -93,10 +98,10 @@ unsigned char *iv;
 int enc;
 	{
 	if (iv != NULL)
-		memcpy(&(ctx->c.bf_cbc.oiv[0]),iv,8);
-	memcpy(&(ctx->c.bf_cbc.iv[0]),&(ctx->c.bf_cbc.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		BF_set_key(&(ctx->c.bf_cbc.ks),EVP_BLOWFISH_KEY_SIZE,key);
+		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
 	}
 
 static void bf_cbc_cipher(ctx,out,in,inl)
@@ -107,7 +112,7 @@ unsigned int inl;
 	{
 	BF_cbc_encrypt(
 		in,out,(long)inl,
-		&(ctx->c.bf_cbc.ks),&(ctx->c.bf_cbc.iv[0]),
+		&(ctx->c.bf_ks),&(ctx->iv[0]),
 		ctx->encrypt);
 	}
 
diff --git a/crypto/evp/e_cbc_d.c b/crypto/evp/e_cbc_d.c
index accc01e95..c67706e3a 100644
--- a/crypto/evp/e_cbc_d.c
+++ b/crypto/evp/e_cbc_d.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_cbc_d.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -77,6 +77,11 @@ static EVP_CIPHER d_cbc_cipher=
 	8,8,8,
 	des_cbc_init_key,
 	des_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+	EVP_CIPHER_get_asn1_iv,
+	EVP_CIPHER_set_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_des_cbc()
@@ -91,10 +96,10 @@ unsigned char *iv;
 int enc;
 	{
 	if (iv != NULL)
-		memcpy(&(ctx->c.des_cbc.oiv[0]),iv,8);
-	memcpy(&(ctx->c.des_cbc.iv[0]),&(ctx->c.des_cbc.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_cbc.ks);
+		des_set_key((des_cblock *)key,ctx->c.des_ks);
 	}
 
 static void des_cbc_cipher(ctx,out,in,inl)
@@ -105,7 +110,7 @@ unsigned int inl;
 	{
 	des_ncbc_encrypt(
 		(des_cblock *)in,(des_cblock *)out,
-		(long)inl, ctx->c.des_cbc.ks,
-		(des_cblock *)&(ctx->c.des_cbc.iv[0]),
+		(long)inl, ctx->c.des_ks,
+		(des_cblock *)&(ctx->iv[0]),
 		ctx->encrypt);
 	}
diff --git a/crypto/evp/e_cbc_i.c b/crypto/evp/e_cbc_i.c
index abfb5ed14..312ffcb72 100644
--- a/crypto/evp/e_cbc_i.c
+++ b/crypto/evp/e_cbc_i.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_cbc_i.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,11 @@ static EVP_CIPHER i_cbc_cipher=
 	8,16,8,
 	idea_cbc_init_key,
 	idea_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+	EVP_CIPHER_get_asn1_iv,
+	EVP_CIPHER_set_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_idea_cbc()
@@ -93,18 +98,18 @@ unsigned char *iv;
 int enc;
 	{
 	if (iv != NULL)
-		memcpy(&(ctx->c.idea_cbc.oiv[0]),iv,8);
-	memcpy(&(ctx->c.idea_cbc.iv[0]),&(ctx->c.idea_cbc.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
 		{
 		if (enc)
-			idea_set_encrypt_key(key,&(ctx->c.idea_cbc.ks));
+			idea_set_encrypt_key(key,&(ctx->c.idea_ks));
 		else
 			{
 			IDEA_KEY_SCHEDULE tmp;
 
 			idea_set_encrypt_key(key,&tmp);
-			idea_set_decrypt_key(&tmp,&(ctx->c.idea_cbc.ks));
+			idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
 			memset((unsigned char *)&tmp,0,
 				sizeof(IDEA_KEY_SCHEDULE));
 			}
@@ -119,7 +124,7 @@ unsigned int inl;
 	{
 	idea_cbc_encrypt(
 		in,out,(long)inl,
-		&(ctx->c.idea_cbc.ks),&(ctx->c.idea_cbc.iv[0]),
+		&(ctx->c.idea_ks),&(ctx->iv[0]),
 		ctx->encrypt);
 	}
 
diff --git a/crypto/evp/e_cbc_r2.c b/crypto/evp/e_cbc_r2.c
index 2e3f85598..4f8002f16 100644
--- a/crypto/evp/e_cbc_r2.c
+++ b/crypto/evp/e_cbc_r2.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_cbc_r2.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,12 +79,33 @@ static EVP_CIPHER r2_cbc_cipher=
 	8,EVP_RC2_KEY_SIZE,8,
 	rc2_cbc_init_key,
 	rc2_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	EVP_CIPHER_get_asn1_iv,
+	EVP_CIPHER_set_asn1_iv,
+	};
+
+static EVP_CIPHER r2_40_cbc_cipher=
+	{
+	NID_rc2_40_cbc,
+	8,5 /* 40 bit */,8,
+	rc2_cbc_init_key,
+	rc2_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
 	};
 
 EVP_CIPHER *EVP_rc2_cbc()
 	{
 	return(&r2_cbc_cipher);
 	}
+
+EVP_CIPHER *EVP_rc2_40_cbc()
+	{
+	return(&r2_40_cbc_cipher);
+	}
 	
 static void rc2_cbc_init_key(ctx,key,iv,enc)
 EVP_CIPHER_CTX *ctx;
@@ -93,11 +114,11 @@ unsigned char *iv;
 int enc;
 	{
 	if (iv != NULL)
-		memcpy(&(ctx->c.rc2_cbc.oiv[0]),iv,8);
-	memcpy(&(ctx->c.rc2_cbc.iv[0]),&(ctx->c.rc2_cbc.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		RC2_set_key(&(ctx->c.rc2_cbc.ks),EVP_RC2_KEY_SIZE,key,
-			EVP_RC2_KEY_SIZE*8);
+		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+			key,EVP_CIPHER_CTX_key_length(ctx)*8);
 	}
 
 static void rc2_cbc_cipher(ctx,out,in,inl)
@@ -108,7 +129,7 @@ unsigned int inl;
 	{
 	RC2_cbc_encrypt(
 		in,out,(long)inl,
-		&(ctx->c.rc2_cbc.ks),&(ctx->c.rc2_cbc.iv[0]),
+		&(ctx->c.rc2_ks),&(ctx->iv[0]),
 		ctx->encrypt);
 	}
 
diff --git a/crypto/evp/e_cfb_3d.c b/crypto/evp/e_cfb_3d.c
index 3d6577a78..e7e341941 100644
--- a/crypto/evp/e_cfb_3d.c
+++ b/crypto/evp/e_cfb_3d.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_cfb_3d.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -80,6 +80,11 @@ static EVP_CIPHER d_ede_cfb_cipher2=
 	1,16,8,
 	des_ede_cfb_init_key,
 	des_ede_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 static EVP_CIPHER d_ede3_cfb_cipher3=
@@ -88,6 +93,11 @@ static EVP_CIPHER d_ede3_cfb_cipher3=
 	1,24,8,
 	des_ede3_cfb_init_key,
 	des_ede_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_des_ede_cfb()
@@ -106,18 +116,18 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.des_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_cfb.ks);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_cfb.ks2);
-		memcpy( (char *)ctx->c.des_cfb.ks3,
-			(char *)ctx->c.des_cfb.ks,
-			sizeof(ctx->c.des_cfb.ks));
+		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
+		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
+		memcpy( (char *)ctx->c.des_ede.ks3,
+			(char *)ctx->c.des_ede.ks1,
+			sizeof(ctx->c.des_ede.ks1));
 		}
 	}
 
@@ -127,16 +137,16 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.des_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_cfb.ks);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_cfb.ks2);
-		des_set_key((des_cblock *)&(key[16]),ctx->c.des_cfb.ks3);
+		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
+		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
+		des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3);
 		}
 	}
 
@@ -148,9 +158,9 @@ unsigned int inl;
 	{
 	des_ede3_cfb64_encrypt(
 		in,out,(long)inl,
-		ctx->c.des_cfb.ks,
-		ctx->c.des_cfb.ks2,
-		ctx->c.des_cfb.ks3,
-		(des_cblock *)&(ctx->c.des_cfb.iv[0]),
-		&ctx->c.des_cfb.num,ctx->encrypt);
+		ctx->c.des_ede.ks1,
+		ctx->c.des_ede.ks2,
+		ctx->c.des_ede.ks3,
+		(des_cblock *)&(ctx->iv[0]),
+		&ctx->num,ctx->encrypt);
 	}
diff --git a/crypto/evp/e_cfb_bf.c b/crypto/evp/e_cfb_bf.c
index be15d1401..8aba2564b 100644
--- a/crypto/evp/e_cfb_bf.c
+++ b/crypto/evp/e_cfb_bf.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_cfb_bf.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,11 @@ static EVP_CIPHER bfish_cfb_cipher=
 	1,EVP_BLOWFISH_KEY_SIZE,8,
 	bf_cfb_init_key,
 	bf_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_bf_cfb()
@@ -92,13 +97,13 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.bf_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.bf_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.bf_cfb.iv[0]),&(ctx->c.bf_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		BF_set_key(&(ctx->c.bf_cfb.ks),EVP_BLOWFISH_KEY_SIZE,key);
+		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
 	}
 
 static void bf_cfb_cipher(ctx,out,in,inl)
@@ -109,8 +114,8 @@ unsigned int inl;
 	{
 	BF_cfb64_encrypt(
 		in,out,
-		(long)inl, &(ctx->c.bf_cfb.ks),
-		&(ctx->c.bf_cfb.iv[0]),
-		&ctx->c.bf_cfb.num,ctx->encrypt);
+		(long)inl, &(ctx->c.bf_ks),
+		&(ctx->iv[0]),
+		&ctx->num,ctx->encrypt);
 	}
 #endif
diff --git a/crypto/evp/e_cfb_d.c b/crypto/evp/e_cfb_d.c
index 75af87ac0..9ae4558f5 100644
--- a/crypto/evp/e_cfb_d.c
+++ b/crypto/evp/e_cfb_d.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_cfb_d.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -77,6 +77,11 @@ static EVP_CIPHER d_cfb_cipher=
 	1,8,8,
 	des_cfb_init_key,
 	des_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_des_cfb()
@@ -90,13 +95,13 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.des_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_cfb.ks);
+		des_set_key((des_cblock *)key,ctx->c.des_ks);
 	}
 
 static void des_cfb_cipher(ctx,out,in,inl)
@@ -107,7 +112,7 @@ unsigned int inl;
 	{
 	des_cfb64_encrypt(
 		in,out,
-		(long)inl, ctx->c.des_cfb.ks,
-		(des_cblock *)&(ctx->c.des_cfb.iv[0]),
-		&ctx->c.des_cfb.num,ctx->encrypt);
+		(long)inl, ctx->c.des_ks,
+		(des_cblock *)&(ctx->iv[0]),
+		&ctx->num,ctx->encrypt);
 	}
diff --git a/crypto/evp/e_cfb_i.c b/crypto/evp/e_cfb_i.c
index 7fe2fbf6d..9225efaa8 100644
--- a/crypto/evp/e_cfb_i.c
+++ b/crypto/evp/e_cfb_i.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_cfb_i.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,11 @@ static EVP_CIPHER i_cfb_cipher=
 	1,IDEA_KEY_LENGTH,IDEA_BLOCK,
 	idea_cfb_init_key,
 	idea_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_idea_cfb()
@@ -92,13 +97,13 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.idea_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.idea_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.idea_cfb.iv[0]),&(ctx->c.idea_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		idea_set_encrypt_key(key,&(ctx->c.idea_cfb.ks));
+		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
 	}
 
 static void idea_cfb_cipher(ctx,out,in,inl)
@@ -109,8 +114,8 @@ unsigned int inl;
 	{
 	idea_cfb64_encrypt(
 		in,out,(long)inl,
-		&(ctx->c.idea_cfb.ks),&(ctx->c.idea_cfb.iv[0]),
-		&ctx->c.idea_cfb.num,ctx->encrypt);
+		&(ctx->c.idea_ks),&(ctx->iv[0]),
+		&ctx->num,ctx->encrypt);
 	}
 
 #endif
diff --git a/crypto/evp/e_cfb_r2.c b/crypto/evp/e_cfb_r2.c
index a63c0f13f..af5a39d1f 100644
--- a/crypto/evp/e_cfb_r2.c
+++ b/crypto/evp/e_cfb_r2.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_cfb_r2.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,11 @@ static EVP_CIPHER r2_cfb_cipher=
 	1,EVP_RC2_KEY_SIZE,8,
 	rc2_cfb_init_key,
 	rc2_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_rc2_cfb()
@@ -92,13 +97,13 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.rc2_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.rc2_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.rc2_cfb.iv[0]),&(ctx->c.rc2_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		RC2_set_key(&(ctx->c.rc2_cfb.ks),EVP_RC2_KEY_SIZE,key,
+		RC2_set_key(&(ctx->c.rc2_ks),EVP_RC2_KEY_SIZE,key,
 			EVP_RC2_KEY_SIZE*8);
 	}
 
@@ -110,8 +115,8 @@ unsigned int inl;
 	{
 	RC2_cfb64_encrypt(
 		in,out,
-		(long)inl, &(ctx->c.rc2_cfb.ks),
-		&(ctx->c.rc2_cfb.iv[0]),
-		&ctx->c.rc2_cfb.num,ctx->encrypt);
+		(long)inl, &(ctx->c.rc2_ks),
+		&(ctx->iv[0]),
+		&ctx->num,ctx->encrypt);
 	}
 #endif
diff --git a/crypto/evp/e_dsa.c b/crypto/evp/e_dsa.c
index f3dc78e06..6715c3e95 100644
--- a/crypto/evp/e_dsa.c
+++ b/crypto/evp/e_dsa.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_dsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/evp/e_ecb_3d.c b/crypto/evp/e_ecb_3d.c
index 0a19805f9..908fc0760 100644
--- a/crypto/evp/e_ecb_3d.c
+++ b/crypto/evp/e_ecb_3d.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_ecb_3d.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -80,6 +80,11 @@ static EVP_CIPHER d_ede_cipher2=
 	8,16,0,
 	des_ede_init_key,
 	des_ede_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	NULL,
+	NULL,
 	};
 
 static EVP_CIPHER d_ede3_cipher3=
@@ -88,6 +93,10 @@ static EVP_CIPHER d_ede3_cipher3=
 	8,24,0,
 	des_ede3_init_key,
 	des_ede_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	NULL,
 	};
 
 EVP_CIPHER *EVP_des_ede()
diff --git a/crypto/evp/e_ecb_bf.c b/crypto/evp/e_ecb_bf.c
index f625862e4..142a9d312 100644
--- a/crypto/evp/e_ecb_bf.c
+++ b/crypto/evp/e_ecb_bf.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_ecb_bf.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,11 @@ static EVP_CIPHER bfish_ecb_cipher=
 	8,EVP_BLOWFISH_KEY_SIZE,0,
 	bf_ecb_init_key,
 	bf_ecb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+	NULL,
+	NULL,
 	};
 
 EVP_CIPHER *EVP_bf_ecb()
@@ -93,7 +98,7 @@ unsigned char *iv;
 int enc;
 	{
 	if (key != NULL)
-		BF_set_key(&(ctx->c.bf_ecb.ks),EVP_BLOWFISH_KEY_SIZE,key);
+		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
 	}
 
 static void bf_ecb_cipher(ctx,out,in,inl)
@@ -110,7 +115,7 @@ unsigned int inl;
 		{
 		BF_ecb_encrypt(
 			&(in[i]),&(out[i]),
-			&(ctx->c.bf_ecb.ks),ctx->encrypt);
+			&(ctx->c.bf_ks),ctx->encrypt);
 		}
 	}
 
diff --git a/crypto/evp/e_ecb_d.c b/crypto/evp/e_ecb_d.c
index b1b80e61d..7a409d645 100644
--- a/crypto/evp/e_ecb_d.c
+++ b/crypto/evp/e_ecb_d.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_ecb_d.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -77,6 +77,11 @@ static EVP_CIPHER d_ecb_cipher=
 	8,8,0,
 	des_ecb_init_key,
 	des_ecb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+	NULL,
+	NULL,
 	};
 
 EVP_CIPHER *EVP_des_ecb()
@@ -91,7 +96,7 @@ unsigned char *iv;
 int enc;
 	{
 	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_ecb.ks);
+		des_set_key((des_cblock *)key,ctx->c.des_ks);
 	}
 
 static void des_ecb_cipher(ctx,out,in,inl)
@@ -108,6 +113,6 @@ unsigned int inl;
 		{
 		des_ecb_encrypt(
 			(des_cblock *)&(in[i]),(des_cblock *)&(out[i]),
-			ctx->c.des_ecb.ks,ctx->encrypt);
+			ctx->c.des_ks,ctx->encrypt);
 		}
 	}
diff --git a/crypto/evp/e_ecb_i.c b/crypto/evp/e_ecb_i.c
index 318c4c3af..e24022a12 100644
--- a/crypto/evp/e_ecb_i.c
+++ b/crypto/evp/e_ecb_i.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_ecb_i.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,11 @@ static EVP_CIPHER i_ecb_cipher=
 	8,16,0,
 	idea_ecb_init_key,
 	idea_ecb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+	NULL,
+	NULL,
 	};
 
 EVP_CIPHER *EVP_idea_ecb()
@@ -95,13 +100,13 @@ int enc;
 	if (key != NULL)
 		{
 		if (enc)
-			idea_set_encrypt_key(key,&(ctx->c.idea_ecb.ks));
+			idea_set_encrypt_key(key,&(ctx->c.idea_ks));
 		else
 			{
 			IDEA_KEY_SCHEDULE tmp;
 
 			idea_set_encrypt_key(key,&tmp);
-			idea_set_decrypt_key(&tmp, &(ctx->c.idea_ecb.ks));
+			idea_set_decrypt_key(&tmp, &(ctx->c.idea_ks));
 			memset((unsigned char *)&tmp,0,
 				sizeof(IDEA_KEY_SCHEDULE));
 			}
@@ -121,7 +126,7 @@ unsigned int inl;
 	for (i=0; i<=inl; i+=8)
 		{
 		idea_ecb_encrypt(
-			&(in[i]),&(out[i]),&(ctx->c.idea_ecb.ks));
+			&(in[i]),&(out[i]),&(ctx->c.idea_ks));
 		}
 	}
 
diff --git a/crypto/evp/e_ecb_r2.c b/crypto/evp/e_ecb_r2.c
index 66d25f6b5..e35b06dc6 100644
--- a/crypto/evp/e_ecb_r2.c
+++ b/crypto/evp/e_ecb_r2.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_ecb_r2.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,11 @@ static EVP_CIPHER r2_ecb_cipher=
 	8,EVP_RC2_KEY_SIZE,0,
 	rc2_ecb_init_key,
 	rc2_ecb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	NULL,
+	NULL,
 	};
 
 EVP_CIPHER *EVP_rc2_ecb()
@@ -93,7 +98,7 @@ unsigned char *iv;
 int enc;
 	{
 	if (key != NULL)
-		RC2_set_key(&(ctx->c.rc2_ecb.ks),EVP_RC2_KEY_SIZE,key,
+		RC2_set_key(&(ctx->c.rc2_ks),EVP_RC2_KEY_SIZE,key,
 			EVP_RC2_KEY_SIZE*8);
 	}
 
@@ -111,7 +116,7 @@ unsigned int inl;
 		{
 		RC2_ecb_encrypt(
 			&(in[i]),&(out[i]),
-			&(ctx->c.rc2_ecb.ks),ctx->encrypt);
+			&(ctx->c.rc2_ks),ctx->encrypt);
 		}
 	}
 
diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c
index c30e2736f..e4e7ca760 100644
--- a/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_null.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -77,6 +77,10 @@ static EVP_CIPHER n_cipher=
 	1,0,0,
 	null_init_key,
 	null_cipher,
+	NULL,
+	0,
+	NULL,
+	NULL,
 	};
 
 EVP_CIPHER *EVP_enc_null()
diff --git a/crypto/evp/e_ofb_3d.c b/crypto/evp/e_ofb_3d.c
index 7dbe50f3d..c3add18e9 100644
--- a/crypto/evp/e_ofb_3d.c
+++ b/crypto/evp/e_ofb_3d.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_ofb_3d.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -80,6 +80,11 @@ static EVP_CIPHER d_ede_ofb_cipher2=
 	1,16,8,
 	des_ede_ofb_init_key,
 	des_ede_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 static EVP_CIPHER d_ede3_ofb_cipher3=
@@ -88,6 +93,11 @@ static EVP_CIPHER d_ede3_ofb_cipher3=
 	1,24,8,
 	des_ede3_ofb_init_key,
 	des_ede_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_des_ede_ofb()
@@ -106,18 +116,18 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.des_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_cfb.ks);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_cfb.ks2);
-		memcpy( (char *)ctx->c.des_cfb.ks3,
-			(char *)ctx->c.des_cfb.ks,
-			sizeof(ctx->c.des_cfb.ks));
+		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
+		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
+		memcpy( (char *)ctx->c.des_ede.ks3,
+			(char *)ctx->c.des_ede.ks1,
+			sizeof(ctx->c.des_ede.ks1));
 		}
 	}
 
@@ -127,16 +137,16 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.des_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_cfb.ks);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_cfb.ks2);
-		des_set_key((des_cblock *)&(key[16]),ctx->c.des_cfb.ks3);
+		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
+		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
+		des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3);
 		}
 	}
 
@@ -149,7 +159,7 @@ unsigned int inl;
 	des_ede3_ofb64_encrypt(
 		in,out,
 		(long)inl,
-		ctx->c.des_cfb.ks, ctx->c.des_cfb.ks2, ctx->c.des_cfb.ks3,
-		(des_cblock *)&(ctx->c.des_cfb.iv[0]),
-		&ctx->c.des_cfb.num);
+		ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
+		(des_cblock *)&(ctx->iv[0]),
+		&ctx->num);
 	}
diff --git a/crypto/evp/e_ofb_bf.c b/crypto/evp/e_ofb_bf.c
index 078f17106..492f9b908 100644
--- a/crypto/evp/e_ofb_bf.c
+++ b/crypto/evp/e_ofb_bf.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_ofb_bf.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,11 @@ static EVP_CIPHER bfish_ofb_cipher=
 	1,EVP_BLOWFISH_KEY_SIZE,8,
 	bf_ofb_init_key,
 	bf_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_bf_ofb()
@@ -92,13 +97,13 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.bf_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.bf_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.bf_cfb.iv[0]),&(ctx->c.bf_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		BF_set_key(&(ctx->c.bf_cfb.ks),EVP_BLOWFISH_KEY_SIZE,key);
+		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
 	}
 
 static void bf_ofb_cipher(ctx,out,in,inl)
@@ -109,9 +114,9 @@ unsigned int inl;
 	{
 	BF_ofb64_encrypt(
 		in,out,
-		(long)inl, &(ctx->c.bf_cfb.ks),
-		&(ctx->c.bf_cfb.iv[0]),
-		&ctx->c.bf_cfb.num);
+		(long)inl, &(ctx->c.bf_ks),
+		&(ctx->iv[0]),
+		&ctx->num);
 	}
 
 #endif
diff --git a/crypto/evp/e_ofb_d.c b/crypto/evp/e_ofb_d.c
index a48af2e51..09d4b4139 100644
--- a/crypto/evp/e_ofb_d.c
+++ b/crypto/evp/e_ofb_d.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_ofb_d.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -77,6 +77,11 @@ static EVP_CIPHER d_ofb_cipher=
 	1,8,8,
 	des_ofb_init_key,
 	des_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_des_ofb()
@@ -90,13 +95,13 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.des_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_cfb.ks);
+		des_set_key((des_cblock *)key,ctx->c.des_ks);
 	}
 
 static void des_ofb_cipher(ctx,out,in,inl)
@@ -107,7 +112,7 @@ unsigned int inl;
 	{
 	des_ofb64_encrypt(
 		in,out,
-		(long)inl, ctx->c.des_cfb.ks,
-		(des_cblock *)&(ctx->c.des_cfb.iv[0]),
-		&ctx->c.des_cfb.num);
+		(long)inl, ctx->c.des_ks,
+		(des_cblock *)&(ctx->iv[0]),
+		&ctx->num);
 	}
diff --git a/crypto/evp/e_ofb_i.c b/crypto/evp/e_ofb_i.c
index dbf370b7b..96c8afd9c 100644
--- a/crypto/evp/e_ofb_i.c
+++ b/crypto/evp/e_ofb_i.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_ofb_i.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,11 @@ static EVP_CIPHER i_ofb_cipher=
 	1,IDEA_KEY_LENGTH,IDEA_BLOCK,
 	idea_ofb_init_key,
 	idea_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_idea_ofb()
@@ -92,13 +97,13 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.idea_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.idea_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.idea_cfb.iv[0]),&(ctx->c.idea_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		idea_set_encrypt_key(key,&(ctx->c.idea_cfb.ks));
+		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
 	}
 
 static void idea_ofb_cipher(ctx,out,in,inl)
@@ -109,8 +114,8 @@ unsigned int inl;
 	{
 	idea_ofb64_encrypt(
 		in,out,(long)inl,
-		&(ctx->c.idea_cfb.ks),&(ctx->c.idea_cfb.iv[0]),
-		&ctx->c.idea_cfb.num);
+		&(ctx->c.idea_ks),&(ctx->iv[0]),
+		&ctx->num);
 	}
 
 #endif
diff --git a/crypto/evp/e_ofb_r2.c b/crypto/evp/e_ofb_r2.c
index 04e13b359..0f6d72998 100644
--- a/crypto/evp/e_ofb_r2.c
+++ b/crypto/evp/e_ofb_r2.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_ofb_r2.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,11 @@ static EVP_CIPHER r2_ofb_cipher=
 	1,EVP_RC2_KEY_SIZE,8,
 	rc2_ofb_init_key,
 	rc2_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_rc2_ofb()
@@ -92,13 +97,13 @@ unsigned char *key;
 unsigned char *iv;
 int enc;
 	{
-	ctx->c.rc2_cfb.num=0;
+	ctx->num=0;
 
 	if (iv != NULL)
-		memcpy(&(ctx->c.rc2_cfb.oiv[0]),iv,8);
-	memcpy(&(ctx->c.rc2_cfb.iv[0]),&(ctx->c.rc2_cfb.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		RC2_set_key(&(ctx->c.rc2_cfb.ks),EVP_RC2_KEY_SIZE,key,
+		RC2_set_key(&(ctx->c.rc2_ks),EVP_RC2_KEY_SIZE,key,
 			EVP_RC2_KEY_SIZE*8);
 	}
 
@@ -110,9 +115,9 @@ unsigned int inl;
 	{
 	RC2_ofb64_encrypt(
 		in,out,
-		(long)inl, &(ctx->c.rc2_cfb.ks),
-		&(ctx->c.rc2_cfb.iv[0]),
-		&ctx->c.rc2_cfb.num);
+		(long)inl, &(ctx->c.rc2_ks),
+		&(ctx->iv[0]),
+		&ctx->num);
 	}
 
 #endif
diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
index e1ffb5d95..7e9790a94 100644
--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_rc4.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -79,6 +79,19 @@ static EVP_CIPHER r4_cipher=
 	1,EVP_RC4_KEY_SIZE,0,
 	rc4_init_key,
 	rc4_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc4)),
+	NULL,
+	NULL,
+	};
+
+static EVP_CIPHER r4_40_cipher=
+	{
+	NID_rc4_40,
+	1,5 /* 40 bit */,0,
+	rc4_init_key,
+	rc4_cipher,
 	};
 
 EVP_CIPHER *EVP_rc4()
@@ -86,6 +99,11 @@ EVP_CIPHER *EVP_rc4()
 	return(&r4_cipher);
 	}
 
+EVP_CIPHER *EVP_rc4_40()
+	{
+	return(&r4_40_cipher);
+	}
+
 static void rc4_init_key(ctx,key,iv,enc)
 EVP_CIPHER_CTX *ctx;
 unsigned char *key;
diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c
index 55fe0869d..0d7fda0c4 100644
--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
@@ -1,5 +1,5 @@
 /* crypto/evp/e_xcbc_d.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -77,6 +77,11 @@ static EVP_CIPHER d_xcbc_cipher=
 	8,24,8,
 	desx_cbc_init_key,
 	desx_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.desx_cbc)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 EVP_CIPHER *EVP_desx_cbc()
@@ -91,8 +96,8 @@ unsigned char *iv;
 int enc;
 	{
 	if (iv != NULL)
-		memcpy(&(ctx->c.desx_cbc.oiv[0]),iv,8);
-	memcpy(&(ctx->c.desx_cbc.iv[0]),&(ctx->c.desx_cbc.oiv[0]),8);
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
 		{
 		des_set_key((des_cblock *)key,ctx->c.desx_cbc.ks);
@@ -110,7 +115,7 @@ unsigned int inl;
 	des_xcbc_encrypt(
 		(des_cblock *)in,(des_cblock *)out,
 		(long)inl, ctx->c.desx_cbc.ks,
-		(des_cblock *)&(ctx->c.desx_cbc.iv[0]),
+		(des_cblock *)&(ctx->iv[0]),
 		(des_cblock *)&(ctx->c.desx_cbc.inw[0]),
 		(des_cblock *)&(ctx->c.desx_cbc.outw[0]),
 		ctx->encrypt);
diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 7cd65244e..14d47c1ee 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -1,5 +1,5 @@
 /* crypto/evp/encode.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -224,6 +224,7 @@ EVP_ENCODE_CTX *ctx;
 	ctx->length=30;
 	ctx->num=0;
 	ctx->line_num=0;
+	ctx->expect_nl=0;
 	}
 
 /* -1 for error
@@ -237,12 +238,13 @@ int *outl;
 unsigned char *in;
 int inl;
 	{
-	int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2;
+	int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
 	unsigned char *d;
 
 	n=ctx->num;
 	d=ctx->enc_data;
 	ln=ctx->line_num;
+	exp_nl=ctx->expect_nl;
 
 	/* last line of input. */
 	if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF)))
@@ -280,7 +282,16 @@ int inl;
 			}
 
 		/* eoln */
-		if (v == B64_EOLN) ln=0;
+		if (v == B64_EOLN)
+			{
+			ln=0;
+			if (exp_nl)
+				{
+				exp_nl=0;
+				continue;
+				}
+			}
+		exp_nl=0;
 
 		/* If we are at the end of input and it looks like a
 		 * line, process it. */
@@ -289,6 +300,10 @@ int inl;
 
 		if ((v == B64_EOF) || (n >= 64))
 			{
+			/* This is needed to work correctly on 64 byte input
+			 * lines.  We process the line and then need to
+			 * accept the '\n' */
+			if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
 			tmp2=v;
 			if (n > 0)
 				{
@@ -322,6 +337,7 @@ end:
 	*outl=ret;
 	ctx->num=n;
 	ctx->line_num=ln;
+	ctx->expect_nl=exp_nl;
 	return(rv);
 	}
 
diff --git a/crypto/evp/evp.err b/crypto/evp/evp.err
index 0630b993a..cfc17437b 100644
--- a/crypto/evp/evp.err
+++ b/crypto/evp/evp.err
@@ -5,10 +5,11 @@
 #define EVP_F_EVP_DECRYPTFINAL				 101
 #define EVP_F_EVP_OPENINIT				 102
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103
-#define EVP_F_EVP_PKEY_NEW				 104
-#define EVP_F_EVP_SEALINIT				 105
-#define EVP_F_EVP_SIGNFINAL				 106
-#define EVP_F_EVP_VERIFYFINAL				 107
+#define EVP_F_EVP_PKEY_DECRYPT				 104
+#define EVP_F_EVP_PKEY_ENCRYPT				 105
+#define EVP_F_EVP_PKEY_NEW				 106
+#define EVP_F_EVP_SIGNFINAL				 107
+#define EVP_F_EVP_VERIFYFINAL				 108
 
 /* Reason codes. */
 #define EVP_R_BAD_DECRYPT				 100
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 3ece7fbd4..b39fad93a 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -1,5 +1,5 @@
 /* crypto/evp/evp.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -72,6 +72,9 @@ extern "C" {
 #if !defined(NO_SHA) || !defined(NO_SHA1)
 #include "sha.h"
 #endif
+#ifndef NO_RIPEMD
+#include "ripemd.h"
+#endif
 #ifndef NO_DES
 #include "des.h"
 #endif
@@ -81,9 +84,15 @@ extern "C" {
 #ifndef NO_RC2
 #include "rc2.h"
 #endif
+#ifndef NO_RC5
+#include "rc5.h"
+#endif
 #ifndef NO_BLOWFISH
 #include "blowfish.h"
 #endif
+#ifndef NO_CAST
+#include "cast.h"
+#endif
 #ifndef NO_IDEA
 #include "idea.h"
 #endif
@@ -91,12 +100,14 @@ extern "C" {
 #include "mdc2.h"
 #endif
 
-#define EVP_RC2_KEY_SIZE	16
-#define EVP_RC4_KEY_SIZE	16
-#define EVP_BLOWFISH_KEY_SIZE	16
-#define EVP_MAX_MD_SIZE		20
-#define EVP_MAX_KEY_LENGTH	24
-#define EVP_MAX_IV_LENGTH	8
+#define EVP_RC2_KEY_SIZE		16
+#define EVP_RC4_KEY_SIZE		16
+#define EVP_BLOWFISH_KEY_SIZE		16
+#define EVP_CAST5_KEY_SIZE		16
+#define EVP_RC5_32_12_16_KEY_SIZE	16
+#define EVP_MAX_MD_SIZE			(16+20) /* The SSLv3 md5+sha1 type */
+#define EVP_MAX_KEY_LENGTH		24
+#define EVP_MAX_IV_LENGTH		8
 
 #ifndef NO_RSA
 #include "rsa.h"
@@ -132,10 +143,15 @@ extern "C" {
 #define EVP_PKEY_RSA	NID_rsaEncryption
 #define EVP_PKEY_RSA2	NID_rsa
 #define EVP_PKEY_DSA	NID_dsa
+#define EVP_PKEY_DSA1	NID_dsa_2
 #define EVP_PKEY_DSA2	NID_dsaWithSHA
 #define EVP_PKEY_DSA3	NID_dsaWithSHA1
+#define EVP_PKEY_DSA4	NID_dsaWithSHA1_2
 #define EVP_PKEY_DH	NID_dhKeyAgreement
 
+/* Type needs to be a bit field
+ * Sub-type needs to be for variations on the method, as in, can it do
+ * arbitary encryption.... */
 typedef struct evp_pkey_st
 	{
 	int type;
@@ -155,6 +171,79 @@ typedef struct evp_pkey_st
 #endif
 	} EVP_PKEY;
 
+#define EVP_PKEY_MO_SIGN	0x0001
+#define EVP_PKEY_MO_VERIFY	0x0002
+#define EVP_PKEY_MO_ENCRYPT	0x0004
+#define EVP_PKEY_MO_DECRYPT	0x0008
+
+#if 0
+/* This structure is required to tie the message digest and signing together.
+ * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or
+ * oid, md and pkey.
+ * This is required because for various smart-card perform the digest and
+ * signing/verification on-board.  To handle this case, the specific
+ * EVP_MD and EVP_PKEY_METHODs need to be closely associated.
+ * When a PKEY is created, it will have a EVP_PKEY_METHOD ossociated with it.
+ * This can either be software or a token to provide the required low level
+ * routines.
+ */
+typedef struct evp_pkey_md_st
+	{
+	int oid;
+	EVP_MD *md;
+	EVP_PKEY_METHOD *pkey;
+	} EVP_PKEY_MD;
+
+#define EVP_rsa_md2()
+		EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
+			EVP_rsa_pkcs1(),EVP_md2())
+#define EVP_rsa_md5()
+		EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
+			EVP_rsa_pkcs1(),EVP_md5())
+#define EVP_rsa_sha0()
+		EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
+			EVP_rsa_pkcs1(),EVP_sha())
+#define EVP_rsa_sha1()
+		EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
+			EVP_rsa_pkcs1(),EVP_sha1())
+#define EVP_rsa_ripemd160()
+		EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
+			EVP_rsa_pkcs1(),EVP_ripemd160())
+#define EVP_rsa_mdc2()
+		EVP_PKEY_MD_add(NID_mdc2WithRSA,\
+			EVP_rsa_octet_string(),EVP_mdc2())
+#define EVP_dsa_sha()
+		EVP_PKEY_MD_add(NID_dsaWithSHA,\
+			EVP_dsa(),EVP_mdc2())
+#define EVP_dsa_sha1()
+		EVP_PKEY_MD_add(NID_dsaWithSHA1,\
+			EVP_dsa(),EVP_sha1())
+
+typedef struct evp_pkey_method_st
+	{
+	char *name;
+	int flags;
+	int type;		/* RSA, DSA, an SSLeay specific constant */
+	int oid;		/* For the pub-key type */
+	int encrypt_oid;	/* pub/priv key encryption */
+
+	int (*sign)();
+	int (*verify)();
+	struct	{
+		int
+		int (*set)();	/* get and/or set the underlying type */
+		int (*get)();
+		int (*encrypt)();
+		int (*decrypt)();
+		int (*i2d)();
+		int (*d2i)();
+		int (*dup)();
+		} pub,priv;
+	int (*set_asn1_parameters)();
+	int (*get_asn1_parameters)();
+	} EVP_PKEY_METHOD;
+#endif
+
 #ifndef EVP_MD
 typedef struct env_md_st
 	{
@@ -167,14 +256,17 @@ typedef struct env_md_st
 
 	int (*sign)();
 	int (*verify)();
-	int required_pkey_type[4]; /*EVP_PKEY_xxx */
+	int required_pkey_type[5]; /*EVP_PKEY_xxx */
+	int block_size;
+	int ctx_size; /* how big does the ctx need to be */
 	} EVP_MD;
 
 #define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}
 
 #ifndef NO_DSA
 #define EVP_PKEY_DSA_method	DSA_sign,DSA_verify, \
-				{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,0}
+				{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
+					EVP_PKEY_DSA4,0}
 #else
 #define EVP_PKEY_DSA_method	EVP_PKEY_NULL_method
 #endif
@@ -204,6 +296,9 @@ typedef struct env_md_ctx_st
 #ifndef NO_MD5
 		MD5_CTX md5;
 #endif
+#ifndef NO_MD5
+		RIPEMD160_CTX ripemd160;
+#endif
 #if !defined(NO_SHA) || !defined(NO_SHA1)
 		SHA_CTX sha;
 #endif
@@ -222,6 +317,11 @@ typedef struct evp_cipher_st
 	void (*init)();		/* init for encryption */
 	void (*do_cipher)();	/* encrypt data */
 	void (*cleanup)();	/* used by cipher method */ 
+	int ctx_size;		/* how big the ctx needs to be */
+	/* int set_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */
+	int (*set_asn1_parameters)(); /* Populate a ASN1_TYPE with parameters */
+	/* int get_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */
+	int (*get_asn1_parameters)(); /* Get parameters from a ASN1_TYPE */
 	} EVP_CIPHER;
 
 typedef struct evp_cipher_info_st
@@ -235,7 +335,12 @@ typedef struct evp_cipher_ctx_st
 	EVP_CIPHER *cipher;
 	int encrypt;		/* encrypt or decrypt */
 	int buf_len;		/* number we have left */
-	unsigned char buf[8];
+
+	unsigned char  oiv[EVP_MAX_IV_LENGTH];	/* original iv */
+	unsigned char  iv[EVP_MAX_IV_LENGTH];	/* working iv */
+	unsigned char buf[EVP_MAX_IV_LENGTH];	/* saved partial block */
+	int num;				/* used by cfb/ofb mode */
+
 	char *app_data;		/* aplication stuff */
 	union	{
 #ifndef NO_RC4
@@ -246,102 +351,34 @@ typedef struct evp_cipher_ctx_st
 			} rc4;
 #endif
 #ifndef NO_DES
+		des_key_schedule des_ks;/* key schedule */
 		struct
 			{
 			des_key_schedule ks;/* key schedule */
-			} des_ecb;
-
-		struct
-			{
-			C_Block oiv;	/* original iv */
-			C_Block iv;	/* working iv */
-			des_key_schedule ks;/* key schedule */
-			} des_cbc;
-
-		struct
-			{
-			C_Block oiv;	/* original iv */
-			C_Block iv;	/* working iv */
 			C_Block inw;
 			C_Block outw;
-			des_key_schedule ks;/* key schedule */
 			} desx_cbc;
-
 		struct
 			{
-			C_Block oiv;	/* original iv */
-			C_Block iv;	/* working iv */
-			des_key_schedule ks;/* key schedule */
+			des_key_schedule ks1;/* key schedule */
 			des_key_schedule ks2;/* key schedule (for ede) */
 			des_key_schedule ks3;/* key schedule (for ede3) */
-			int num;	/* used by cfb mode */
-			} des_cfb;
-
-		struct
-			{
-			C_Block oiv;	/* original iv */
-			C_Block iv;	/* working iv */
-			des_key_schedule ks1;/* ksched 1 */
-			des_key_schedule ks2;/* ksched 2 */
-			des_key_schedule ks3;/* ksched 3 */
 			} des_ede;
 #endif
 #ifndef NO_IDEA
-		struct
-			{
-			IDEA_KEY_SCHEDULE ks;/* key schedule */
-			} idea_ecb;
-		struct
-			{
-			unsigned char oiv[8];/* original iv */
-			unsigned char iv[8]; /* working iv */
-			IDEA_KEY_SCHEDULE ks;/* key schedule */
-			} idea_cbc;
-		struct
-			{
-			unsigned char oiv[8];/* original iv */
-			unsigned char iv[8]; /* working iv */
-			IDEA_KEY_SCHEDULE ks;/* key schedule */
-			int num;	/* used by cfb mode */
-			} idea_cfb;
+		IDEA_KEY_SCHEDULE idea_ks;/* key schedule */
 #endif
 #ifndef NO_RC2
-		struct
-			{
-			RC2_KEY ks;/* key schedule */
-			} rc2_ecb;
-		struct
-			{
-			unsigned char oiv[8];/* original iv */
-			unsigned char iv[8]; /* working iv */
-			RC2_KEY ks;/* key schedule */
-			} rc2_cbc;
-		struct
-			{
-			unsigned char oiv[8];/* original iv */
-			unsigned char iv[8]; /* working iv */
-			RC2_KEY ks;/* key schedule */
-			int num;	/* used by cfb mode */
-			} rc2_cfb;
+		RC2_KEY rc2_ks;/* key schedule */
+#endif
+#ifndef NO_RC5
+		RC5_32_KEY rc5_ks;/* key schedule */
 #endif
 #ifndef NO_BLOWFISH
-		struct
-			{
-			BF_KEY ks;/* key schedule */
-			} bf_ecb;
-		struct
-			{
-			unsigned char oiv[8];/* original iv */
-			unsigned char iv[8]; /* working iv */
-			BF_KEY ks;/* key schedule */
-			} bf_cbc;
-		struct
-			{
-			unsigned char oiv[8];/* original iv */
-			unsigned char iv[8]; /* working iv */
-			BF_KEY ks;/* key schedule */
-			int num;	/* used by cfb mode */
-			} bf_cfb;
+		BF_KEY bf_ks;/* key schedule */
+#endif
+#ifndef NO_CAST
+		CAST_KEY cast_ks;/* key schedule */
 #endif
 		} c;
 	} EVP_CIPHER_CTX;
@@ -356,6 +393,7 @@ typedef struct evp_Encode_Ctx_st
 			 * line is decoded */
 	unsigned char enc_data[80];	/* data to encode */
 	int line_num;	/* number read on current line */
+	int expect_nl;
 	} EVP_ENCODE_CTX;
 
 #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
@@ -374,7 +412,10 @@ typedef struct evp_Encode_Ctx_st
 #define EVP_MD_type(e)			((e)->type)
 #define EVP_MD_pkey_type(e)		((e)->pkey_type)
 #define EVP_MD_size(e)			((e)->md_size)
-#define EVP_MD_CTX_size(e)		((e)->digest->md_size)
+#define EVP_MD_block_size(e)		((e)->block_size)
+
+#define EVP_MD_CTX_size(e)		EVP_MD_size((e)->digest)
+#define EVP_MD_CTX_block_size(e)	EVP_MD_block_size((e)->digest)
 #define EVP_MD_CTX_type(e)		((e)->digest)
 
 #define EVP_CIPHER_nid(e)		((e)->nid)
@@ -471,6 +512,7 @@ int	EVP_DecodeBlock(unsigned char *t, unsigned
 
 void	ERR_load_EVP_strings(void );
 
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
 void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
 
 #ifdef HEADER_BIO_H
@@ -489,6 +531,7 @@ EVP_MD *EVP_sha1(void);
 EVP_MD *EVP_dss(void);
 EVP_MD *EVP_dss1(void);
 EVP_MD *EVP_mdc2(void);
+EVP_MD *EVP_ripemd160(void);
 
 EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
 EVP_CIPHER *EVP_des_ecb(void);
@@ -505,18 +548,28 @@ EVP_CIPHER *EVP_des_ede_cbc(void);
 EVP_CIPHER *EVP_des_ede3_cbc(void);
 EVP_CIPHER *EVP_desx_cbc(void);
 EVP_CIPHER *EVP_rc4(void);
+EVP_CIPHER *EVP_rc4_40(void);
 EVP_CIPHER *EVP_idea_ecb(void);
 EVP_CIPHER *EVP_idea_cfb(void);
 EVP_CIPHER *EVP_idea_ofb(void);
 EVP_CIPHER *EVP_idea_cbc(void);
 EVP_CIPHER *EVP_rc2_ecb(void);
 EVP_CIPHER *EVP_rc2_cbc(void);
+EVP_CIPHER *EVP_rc2_40_cbc(void);
 EVP_CIPHER *EVP_rc2_cfb(void);
 EVP_CIPHER *EVP_rc2_ofb(void);
 EVP_CIPHER *EVP_bf_ecb(void);
 EVP_CIPHER *EVP_bf_cbc(void);
 EVP_CIPHER *EVP_bf_cfb(void);
 EVP_CIPHER *EVP_bf_ofb(void);
+EVP_CIPHER *EVP_cast5_ecb(void);
+EVP_CIPHER *EVP_cast5_cbc(void);
+EVP_CIPHER *EVP_cast5_cfb(void);
+EVP_CIPHER *EVP_cast5_ofb(void);
+EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
+EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
+EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
+EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
 
 void SSLeay_add_all_algorithms(void);
 void SSLeay_add_all_ciphers(void);
@@ -531,7 +584,12 @@ EVP_CIPHER *EVP_get_cipherbyname(char *name);
 EVP_MD *EVP_get_digestbyname(char *name);
 void EVP_cleanup(void);
 
+int		EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key,
+			int enc_key_len,EVP_PKEY *private_key);
+int		EVP_PKEY_encrypt(unsigned char *enc_key,
+			unsigned char *key,int key_len,EVP_PKEY *pub_key);
 int		EVP_PKEY_type(int type);
+int		EVP_PKEY_bits(EVP_PKEY *pkey);
 int		EVP_PKEY_size(EVP_PKEY *pkey);
 int 		EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
 EVP_PKEY *	EVP_PKEY_new(void);
@@ -547,6 +605,15 @@ int		i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
 int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from);
 int EVP_PKEY_missing_parameters(EVP_PKEY *pkey);
 int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
+int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b);
+
+/* calls methods */
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+/* These are used by EVP_CIPHER methods */
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
 
 #else
 
@@ -596,6 +663,7 @@ int	EVP_DecodeBlock();
 
 void	ERR_load_EVP_strings();
 
+void EVP_CIPHER_CTX_init();
 void EVP_CIPHER_CTX_cleanup();
 
 #ifdef HEADER_BIO_H
@@ -629,18 +697,28 @@ EVP_CIPHER *EVP_des_ede_cbc();
 EVP_CIPHER *EVP_des_ede3_cbc();
 EVP_CIPHER *EVP_desx_cbc();
 EVP_CIPHER *EVP_rc4();
+EVP_CIPHER *EVP_rc4_40();
 EVP_CIPHER *EVP_idea_ecb();
 EVP_CIPHER *EVP_idea_cfb();
 EVP_CIPHER *EVP_idea_ofb();
 EVP_CIPHER *EVP_idea_cbc();
 EVP_CIPHER *EVP_rc2_ecb();
 EVP_CIPHER *EVP_rc2_cbc();
+EVP_CIPHER *EVP_rc2_40_cbc();
 EVP_CIPHER *EVP_rc2_cfb();
 EVP_CIPHER *EVP_rc2_ofb();
 EVP_CIPHER *EVP_bf_ecb();
 EVP_CIPHER *EVP_bf_cbc();
 EVP_CIPHER *EVP_bf_cfb();
 EVP_CIPHER *EVP_bf_ofb();
+EVP_CIPHER *EVP_cast5_ecb();
+EVP_CIPHER *EVP_cast5_cbc();
+EVP_CIPHER *EVP_cast5_cfb();
+EVP_CIPHER *EVP_cast5_ofb();
+EVP_CIPHER *EVP_rc5_32_12_16_cbc();
+EVP_CIPHER *EVP_rc5_32_12_16_ecb();
+EVP_CIPHER *EVP_rc5_32_12_16_cfb();
+EVP_CIPHER *EVP_rc5_32_12_16_ofb();
 
 void SSLeay_add_all_algorithms();
 void SSLeay_add_all_ciphers();
@@ -655,7 +733,10 @@ EVP_CIPHER *EVP_get_cipherbyname();
 EVP_MD *EVP_get_digestbyname();
 void EVP_cleanup();
 
+int		EVP_PKEY_decrypt();
+int		EVP_PKEY_encrypt();
 int		EVP_PKEY_type();
+int		EVP_PKEY_bits();
 int		EVP_PKEY_size();
 int 		EVP_PKEY_assign();
 EVP_PKEY *	EVP_PKEY_new();
@@ -669,6 +750,13 @@ int		i2d_PrivateKey();
 int EVP_PKEY_copy_parameters();
 int EVP_PKEY_missing_parameters();
 int EVP_PKEY_save_parameters();
+int EVP_PKEY_cmp_parameters();
+
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+int EVP_CIPHER_set_asn1_iv();
+int EVP_CIPHER_get_asn1_iv();
 
 #endif
 
@@ -680,10 +768,11 @@ int EVP_PKEY_save_parameters();
 #define EVP_F_EVP_DECRYPTFINAL				 101
 #define EVP_F_EVP_OPENINIT				 102
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103
-#define EVP_F_EVP_PKEY_NEW				 104
-#define EVP_F_EVP_SEALINIT				 105
-#define EVP_F_EVP_SIGNFINAL				 106
-#define EVP_F_EVP_VERIFYFINAL				 107
+#define EVP_F_EVP_PKEY_DECRYPT				 104
+#define EVP_F_EVP_PKEY_ENCRYPT				 105
+#define EVP_F_EVP_PKEY_NEW				 106
+#define EVP_F_EVP_SIGNFINAL				 107
+#define EVP_F_EVP_VERIFYFINAL				 108
 
 /* Reason codes. */
 #define EVP_R_BAD_DECRYPT				 100
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 2015b5f89..93cc3a946 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1,5 +1,5 @@
 /* crypto/evp/evp_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,7 +60,14 @@
 #include "cryptlib.h"
 #include "evp.h"
 
-char *EVP_version="EVP part of SSLeay 0.8.1b 29-Jun-1998";
+char *EVP_version="EVP part of SSLeay 0.9.0b 29-Jun-1998";
+
+void EVP_CIPHER_CTX_init(ctx)
+EVP_CIPHER_CTX *ctx;
+	{
+	memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+	/* ctx->cipher=NULL; */
+	}
 
 void EVP_CipherInit(ctx,data,key,iv,enc)
 EVP_CIPHER_CTX *ctx;
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 326da1177..2b0a0ab93 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -60,14 +60,16 @@
 #include "evp.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA EVP_str_functs[]=
 	{
 {ERR_PACK(0,EVP_F_D2I_PKEY,0),	"D2I_PKEY"},
 {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),	"EVP_DecryptFinal"},
 {ERR_PACK(0,EVP_F_EVP_OPENINIT,0),	"EVP_OpenInit"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0),	"EVP_PKEY_copy_parameters"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0),	"EVP_PKEY_decrypt"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0),	"EVP_PKEY_encrypt"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0),	"EVP_PKEY_new"},
-{ERR_PACK(0,EVP_F_EVP_SEALINIT,0),	"EVP_SealInit"},
 {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),	"EVP_SignFinal"},
 {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),	"EVP_VerifyFinal"},
 {0,NULL},
@@ -88,14 +90,19 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_EVP_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_EVP,EVP_str_functs);
 		ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index 0aa1dbb65..dafa686f6 100644
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -1,5 +1,5 @@
 /* crypto/evp/evp_key.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -82,6 +82,10 @@ char *EVP_get_pw_prompt()
 		return(prompt_string);
 	}
 
+#ifdef NO_DES
+int des_read_pw_string(char *buf,int len,char *prompt,int verify);
+#endif
+
 int EVP_read_pw_string(buf,len,prompt,verify)
 char *buf;
 int len;
@@ -158,6 +162,6 @@ unsigned char *iv;
 		}
 	memset(&c,0,sizeof(c));
 	memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
-	return(nkey);
+	return(type->key_len);
 	}
 
diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c
index 743beacc5..3549b1699 100644
--- a/crypto/evp/m_dss.c
+++ b/crypto/evp/m_dss.c
@@ -1,5 +1,5 @@
 /* crypto/evp/m_dss.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -67,10 +67,12 @@ static EVP_MD dsa_md=
 	NID_dsaWithSHA,
 	NID_dsaWithSHA,
 	SHA_DIGEST_LENGTH,
-	SHA_Init,
-	SHA_Update,
-	SHA_Final,
+	SHA1_Init,
+	SHA1_Update,
+	SHA1_Final,
 	EVP_PKEY_DSA_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
 EVP_MD *EVP_dss()
diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c
index a14e8590b..ff256b7b2 100644
--- a/crypto/evp/m_dss1.c
+++ b/crypto/evp/m_dss1.c
@@ -1,5 +1,5 @@
 /* crypto/evp/m_dss1.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,6 +71,8 @@ static EVP_MD dss1_md=
 	SHA1_Update,
 	SHA1_Final,
 	EVP_PKEY_DSA_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
 EVP_MD *EVP_dss1()
diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c
index 17360c100..220941614 100644
--- a/crypto/evp/m_md2.c
+++ b/crypto/evp/m_md2.c
@@ -1,5 +1,5 @@
 /* crypto/evp/m_md2.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,6 +71,8 @@ static EVP_MD md2_md=
 	MD2_Update,
 	MD2_Final,
 	EVP_PKEY_RSA_method,
+	MD2_BLOCK,
+	sizeof(EVP_MD *)+sizeof(MD2_CTX),
 	};
 
 EVP_MD *EVP_md2()
diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c
index f7b4eb1ea..d65db9aa1 100644
--- a/crypto/evp/m_md5.c
+++ b/crypto/evp/m_md5.c
@@ -1,5 +1,5 @@
 /* crypto/evp/m_md5.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,6 +71,8 @@ static EVP_MD md5_md=
 	MD5_Update,
 	MD5_Final,
 	EVP_PKEY_RSA_method,
+	MD5_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(MD5_CTX),
 	};
 
 EVP_MD *EVP_md5()
diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c
index da70f689b..64a853eb7 100644
--- a/crypto/evp/m_mdc2.c
+++ b/crypto/evp/m_mdc2.c
@@ -1,5 +1,5 @@
 /* crypto/evp/m_mdc2.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,6 +71,8 @@ static EVP_MD mdc2_md=
 	MDC2_Update,
 	MDC2_Final,
 	EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
+	MDC2_BLOCK,
+	sizeof(EVP_MD *)+sizeof(MDC2_CTX),
 	};
 
 EVP_MD *EVP_mdc2()
diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c
index 47db2c525..6d80560df 100644
--- a/crypto/evp/m_null.c
+++ b/crypto/evp/m_null.c
@@ -1,5 +1,5 @@
 /* crypto/evp/m_null.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -75,7 +75,9 @@ static EVP_MD null_md=
 	function,
 	function,
 	
-	EVP_PKEY_NULL_method
+	EVP_PKEY_NULL_method,
+	0,
+	sizeof(EVP_MD *),
 	};
 
 EVP_MD *EVP_md_null()
diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c
index d723ac76a..af4e434a2 100644
--- a/crypto/evp/m_sha.c
+++ b/crypto/evp/m_sha.c
@@ -1,5 +1,5 @@
 /* crypto/evp/m_sha.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,6 +71,8 @@ static EVP_MD sha_md=
 	SHA_Update,
 	SHA_Final,
 	EVP_PKEY_RSA_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
 EVP_MD *EVP_sha()
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index 30037ffcd..87135a9cf 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -1,5 +1,5 @@
 /* crypto/evp/m_sha1.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,6 +71,8 @@ static EVP_MD sha1_md=
 	SHA1_Update,
 	SHA1_Final,
 	EVP_PKEY_RSA_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
 EVP_MD *EVP_sha1()
diff --git a/crypto/evp/names.c b/crypto/evp/names.c
index 49fd34f27..e0774da20 100644
--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
@@ -1,5 +1,5 @@
 /* crypto/evp/names.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -158,7 +158,9 @@ char *aname;
 		}
 
 	if ((i=sk_find(aliases,(char *)a)) >= 0)
+		{
 		Free(sk_delete(aliases,i));
+		}
 	if (!sk_push(aliases,(char *)a)) goto err;
 	return(1);
 err:
@@ -207,6 +209,7 @@ char *name;
 			}
 
 		nid=OBJ_txt2nid(name);
+		if (nid == NID_undef) return(NULL);
 		c.nid=nid;
 		i=sk_find(ciphers,(char *)&c);
 		if (i >= 0)
@@ -245,6 +248,7 @@ char *name;
 			}
 
 		nid=OBJ_txt2nid(name);
+		if (nid == NID_undef) return(NULL);
 		c.pkey_type=nid;
 		i=sk_find(digests,(char *)&c);
 		if (i >= 0)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 11369048e..395351b37 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1,5 +1,5 @@
 /* crypto/evp/p_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -72,6 +72,21 @@ static void EVP_PKEY_free_it(EVP_PKEY *x);
 static void EVP_PKEY_free_it();
 #endif
 
+int EVP_PKEY_bits(pkey)
+EVP_PKEY *pkey;
+	{
+#ifndef NO_RSA
+	if (pkey->type == EVP_PKEY_RSA)
+		return(BN_num_bits(pkey->pkey.rsa->n));
+	else
+#endif
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+		return(BN_num_bits(pkey->pkey.dsa->p));
+#endif
+	return(0);
+	}
+
 int EVP_PKEY_size(pkey)
 EVP_PKEY *pkey;
 	{
@@ -110,13 +125,13 @@ EVP_PKEY *to,*from;
 	if (to->type != from->type)
 		{
 		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES);
-		return(0);
+		goto err;
 		}
 
 	if (EVP_PKEY_missing_parameters(from))
 		{
 		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARMATERS);
-		return(0);
+		goto err;
 		}
 #ifndef NO_DSA
 	if (to->type == EVP_PKEY_DSA)
@@ -157,6 +172,23 @@ EVP_PKEY *pkey;
 	return(0);
 	}
 
+int EVP_PKEY_cmp_parameters(a,b)
+EVP_PKEY *a,*b;
+	{
+#ifndef NO_DSA
+	if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
+		{
+		if (	BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
+			BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
+			BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
+			return(0);
+		else
+			return(1);
+		}
+#endif
+	return(-1);
+	}
+
 EVP_PKEY *EVP_PKEY_new()
 	{
 	EVP_PKEY *ret;
@@ -198,8 +230,10 @@ int type;
 	case EVP_PKEY_RSA2:
 		return(EVP_PKEY_RSA);
 	case EVP_PKEY_DSA:
+	case EVP_PKEY_DSA1:
 	case EVP_PKEY_DSA2:
 	case EVP_PKEY_DSA3:
+	case EVP_PKEY_DSA4:
 		return(EVP_PKEY_DSA);
 	case EVP_PKEY_DH:
 		return(EVP_PKEY_DH);
@@ -216,6 +250,9 @@ EVP_PKEY *x;
 	if (x == NULL) return;
 
 	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+	REF_PRINT("EVP_PKEY",x);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
@@ -243,6 +280,7 @@ EVP_PKEY *x;
 	case EVP_PKEY_DSA:
 	case EVP_PKEY_DSA2:
 	case EVP_PKEY_DSA3:
+	case EVP_PKEY_DSA4:
 		DSA_free(x->pkey.dsa);
 		break;
 #endif
diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c
index 46434051a..28a8e0225 100644
--- a/crypto/evp/p_open.c
+++ b/crypto/evp/p_open.c
@@ -1,5 +1,5 @@
 /* crypto/evp/p_open.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -75,7 +75,7 @@ EVP_PKEY *priv;
 	
 	if (priv->type != EVP_PKEY_RSA)
 		{
-                EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
+		EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
 		ret= -1;
 		goto err;
                 }
@@ -90,13 +90,14 @@ EVP_PKEY *priv;
 		goto err;
 		}
 
-	i=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
+	i=EVP_PKEY_decrypt(key,ek,ekl,priv);
 	if (i != type->key_len)
 		{
 		/* ERROR */
 		goto err;
 		}
 
+	EVP_CIPHER_CTX_init(ctx);
 	EVP_DecryptInit(ctx,type,key,iv);
 	ret=1;
 err:
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index b059c59e8..09a408de3 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -1,5 +1,5 @@
 /* crypto/evp/p_seal.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -74,30 +74,23 @@ EVP_PKEY **pubk;
 int npubk;
 	{
 	unsigned char key[EVP_MAX_KEY_LENGTH];
-	int i,ret=0,n;
+	int i;
 	
 	if (npubk <= 0) return(0);
 	RAND_bytes(key,EVP_MAX_KEY_LENGTH);
 	if (type->iv_len > 0)
 		RAND_bytes(iv,type->iv_len);
 
+	EVP_CIPHER_CTX_init(ctx);
 	EVP_EncryptInit(ctx,type,key,iv);
+
 	for (i=0; i<npubk; i++)
 		{
-		if (pubk[i]->type != EVP_PKEY_RSA)
-			{
-			EVPerr(EVP_F_EVP_SEALINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
-			goto err;
-			}
-		n=RSA_public_encrypt(type->key_len,key,ek[i],pubk[i]->pkey.rsa,
-			RSA_PKCS1_PADDING);
-		if (n <= 0) goto err;
-		ekl[i]=n;
+		ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_key_length(type),
+			pubk[i]);
+		if (ekl[i] <= 0) return(-1);
 		}
-	ret=npubk;
-err:
-	memset(key,0,EVP_MAX_KEY_LENGTH);
-	return(ret);
+	return(npubk);
 	}
 
 /* MACRO
diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
index ad5bcd8ba..073270ce3 100644
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -1,5 +1,5 @@
 /* crypto/evp/p_sign.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -88,9 +88,11 @@ EVP_PKEY *pkey;
 	unsigned char m[EVP_MAX_MD_SIZE];
 	unsigned int m_len;
 	int i,ok=0,v;
+	MS_STATIC EVP_MD_CTX tmp_ctx;
 
 	*siglen=0;
-	EVP_DigestFinal(ctx,&(m[0]),&m_len);
+	memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX));
+	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
 	for (i=0; i<4; i++)
 		{
 		v=ctx->digest->required_pkey_type[i];
diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
index 4dbaf1ea2..8d727d8f0 100644
--- a/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
@@ -1,5 +1,5 @@
 /* crypto/evp/p_verify.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,6 +71,7 @@ EVP_PKEY *pkey;
 	unsigned char m[EVP_MAX_MD_SIZE];
 	unsigned int m_len;
 	int i,ok=0,v;
+	MS_STATIC EVP_MD_CTX tmp_ctx;
 
 	for (i=0; i<4; i++)
 		{
@@ -87,7 +88,8 @@ EVP_PKEY *pkey;
 		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
 		return(-1);
 		}
-	EVP_DigestFinal(ctx,&(m[0]),&m_len);
+	memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX));
+	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
         if (ctx->digest->verify == NULL)
                 {
 		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
@@ -97,3 +99,4 @@ EVP_PKEY *pkey;
 	return(ctx->digest->verify(ctx->digest->type,m,m_len,
 		sigbuf,siglen,pkey->pkey.ptr));
 	}
+
diff --git a/crypto/idea/i_cbc.c b/crypto/idea/i_cbc.c
index d17e9f29e..716ea3f47 100644
--- a/crypto/idea/i_cbc.c
+++ b/crypto/idea/i_cbc.c
@@ -1,5 +1,5 @@
 /* crypto/idea/i_cbc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -138,3 +138,38 @@ int encrypt;
 	tin[0]=tin[1]=0;
 	}
 
+void idea_encrypt(d,key)
+unsigned long *d;
+IDEA_KEY_SCHEDULE *key;
+	{
+	register IDEA_INT *p;
+	register unsigned long x1,x2,x3,x4,t0,t1,ul;
+
+	x2=d[0];
+	x1=(x2>>16);
+	x4=d[1];
+	x3=(x4>>16);
+
+	p= &(key->data[0][0]);
+
+	E_IDEA(0);
+	E_IDEA(1);
+	E_IDEA(2);
+	E_IDEA(3);
+	E_IDEA(4);
+	E_IDEA(5);
+	E_IDEA(6);
+	E_IDEA(7);
+
+	x1&=0xffff;
+	idea_mul(x1,x1,*p,ul); p++;
+
+	t0= x3+ *(p++);
+	t1= x2+ *(p++);
+
+	x4&=0xffff;
+	idea_mul(x4,x4,*p,ul);
+
+	d[0]=(t0&0xffff)|((x1&0xffff)<<16);
+	d[1]=(x4&0xffff)|((t1&0xffff)<<16);
+	}
diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
index 366f2d19c..8dfa7ece4 100644
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -1,5 +1,5 @@
 /* crypto/idea/i_cfb64.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/idea/i_ecb.c b/crypto/idea/i_ecb.c
index b3b694b0c..6721126db 100644
--- a/crypto/idea/i_ecb.c
+++ b/crypto/idea/i_ecb.c
@@ -1,5 +1,5 @@
 /* crypto/idea/i_ecb.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,7 +59,7 @@
 #include "idea.h"
 #include "idea_lcl.h"
 
-char *IDEA_version="IDEA part of SSLeay 0.8.1b 29-Jun-1998";
+char *IDEA_version="IDEA part of SSLeay 0.9.0b 29-Jun-1998";
 
 char *idea_options()
 	{
@@ -84,55 +84,3 @@ IDEA_KEY_SCHEDULE *ks;
 	l0=l1=d[0]=d[1]=0;
 	}
 
-void idea_encrypt(d,key)
-unsigned long *d;
-IDEA_KEY_SCHEDULE *key;
-	{
-	int i;
-	register IDEA_INT *p;
-	register unsigned long x1,x2,x3,x4,t0,t1,ul;
-
-	x2=d[0];
-	x1=(x2>>16);
-	x4=d[1];
-	x3=(x4>>16);
-
-	p= &(key->data[0][0]);
-	for (i=0; i<8; i++)
-		{
-		x1&=0xffff;
-		idea_mul(x1,x1,*p,ul); p++;
-
-		x2+= *(p++);
-		x3+= *(p++);
-
-		x4&=0xffff;
-		idea_mul(x4,x4,*p,ul); p++;
-
-		t0=(x1^x3)&0xffff;
-		idea_mul(t0,t0,*p,ul); p++;
-
-		t1=(t0+(x2^x4))&0xffff;
-		idea_mul(t1,t1,*p,ul); p++;
-
-		t0+=t1;
-
-		x1^=t1;
-		x4^=t0;
-		ul=x2^t0;		/* do the swap to x3 */
-		x2=x3^t1;
-		x3=ul;
-		}
-
-	x1&=0xffff;
-	idea_mul(x1,x1,*p,ul); p++;
-
-	t0= x3+ *(p++);
-	t1= x2+ *(p++);
-
-	x4&=0xffff;
-	idea_mul(x4,x4,*p,ul);
-
-	d[0]=(t0&0xffff)|((x1&0xffff)<<16);
-	d[1]=(x4&0xffff)|((t1&0xffff)<<16);
-	}
diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c
index 43a9584a3..d687adb22 100644
--- a/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
@@ -1,5 +1,5 @@
 /* crypto/idea/i_ofb64.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c
index fcbdb691e..00fcc1e58 100644
--- a/crypto/idea/i_skey.c
+++ b/crypto/idea/i_skey.c
@@ -1,5 +1,5 @@
 /* crypto/idea/i_skey.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/idea/idea_lcl.h b/crypto/idea/idea_lcl.h
index fcd007f2b..4cf256ae8 100644
--- a/crypto/idea/idea_lcl.h
+++ b/crypto/idea/idea_lcl.h
@@ -1,5 +1,5 @@
 /* crypto/idea/idea_lcl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -65,7 +65,6 @@ if (ul != 0) \
 	{ \
 	r=(ul&0xffff)-(ul>>16); \
 	r-=((r)>>16); \
-/*	if (r&0xffff0000L) r=(r+0x10001); */ \
 	} \
 else \
 	r=(-(int)a-b+1); /* assuming a or b is 0 and in range */ \
@@ -195,3 +194,22 @@ else	{ \
 			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
 			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
 #endif
+
+#define E_IDEA(num) \
+	x1&=0xffff; \
+	idea_mul(x1,x1,*p,ul); p++; \
+	x2+= *(p++); \
+	x3+= *(p++); \
+	x4&=0xffff; \
+	idea_mul(x4,x4,*p,ul); p++; \
+	t0=(x1^x3)&0xffff; \
+	idea_mul(t0,t0,*p,ul); p++; \
+	t1=(t0+(x2^x4))&0xffff; \
+	idea_mul(t1,t1,*p,ul); p++; \
+	t0+=t1; \
+	x1^=t1; \
+	x4^=t0; \
+	ul=x2^t0; /* do the swap to x3 */ \
+	x2=x3^t1; \
+	x3=ul;
+
diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c
index ee01ba5b2..6eff9029c 100644
--- a/crypto/idea/ideatest.c
+++ b/crypto/idea/ideatest.c
@@ -1,5 +1,5 @@
 /* crypto/idea/ideatest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c
index 824eb6215..23fe82f77 100644
--- a/crypto/lhash/lh_stats.c
+++ b/crypto/lhash/lh_stats.c
@@ -1,5 +1,5 @@
 /* crypto/lhash/lh_stats.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,9 +59,9 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-/* If you wish to build this outside of SSLeay, remove the following line
+/* If you wish to build this outside of SSLeay, remove the following lines
  * and things should work as expected */
-#include "bio.h"
+#include "cryptlib.h"
 
 #include "lhash.h"
 
@@ -141,7 +141,7 @@ FILE *out;
 
 #else
 
-#ifndef WIN16
+#ifndef NO_FP_API
 void lh_stats(lh,fp)
 LHASH *lh;
 FILE *fp;
diff --git a/crypto/lhash/lh_test.c b/crypto/lhash/lh_test.c
index f90b3bbd2..294b42bc8 100644
--- a/crypto/lhash/lh_test.c
+++ b/crypto/lhash/lh_test.c
@@ -1,5 +1,5 @@
 /* crypto/lhash/lh_test.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 3e6124894..6dfb5c9cc 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -1,5 +1,5 @@
 /* crypto/lhash/lhash.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-char *lh_version="lhash part of SSLeay 0.8.1b 29-Jun-1998";
+char *lh_version="lhash part of SSLeay 0.9.0b 29-Jun-1998";
 
 /* Code for dynamic hash table routines
  * Author - Eric Young v 2.0
diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h
index 66678cf39..70cbc6dfe 100644
--- a/crypto/lhash/lhash.h
+++ b/crypto/lhash/lhash.h
@@ -1,5 +1,5 @@
 /* crypto/lhash/lhash.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -116,7 +116,7 @@ void lh_doall(LHASH *lh, void (*func)(/* char *b */));
 void lh_doall_arg(LHASH *lh, void (*func)(/*char *a,char *b*/),char *arg);
 unsigned long lh_strhash(char *c);
 
-#ifndef WIN16
+#ifndef NO_FP_API
 void lh_stats(LHASH *lh, FILE *out);
 void lh_node_stats(LHASH *lh, FILE *out);
 void lh_node_usage_stats(LHASH *lh, FILE *out);
@@ -137,7 +137,7 @@ void lh_doall();
 void lh_doall_arg();
 unsigned long lh_strhash();
 
-#ifndef WIN16
+#ifndef NO_FP_API
 void lh_stats();
 void lh_node_stats();
 void lh_node_usage_stats();
diff --git a/crypto/mdc2/mdc2.h b/crypto/mdc2/mdc2.h
index d87ea12ec..0b104be18 100644
--- a/crypto/mdc2/mdc2.h
+++ b/crypto/mdc2/mdc2.h
@@ -1,5 +1,5 @@
 /* crypto/mdc2/mdc2.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,7 +63,7 @@
 extern "C" {
 #endif
 
-#include <des.h>
+#include "des.h"
 
 #define MDC2_BLOCK              8
 #define MDC2_DIGEST_LENGTH      16
diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c
index 488ae3928..aa055b66f 100644
--- a/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
@@ -1,5 +1,5 @@
 /* crypto/mdc2/mdc2_one.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
index f4dfcf9bd..3f3d11a1a 100644
--- a/crypto/mdc2/mdc2dgst.c
+++ b/crypto/mdc2/mdc2dgst.c
@@ -1,5 +1,5 @@
 /* crypto/mdc2/mdc2dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c
index 6e552a64e..6e7c9a706 100644
--- a/crypto/mdc2/mdc2test.c
+++ b/crypto/mdc2/mdc2test.c
@@ -1,5 +1,5 @@
 /* crypto/mdc2/mdc2test.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/mem.c b/crypto/mem.c
index 4274cc938..72e501ad0 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -1,5 +1,5 @@
 /* crypto/mem.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -165,7 +165,7 @@ char *file;
 int line;
 	{
 	char *ret;
-	MEM *m;
+	MEM *m,*mm;
 
 	if ((ret=malloc_func(num)) == NULL)
 		return(NULL);
@@ -193,12 +193,10 @@ int line;
 		m->line=line;
 		m->num=num;
 		m->order=order++;
-		if (lh_insert(mh,(char *)m) != NULL)
+		if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
 			{
-			free(m);
-			free(ret);
-			/* abort(); */
-			ret=NULL;
+			/* Not good, but don't sweat it */
+			free(mm);
 			}
 		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
 		}
@@ -338,7 +336,7 @@ void (*cb)();
 	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 void CRYPTO_mem_leaks_fp(fp)
 FILE *fp;
 	{
diff --git a/crypto/objects/Makefile.ssl b/crypto/objects/Makefile.ssl
index 148ac3ce4..320523cea 100644
--- a/crypto/objects/Makefile.ssl
+++ b/crypto/objects/Makefile.ssl
@@ -82,6 +82,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 86c3d38e4..34866ebbd 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -1,5 +1,5 @@
 /* crypto/objects/obj_dat.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <ctype.h>
 #include "cryptlib.h"
 #include "lhash.h"
 #include "asn1.h"
@@ -128,7 +129,7 @@ ADDED_OBJ *ca;
 	default:
 		abort();
 		}
-	ret&=0x3fffffff;
+	ret&=0x3fffffffL;
 	ret|=ca->type<<30L;
 	return(ret);
 	}
@@ -199,6 +200,7 @@ void OBJ_cleanup()
 	lh_doall(added,cleanup2); /* set counters */
 	lh_doall(added,cleanup3); /* free objects */
 	lh_free(added);
+	added=NULL;
 	}
 
 int OBJ_new_nid(num)
@@ -251,7 +253,7 @@ err:
 	for (i=ADDED_DATA; i<=ADDED_NID; i++)
 		if (ao[i] != NULL) Free(ao[i]);
 	if (o != NULL) Free(o);
-	return(0);
+	return(NID_undef);
 	}
 
 ASN1_OBJECT *OBJ_nid2obj(n)
@@ -385,9 +387,34 @@ char *s;
 
 	ret=OBJ_sn2nid(s);
 	if (ret == NID_undef)
-		return(OBJ_ln2nid(s));
-	else
-		return(ret);
+		{
+		ret=OBJ_ln2nid(s);
+		if (ret == NID_undef)
+			{
+			ASN1_OBJECT *op=NULL;
+			unsigned char *buf,*p;
+			int i;
+
+			i=a2d_ASN1_OBJECT(NULL,0,s,-1);
+			if (i <= 0)
+				{
+				/* clear the error */
+				ERR_get_error();
+				return(0);
+				}
+
+			if ((buf=(unsigned char *)Malloc(i)) == NULL)
+				return(NID_undef);
+			a2d_ASN1_OBJECT(buf,i,s,-1);
+			p=buf;
+			op=d2i_ASN1_OBJECT(NULL,&p,i);
+			if (op == NULL) return(NID_undef);
+			ret=OBJ_obj2nid(op);
+			ASN1_OBJECT_free(op);
+			Free(buf);
+			}
+		}
+	return(ret);
 	}
 
 int OBJ_ln2nid(s)
@@ -471,7 +498,56 @@ int (*cmp)();
 	return(NULL);
 	}
 
-int OBJ_create_and_add_object(oid,sn,ln)
+int OBJ_create_objects(in)
+BIO *in;
+	{
+	MS_STATIC char buf[512];
+	int i,num= -1;
+	char *o,*s,*l=NULL;
+
+	for (;;)
+		{
+		s=o=NULL;
+		i=BIO_gets(in,buf,512);
+		if (i <= 0) return(num);
+		buf[i-1]='\0';
+		if (!isalnum(buf[0])) return(num);
+		o=s=buf;
+		while (isdigit(*s) || (*s == '.'))
+			s++;
+		if (*s != '\0')
+			{
+			*(s++)='\0';
+			while (isspace(*s))
+				s++;
+			if (*s == '\0')
+				s=NULL;
+			else
+				{
+				l=s;
+				while ((*l != '\0') && !isspace(*l))
+					l++;
+				if (*l != '\0')
+					{
+					*(l++)='\0';
+					while (isspace(*l))
+						l++;
+					if (*l == '\0') l=NULL;
+					}
+				else
+					l=NULL;
+				}
+			}
+		else
+			s=NULL;
+		if ((o == NULL) || (*o == '\0')) return(num);
+		if (!OBJ_create(o,s,l)) return(num);
+		num++;
+		}
+	return(num);
+	}
+
+int OBJ_create(oid,sn,ln)
 char *oid;
 char *sn;
 char *ln;
@@ -486,7 +562,7 @@ char *ln;
 
 	if ((buf=(unsigned char *)Malloc(i)) == NULL)
 		{
-		OBJerr(OBJ_F_OBJ_CREATE_AND_ADD_OBJECT,OBJ_R_MALLOC_FAILURE);
+		OBJerr(OBJ_F_OBJ_CREATE,OBJ_R_MALLOC_FAILURE);
 		return(0);
 		}
 	i=a2d_ASN1_OBJECT(buf,i,oid,-1);
@@ -499,3 +575,4 @@ err:
 	Free((char *)buf);
 	return(ok);
 	}
+
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 4b79abda8..6f106759a 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -61,12 +61,12 @@
  * perl obj_dat.pl < objects.h > obj_dat.h
  */
 
-#define NUM_NID 97
-#define NUM_SN 70
-#define NUM_LN 96
-#define NUM_OBJ 78
+#define NUM_NID 124
+#define NUM_SN 95
+#define NUM_LN 122
+#define NUM_OBJ 95
 
-static unsigned char lvalues[515]={
+static unsigned char lvalues[600]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
@@ -120,10 +120,10 @@ static unsigned char lvalues[515]={
 0x2B,0x0E,0x03,0x02,0x1A,                    /* [349] OBJ_sha1 */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [354] OBJ_sha1WithRSAEncryption */
 0x2B,0x0E,0x03,0x02,0x0D,                    /* [363] OBJ_dsaWithSHA */
-0x2B,0x0E,0x03,0x02,0x0C,                    /* [368] OBJ_dsa */
+0x2B,0x0E,0x03,0x02,0x0C,                    /* [368] OBJ_dsa_2 */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [373] OBJ_pbeWithSHA1AndRC2_CBC */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [382] OBJ_pbeWithSHA1AndRC4 */
-0x2B,0x0E,0x03,0x02,0x1B,                    /* [391] OBJ_dsaWithSHA1 */
+0x2B,0x0E,0x03,0x02,0x1B,                    /* [391] OBJ_dsaWithSHA1_2 */
 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [396] OBJ_netscape_cert_type */
 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [405] OBJ_netscape_base_url */
 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [414] OBJ_netscape_revocation_url */
@@ -145,6 +145,23 @@ static unsigned char lvalues[515]={
 0x55,0x1D,0x23,                              /* [503] OBJ_authority_key_identifier */
 0x55,0x08,0x03,0x65,                         /* [506] OBJ_mdc2 */
 0x55,0x08,0x03,0x64,                         /* [510] OBJ_mdc2WithRSA */
+0x55,0x04,0x2A,                              /* [514] OBJ_givenName */
+0x55,0x04,0x04,                              /* [517] OBJ_surname */
+0x55,0x04,0x2B,                              /* [520] OBJ_initials */
+0x55,0x04,0x2D,                              /* [523] OBJ_uniqueIdentifier */
+0x55,0x1D,0x1F,                              /* [526] OBJ_crl_distribution_points */
+0x2B,0x0E,0x03,0x02,0x03,                    /* [529] OBJ_md5WithRSA */
+0x55,0x04,0x05,                              /* [534] OBJ_serialNumber */
+0x55,0x04,0x0C,                              /* [537] OBJ_title */
+0x55,0x04,0x0D,                              /* [540] OBJ_description */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [543] OBJ_cast5_cbc */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [552] OBJ_pbeWithMD5AndCast5_CBC */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [561] OBJ_dsaWithSHA1 */
+0x2B,0x0E,0x03,0x02,0x1D,                    /* [568] OBJ_sha1WithRSA */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [573] OBJ_dsa */
+0x2B,0x24,0x03,0x02,0x01,                    /* [580] OBJ_ripemd160 */
+0x2B,0x24,0x03,0x03,0x01,0x02,               /* [585] OBJ_ripemd160WithRSA */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [591] OBJ_rc5_cbc */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -237,12 +254,12 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
 	&(lvalues[354]),0},
 {"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[363]),0},
-{"DSA","dsaEncryption",NID_dsa,5,&(lvalues[368]),0},
+{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[368]),0},
 {"pbeWithSHA1AndRC2-CBC","pbeWithSHA1AndRC2-CBC",
 	NID_pbeWithSHA1AndRC2_CBC,9,&(lvalues[373]),0},
 {"pbeWithSHA1AndRC4","pbeWithSHA1AndRC4",NID_pbeWithSHA1AndRC4,9,
 	&(lvalues[382]),0},
-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,5,&(lvalues[391]),0},
+{"DSA-SHA1-old","dsaWithSHA1",NID_dsaWithSHA1_2,5,&(lvalues[391]),0},
 {"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
 	&(lvalues[396]),0},
 {"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
@@ -284,6 +301,36 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL},
 {"MDC2","mdc2",NID_mdc2,4,&(lvalues[506]),0},
 {"RSA-MDC2","mdc2withRSA",NID_mdc2WithRSA,4,&(lvalues[510]),0},
+{"RC4-40","rc4-40",NID_rc4_40,0,NULL},
+{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
+{"G","givenName",NID_givenName,3,&(lvalues[514]),0},
+{"S","surname",NID_surname,3,&(lvalues[517]),0},
+{"I","initials",NID_initials,3,&(lvalues[520]),0},
+{"UID","uniqueIdentifier",NID_uniqueIdentifier,3,&(lvalues[523]),0},
+{"crlDistributionPoints","X509v3 CRL Distribution Points",
+	NID_crl_distribution_points,3,&(lvalues[526]),0},
+{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[529]),0},
+{"SN","serialNumber",NID_serialNumber,3,&(lvalues[534]),0},
+{"T","title",NID_title,3,&(lvalues[537]),0},
+{"D","description",NID_description,3,&(lvalues[540]),0},
+{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[543]),0},
+{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL},
+{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL},
+{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL},
+{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
+	NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[552]),0},
+{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[561]),0},
+{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL},
+{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[568]),0},
+{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[573]),0},
+{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[580]),0},
+{NULL,NULL,NID_undef,0,NULL},
+{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
+	&(lvalues[585]),0},
+{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[591]),0},
+{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL},
+{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL},
+{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -292,7 +339,12 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[92]),/* "BF-ECB" */
 &(nid_objs[94]),/* "BF-OFB" */
 &(nid_objs[14]),/* "C" */
+&(nid_objs[108]),/* "CAST5-CBC" */
+&(nid_objs[110]),/* "CAST5-CFB" */
+&(nid_objs[109]),/* "CAST5-ECB" */
+&(nid_objs[111]),/* "CAST5-OFB" */
 &(nid_objs[13]),/* "CN" */
+&(nid_objs[107]),/* "D" */
 &(nid_objs[31]),/* "DES-CBC" */
 &(nid_objs[30]),/* "DES-CFB" */
 &(nid_objs[29]),/* "DES-ECB" */
@@ -306,10 +358,14 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[63]),/* "DES-EDE3-OFB" */
 &(nid_objs[45]),/* "DES-OFB" */
 &(nid_objs[80]),/* "DESX-CBC" */
-&(nid_objs[67]),/* "DSA" */
+&(nid_objs[116]),/* "DSA" */
 &(nid_objs[66]),/* "DSA-SHA" */
-&(nid_objs[70]),/* "DSA-SHA1" */
+&(nid_objs[113]),/* "DSA-SHA1" */
+&(nid_objs[70]),/* "DSA-SHA1-old" */
+&(nid_objs[67]),/* "DSA-old" */
 &(nid_objs[48]),/* "Email" */
+&(nid_objs[99]),/* "G" */
+&(nid_objs[101]),/* "I" */
 &(nid_objs[34]),/* "IDEA-CBC" */
 &(nid_objs[35]),/* "IDEA-CFB" */
 &(nid_objs[36]),/* "IDEA-ECB" */
@@ -317,28 +373,44 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[15]),/* "L" */
 &(nid_objs[ 3]),/* "MD2" */
 &(nid_objs[ 4]),/* "MD5" */
+&(nid_objs[114]),/* "MD5-SHA1" */
 &(nid_objs[95]),/* "MDC2" */
 &(nid_objs[57]),/* "Netscape" */
 &(nid_objs[17]),/* "O" */
 &(nid_objs[18]),/* "OU" */
+&(nid_objs[98]),/* "RC2-40-CBC" */
 &(nid_objs[37]),/* "RC2-CBC" */
 &(nid_objs[39]),/* "RC2-CFB" */
 &(nid_objs[38]),/* "RC2-ECB" */
 &(nid_objs[40]),/* "RC2-OFB" */
 &(nid_objs[ 5]),/* "RC4" */
+&(nid_objs[97]),/* "RC4-40" */
+&(nid_objs[120]),/* "RC5-CBC" */
+&(nid_objs[122]),/* "RC5-CFB" */
+&(nid_objs[121]),/* "RC5-ECB" */
+&(nid_objs[123]),/* "RC5-OFB" */
+&(nid_objs[117]),/* "RIPEMD160" */
 &(nid_objs[19]),/* "RSA" */
 &(nid_objs[ 7]),/* "RSA-MD2" */
 &(nid_objs[ 8]),/* "RSA-MD5" */
 &(nid_objs[96]),/* "RSA-MDC2" */
+&(nid_objs[104]),/* "RSA-NP-MD5" */
+&(nid_objs[119]),/* "RSA-RIPEMD160" */
 &(nid_objs[42]),/* "RSA-SHA" */
 &(nid_objs[65]),/* "RSA-SHA1" */
+&(nid_objs[115]),/* "RSA-SHA1-2" */
+&(nid_objs[100]),/* "S" */
 &(nid_objs[41]),/* "SHA" */
 &(nid_objs[64]),/* "SHA1" */
+&(nid_objs[105]),/* "SN" */
 &(nid_objs[16]),/* "ST" */
+&(nid_objs[106]),/* "T" */
+&(nid_objs[102]),/* "UID" */
 &(nid_objs[ 0]),/* "UNDEF" */
 &(nid_objs[90]),/* "authorityKeyIdentifier" */
 &(nid_objs[87]),/* "basicConstraints" */
 &(nid_objs[89]),/* "certificatePolicies" */
+&(nid_objs[103]),/* "crlDistributionPoints" */
 &(nid_objs[88]),/* "crlNumber" */
 &(nid_objs[86]),/* "issuerAltName" */
 &(nid_objs[83]),/* "keyUsage" */
@@ -376,6 +448,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[12]),/* "X509" */
 &(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
 &(nid_objs[87]),/* "X509v3 Basic Constraints" */
+&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
 &(nid_objs[88]),/* "X509v3 CRL Number" */
 &(nid_objs[89]),/* "X509v3 Certificate Policies" */
 &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
@@ -387,6 +460,10 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[93]),/* "bf-cfb" */
 &(nid_objs[92]),/* "bf-ecb" */
 &(nid_objs[94]),/* "bf-ofb" */
+&(nid_objs[108]),/* "cast5-cbc" */
+&(nid_objs[110]),/* "cast5-cfb" */
+&(nid_objs[109]),/* "cast5-ecb" */
+&(nid_objs[111]),/* "cast5-ofb" */
 &(nid_objs[54]),/* "challengePassword" */
 &(nid_objs[13]),/* "commonName" */
 &(nid_objs[50]),/* "contentType" */
@@ -404,21 +481,28 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[61]),/* "des-ede3-cfb" */
 &(nid_objs[63]),/* "des-ede3-ofb" */
 &(nid_objs[45]),/* "des-ofb" */
+&(nid_objs[107]),/* "description" */
 &(nid_objs[80]),/* "desx-cbc" */
 &(nid_objs[28]),/* "dhKeyAgreement" */
-&(nid_objs[67]),/* "dsaEncryption" */
+&(nid_objs[116]),/* "dsaEncryption" */
+&(nid_objs[67]),/* "dsaEncryption-old" */
 &(nid_objs[66]),/* "dsaWithSHA" */
 &(nid_objs[70]),/* "dsaWithSHA1" */
+&(nid_objs[113]),/* "dsaWithSHA1" */
 &(nid_objs[48]),/* "emailAddress" */
 &(nid_objs[56]),/* "extendedCertificateAttributes" */
+&(nid_objs[99]),/* "givenName" */
 &(nid_objs[34]),/* "idea-cbc" */
 &(nid_objs[35]),/* "idea-cfb" */
 &(nid_objs[36]),/* "idea-ecb" */
 &(nid_objs[46]),/* "idea-ofb" */
+&(nid_objs[101]),/* "initials" */
 &(nid_objs[15]),/* "localityName" */
 &(nid_objs[ 3]),/* "md2" */
 &(nid_objs[ 7]),/* "md2WithRSAEncryption" */
 &(nid_objs[ 4]),/* "md5" */
+&(nid_objs[114]),/* "md5-sha1" */
+&(nid_objs[104]),/* "md5WithRSA" */
 &(nid_objs[ 8]),/* "md5WithRSAEncryption" */
 &(nid_objs[95]),/* "mdc2" */
 &(nid_objs[96]),/* "mdc2withRSA" */
@@ -426,6 +510,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[17]),/* "organizationName" */
 &(nid_objs[18]),/* "organizationalUnitName" */
 &(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */
+&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
 &(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */
 &(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */
 &(nid_objs[69]),/* "pbeWithSHA1AndRC4" */
@@ -439,21 +524,34 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
 &(nid_objs[22]),/* "pkcs7-signedData" */
 &(nid_objs[47]),/* "pkcs9" */
+&(nid_objs[98]),/* "rc2-40-cbc" */
 &(nid_objs[37]),/* "rc2-cbc" */
 &(nid_objs[39]),/* "rc2-cfb" */
 &(nid_objs[38]),/* "rc2-ecb" */
 &(nid_objs[40]),/* "rc2-ofb" */
 &(nid_objs[ 5]),/* "rc4" */
+&(nid_objs[97]),/* "rc4-40" */
+&(nid_objs[120]),/* "rc5-cbc" */
+&(nid_objs[122]),/* "rc5-cfb" */
+&(nid_objs[121]),/* "rc5-ecb" */
+&(nid_objs[123]),/* "rc5-ofb" */
+&(nid_objs[117]),/* "ripemd160" */
+&(nid_objs[119]),/* "ripemd160WithRSA" */
 &(nid_objs[19]),/* "rsa" */
 &(nid_objs[ 6]),/* "rsaEncryption" */
 &(nid_objs[ 1]),/* "rsadsi" */
+&(nid_objs[105]),/* "serialNumber" */
 &(nid_objs[41]),/* "sha" */
 &(nid_objs[64]),/* "sha1" */
+&(nid_objs[115]),/* "sha1WithRSA" */
 &(nid_objs[65]),/* "sha1WithRSAEncryption" */
 &(nid_objs[42]),/* "shaWithRSAEncryption" */
 &(nid_objs[52]),/* "signingTime" */
 &(nid_objs[16]),/* "stateOrProvinceName" */
+&(nid_objs[100]),/* "surname" */
+&(nid_objs[106]),/* "title" */
 &(nid_objs[ 0]),/* "undefined" */
+&(nid_objs[102]),/* "uniqueIdentifier" */
 &(nid_objs[55]),/* "unstructuredAddress" */
 &(nid_objs[49]),/* "unstructuredName" */
 };
@@ -463,11 +561,18 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[12]),/* OBJ_X509                         2 5 4 */
 &(nid_objs[81]),/* OBJ_ld_ce                        2 5 29 */
 &(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
+&(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
+&(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
 &(nid_objs[14]),/* OBJ_countryName                  2 5 4 6 */
 &(nid_objs[15]),/* OBJ_localityName                 2 5 4 7 */
 &(nid_objs[16]),/* OBJ_stateOrProvinceName          2 5 4 8 */
 &(nid_objs[17]),/* OBJ_organizationName             2 5 4 10 */
 &(nid_objs[18]),/* OBJ_organizationalUnitName       2 5 4 11 */
+&(nid_objs[106]),/* OBJ_title                        2 5 4 12 */
+&(nid_objs[107]),/* OBJ_description                  2 5 4 13 */
+&(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */
+&(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
+&(nid_objs[102]),/* OBJ_uniqueIdentifier             2 5 4 45 */
 &(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
 &(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
 &(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
@@ -475,24 +580,31 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
 &(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
 &(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
+&(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
 &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
 &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
 &(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
 &(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
 &(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
+&(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
 &(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
 &(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
 &(nid_objs[45]),/* OBJ_des_ofb64                    1 3 14 3 2 8 */
 &(nid_objs[30]),/* OBJ_des_cfb64                    1 3 14 3 2 9 */
-&(nid_objs[67]),/* OBJ_dsa                          1 3 14 3 2 12 */
+&(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
 &(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
 &(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
 &(nid_objs[32]),/* OBJ_des_ede                      1 3 14 3 2 17 */
 &(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
 &(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
-&(nid_objs[70]),/* OBJ_dsaWithSHA1                  1 3 14 3 2 27 */
+&(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
+&(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
+&(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
 &(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
+&(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
 &(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
+&(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
+&(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
 &(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
 &(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
 &(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
@@ -502,8 +614,11 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
 &(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
 &(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
+&(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
 &(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
 &(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+&(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
+&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
 &(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
 &(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
 &(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c
index bfc13d79a..45206c616 100644
--- a/crypto/objects/obj_err.c
+++ b/crypto/objects/obj_err.c
@@ -60,9 +60,10 @@
 #include "objects.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA OBJ_str_functs[]=
 	{
-{ERR_PACK(0,OBJ_F_OBJ_CREATE_AND_ADD_OBJECT,0),	"OBJ_create_and_add_object"},
+{ERR_PACK(0,OBJ_F_OBJ_CREATE,0),	"OBJ_create"},
 {ERR_PACK(0,OBJ_F_OBJ_DUP,0),	"OBJ_dup"},
 {ERR_PACK(0,OBJ_F_OBJ_NID2LN,0),	"OBJ_nid2ln"},
 {ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0),	"OBJ_nid2obj"},
@@ -77,14 +78,19 @@ static ERR_STRING_DATA OBJ_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_OBJ_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs);
 		ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c
index 35a8d70e0..0a9c75619 100644
--- a/crypto/objects/obj_lib.c
+++ b/crypto/objects/obj_lib.c
@@ -1,5 +1,5 @@
 /* crypto/objects/obj_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/objects/objects.err b/crypto/objects/objects.err
index 3f8c54e2d..8bec3eaea 100644
--- a/crypto/objects/objects.err
+++ b/crypto/objects/objects.err
@@ -1,7 +1,7 @@
 /* Error codes for the OBJ functions. */
 
 /* Function codes. */
-#define OBJ_F_OBJ_CREATE_AND_ADD_OBJECT			 100
+#define OBJ_F_OBJ_CREATE				 100
 #define OBJ_F_OBJ_DUP					 101
 #define OBJ_F_OBJ_NID2LN				 102
 #define OBJ_F_OBJ_NID2OBJ				 103
diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h
index e69cb7134..e1d555b47 100644
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@@ -1,5 +1,5 @@
 /* crypto/objects/objects.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -373,10 +373,10 @@ extern "C" {
 #define NID_dsaWithSHA			66
 #define OBJ_dsaWithSHA			OBJ_algorithm,13L
 
-#define SN_dsa				"DSA"
-#define LN_dsa				"dsaEncryption"
-#define NID_dsa				67
-#define OBJ_dsa				OBJ_algorithm,12L
+#define SN_dsa_2			"DSA-old"
+#define LN_dsa_2			"dsaEncryption-old"
+#define NID_dsa_2			67
+#define OBJ_dsa_2			OBJ_algorithm,12L
 
 /* proposed by microsoft to RSA */
 #define LN_pbeWithSHA1AndRC2_CBC	"pbeWithSHA1AndRC2-CBC"
@@ -388,11 +388,11 @@ extern "C" {
 #define NID_pbeWithSHA1AndRC4		69
 #define OBJ_pbeWithSHA1AndRC4		OBJ_pkcs,5L,12L 
 
-#define SN_dsaWithSHA1			"DSA-SHA1"
-#define LN_dsaWithSHA1			"dsaWithSHA1"
-#define NID_dsaWithSHA1			70
+#define SN_dsaWithSHA1_2		"DSA-SHA1-old"
+#define LN_dsaWithSHA1_2		"dsaWithSHA1"
+#define NID_dsaWithSHA1_2		70
 /* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
-#define OBJ_dsaWithSHA1			OBJ_algorithm,27L
+#define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L
 
 #define SN_netscape_cert_type		"nsCertType"
 #define LN_netscape_cert_type		"Netscape Cert Type"
@@ -512,14 +512,153 @@ extern "C" {
 #define LN_mdc2				"mdc2"
 #define NID_mdc2			95
 #define OBJ_mdc2			2L,5L,8L,3L,101L
+/* An alternative?			1L,3L,14L,3L,2L,19L */
 
 #define SN_mdc2WithRSA			"RSA-MDC2"
 #define LN_mdc2WithRSA			"mdc2withRSA"
 #define NID_mdc2WithRSA			96
 #define OBJ_mdc2WithRSA			2L,5L,8L,3L,100L
 
+#define SN_rc4_40			"RC4-40"
+#define LN_rc4_40			"rc4-40"
+#define NID_rc4_40			97
+
+#define SN_rc2_40_cbc			"RC2-40-CBC"
+#define LN_rc2_40_cbc			"rc2-40-cbc"
+#define NID_rc2_40_cbc			98
+
+#define SN_givenName			"G"
+#define LN_givenName			"givenName"
+#define NID_givenName			99
+#define OBJ_givenName			OBJ_X509,42L
+
+#define SN_surname			"S"
+#define LN_surname			"surname"
+#define NID_surname			100
+#define OBJ_surname			OBJ_X509,4L
+
+#define SN_initials			"I"
+#define LN_initials			"initials"
+#define NID_initials			101
+#define OBJ_initials			OBJ_X509,43L
+
+#define SN_uniqueIdentifier		"UID"
+#define LN_uniqueIdentifier		"uniqueIdentifier"
+#define NID_uniqueIdentifier		102
+#define OBJ_uniqueIdentifier		OBJ_X509,45L
+
+#define SN_crl_distribution_points	"crlDistributionPoints"
+#define LN_crl_distribution_points	"X509v3 CRL Distribution Points"
+#define NID_crl_distribution_points	103
+#define OBJ_crl_distribution_points	OBJ_ld_ce,31L
+
+#define SN_md5WithRSA			"RSA-NP-MD5"
+#define LN_md5WithRSA			"md5WithRSA"
+#define NID_md5WithRSA			104
+#define OBJ_md5WithRSA			OBJ_algorithm,3L
+
+#define SN_serialNumber			"SN"
+#define LN_serialNumber			"serialNumber"
+#define NID_serialNumber		105
+#define OBJ_serialNumber		OBJ_X509,5L
+
+#define SN_title			"T"
+#define LN_title			"title"
+#define NID_title			106
+#define OBJ_title			OBJ_X509,12L
+
+#define SN_description			"D"
+#define LN_description			"description"
+#define NID_description			107
+#define OBJ_description			OBJ_X509,13L
+
+/* CAST5 is CAST-128, I'm just sticking with the documentation */
+#define SN_cast5_cbc			"CAST5-CBC"
+#define LN_cast5_cbc			"cast5-cbc"
+#define NID_cast5_cbc			108
+#define OBJ_cast5_cbc			1L,2L,840L,113533L,7L,66L,10L
+
+#define SN_cast5_ecb			"CAST5-ECB"
+#define LN_cast5_ecb			"cast5-ecb"
+#define NID_cast5_ecb			109
+
+#define SN_cast5_cfb64			"CAST5-CFB"
+#define LN_cast5_cfb64			"cast5-cfb"
+#define NID_cast5_cfb64			110
+
+#define SN_cast5_ofb64			"CAST5-OFB"
+#define LN_cast5_ofb64			"cast5-ofb"
+#define NID_cast5_ofb64			111
+
+#define LN_pbeWithMD5AndCast5_CBC	"pbeWithMD5AndCast5CBC"
+#define NID_pbeWithMD5AndCast5_CBC	112
+#define OBJ_pbeWithMD5AndCast5_CBC	1L,2L,840L,113533L,7L,66L,12L
+
+/* This is one sun will soon be using :-(
+ * id-dsa-with-sha1 ID  ::= {
+ *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
+ */
+#define SN_dsaWithSHA1			"DSA-SHA1"
+#define LN_dsaWithSHA1			"dsaWithSHA1"
+#define NID_dsaWithSHA1			113
+#define OBJ_dsaWithSHA1			1L,2L,840L,10040L,4L,3L
+
+#define NID_md5_sha1			114
+#define SN_md5_sha1			"MD5-SHA1"
+#define LN_md5_sha1			"md5-sha1"
+
+#define SN_sha1WithRSA			"RSA-SHA1-2"
+#define LN_sha1WithRSA			"sha1WithRSA"
+#define NID_sha1WithRSA			115
+#define OBJ_sha1WithRSA			OBJ_algorithm,29L
+
+#define SN_dsa				"DSA"
+#define LN_dsa				"dsaEncryption"
+#define NID_dsa				116
+#define OBJ_dsa				1L,2L,840L,10040L,4L,1L
+
+#define SN_ripemd160			"RIPEMD160"
+#define LN_ripemd160			"ripemd160"
+#define NID_ripemd160			117
+#define OBJ_ripemd160			1L,3L,36L,3L,2L,1L
+
+/* The name should actually be rsaSignatureWithripemd160, but I'm going
+ * to contiune using the convention I'm using with the other ciphers */
+#define SN_ripemd160WithRSA		"RSA-RIPEMD160"
+#define LN_ripemd160WithRSA		"ripemd160WithRSA"
+#define NID_ripemd160WithRSA		119
+#define OBJ_ripemd160WithRSA		1L,3L,36L,3L,3L,1L,2L
+
+/* Taken from rfc2040
+ *  RC5_CBC_Parameters ::= SEQUENCE {
+ *	version           INTEGER (v1_0(16)),
+ *	rounds            INTEGER (8..127),
+ *	blockSizeInBits   INTEGER (64, 128),
+ *	iv                OCTET STRING OPTIONAL
+ *	}
+ */
+#define SN_rc5_cbc			"RC5-CBC"
+#define LN_rc5_cbc			"rc5-cbc"
+#define NID_rc5_cbc			120
+#define OBJ_rc5_cbc			OBJ_rsadsi,3L,8L
+
+#define SN_rc5_ecb			"RC5-ECB"
+#define LN_rc5_ecb			"rc5-ecb"
+#define NID_rc5_ecb			121
+
+#define SN_rc5_cfb64			"RC5-CFB"
+#define LN_rc5_cfb64			"rc5-cfb"
+#define NID_rc5_cfb64			122
+
+#define SN_rc5_ofb64			"RC5-OFB"
+#define LN_rc5_ofb64			"rc5-ofb"
+#define NID_rc5_ofb64			123
+
+#include "bio.h"
 #include "asn1.h"
 
+#define		OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
+
 #ifndef NOPROTO
 
 ASN1_OBJECT *	OBJ_dup(ASN1_OBJECT *o);
@@ -537,9 +676,9 @@ void		ERR_load_OBJ_strings(void );
 
 int		OBJ_new_nid(int num);
 int		OBJ_add_object(ASN1_OBJECT *obj);
-int		OBJ_create_and_add_object(char *oid,char *sn,char *ln);
-
+int		OBJ_create(char *oid,char *sn,char *ln);
 void		OBJ_cleanup(void );
+int		OBJ_create_objects(BIO *in);
 
 #else
 
@@ -558,8 +697,9 @@ void		ERR_load_OBJ_strings();
 
 int		OBJ_new_nid();
 int		OBJ_add_object();
-int		OBJ_create_and_add_object();
+int		OBJ_create();
 void		OBJ_cleanup();
+int		OBJ_create_objects();
 
 #endif
 
@@ -567,7 +707,7 @@ void		OBJ_cleanup();
 /* Error codes for the OBJ functions. */
 
 /* Function codes. */
-#define OBJ_F_OBJ_CREATE_AND_ADD_OBJECT			 100
+#define OBJ_F_OBJ_CREATE				 100
 #define OBJ_F_OBJ_DUP					 101
 #define OBJ_F_OBJ_NID2LN				 102
 #define OBJ_F_OBJ_NID2OBJ				 103
diff --git a/crypto/pem/Makefile.ssl b/crypto/pem/Makefile.ssl
index 447fcb4c0..fc04a88fd 100644
--- a/crypto/pem/Makefile.ssl
+++ b/crypto/pem/Makefile.ssl
@@ -91,6 +91,6 @@ clean:
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # SPECIAL CASE .org
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/pem/ctx_size.c b/crypto/pem/ctx_size.c
index c9e2ce6d0..87469bc4a 100644
--- a/crypto/pem/ctx_size.c
+++ b/crypto/pem/ctx_size.c
@@ -1,5 +1,5 @@
 /* crypto/pem/ctx_size.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
index 38952509d..55fbaeffe 100644
--- a/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
@@ -122,10 +122,10 @@ extern "C" {
 
 #ifndef HEADER_ENVELOPE_H
 
-#define EVP_ENCODE_CTX_SIZE  92
-#define EVP_MD_SIZE  48
+#define EVP_ENCODE_CTX_SIZE  96
+#define EVP_MD_SIZE  60
 #define EVP_MD_CTX_SIZE  152
-#define EVP_CIPHER_SIZE  28
+#define EVP_CIPHER_SIZE  40
 #define EVP_CIPHER_CTX_SIZE  4212
 #define EVP_MAX_MD_SIZE  20
 
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index 5485628f5..d1cda7aab 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -1,5 +1,5 @@
 /* crypto/pem/pem_all.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -58,13 +58,14 @@
 
 #include <stdio.h>
 #undef SSLEAY_MACROS
+#include "cryptlib.h"
 #include "bio.h"
 #include "evp.h"
 #include "x509.h"
 #include "pkcs7.h"
 #include "pem.h"
 
-#ifndef WIN16
+#ifndef NO_FP_API
 /* The X509 functions */
 X509 *PEM_read_X509(fp,x,cb)
 FILE *fp;
@@ -85,7 +86,7 @@ int (*cb)();
 		PEM_STRING_X509,bp,(char **)x,cb));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_write_X509(fp,x)
 FILE *fp;
 X509 *x;
@@ -103,7 +104,7 @@ X509 *x;
 		(char *)x, NULL,NULL,0,NULL));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 /* The X509_REQ functions */
 X509_REQ *PEM_read_X509_REQ(fp,x,cb)
 FILE *fp;
@@ -124,7 +125,7 @@ int (*cb)();
 		PEM_STRING_X509_REQ,bp,(char **)x,cb));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_write_X509_REQ(fp,x)
 FILE *fp;
 X509_REQ *x;
@@ -142,7 +143,7 @@ X509_REQ *x;
 		bp,(char *)x, NULL,NULL,0,NULL));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 /* The X509_CRL functions */
 X509_CRL *PEM_read_X509_CRL(fp,x,cb)
 FILE *fp;
@@ -163,7 +164,7 @@ int (*cb)();
 		PEM_STRING_X509_CRL,bp,(char **)x,cb));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_write_X509_CRL(fp,x)
 FILE *fp;
 X509_CRL *x;
@@ -182,7 +183,7 @@ X509_CRL *x;
 	}
 
 #ifndef NO_RSA
-#ifndef WIN16
+#ifndef NO_FP_API
 /* The RSAPrivateKey functions */
 RSA *PEM_read_RSAPrivateKey(fp,x,cb)
 FILE *fp;
@@ -221,7 +222,7 @@ int (*cb)();
 		PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
 FILE *fp;
 RSA *x;
@@ -267,7 +268,7 @@ RSA *x;
 #endif /* !NO_RSA */
 
 #ifndef NO_DSA
-#ifndef WIN16
+#ifndef NO_FP_API
 /* The DSAPrivateKey functions */
 DSA *PEM_read_DSAPrivateKey(fp,x,cb)
 FILE *fp;
@@ -288,7 +289,7 @@ int (*cb)();
 		PEM_STRING_DSA,bp,(char **)x,cb));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
 FILE *fp;
 DSA *x;
@@ -315,7 +316,7 @@ int (*cb)();
 	}
 #endif
 
-#ifndef WIN16
+#ifndef NO_FP_API
 /* The PrivateKey functions */
 EVP_PKEY *PEM_read_PrivateKey(fp,x,cb)
 FILE *fp;
@@ -336,7 +337,7 @@ int (*cb)();
 		PEM_STRING_EVP_PKEY,bp,(char **)x,cb));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_write_PrivateKey(fp,x,enc,kstr,klen,cb)
 FILE *fp;
 EVP_PKEY *x;
@@ -364,7 +365,7 @@ int (*cb)();
 		bp,(char *)x,enc,kstr,klen,cb));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 /* The PKCS7 functions */
 PKCS7 *PEM_read_PKCS7(fp,x,cb)
 FILE *fp;
@@ -385,7 +386,7 @@ int (*cb)();
 		PEM_STRING_PKCS7,bp,(char **)x,cb));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_write_PKCS7(fp,x)
 FILE *fp;
 PKCS7 *x;
@@ -404,7 +405,7 @@ PKCS7 *x;
 	}
 
 #ifndef NO_DH
-#ifndef WIN16
+#ifndef NO_FP_API
 /* The DHparams functions */
 DH *PEM_read_DHparams(fp,x,cb)
 FILE *fp;
@@ -425,7 +426,7 @@ int (*cb)();
 		PEM_STRING_DHPARAMS,bp,(char **)x,cb));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_write_DHparams(fp,x)
 FILE *fp;
 DH *x;
@@ -445,7 +446,7 @@ DH *x;
 #endif
 
 #ifndef NO_DSA
-#ifndef WIN16
+#ifndef NO_FP_API
 /* The DSAparams functions */
 DSA *PEM_read_DSAparams(fp,x,cb)
 FILE *fp;
@@ -466,7 +467,7 @@ int (*cb)();
 		PEM_STRING_DSAPARAMS,bp,(char **)x,cb));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_write_DSAparams(fp,x)
 FILE *fp;
 DSA *x;
diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c
index b8d95204e..e17fcdb54 100644
--- a/crypto/pem/pem_err.c
+++ b/crypto/pem/pem_err.c
@@ -60,6 +60,7 @@
 #include "pem.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA PEM_str_functs[]=
 	{
 {ERR_PACK(0,PEM_F_DEF_CALLBACK,0),	"DEF_CALLBACK"},
@@ -103,14 +104,19 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_PEM_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_PEM,PEM_str_functs);
 		ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index aafd9ce7b..4b69833b6 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -1,5 +1,5 @@
 /* crypto/pem/pem_info.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -64,7 +64,7 @@
 #include "x509.h"
 #include "pem.h"
 
-#ifndef WIN16
+#ifndef NO_FP_API
 STACK *PEM_X509_INFO_read(fp,sk,cb)
 FILE *fp;
 STACK *sk;
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 1397d8311..7a2c0ad83 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -1,5 +1,5 @@
 /* crypto/pem/pem_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -68,7 +68,7 @@
 #include "des.h"
 #endif
 
-char *PEM_version="PEM part of SSLeay 0.8.1b 29-Jun-1998";
+char *PEM_version="PEM part of SSLeay 0.9.0b 29-Jun-1998";
 
 #define MIN_LENGTH	4
 
@@ -89,7 +89,7 @@ char *buf;
 int num;
 int w;
 	{
-#ifdef WIN16
+#ifdef NO_FP_API
 	/* We should not ever call the default callback routine from
 	 * windows. */
 	PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -166,7 +166,7 @@ char *str;
 	buf[j+i*2+1]='\0';
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 char *PEM_ASN1_read(d2i,name,fp, x, cb)
 char *(*d2i)();
 char *name;
@@ -241,7 +241,7 @@ err:
 	return(ret);
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_ASN1_write(i2d,name,fp, x, enc, kstr, klen, callback)
 int (*i2d)();
 char *name;
@@ -296,7 +296,12 @@ int (*callback)();
 			}
 		}
 
-	dsize=i2d(x,NULL);
+	if ((dsize=i2d(x,NULL)) < 0)
+		{
+		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
+		dsize=0;
+		goto err;
+		}
 	/* dzise + 8 bytes are needed */
 	data=(unsigned char *)Malloc((unsigned int)dsize+20);
 	if (data == NULL)
@@ -485,7 +490,7 @@ int num;
 	return(1);
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_write(fp, name, header, data,len)
 FILE *fp;
 char *name;
@@ -567,7 +572,7 @@ err:
 	return(0);
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int PEM_read(fp, name, header, data,len)
 FILE *fp;
 char **name;
diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c
index 6acb04ad7..b4b36df45 100644
--- a/crypto/pem/pem_seal.c
+++ b/crypto/pem/pem_seal.c
@@ -1,5 +1,5 @@
 /* crypto/pem/pem_seal.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c
index 0df99a3d8..d56f9f9e1 100644
--- a/crypto/pem/pem_sign.c
+++ b/crypto/pem/pem_sign.c
@@ -1,5 +1,5 @@
 /* crypto/pem/pem_sign.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/perlasm/x86ms.pl b/crypto/perlasm/x86ms.pl
index 558112e08..b8b190956 100644
--- a/crypto/perlasm/x86ms.pl
+++ b/crypto/perlasm/x86ms.pl
@@ -24,6 +24,11 @@ $label="L000";
 	'dx',	'dh',
 	);
 
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+
 sub main'LB
 	{
 	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
@@ -36,11 +41,35 @@ sub main'HB
 	return($hb{$_[0]});
 	}
 
+sub main'BP
+	{
+	&get_mem("BYTE",@_);
+	}
+
 sub main'DWP
 	{
-	local($addr,$reg1,$reg2,$idx)=@_;
-	local($t);
-	local($ret)="DWORD PTR ";
+	&get_mem("DWORD",@_);
+	}
+
+sub main'stack_push
+	{
+	local($num)=@_;
+	$stack+=$num*4;
+	&main'sub("esp",$num*4);
+	}
+
+sub main'stack_pop
+	{
+	local($num)=@_;
+	$stack-=$num*4;
+	&main'add("esp",$num*4);
+	}
+
+sub get_mem
+	{
+	local($size,$addr,$reg1,$reg2,$idx)=@_;
+	local($t,$post);
+	local($ret)="$size PTR ";
 
 	$addr =~ s/^\s+//;
 	if ($addr =~ /^(.+)\+(.+)$/)
@@ -55,16 +84,22 @@ sub main'DWP
 
 	$reg1="$regs{$reg1}" if defined($regs{$reg1});
 	$reg2="$regs{$reg2}" if defined($regs{$reg2});
-	$ret.=$addr if ($addr ne "") && ($addr ne 0);
+	if (($addr ne "") && ($addr ne 0))
+		{
+		if ($addr !~ /^-/)
+			{ $ret.=$addr; }
+		else	{ $post=$addr; }
+		}
 	if ($reg2 ne "")
 		{
 		$t="";
 		$t="*$idx" if ($idx != 0);
-		$ret.="[$reg2$t+$reg1]";
+		$reg1="+".$reg1 if ("$reg1$post" ne "");
+		$ret.="[$reg2$t$reg1$post]";
 		}
 	else
 		{
-		$ret.="[$reg1]"
+		$ret.="[$reg1$post]"
 		}
 	return($ret);
 	}
@@ -76,34 +111,60 @@ sub main'or	{ &out2("or",@_); }
 sub main'shl	{ &out2("shl",@_); }
 sub main'shr	{ &out2("shr",@_); }
 sub main'xor	{ &out2("xor",@_); }
+sub main'xorb	{ &out2("xor",@_); }
 sub main'add	{ &out2("add",@_); }
+sub main'adc	{ &out2("adc",@_); }
 sub main'sub	{ &out2("sub",@_); }
 sub main'rotl	{ &out2("rol",@_); }
 sub main'rotr	{ &out2("ror",@_); }
 sub main'exch	{ &out2("xchg",@_); }
 sub main'cmp	{ &out2("cmp",@_); }
+sub main'lea	{ &out2("lea",@_); }
+sub main'mul	{ &out1("mul",@_); }
+sub main'div	{ &out1("div",@_); }
 sub main'dec	{ &out1("dec",@_); }
+sub main'inc	{ &out1("inc",@_); }
 sub main'jmp	{ &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
 sub main'je	{ &out1("je",@_); }
+sub main'jle	{ &out1("jle",@_); }
 sub main'jz	{ &out1("jz",@_); }
+sub main'jge	{ &out1("jge",@_); }
+sub main'jl	{ &out1("jl",@_); }
+sub main'jb	{ &out1("jb",@_); }
+sub main'jc	{ &out1("jc",@_); }
+sub main'jnc	{ &out1("jnc",@_); }
 sub main'jnz	{ &out1("jnz",@_); }
-sub main'push	{ &out1("push",@_); }
+sub main'jne	{ &out1("jne",@_); }
+sub main'jno	{ &out1("jno",@_); }
+sub main'push	{ &out1("push",@_); $stack+=4; }
+sub main'pop	{ &out1("pop",@_); $stack-=4; }
+sub main'bswap	{ &out1("bswap",@_); &using486(); }
+sub main'not	{ &out1("not",@_); }
 sub main'call	{ &out1("call",'_'.$_[0]); }
-
+sub main'ret	{ &out0("ret"); }
+sub main'nop	{ &out0("nop"); }
 
 sub out2
 	{
 	local($name,$p1,$p2)=@_;
 	local($l,$t);
 
-	print "\t$name\t";
+	push(@out,"\t$name\t");
 	$t=&conv($p1).",";
 	$l=length($t);
-	print $t;
+	push(@out,$t);
 	$l=4-($l+9)/8;
-	print "\t" x $l;
-	print &conv($p2);
-	print "\n";
+	push(@out,"\t" x $l);
+	push(@out,&conv($p2));
+	push(@out,"\n");
+	}
+
+sub out0
+	{
+	local($name)=@_;
+
+	push(@out,"\t$name\n");
 	}
 
 sub out1
@@ -111,9 +172,7 @@ sub out1
 	local($name,$p1)=@_;
 	local($l,$t);
 
-	print "\t$name\t";
-	print &conv($p1);
-	print "\n";
+	push(@out,"\t$name\t".&conv($p1)."\n");
 	}
 
 sub conv
@@ -124,24 +183,32 @@ sub conv
 	return $p;
 	}
 
+sub using486
+	{
+	return if $using486;
+	$using486++;
+	grep(s/\.386/\.486/,@out);
+	}
+
 sub main'file
 	{
 	local($file)=@_;
 
-	print <<"EOF";
+	local($tmp)=<<"EOF";
 	TITLE	$file.asm
         .386
 .model FLAT
 EOF
+	push(@out,$tmp);
 	}
 
 sub main'function_begin
 	{
-	local($func,$num,$extra)=@_;
+	local($func,$extra)=@_;
 
-	$params=$num*4;
+	push(@labels,$func);
 
-	print <<"EOF";
+	local($tmp)=<<"EOF";
 _TEXT	SEGMENT
 PUBLIC	_$func
 $extra
@@ -151,14 +218,29 @@ _$func PROC NEAR
 	push	esi
 	push	edi
 EOF
+	push(@out,$tmp);
 	$stack=20;
 	}
 
+sub main'function_begin_B
+	{
+	local($func,$extra)=@_;
+
+	local($tmp)=<<"EOF";
+_TEXT	SEGMENT
+PUBLIC	_$func
+$extra
+_$func PROC NEAR
+EOF
+	push(@out,$tmp);
+	$stack=4;
+	}
+
 sub main'function_end
 	{
 	local($func)=@_;
 
-	print <<"EOF";
+	local($tmp)=<<"EOF";
 	pop	edi
 	pop	esi
 	pop	ebx
@@ -167,38 +249,41 @@ sub main'function_end
 _$func ENDP
 _TEXT	ENDS
 EOF
+	push(@out,$tmp);
 	$stack=0;
 	%label=();
 	}
 
-sub main'function_end_A
+sub main'function_end_B
 	{
 	local($func)=@_;
 
-	print <<"EOF";
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
+	local($tmp)=<<"EOF";
+_$func ENDP
+_TEXT	ENDS
 EOF
+	push(@out,$tmp);
+	$stack=0;
+	%label=();
 	}
 
-sub main'function_end_B
+sub main'function_end_A
 	{
 	local($func)=@_;
 
-	print <<"EOF";
-_$func ENDP
-_TEXT	ENDS
+	local($tmp)=<<"EOF";
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
 EOF
-	$stack=0;
-	%label=();
+	push(@out,$tmp);
 	}
 
 sub main'file_end
 	{
-	print "END\n"
+	push(@out,"END\n");
 	}
 
 sub main'wparam
@@ -208,18 +293,24 @@ sub main'wparam
 	return(&main'DWP($stack+$num*4,"esp","",0));
 	}
 
-sub main'wtmp
+sub main'swtmp
 	{
-	local($num)=@_;
-
-	return(&main'DWP($stack+$params+$num*4,"esp","",0));
+	return(&main'DWP($_[0]*4,"esp","",0));
 	}
 
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#	{
+#	local($num)=@_;
+#
+#	return(&main'DWP(-(($num+1)*4),"esp","",0));
+#	}
+
 sub main'comment
 	{
 	foreach (@_)
 		{
-		print "\t; $_\n";
+		push(@out,"\t; $_\n");
 		}
 	}
 
@@ -240,10 +331,18 @@ sub main'set_label
 		$label{$_[0]}="${label}${_[0]}";
 		$label++;
 		}
-	print "$label{$_[0]}:\n";
+	push(@out,"$label{$_[0]}:\n");
 	}
 
-sub main'file_end
-        {
-	print "END\n";
-        }
+sub main'data_word
+	{
+	push(@out,"\tDD\t$_[0]\n");
+	}
+
+sub out1p
+	{
+	local($name,$p1)=@_;
+	local($l,$t);
+
+	push(@out,"\t$name\t ".&conv($p1)."\n");
+	}
diff --git a/crypto/perlasm/x86unix.pl b/crypto/perlasm/x86unix.pl
index 3426563dc..deb1185fc 100644
--- a/crypto/perlasm/x86unix.pl
+++ b/crypto/perlasm/x86unix.pl
@@ -1,6 +1,12 @@
 #!/usr/local/bin/perl
 
-package x86ms;
+# Because the bswapl instruction is not supported for old assembers
+# (it was a new instruction for the 486), I've added .byte xxxx code
+# to put it in.
+# eric 24-Apr-1998
+#
+
+package x86unix;
 
 $label="L000";
 
@@ -8,6 +14,11 @@ $align=($main'aout)?"4":"16";
 $under=($main'aout)?"_":"";
 $com_start=($main'sol)?"/":"#";
 
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+
 if ($main'cpp)
 	{
 	$align="ALIGN";
@@ -46,6 +57,17 @@ if ($main'cpp)
 	'esp',	'%esp',
 	);
 
+%reg_val=(
+	'eax',	0x00,
+	'ebx',	0x03,
+	'ecx',	0x01,
+	'edx',	0x02,
+	'esi',	0x06,
+	'edi',	0x07,
+	'ebp',	0x05,
+	'esp',	0x04,
+	);
+
 sub main'LB
 	{
 	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
@@ -62,48 +84,40 @@ sub main'DWP
 	{
 	local($addr,$reg1,$reg2,$idx)=@_;
 
-
 	$ret="";
-
 	$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
-
 	$reg1="$regs{$reg1}" if defined($regs{$reg1});
 	$reg2="$regs{$reg2}" if defined($regs{$reg2});
 	$ret.=$addr if ($addr ne "") && ($addr ne 0);
 	if ($reg2 ne "")
-		{
-		$ret.="($reg1,$reg2,$idx)";
-		}
+		{ $ret.="($reg1,$reg2,$idx)"; }
 	else
-		{
-		$ret.="($reg1)"
-		}
+		{ $ret.="($reg1)" }
 	return($ret);
 	}
 
 sub main'BP
 	{
-	local($addr,$reg1,$reg2,$idx)=@_;
-
-
-	$ret="";
-
-	$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
-
-	$reg1="$regs{$reg1}" if defined($regs{$reg1});
-	$reg2="$regs{$reg2}" if defined($regs{$reg2});
-	$ret.=$addr if ($addr ne "") && ($addr ne 0);
-	if ($reg2 ne "")
-		{
-		$ret.="($reg1,$reg2,$idx)";
-		}
-	else
-		{
-		$ret.="($reg1)"
-		}
-	return($ret);
+	return(&main'DWP(@_));
 	}
 
+#sub main'BP
+#	{
+#	local($addr,$reg1,$reg2,$idx)=@_;
+#
+#	$ret="";
+#
+#	$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+#	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+#	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+#	$ret.=$addr if ($addr ne "") && ($addr ne 0);
+#	if ($reg2 ne "")
+#		{ $ret.="($reg1,$reg2,$idx)"; }
+#	else
+#		{ $ret.="($reg1)" }
+#	return($ret);
+#	}
+
 sub main'mov	{ &out2("movl",@_); }
 sub main'movb	{ &out2("movb",@_); }
 sub main'and	{ &out2("andl",@_); }
@@ -111,45 +125,107 @@ sub main'or	{ &out2("orl",@_); }
 sub main'shl	{ &out2("sall",@_); }
 sub main'shr	{ &out2("shrl",@_); }
 sub main'xor	{ &out2("xorl",@_); }
+sub main'xorb	{ &out2("xorb",@_); }
 sub main'add	{ &out2("addl",@_); }
+sub main'adc	{ &out2("adcl",@_); }
 sub main'sub	{ &out2("subl",@_); }
 sub main'rotl	{ &out2("roll",@_); }
 sub main'rotr	{ &out2("rorl",@_); }
 sub main'exch	{ &out2("xchg",@_); }
 sub main'cmp	{ &out2("cmpl",@_); }
+sub main'lea	{ &out2("leal",@_); }
+sub main'mul	{ &out1("mull",@_); }
+sub main'div	{ &out1("divl",@_); }
 sub main'jmp	{ &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
 sub main'je	{ &out1("je",@_); }
+sub main'jle	{ &out1("jle",@_); }
 sub main'jne	{ &out1("jne",@_); }
 sub main'jnz	{ &out1("jnz",@_); }
 sub main'jz	{ &out1("jz",@_); }
+sub main'jge	{ &out1("jge",@_); }
+sub main'jl	{ &out1("jl",@_); }
+sub main'jb	{ &out1("jb",@_); }
+sub main'jc	{ &out1("jc",@_); }
+sub main'jnc	{ &out1("jnc",@_); }
+sub main'jno	{ &out1("jno",@_); }
 sub main'dec	{ &out1("decl",@_); }
-sub main'push	{ &out1("pushl",@_); }
+sub main'inc	{ &out1("incl",@_); }
+sub main'push	{ &out1("pushl",@_); $stack+=4; }
+sub main'pop	{ &out1("popl",@_); $stack-=4; }
+sub main'bswap	{ &out1("bswapl",@_); }
+sub main'not	{ &out1("notl",@_); }
 sub main'call	{ &out1("call",$under.$_[0]); }
-
+sub main'ret	{ &out0("ret"); }
+sub main'nop	{ &out0("nop"); }
 
 sub out2
 	{
 	local($name,$p1,$p2)=@_;
 	local($l,$ll,$t);
+	local(%special)=(	"roll",0xD1C0,"rorl",0xD1C8,
+				"rcll",0xD1D0,"rcrl",0xD1D8,
+				"shll",0xD1E0,"shrl",0xD1E8,
+				"sarl",0xD1F8);
+	
+	if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1))
+		{
+		$op=$special{$name}|$reg_val{$p1};
+		$tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+		$tmp2=sprintf(".byte %d\t",$op     &0xff);
+		push(@out,$tmp1);
+		push(@out,$tmp2);
+
+		$p2=&conv($p2);
+		$p1=&conv($p1);
+		&main'comment("$name $p2 $p1");
+		return;
+		}
 
-	print "\t$name\t";
+	push(@out,"\t$name\t");
 	$t=&conv($p2).",";
 	$l=length($t);
-	print $t;
+	push(@out,$t);
 	$ll=4-($l+9)/8;
-	print "\t" x $ll;
-	print &conv($p1);
-	print "\n";
+	$tmp1=sprintf("\t" x $ll);
+	push(@out,$tmp1);
+	push(@out,&conv($p1)."\n");
 	}
 
 sub out1
 	{
 	local($name,$p1)=@_;
 	local($l,$t);
+	local(%special)=("bswapl",0x0FC8);
 
-	print "\t$name\t";
-	print &conv($p1);
-	print "\n";
+	if ((defined($special{$name})) && defined($regs{$p1}))
+		{
+		$op=$special{$name}|$reg_val{$p1};
+		$tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+		$tmp2=sprintf(".byte %d\t",$op     &0xff);
+		push(@out,$tmp1);
+		push(@out,$tmp2);
+
+		$p2=&conv($p2);
+		$p1=&conv($p1);
+		&main'comment("$name $p2 $p1");
+		return;
+		}
+
+	push(@out,"\t$name\t".&conv($p1)."\n");
+	}
+
+sub out1p
+	{
+	local($name,$p1)=@_;
+	local($l,$t);
+
+	push(@out,"\t$name\t*".&conv($p1)."\n");
+	}
+
+sub out0
+	{
+	push(@out,"\t$_[0]\n");
 	}
 
 sub conv
@@ -160,7 +236,7 @@ sub conv
 
 	$p=$regs{$p} if (defined($regs{$p}));
 
-	$p =~ s/^([0-9A-Fa-f]+)$/\$$1/;
+	$p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/;
 	$p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/;
 	return $p;
 	}
@@ -169,47 +245,69 @@ sub main'file
 	{
 	local($file)=@_;
 
-	print <<"EOF";
+	local($tmp)=<<"EOF";
 	.file	"$file.s"
 	.version	"01.01"
 gcc2_compiled.:
 EOF
+	push(@out,$tmp);
 	}
 
 sub main'function_begin
 	{
-	local($func,$num)=@_;
-
-	$params=$num*4;
+	local($func)=@_;
 
+	&main'external_label($func);
 	$func=$under.$func;
 
-	print <<"EOF";
+	local($tmp)=<<"EOF";
 .text
 	.align $align
 .globl $func
 EOF
+	push(@out,$tmp);
 	if ($main'cpp)
-		{ printf("\tTYPE($func,\@function)\n"); }
-	else	{ printf("\t.type	$func,\@function\n"); }
-	print <<"EOF";
-$func:
+		{ $tmp=push(@out,"\tTYPE($func,\@function)\n"); }
+	else	{ $tmp=push(@out,"\t.type\t$func,\@function\n"); }
+	push(@out,"$func:\n");
+	$tmp=<<"EOF";
 	pushl	%ebp
 	pushl	%ebx
 	pushl	%esi
 	pushl	%edi
 
 EOF
+	push(@out,$tmp);
 	$stack=20;
 	}
 
+sub main'function_begin_B
+	{
+	local($func,$extra)=@_;
+
+	&main'external_label($func);
+	$func=$under.$func;
+
+	local($tmp)=<<"EOF";
+.text
+	.align $align
+.globl $func
+EOF
+	push(@out,$tmp);
+	if ($main'cpp)
+		{ push(@out,"\tTYPE($func,\@function)\n"); }
+	else	{ push(@out,"\t.type	$func,\@function\n"); }
+	push(@out,"$func:\n");
+	$stack=4;
+	}
+
 sub main'function_end
 	{
 	local($func)=@_;
 
 	$func=$under.$func;
 
-	print <<"EOF";
+	local($tmp)=<<"EOF";
 	popl	%edi
 	popl	%esi
 	popl	%ebx
@@ -217,10 +315,11 @@ sub main'function_end
 	ret
 .${func}_end:
 EOF
+	push(@out,$tmp);
 	if ($main'cpp)
-		{ printf("\tSIZE($func,.${func}_end-$func)\n"); }
-	else	{ printf("\t.size\t$func,.${func}_end-$func\n"); }
-	print ".ident	\"desasm.pl\"\n";
+		{ push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+	else	{ push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+	push(@out,".ident	\"$func\"\n");
 	$stack=0;
 	%label=();
 	}
@@ -229,13 +328,14 @@ sub main'function_end_A
 	{
 	local($func)=@_;
 
-	print <<"EOF";
+	local($tmp)=<<"EOF";
 	popl	%edi
 	popl	%esi
 	popl	%ebx
 	popl	%ebp
 	ret
 EOF
+	push(@out,$tmp);
 	}
 
 sub main'function_end_B
@@ -244,13 +344,11 @@ sub main'function_end_B
 
 	$func=$under.$func;
 
-	print <<"EOF";
-.${func}_end:
-EOF
+	push(@out,".${func}_end:\n");
 	if ($main'cpp)
-		{ printf("\tSIZE($func,.${func}_end-$func)\n"); }
-	else	{ printf("\t.size\t$func,.${func}_end-$func\n"); }
-	print ".ident	\"desasm.pl\"\n";
+		{ push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+	else	{ push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+	push(@out,".ident	\"desasm.pl\"\n");
 	$stack=0;
 	%label=();
 	}
@@ -262,28 +360,41 @@ sub main'wparam
 	return(&main'DWP($stack+$num*4,"esp","",0));
 	}
 
-sub main'wtmp_b
+sub main'stack_push
 	{
-	local($num,$b)=@_;
-
-	return(&main'BP(-(($num+1)*4)+$b,"esp","",0));
+	local($num)=@_;
+	$stack+=$num*4;
+	&main'sub("esp",$num*4);
 	}
 
-sub main'wtmp
+sub main'stack_pop
 	{
 	local($num)=@_;
+	$stack-=$num*4;
+	&main'add("esp",$num*4);
+	}
 
-	return(&main'DWP(-($num+1)*4,"esp","",0));
+sub main'swtmp
+	{
+	return(&main'DWP($_[0]*4,"esp","",0));
 	}
 
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#	{
+#	local($num)=@_;
+#
+#	return(&main'DWP(-($num+1)*4,"esp","",0));
+#	}
+
 sub main'comment
 	{
 	foreach (@_)
 		{
 		if (/^\s*$/)
-			{ print "\n"; }
+			{ push(@out,"\n"); }
 		else
-			{ print "\t$com_start $_ $com_end\n"; }
+			{ push(@out,"\t$com_start $_ $com_end\n"); }
 		}
 	}
 
@@ -304,10 +415,15 @@ sub main'set_label
 		$label{$_[0]}=".${label}${_[0]}";
 		$label++;
 		}
-	print ".align $align\n";
-	print "$label{$_[0]}:\n";
+	push(@out,".align $align\n") if ($_[1] != 0);
+	push(@out,"$label{$_[0]}:\n");
 	}
 
 sub main'file_end
 	{
 	}
+
+sub main'data_word
+	{
+	push(@out,"\t.long $_[0]\n");
+	}
diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl
index 64a005a18..a88359b32 100644
--- a/crypto/pkcs7/Makefile.ssl
+++ b/crypto/pkcs7/Makefile.ssl
@@ -81,6 +81,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/pkcs7/pk7_dgst.c b/crypto/pkcs7/pk7_dgst.c
index fa562a481..7769abeb1 100644
--- a/crypto/pkcs7/pk7_dgst.c
+++ b/crypto/pkcs7/pk7_dgst.c
@@ -1,5 +1,5 @@
 /* crypto/pkcs7/pk7_dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 32a2a4522..b5689b3fe 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -1,5 +1,5 @@
 /* crypto/pkcs7/pk7_doit.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -58,6 +58,7 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
+#include "rand.h"
 #include "objects.h"
 #include "x509.h"
 
@@ -69,6 +70,11 @@ BIO *bio;
 	BIO *out=NULL,*btmp;
 	X509_ALGOR *xa;
 	EVP_MD *evp_md;
+	EVP_CIPHER *evp_cipher=NULL;
+	STACK *md_sk=NULL,*rsk=NULL;
+	X509_ALGOR *xalg=NULL;
+	PKCS7_RECIP_INFO *ri=NULL;
+	EVP_PKEY *pkey;
 
 	i=OBJ_obj2nid(p7->type);
 	p7->state=PKCS7_S_HEADER;
@@ -76,9 +82,29 @@ BIO *bio;
 	switch (i)
 		{
 	case NID_pkcs7_signed:
-		for (i=0; i<sk_num(p7->d.sign->md_algs); i++)
+		md_sk=p7->d.sign->md_algs;
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		rsk=p7->d.signed_and_enveloped->recipientinfo;
+		md_sk=p7->d.signed_and_enveloped->md_algs;
+		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(p7->d.signed_and_enveloped->enc_data->algorithm->algorithm)));
+		if (evp_cipher == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+			goto err;
+			}
+		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+	        goto err;
+		}
+
+	if (md_sk != NULL)
+		{
+		for (i=0; i<sk_num(md_sk); i++)
 			{
-			xa=(X509_ALGOR *)sk_value(p7->d.sign->md_algs,i);
+			xa=(X509_ALGOR *)sk_value(md_sk,i);
 			if ((btmp=BIO_new(BIO_f_md())) == NULL) goto err;
 
 			j=OBJ_obj2nid(xa->algorithm);
@@ -95,12 +121,61 @@ BIO *bio;
 			else
 				BIO_push(out,btmp);
 			}
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
 		}
-	if (bio == NULL)
+
+	if (evp_cipher != NULL)
+		{
+		unsigned char key[EVP_MAX_KEY_LENGTH];
+		unsigned char iv[EVP_MAX_IV_LENGTH];
+		int keylen,ivlen;
+		int jj,max;
+		unsigned char *tmp;
+
+		if ((btmp=BIO_new(BIO_f_cipher())) == NULL) goto err;
+		keylen=EVP_CIPHER_key_length(evp_cipher);
+		ivlen=EVP_CIPHER_iv_length(evp_cipher);
+
+		if (ivlen > 0)
+			{
+			ASN1_OCTET_STRING *os;
+
+			RAND_bytes(iv,ivlen);
+			os=ASN1_OCTET_STRING_new();
+			ASN1_OCTET_STRING_set(os,iv,ivlen);
+		/*	ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING,
+				(char *)os);
+		*/	}
+		RAND_bytes(key,keylen);
+
+		/* Lets do the pub key stuff :-) */
+		max=0;
+		for (i=0; i<sk_num(rsk); i++)
+			{
+			ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
+			if (ri->cert == NULL) abort();
+			pkey=X509_get_pubkey(ri->cert);
+			jj=EVP_PKEY_size(pkey);
+			if (max < jj) max=jj;
+			}
+		if ((tmp=(unsigned char *)Malloc(max)) == NULL) abort();
+		for (i=0; i<sk_num(rsk); i++)
+			{
+			ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
+			pkey=X509_get_pubkey(ri->cert);
+			jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
+			if (jj <= 0) abort();
+			ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+			}
+
+		BIO_set_cipher(btmp,evp_cipher,key,iv,1);
+
+		if (out == NULL)
+			out=btmp;
+		else
+			BIO_push(out,btmp);
+		}
+
+	if (bio == NULL) /* ??????????? */
 		{
 		if (p7->detached)
 			bio=BIO_new(BIO_s_null());
@@ -114,7 +189,8 @@ BIO *bio;
 
 				os=p7->d.sign->contents->d.data;
 				if (os->length > 0)
-					BIO_write(bio,os->data,os->length);
+					BIO_write(bio,(char *)os->data,
+						os->length);
 				}
 			}
 		}
@@ -135,22 +211,35 @@ BIO *bio;
 	BUF_MEM *buf=NULL;
 	PKCS7_SIGNER_INFO *si;
 	EVP_MD_CTX *mdc,ctx_tmp;
-	STACK *sk;
+	STACK *sk,*si_sk=NULL;
 	unsigned char *p,*pp=NULL;
 	int x;
+	ASN1_OCTET_STRING *os=NULL;
 
 	i=OBJ_obj2nid(p7->type);
 	p7->state=PKCS7_S_HEADER;
 
 	switch (i)
 		{
+	case NID_pkcs7_signedAndEnveloped:
+		/* XXXXXXXXXXXXXXXX */
+		si_sk=p7->d.signed_and_enveloped->signer_info;
+		os=ASN1_OCTET_STRING_new();
+		p7->d.signed_and_enveloped->enc_data->enc_data=os;
+		break;
 	case NID_pkcs7_signed:
+		si_sk=p7->d.sign->signer_info;
+		os=p7->d.sign->contents->d.data;
+		break;
+		}
 
+	if (si_sk != NULL)
+		{
 		if ((buf=BUF_MEM_new()) == NULL) goto err;
-		for (i=0; i<sk_num(p7->d.sign->signer_info); i++)
+		for (i=0; i<sk_num(si_sk); i++)
 			{
 			si=(PKCS7_SIGNER_INFO *)
-				sk_value(p7->d.sign->signer_info,i);
+				sk_value(si_sk,i);
 			if (si->pkey == NULL)
 				continue;
 			j=OBJ_obj2nid(si->digest_enc_alg->algorithm);
@@ -161,13 +250,13 @@ BIO *bio;
 				if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) 
 					== NULL)
 					{
-					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+					PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
 					goto err;
 					}
 				BIO_get_md_ctx(btmp,&mdc);
 				if (mdc == NULL)
 					{
-					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_INTERNAL_ERROR);
+					PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
 					goto err;
 					}
 				if (EVP_MD_pkey_type(EVP_MD_CTX_type(mdc)) == j)
@@ -195,40 +284,31 @@ BIO *bio;
 				Free(pp);
 				}
 
-			if (!EVP_SignFinal(&ctx_tmp,buf->data,
+			if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
 				(unsigned int *)&buf->length,si->pkey))
 				goto err;
 			if (!ASN1_STRING_set(si->enc_digest,
 				(unsigned char *)buf->data,buf->length))
 				goto err;
-
 			}
 		if (p7->detached)
-			PKCS7_content_free(p7->d.sign->contents);
+			ASN1_OCTET_STRING_set(os,(unsigned char *)"",0);
 		else
 			{
 			btmp=BIO_find_type(bio,BIO_TYPE_MEM);
 			if (btmp == NULL)
 				{
-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+				PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
 				goto err;
 				}
 			BIO_get_mem_ptr(btmp,&buf_mem);
-			ASN1_OCTET_STRING_set(p7->d.sign->contents->d.data,
+			ASN1_OCTET_STRING_set(os,
 				(unsigned char *)buf_mem->data,buf_mem->length);
 			}
 		if (pp != NULL) Free(pp);
 		pp=NULL;
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
 		}
 
-	if (p7->detached)
-		{
-
-		}
 	ret=1;
 err:
 	if (buf != NULL) BUF_MEM_free(buf);
@@ -253,6 +333,7 @@ PKCS7_SIGNER_INFO *si;
 	X509 *x509;
 
 	if (!PKCS7_type_is_signed(p7)) abort();
+	/* XXXXXXXXXXXXXXXXXXXXXXX */
 	ias=si->issuer_and_serial;
 	s=p7->d.sign;
 
diff --git a/crypto/pkcs7/pk7_enc.c b/crypto/pkcs7/pk7_enc.c
index 96a6dd94a..a5b6dc463 100644
--- a/crypto/pkcs7/pk7_enc.c
+++ b/crypto/pkcs7/pk7_enc.c
@@ -1,5 +1,5 @@
 /* crypto/pkcs7/pk7_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index aac133e63..7d14ad117 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -1,5 +1,5 @@
 /* crypto/pkcs7/pk7_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -169,9 +169,15 @@ int type;
 		if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL)
 			goto err;
 		break;
+	case NID_pkcs7_signedAndEnveloped:
+		p7->type=obj;
+		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
+			== NULL)
+			goto err;
+		ASN1_INTEGER_set(p7->d.sign->version,1);
+		break;
 	case NID_pkcs7_digest:
 	case NID_pkcs7_enveloped:
-	case NID_pkcs7_signedAndEnveloped:
 	case NID_pkcs7_encrypted:
 	default:
 		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
@@ -188,24 +194,32 @@ PKCS7_SIGNER_INFO *psi;
 	{
 	int i,j,nid;
 	X509_ALGOR *alg;
-	PKCS7_SIGNED *p7s;
+	STACK *signer_sk;
+	STACK *md_sk;
 
 	i=OBJ_obj2nid(p7->type);
-	if (i != NID_pkcs7_signed)
+	switch (i)
 		{
+	case NID_pkcs7_signed:
+		signer_sk=	p7->d.sign->signer_info;
+		md_sk=		p7->d.sign->md_algs;
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		signer_sk=	p7->d.signed_and_enveloped->signer_info;
+		md_sk=		p7->d.signed_and_enveloped->md_algs;
+		break;
+	default:
 		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
 		return(0);
 		}
 
-	p7s=p7->d.sign;
-
 	nid=OBJ_obj2nid(psi->digest_alg->algorithm);
 
 	/* If the digest is not currently listed, add it */
 	j=0;
-	for (i=0; i<sk_num(p7s->md_algs); i++)
+	for (i=0; i<sk_num(md_sk); i++)
 		{
-		alg=(X509_ALGOR *)sk_value(p7s->md_algs,i);
+		alg=(X509_ALGOR *)sk_value(md_sk,i);
 		if (OBJ_obj2nid(alg->algorithm) == nid)
 			{
 			j=1;
@@ -216,10 +230,10 @@ PKCS7_SIGNER_INFO *psi;
 		{
 		alg=X509_ALGOR_new();
 		alg->algorithm=OBJ_nid2obj(nid);
-		sk_push(p7s->md_algs,(char *)alg);
+		sk_push(md_sk,(char *)alg);
 		}
 
-	sk_push(p7s->signer_info,(char *)psi);
+	sk_push(signer_sk,(char *)psi);
 	return(1);
 	}
 
@@ -228,18 +242,26 @@ PKCS7 *p7;
 X509 *x509;
 	{
 	int i;
+	STACK **sk;
 
 	i=OBJ_obj2nid(p7->type);
-	if (i != NID_pkcs7_signed)
+	switch (i)
 		{
-		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
+	case NID_pkcs7_signed:
+		sk= &(p7->d.sign->cert);
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		sk= &(p7->d.signed_and_enveloped->cert);
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
 		return(0);
 		}
 
-	if (p7->d.sign->cert == NULL)
-		p7->d.sign->cert=sk_new_null();
+	if (*sk == NULL)
+		*sk=sk_new_null();
 	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-	sk_push(p7->d.sign->cert,(char *)x509);
+	sk_push(*sk,(char *)x509);
 	return(1);
 	}
 
@@ -248,18 +270,27 @@ PKCS7 *p7;
 X509_CRL *crl;
 	{
 	int i;
+	STACK **sk;
+
 	i=OBJ_obj2nid(p7->type);
-	if (i != NID_pkcs7_signed)
+	switch (i)
 		{
-		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
+	case NID_pkcs7_signed:
+		sk= &(p7->d.sign->crl);
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		sk= &(p7->d.signed_and_enveloped->crl);
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
 		return(0);
 		}
 
-	if (p7->d.sign->crl == NULL)
-		p7->d.sign->crl=sk_new_null();
+	if (*sk == NULL)
+		*sk=sk_new_null();
 
 	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-	sk_push(p7->d.sign->crl,(char *)crl);
+	sk_push(*sk,(char *)crl);
 	return(1);
 	}
 
@@ -296,7 +327,6 @@ EVP_MD *dgst;
 	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
 #endif
 
-
 	return(1);
 err:
 	return(0);
@@ -329,6 +359,60 @@ PKCS7 *p7;
 		return(NULL);
 	}
 
+PKCS7_RECIP_INFO *PKCS7_add_recipient(p7,x509)
+PKCS7 *p7;
+X509 *x509;
+	{
+	PKCS7_RECIP_INFO *ri;
+
+	if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
+	if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
+	if (!PKCS7_add_recipient_info(p7,ri)) goto err;
+	return(ri);
+err:
+	return(NULL);
+	}
+
+int PKCS7_add_recipient_info(p7,ri)
+PKCS7 *p7;
+PKCS7_RECIP_INFO *ri;
+	{
+	int i;
+	STACK *sk;
+
+	i=OBJ_obj2nid(p7->type);
+	switch (i)
+		{
+	case NID_pkcs7_signedAndEnveloped:
+		sk=	p7->d.signed_and_enveloped->recipientinfo;
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
+		return(0);
+		}
+
+	sk_push(sk,(char *)ri);
+	return(1);
+	}
+
+int PKCS7_RECIP_INFO_set(p7i,x509)
+PKCS7_RECIP_INFO *p7i;
+X509 *x509;
+	{
+	ASN1_INTEGER_set(p7i->version,0);
+	X509_NAME_set(&p7i->issuer_and_serial->issuer,
+		X509_get_issuer_name(x509));
+
+	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+	p7i->issuer_and_serial->serial=
+		ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+
+	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+	p7i->cert=x509;
+
+	return(1);
+	}
+
 X509 *PKCS7_cert_from_signer_info(p7,si)
 PKCS7 *p7;
 PKCS7_SIGNER_INFO *si;
@@ -341,3 +425,25 @@ PKCS7_SIGNER_INFO *si;
 		return(NULL);
 	}
 
+int PKCS7_set_cipher(p7,cipher)
+PKCS7 *p7;
+EVP_CIPHER *cipher;
+	{
+	int i;
+	PKCS7_ENC_CONTENT *ec;
+
+	i=OBJ_obj2nid(p7->type);
+	switch (i)
+		{
+	case NID_pkcs7_signedAndEnveloped:
+		ec=p7->d.signed_and_enveloped->enc_data;
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
+		return(0);
+		}
+
+	ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_nid(cipher));
+	return(ec->algorithm->algorithm != NULL);
+	}
+
diff --git a/crypto/pkcs7/pkcs7.err b/crypto/pkcs7/pkcs7.err
index 500f9b3de..91413aae4 100644
--- a/crypto/pkcs7/pkcs7.err
+++ b/crypto/pkcs7/pkcs7.err
@@ -1,13 +1,17 @@
 /* Error codes for the PKCS7 functions. */
 
 /* Function codes. */
-#define PKCS7_F_PKCS7_ADD_SIGNER			 100
-#define PKCS7_F_PKCS7_CTRL				 101
-#define PKCS7_F_PKCS7_DATAFINAL				 102
-#define PKCS7_F_PKCS7_DATAINIT				 103
-#define PKCS7_F_PKCS7_DATAVERIFY			 104
-#define PKCS7_F_PKCS7_SET_CONTENT			 105
-#define PKCS7_F_PKCS7_SET_TYPE				 106
+#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100
+#define PKCS7_F_PKCS7_ADD_CRL				 101
+#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102
+#define PKCS7_F_PKCS7_ADD_SIGNER			 103
+#define PKCS7_F_PKCS7_CTRL				 104
+#define PKCS7_F_PKCS7_DATAINIT				 105
+#define PKCS7_F_PKCS7_DATASIGN				 106
+#define PKCS7_F_PKCS7_DATAVERIFY			 107
+#define PKCS7_F_PKCS7_SET_CIPHER			 108
+#define PKCS7_F_PKCS7_SET_CONTENT			 109
+#define PKCS7_F_PKCS7_SET_TYPE				 110
 
 /* Reason codes. */
 #define PKCS7_R_INTERNAL_ERROR				 100
@@ -17,5 +21,6 @@
 #define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 104
 #define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 105
 #define PKCS7_R_UNKNOWN_DIGEST_TYPE			 106
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 107
-#define PKCS7_R_WRONG_CONTENT_TYPE			 108
+#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 107
+#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 108
+#define PKCS7_R_WRONG_CONTENT_TYPE			 109
diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h
index 061f1f070..ee12f670a 100644
--- a/crypto/pkcs7/pkcs7.h
+++ b/crypto/pkcs7/pkcs7.h
@@ -1,5 +1,5 @@
 /* crypto/pkcs7/pkcs7.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -99,16 +99,18 @@ typedef struct pkcs7_recip_info_st
 	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
 	X509_ALGOR			*key_enc_algor;
 	ASN1_OCTET_STRING		*enc_key;
+	X509				*cert; /* get the pub-key from this */
 	} PKCS7_RECIP_INFO;
 
 typedef struct pkcs7_signed_st
 	{
 	ASN1_INTEGER			*version;	/* version 1 */
 	STACK /* X509_ALGOR's */	*md_algs;	/* md used */
-	struct pkcs7_st			*contents;
 	STACK /* X509 */		*cert;		/* [ 0 ] */
 	STACK /* X509_CRL */		*crl;		/* [ 1 ] */
 	STACK /* PKCS7_SIGNER_INFO */	*signer_info;
+
+	struct pkcs7_st			*contents;
 	} PKCS7_SIGNED;
 /* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
  * How about merging the two */
@@ -130,12 +132,13 @@ typedef struct pkcs7_enveloped_st
 typedef struct pkcs7_signedandenveloped_st
 	{
 	ASN1_INTEGER			*version;	/* version 1 */
-	STACK /* PKCS7_RECIP_INFO */	*recipientinfo;
 	STACK /* X509_ALGOR's */	*md_algs;	/* md used */
-	PKCS7_ENC_CONTENT		*enc_data;
 	STACK /* X509 */		*cert;		/* [ 0 ] */
 	STACK /* X509_CRL */		*crl;		/* [ 1 ] */
 	STACK /* PKCS7_SIGNER_INFO */	*signer_info;
+
+	PKCS7_ENC_CONTENT		*enc_data;
+	STACK /* PKCS7_RECIP_INFO */	*recipientinfo;
 	} PKCS7_SIGN_ENVELOPE;
 
 typedef struct pkcs7_digest_st
@@ -204,6 +207,14 @@ typedef struct pkcs7_st
 #define PKCS7_get_detached(p) \
 		PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
 
+#ifdef SSLEAY_MACROS
+
+#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
+        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
+	                (char *)data,md,len)
+#endif
+
+
 #ifndef NOPROTO
 PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
 void			PKCS7_ISSUER_AND_SERIAL_free(
@@ -214,8 +225,17 @@ PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(
 				PKCS7_ISSUER_AND_SERIAL **a,
 				unsigned char **pp, long length);
 
+#ifndef SSLEAY_MACROS
 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type,
 	unsigned char *md,unsigned int *len);
+#ifndef NO_FP_API
+PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7);
+int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
+#endif
+PKCS7 *PKCS7_dup(PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7);
+int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
+#endif
 
 PKCS7_SIGNER_INFO	*PKCS7_SIGNER_INFO_new(void);
 void			PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a);
@@ -283,13 +303,6 @@ PKCS7			*d2i_PKCS7(PKCS7 **a,
 
 void ERR_load_PKCS7_strings(void);
 
-#ifndef WIN16
-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7);
-int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
-#endif
-PKCS7 *PKCS7_dup(PKCS7 *p7);
-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7);
-int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
 
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
 
@@ -313,6 +326,13 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 STACK *PKCS7_get_signer_info(PKCS7 *p7);
 
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
+int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
+
+
+
 #else
 
 PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new();
@@ -320,7 +340,17 @@ void			PKCS7_ISSUER_AND_SERIAL_free();
 int 			i2d_PKCS7_ISSUER_AND_SERIAL();
 PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL();
 
+#ifndef SSLEAY_MACROS
 int			PKCS7_ISSUER_AND_SERIAL_digest();
+#ifndef NO_FP_API
+PKCS7 *d2i_PKCS7_fp();
+int i2d_PKCS7_fp();
+#endif
+PKCS7 *PKCS7_dup();
+PKCS7 *d2i_PKCS7_bio();
+int i2d_PKCS7_bio();
+
+#endif
 
 PKCS7_SIGNER_INFO	*PKCS7_SIGNER_INFO_new();
 void			PKCS7_SIGNER_INFO_free();
@@ -362,13 +392,6 @@ PKCS7			*d2i_PKCS7();
 
 void ERR_load_PKCS7_strings();
 
-#ifndef WIN16
-PKCS7 *d2i_PKCS7_fp();
-int i2d_PKCS7_fp();
-#endif
-PKCS7 *PKCS7_dup();
-PKCS7 *d2i_PKCS7_bio();
-int i2d_PKCS7_bio();
 long PKCS7_ctrl();
 int PKCS7_set_type();
 int PKCS7_set_content();
@@ -384,19 +407,28 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature();
 X509 *PKCS7_cert_from_signer_info();
 STACK *PKCS7_get_signer_info();
 
+PKCS7_RECIP_INFO *PKCS7_add_recipient();
+int PKCS7_add_recipient_info();
+int PKCS7_RECIP_INFO_set();
+int PKCS7_set_cipher();
+
 #endif
 
 /* BEGIN ERROR CODES */
 /* Error codes for the PKCS7 functions. */
 
 /* Function codes. */
-#define PKCS7_F_PKCS7_ADD_SIGNER			 100
-#define PKCS7_F_PKCS7_CTRL				 101
-#define PKCS7_F_PKCS7_DATAFINAL				 102
-#define PKCS7_F_PKCS7_DATAINIT				 103
-#define PKCS7_F_PKCS7_DATAVERIFY			 104
-#define PKCS7_F_PKCS7_SET_CONTENT			 105
-#define PKCS7_F_PKCS7_SET_TYPE				 106
+#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100
+#define PKCS7_F_PKCS7_ADD_CRL				 101
+#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102
+#define PKCS7_F_PKCS7_ADD_SIGNER			 103
+#define PKCS7_F_PKCS7_CTRL				 104
+#define PKCS7_F_PKCS7_DATAINIT				 105
+#define PKCS7_F_PKCS7_DATASIGN				 106
+#define PKCS7_F_PKCS7_DATAVERIFY			 107
+#define PKCS7_F_PKCS7_SET_CIPHER			 108
+#define PKCS7_F_PKCS7_SET_CONTENT			 109
+#define PKCS7_F_PKCS7_SET_TYPE				 110
 
 /* Reason codes. */
 #define PKCS7_R_INTERNAL_ERROR				 100
@@ -406,8 +438,9 @@ STACK *PKCS7_get_signer_info();
 #define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 104
 #define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 105
 #define PKCS7_R_UNKNOWN_DIGEST_TYPE			 106
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 107
-#define PKCS7_R_WRONG_CONTENT_TYPE			 108
+#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 107
+#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 108
+#define PKCS7_R_WRONG_CONTENT_TYPE			 109
  
 #ifdef  __cplusplus
 }
diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c
index 851691da6..f85105742 100644
--- a/crypto/pkcs7/pkcs7err.c
+++ b/crypto/pkcs7/pkcs7err.c
@@ -60,13 +60,18 @@
 #include "pkcs7.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA PKCS7_str_functs[]=
 	{
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0),	"PKCS7_add_certificate"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0),	"PKCS7_add_crl"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0),	"PKCS7_add_recipient_info"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0),	"PKCS7_add_signer"},
 {ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0),	"PKCS7_ctrl"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATAFINAL,0),	"PKCS7_DATAFINAL"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0),	"PKCS7_dataInit"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0),	"PKCS7_dataSign"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0),	"PKCS7_dataVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0),	"PKCS7_set_cipher"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0),	"PKCS7_set_content"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0),	"PKCS7_set_type"},
 {0,NULL},
@@ -81,19 +86,25 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {PKCS7_R_UNABLE_TO_FIND_MEM_BIO          ,"unable to find mem bio"},
 {PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST   ,"unable to find message digest"},
 {PKCS7_R_UNKNOWN_DIGEST_TYPE             ,"unknown digest type"},
+{PKCS7_R_UNSUPPORTED_CIPHER_TYPE         ,"unsupported cipher type"},
 {PKCS7_R_UNSUPPORTED_CONTENT_TYPE        ,"unsupported content type"},
 {PKCS7_R_WRONG_CONTENT_TYPE              ,"wrong content type"},
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_PKCS7_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
 		ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/pkcs7/sign.c b/crypto/pkcs7/sign.c
index 9400fe30b..ead1cb65c 100644
--- a/crypto/pkcs7/sign.c
+++ b/crypto/pkcs7/sign.c
@@ -1,3 +1,60 @@
+/* crypto/pkcs7/sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
 #include <stdio.h>
 #include "bio.h"
 #include "x509.h"
diff --git a/crypto/pkcs7/verify.c b/crypto/pkcs7/verify.c
index bce20ee20..0e1c1b26d 100644
--- a/crypto/pkcs7/verify.c
+++ b/crypto/pkcs7/verify.c
@@ -1,3 +1,60 @@
+/* crypto/pkcs7/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
 #include <stdio.h>
 #include "asn1.h"
 #include "bio.h"
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 6c8e65a05..f44b36a8b 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -1,5 +1,5 @@
 /* crypto/rand/md_rand.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,7 +61,6 @@
 #include <sys/types.h>
 #include <time.h>
 
-
 #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
 #ifndef NO_MD5
 #define USE_MD5_RAND
@@ -119,19 +118,19 @@ We need a message digest of some type
 
 #define STATE_SIZE	1023
 static int state_num=0,state_index=0;
-static unsigned char state[STATE_SIZE];
+static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
 static unsigned char md[MD_DIGEST_LENGTH];
-static int count=0;
+static int md_count=0;
 
-char *RAND_version="RAND part of SSLeay 0.8.1b 29-Jun-1998";
+char *RAND_version="RAND part of SSLeay 0.9.0b 29-Jun-1998";
 
 void RAND_cleanup()
 	{
-	memset(state,0,STATE_SIZE);
+	memset(state,0,sizeof(state));
 	state_num=0;
 	state_index=0;
 	memset(md,0,MD_DIGEST_LENGTH);
-	count=0;
+	md_count=0;
 	}
 
 void RAND_seed(buf,num)
@@ -150,7 +149,7 @@ int num;
 	st_num=state_num;
 
 	state_index=(state_index+num);
-	if (state_index > STATE_SIZE)
+	if (state_index >= STATE_SIZE)
 		{
 		state_index%=STATE_SIZE;
 		state_num=STATE_SIZE;
@@ -236,7 +235,7 @@ int num;
 		l=time(NULL);
 		RAND_seed((unsigned char *)&l,sizeof(l));
 
-#ifdef DEVRANDOM
+/* #ifdef DEVRANDOM */
 		/* 
 		 * Use a random entropy pool device.
 		 * Linux 1.3.x and FreeBSD-Current has 
@@ -246,17 +245,17 @@ int num;
 		 */
 		if ((fh = fopen(DEVRANDOM, "r")) != NULL)
 			{
-			unsigned char buf[32];
+			unsigned char tmpbuf[32];
 
-			fread((unsigned char *)buf,1,32,fh);
+			fread((unsigned char *)tmpbuf,1,32,fh);
 			/* we don't care how many bytes we read,
 			 * we will just copy the 'stack' if there is
 			 * nothing else :-) */
 			fclose(fh);
-			RAND_seed(buf,32);
-			memset(buf,0,32);
+			RAND_seed(tmpbuf,32);
+			memset(tmpbuf,0,32);
 			}
-#endif
+/* #endif */
 #ifdef PURIFY
 		memset(state,0,STATE_SIZE);
 		memset(md,0,MD_DIGEST_LENGTH);
@@ -301,7 +300,7 @@ int num;
 		}
 
 	MD_Init(&m);
-	MD_Update(&m,(unsigned char *)&count,sizeof(count)); count++;
+	MD_Update(&m,(unsigned char *)&md_count,sizeof(md_count)); md_count++;
 	MD_Update(&m,md,MD_DIGEST_LENGTH);
 	MD_Final(md,&m);
 	memset(&m,0,sizeof(m));
diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h
index 99ca47d6c..477d7a150 100644
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -1,5 +1,5 @@
 /* crypto/rand/rand.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index ad0e55db9..f2b374636 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -1,5 +1,5 @@
 /* crypto/rand/randfile.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c
index ac3f0d709..e0ba61e12 100644
--- a/crypto/rand/randtest.c
+++ b/crypto/rand/randtest.c
@@ -1,5 +1,5 @@
 /* crypto/rand/randtest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/rc2/rc2.h b/crypto/rc2/rc2.h
index 0903417fc..9232bbd56 100644
--- a/crypto/rc2/rc2.h
+++ b/crypto/rc2/rc2.h
@@ -90,7 +90,8 @@ typedef struct rc2_key_st
 void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits);
 void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key,
 	int enc);
-void RC2_encrypt(unsigned long *data,RC2_KEY *key,int enc);
+void RC2_encrypt(unsigned long *data,RC2_KEY *key);
+void RC2_decrypt(unsigned long *data,RC2_KEY *key);
 void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
 	RC2_KEY *ks, unsigned char *iv, int enc);
 void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
@@ -103,6 +104,7 @@ void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
 void RC2_set_key();
 void RC2_ecb_encrypt();
 void RC2_encrypt();
+void RC2_decrypt();
 void RC2_cbc_encrypt();
 void RC2_cfb64_encrypt();
 void RC2_ofb64_encrypt();
diff --git a/crypto/rc2/rc2.org b/crypto/rc2/rc2.org
index af9310f13..37354cfa6 100644
--- a/crypto/rc2/rc2.org
+++ b/crypto/rc2/rc2.org
@@ -90,7 +90,8 @@ typedef struct rc2_key_st
 void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits);
 void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key,
 	int enc);
-void RC2_encrypt(unsigned long *data,RC2_KEY *key,int enc);
+void RC2_encrypt(unsigned long *data,RC2_KEY *key);
+void RC2_decrypt(unsigned long *data,RC2_KEY *key);
 void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
 	RC2_KEY *ks, unsigned char *iv, int enc);
 void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
@@ -103,6 +104,7 @@ void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
 void RC2_set_key();
 void RC2_ecb_encrypt();
 void RC2_encrypt();
+void RC2_decrypt();
 void RC2_cbc_encrypt();
 void RC2_cfb64_encrypt();
 void RC2_ofb64_encrypt();
diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c
index 24e775935..22e89f044 100644
--- a/crypto/rc2/rc2_cbc.c
+++ b/crypto/rc2/rc2_cbc.c
@@ -1,5 +1,5 @@
 /* crypto/rc2/rc2_cbc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -85,7 +85,7 @@ int encrypt;
 			tin1^=tout1;
 			tin[0]=tin0;
 			tin[1]=tin1;
-			RC2_encrypt(tin,ks,RC2_ENCRYPT);
+			RC2_encrypt(tin,ks);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
@@ -96,7 +96,7 @@ int encrypt;
 			tin1^=tout1;
 			tin[0]=tin0;
 			tin[1]=tin1;
-			RC2_encrypt(tin,ks,RC2_ENCRYPT);
+			RC2_encrypt(tin,ks);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
@@ -112,7 +112,7 @@ int encrypt;
 			{
 			c2l(in,tin0); tin[0]=tin0;
 			c2l(in,tin1); tin[1]=tin1;
-			RC2_encrypt(tin,ks,RC2_DECRYPT);
+			RC2_decrypt(tin,ks);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2c(tout0,out);
@@ -124,7 +124,7 @@ int encrypt;
 			{
 			c2l(in,tin0); tin[0]=tin0;
 			c2l(in,tin1); tin[1]=tin1;
-			RC2_encrypt(tin,ks,RC2_DECRYPT);
+			RC2_decrypt(tin,ks);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2cn(tout0,tout1,out,l+8);
@@ -138,3 +138,98 @@ int encrypt;
 	tin[0]=tin[1]=0;
 	}
 
+void RC2_encrypt(d,key)
+unsigned long *d;
+RC2_KEY *key;
+	{
+	int i,n;
+	register RC2_INT *p0,*p1;
+	register RC2_INT x0,x1,x2,x3,t;
+	unsigned long l;
+
+	l=d[0];
+	x0=(RC2_INT)l&0xffff;
+	x1=(RC2_INT)(l>>16L);
+	l=d[1];
+	x2=(RC2_INT)l&0xffff;
+	x3=(RC2_INT)(l>>16L);
+
+	n=3;
+	i=5;
+
+	p0=p1= &(key->data[0]);
+	for (;;)
+		{
+		t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;
+		x0=(t<<1)|(t>>15);
+		t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;
+		x1=(t<<2)|(t>>14);
+		t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;
+		x2=(t<<3)|(t>>13);
+		t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;
+		x3=(t<<5)|(t>>11);
+
+		if (--i == 0)
+			{
+			if (--n == 0) break;
+			i=(n == 2)?6:5;
+
+			x0+=p1[x3&0x3f];
+			x1+=p1[x0&0x3f];
+			x2+=p1[x1&0x3f];
+			x3+=p1[x2&0x3f];
+			}
+		}
+
+	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
+	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
+	}
+
+void RC2_decrypt(d,key)
+unsigned long *d;
+RC2_KEY *key;
+	{
+	int i,n;
+	register RC2_INT *p0,*p1;
+	register RC2_INT x0,x1,x2,x3,t;
+	unsigned long l;
+
+	l=d[0];
+	x0=(RC2_INT)l&0xffff;
+	x1=(RC2_INT)(l>>16L);
+	l=d[1];
+	x2=(RC2_INT)l&0xffff;
+	x3=(RC2_INT)(l>>16L);
+
+	n=3;
+	i=5;
+
+	p0= &(key->data[63]);
+	p1= &(key->data[0]);
+	for (;;)
+		{
+		t=((x3<<11)|(x3>>5))&0xffff;
+		x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;
+		t=((x2<<13)|(x2>>3))&0xffff;
+		x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;
+		t=((x1<<14)|(x1>>2))&0xffff;
+		x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;
+		t=((x0<<15)|(x0>>1))&0xffff;
+		x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;
+
+		if (--i == 0)
+			{
+			if (--n == 0) break;
+			i=(n == 2)?6:5;
+
+			x3=(x3-p1[x2&0x3f])&0xffff;
+			x2=(x2-p1[x1&0x3f])&0xffff;
+			x1=(x1-p1[x0&0x3f])&0xffff;
+			x0=(x0-p1[x3&0x3f])&0xffff;
+			}
+		}
+
+	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
+	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
+	}
+
diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c
index 65b5d3536..96239cd4e 100644
--- a/crypto/rc2/rc2_ecb.c
+++ b/crypto/rc2/rc2_ecb.c
@@ -1,5 +1,5 @@
 /* crypto/rc2/rc2_ecb.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,7 +59,7 @@
 #include "rc2.h"
 #include "rc2_locl.h"
 
-char *RC2_version="RC2 part of SSLeay 0.8.1b 29-Jun-1998";
+char *RC2_version="RC2 part of SSLeay 0.9.0b 29-Jun-1998";
 
 /* RC2 as implemented frm a posting from
  * Newsgroups: sci.crypt
@@ -79,85 +79,12 @@ int encrypt;
 
 	c2l(in,l); d[0]=l;
 	c2l(in,l); d[1]=l;
-	RC2_encrypt(d,ks,encrypt);
+	if (encrypt)
+		RC2_encrypt(d,ks);
+	else
+		RC2_decrypt(d,ks);
 	l=d[0]; l2c(l,out);
 	l=d[1]; l2c(l,out);
 	l=d[0]=d[1]=0;
 	}
 
-void RC2_encrypt(d,key,encrypt)
-unsigned long *d;
-RC2_KEY *key;
-int encrypt;
-	{
-	int i,n;
-	register RC2_INT *p0,*p1;
-	register RC2_INT x0,x1,x2,x3,t;
-	unsigned long l;
-
-	l=d[0];
-	x0=(RC2_INT)l&0xffff;
-	x1=(RC2_INT)(l>>16L);
-	l=d[1];
-	x2=(RC2_INT)l&0xffff;
-	x3=(RC2_INT)(l>>16L);
-
-	n=3;
-	i=5;
-	if (encrypt)
-		{
-		p0=p1= &(key->data[0]);
-		for (;;)
-			{
-			t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;
-			x0=(t<<1)|(t>>15);
-			t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;
-			x1=(t<<2)|(t>>14);
-			t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;
-			x2=(t<<3)|(t>>13);
-			t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;
-			x3=(t<<5)|(t>>11);
-
-			if (--i == 0)
-				{
-				if (--n == 0) break;
-				i=(n == 2)?6:5;
-
-				x0+=p1[x3&0x3f];
-				x1+=p1[x0&0x3f];
-				x2+=p1[x1&0x3f];
-				x3+=p1[x2&0x3f];
-				}
-			}
-		}
-	else
-		{
-		p0= &(key->data[63]);
-		p1= &(key->data[0]);
-		for (;;)
-			{
-			t=((x3<<11)|(x3>>5))&0xffff;
-			x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;
-			t=((x2<<13)|(x2>>3))&0xffff;
-			x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;
-			t=((x1<<14)|(x1>>2))&0xffff;
-			x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;
-			t=((x0<<15)|(x0>>1))&0xffff;
-			x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;
-
-			if (--i == 0)
-				{
-				if (--n == 0) break;
-				i=(n == 2)?6:5;
-
-				x3=(x3-p1[x2&0x3f])&0xffff;
-				x2=(x2-p1[x1&0x3f])&0xffff;
-				x1=(x1-p1[x0&0x3f])&0xffff;
-				x0=(x0-p1[x3&0x3f])&0xffff;
-				}
-			}
-		}
-
-	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
-	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
-	}
diff --git a/crypto/rc2/rc2_locl.h b/crypto/rc2/rc2_locl.h
index 05f45b057..565cd1761 100644
--- a/crypto/rc2/rc2_locl.h
+++ b/crypto/rc2/rc2_locl.h
@@ -1,5 +1,5 @@
 /* crypto/rc2/rc2_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -144,3 +144,13 @@
                          *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
                          *((c)++)=(unsigned char)(((l)     )&0xff))
 
+#define C_RC2(n) \
+	t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
+	x0=(t<<1)|(t>>15); \
+	t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
+	x1=(t<<2)|(t>>14); \
+	t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
+	x2=(t<<3)|(t>>13); \
+	t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
+	x3=(t<<5)|(t>>11);
+
diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c
index cfc8a50cd..0f1f25339 100644
--- a/crypto/rc2/rc2_skey.c
+++ b/crypto/rc2/rc2_skey.c
@@ -1,5 +1,5 @@
 /* crypto/rc2/rc2_skey.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c
index 44df3dc95..d409fb77e 100644
--- a/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
@@ -1,5 +1,5 @@
 /* crypto/rc2/rc2cfb64.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -88,7 +88,7 @@ int encrypt;
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				RC2_encrypt((unsigned long *)ti,schedule,RC2_ENCRYPT);
+				RC2_encrypt((unsigned long *)ti,schedule);
 				iv=(unsigned char *)ivec;
 				t=ti[0]; l2c(t,iv);
 				t=ti[1]; l2c(t,iv);
@@ -108,7 +108,7 @@ int encrypt;
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				RC2_encrypt((unsigned long *)ti,schedule,RC2_ENCRYPT);
+				RC2_encrypt((unsigned long *)ti,schedule);
 				iv=(unsigned char *)ivec;
 				t=ti[0]; l2c(t,iv);
 				t=ti[1]; l2c(t,iv);
diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c
index 5df004bce..4f0916744 100644
--- a/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
@@ -1,5 +1,5 @@
 /* crypto/rc2/rc2ofb64.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -92,7 +92,7 @@ int *num;
 		{
 		if (n == 0)
 			{
-			RC2_encrypt((unsigned long *)ti,schedule,RC2_ENCRYPT);
+			RC2_encrypt((unsigned long *)ti,schedule);
 			dp=(char *)d;
 			t=ti[0]; l2c(t,dp);
 			t=ti[1]; l2c(t,dp);
diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c
index 00e21ddd3..9d0f8016e 100644
--- a/crypto/rc2/rc2test.c
+++ b/crypto/rc2/rc2test.c
@@ -1,5 +1,5 @@
 /* crypto/rc2/rc2test.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/rc4/Makefile.ssl b/crypto/rc4/Makefile.ssl
index 2f40d4ed9..19c1e980f 100644
--- a/crypto/rc4/Makefile.ssl
+++ b/crypto/rc4/Makefile.ssl
@@ -13,6 +13,13 @@ MAKEDEPEND=	makedepend -f Makefile.ssl
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
+RC4_ENC=rc4_enc.o
+# or use
+#RC4_ENC=asm/rx86-elf.o
+#RC4_ENC=asm/rx86-out.o
+#RC4_ENC=asm/rx86-sol.o
+#RC4_ENC=asm/rx86bdsi.o
+
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
@@ -20,13 +27,13 @@ TEST=rc4test.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=rc4_enc.c
-LIBOBJ=rc4_enc.o
+LIBSRC=rc4_skey.c rc4_enc.c
+LIBOBJ=rc4_skey.o $(RC4_ENC)
 
 SRC= $(LIBSRC)
 
 EXHEADER= rc4.h
-HEADER=	$(EXHEADER)
+HEADER=	$(EXHEADER) rc4_locl.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -40,6 +47,27 @@ lib:	$(LIBOBJ)
 	sh $(TOP)/util/ranlib.sh $(LIB)
 	@touch lib
 
+# elf
+asm/rx86-elf.o: asm/rx86unix.cpp
+	$(CPP) -DELF asm/rx86unix.cpp | as -o asm/rx86-elf.o
+
+# solaris
+asm/rx86-sol.o: asm/rx86unix.cpp
+	$(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
+	as -o asm/rx86-sol.o asm/rx86-sol.s
+	rm -f asm/rx86-sol.s
+
+# a.out
+asm/rx86-out.o: asm/rx86unix.cpp
+	$(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+
+# bsdi
+asm/rx86bsdi.o: asm/rx86unix.cpp
+	$(CPP) -DBSDI asm/rx86unix.cpp | as -o asm/rx86bsdi.o
+
+asm/rx86unix.cpp:
+	(cd asm; perl rc4-586.pl cpp >rx86unix.cpp)
+
 files:
 	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
@@ -73,7 +101,7 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
 
 errors:
 
diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.c
index 37965d526..127e8a509 100644
--- a/crypto/rc4/rc4.c
+++ b/crypto/rc4/rc4.c
@@ -1,5 +1,5 @@
 /* crypto/rc4/rc4.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c
index de57a970b..ab8a111b5 100644
--- a/crypto/rc4/rc4_enc.c
+++ b/crypto/rc4/rc4_enc.c
@@ -1,5 +1,5 @@
-/* crypto/rc4/rc4_enc.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* crypto/rc4/rc4_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,35 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify rc4_enc.org since rc4_enc.c is automatically generated from
- * it during SSLeay configuration.
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- */
-
 #include "rc4.h"
-
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-
-char *RC4_version="RC4 part of SSLeay 0.8.1a 24-Jun-1998";
-
-char *RC4_options()
-	{
-#ifdef RC4_INDEX
-	if (sizeof(RC4_INT) == 1)
-		return("rc4(idx,char)");
-	else
-		return("rc4(idx,int)");
-#else
-	if (sizeof(RC4_INT) == 1)
-		return("rc4(ptr,char)");
-	else
-		return("rc4(ptr,int)");
-#endif
-	}
+#include "rc4_locl.h"
 
 /* RC4 as implemented from a posting from
  * Newsgroups: sci.crypt
@@ -94,39 +67,6 @@ char *RC4_options()
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
  */
 
-void RC4_set_key(key, len, data)
-RC4_KEY *key;
-int len;
-register unsigned char *data;
-	{
-        register RC4_INT tmp;
-        register int id1,id2;
-        register RC4_INT *d;
-        unsigned int i;
-        
-        d= &(key->data[0]);
-	for (i=0; i<256; i++)
-		d[i]=i;
-        key->x = 0;     
-        key->y = 0;     
-        id1=id2=0;     
-
-#define SK_LOOP(n) { \
-		tmp=d[(n)]; \
-		id2 = (data[id1] + tmp + id2) & 0xff; \
-		if (++id1 == len) id1=0; \
-		d[(n)]=d[id2]; \
-		d[id2]=tmp; }
-
-	for (i=0; i < 256; i+=4)
-		{
-		SK_LOOP(i+0);
-		SK_LOOP(i+1);
-		SK_LOOP(i+2);
-		SK_LOOP(i+3);
-		}
-	}
-    
 void RC4(key, len, indata, outdata)
 RC4_KEY *key;
 unsigned long len;
diff --git a/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c
index aa4053e64..041e1aff9 100644
--- a/crypto/rc4/rc4test.c
+++ b/crypto/rc4/rc4test.c
@@ -1,5 +1,5 @@
 /* crypto/rc4/rc4test.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,27 +61,43 @@
 #include <string.h>
 #include "rc4.h"
 
-unsigned char keys[6][11]={
+unsigned char keys[7][30]={
 	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
 	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
 	{8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
 	{4,0xef,0x01,0x23,0x45},
 	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+	{4,0xef,0x01,0x23,0x45},
 	};
 
-unsigned char data[6][11]={
-	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
-	{8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+unsigned char data_len[7]={8,8,8,20,28,10};
+unsigned char data[7][30]={
+	{0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	   0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	   0x00,0x00,0x00,0x00,0xff},
+	{0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+	   0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+	   0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+	   0x12,0x34,0x56,0x78,0xff},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
 	{0},
 	};
 
-unsigned char output[6][11]={
-	{0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96},
-	{0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79},
-	{0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a},
-	{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61},
+unsigned char output[7][30]={
+	{0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
+	{0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
+	{0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
+	{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
+	 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
+	 0x36,0xb6,0x78,0x58,0x00},
+	{0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
+	 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
+	 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
+	 0x40,0x01,0x1e,0xcf,0x00},
+	{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
 	{0},
 	};
 
@@ -90,27 +106,28 @@ int argc;
 char *argv[];
 	{
 	int i,err=0;
-	unsigned int j;
+	int j;
 	unsigned char *p;
 	RC4_KEY key;
 	unsigned char buf[512],obuf[512];
 
 	for (i=0; i<512; i++) buf[i]=0x01;
 
-	for (i=0; i<4; i++)
+	for (i=0; i<6; i++)
 		{
 		RC4_set_key(&key,keys[i][0],&(keys[i][1]));
-		RC4(&key,data[i][0],&(data[i][1]),obuf);
-		if (memcmp(obuf,output[i],data[i][0]) != 0)
+		memset(obuf,0x00,sizeof(obuf));
+		RC4(&key,data_len[i],&(data[i][0]),obuf);
+		if (memcmp(obuf,output[i],data_len[i]+1) != 0)
 			{
 			printf("error calculating RC4\n");
 			printf("output:");
-			for (j=0; j<data[i][0]; j++)
+			for (j=0; j<data_len[i]+1; j++)
 				printf(" %02x",obuf[j]);
 			printf("\n");
 			printf("expect:");
 			p= &(output[i][0]);
-			for (j=0; j<data[i][0]; j++)
+			for (j=0; j<data_len[i]+1; j++)
 				printf(" %02x",*(p++));
 			printf("\n");
 			err++;
@@ -118,6 +135,60 @@ char *argv[];
 		else
 			printf("test %d ok\n",i);
 		}
+	printf("test end processing ");
+	for (i=0; i<data_len[3]; i++)
+		{
+		RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+		memset(obuf,0x00,sizeof(obuf));
+		RC4(&key,i,&(data[3][0]),obuf);
+		if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
+			{
+			printf("error in RC4 length processing\n");
+			printf("output:");
+			for (j=0; j<i+1; j++)
+				printf(" %02x",obuf[j]);
+			printf("\n");
+			printf("expect:");
+			p= &(output[3][0]);
+			for (j=0; j<i; j++)
+				printf(" %02x",*(p++));
+			printf(" 00\n");
+			err++;
+			}
+		else
+			{
+			printf(".");
+			fflush(stdout);
+			}
+		}
+	printf("done\n");
+	printf("test multi-call ");
+	for (i=0; i<data_len[3]; i++)
+		{
+		RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+		memset(obuf,0x00,sizeof(obuf));
+		RC4(&key,i,&(data[3][0]),obuf);
+		RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
+		if (memcmp(obuf,output[3],data_len[3]+1) != 0)
+			{
+			printf("error in RC4 multi-call processing\n");
+			printf("output:");
+			for (j=0; j<data_len[3]+1; j++)
+				printf(" %02x",obuf[j]);
+			printf("\n");
+			printf("expect:");
+			p= &(output[3][0]);
+			for (j=0; j<data_len[3]+1; j++)
+				printf(" %02x",*(p++));
+			err++;
+			}
+		else
+			{
+			printf(".");
+			fflush(stdout);
+			}
+		}
+	printf("done\n");
 	exit(err);
 	return(0);
 	}
diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl
index 5e04ec448..d52f2e609 100644
--- a/crypto/rsa/Makefile.ssl
+++ b/crypto/rsa/Makefile.ssl
@@ -22,8 +22,10 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c
-LIBOBJ= rsa_enc.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o
+LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c \
+	rsa_pk1.c rsa_ssl.c rsa_none.c
+LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o \
+	rsa_pk1.o rsa_ssl.o rsa_none.o
 
 SRC= $(LIBSRC)
 
@@ -79,6 +81,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/rsa/rsa.err b/crypto/rsa/rsa.err
index 29f149669..5ded1b5fa 100644
--- a/crypto/rsa/rsa.err
+++ b/crypto/rsa/rsa.err
@@ -7,12 +7,20 @@
 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 103
 #define RSA_F_RSA_GENERATE_KEY				 104
 #define RSA_F_RSA_NEW_METHOD				 105
-#define RSA_F_RSA_PRINT					 106
-#define RSA_F_RSA_PRINT_FP				 107
-#define RSA_F_RSA_SIGN					 108
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 109
-#define RSA_F_RSA_VERIFY				 110
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 111
+#define RSA_F_RSA_PADDING_ADD_NONE			 106
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 107
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 108
+#define RSA_F_RSA_PADDING_ADD_SSLV23			 109
+#define RSA_F_RSA_PADDING_CHECK_NONE			 110
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 111
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 112
+#define RSA_F_RSA_PADDING_CHECK_SSLV23			 113
+#define RSA_F_RSA_PRINT					 114
+#define RSA_F_RSA_PRINT_FP				 115
+#define RSA_F_RSA_SIGN					 116
+#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 117
+#define RSA_F_RSA_VERIFY				 118
+#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 119
 
 /* Reason codes. */
 #define RSA_R_ALGORITHM_MISMATCH			 100
@@ -20,14 +28,18 @@
 #define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102
 #define RSA_R_BAD_PAD_BYTE_COUNT			 103
 #define RSA_R_BAD_SIGNATURE				 104
-#define RSA_R_BLOCK_TYPE_IS_NOT_01			 105
-#define RSA_R_BLOCK_TYPE_IS_NOT_02			 106
-#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 107
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 108
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 109
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 110
-#define RSA_R_SSLV3_ROLLBACK_ATTACK			 111
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 112
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 113
-#define RSA_R_UNKNOWN_PADDING_TYPE			 114
-#define RSA_R_WRONG_SIGNATURE_LENGTH			 115
+#define RSA_R_BAD_ZERO_BYTE				 105
+#define RSA_R_BLOCK_TYPE_IS_NOT_01			 106
+#define RSA_R_BLOCK_TYPE_IS_NOT_02			 107
+#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
+#define RSA_R_DATA_TOO_LARGE				 109
+#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
+#define RSA_R_DATA_TOO_SMALL				 111
+#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
+#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
+#define RSA_R_PADDING_CHECK_FAILED			 114
+#define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
+#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
+#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
+#define RSA_R_UNKNOWN_PADDING_TYPE			 118
+#define RSA_R_WRONG_SIGNATURE_LENGTH			 119
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 821e928a1..aeb78ffcd 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -1,5 +1,5 @@
 /* crypto/rsa/rsa.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -64,6 +64,7 @@ extern "C" {
 #endif
 
 #include "bn.h"
+#include "crypto.h"
 
 typedef struct rsa_meth_st
 	{
@@ -72,10 +73,13 @@ typedef struct rsa_meth_st
 	int (*rsa_pub_dec)();
 	int (*rsa_priv_enc)();
 	int (*rsa_priv_dec)();
-	int (*rsa_mod_exp)();
-	int (*bn_mod_exp)();
+	int (*rsa_mod_exp)();		/* Can be null */
+	int (*bn_mod_exp)();		/* Can be null */
 	int (*init)(/* RSA * */);	/* called at new */
 	int (*finish)(/* RSA * */);	/* called at free */
+
+	int flags;			/* RSA_METHOD_FLAG_* things */
+	char *app_data;			/* may be needed! */
 	} RSA_METHOD;
 
 typedef struct rsa_st
@@ -94,22 +98,40 @@ typedef struct rsa_st
 	BIGNUM *dmq1;
 	BIGNUM *iqmp;
 	/* be carefull using this if the RSA structure is shared */
-	char *app_data;
+	CRYPTO_EX_DATA ex_data;
 	int references;
+	int flags;
+
+	/* Normally used to cached montgomery values */
+	char *method_mod_n;
+	char *method_mod_p;
+	char *method_mod_q;
+
+	BN_BLINDING *blinding;
 	} RSA;
 
 #define RSA_3	0x3L
 #define RSA_F4	0x10001L
 
-#define RSA_PKCS1_PADDING	11
-#define RSA_SSLV23_PADDING	12
+#define RSA_METHOD_FLAG_NO_CHECK	0x01 /* don't check pub/private match */
+#define RSA_FLAG_CACHE_PUBLIC		0x02
+#define RSA_FLAG_CACHE_PRIVATE		0x04
+#define RSA_FLAG_BLINDING		0x08
+#define RSA_FLAG_THREAD_SAFE		0x10
+
+#define RSA_PKCS1_PADDING	1
+#define RSA_SSLV23_PADDING	2
+#define RSA_NO_PADDING		3
+
+#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,(char *)arg)
+#define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
 
 #ifndef NOPROTO
 RSA *	RSA_new(void);
 RSA *	RSA_new_method(RSA_METHOD *method);
 int	RSA_size(RSA *);
 RSA *	RSA_generate_key(int bits, unsigned long e,void
-		(*callback)(int,int));
+		(*callback)(int,int,char *),char *cb_arg);
 	/* next 4 return -1 on error */
 int	RSA_public_encrypt(int flen, unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
@@ -121,10 +143,12 @@ int	RSA_private_decrypt(int flen, unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
 void	RSA_free (RSA *r);
 
+int	RSA_flags(RSA *r);
+
 void RSA_set_default_method(RSA_METHOD *meth);
 
 /* If you have RSAref compiled in. */
-/* RSA_METHOD *RSA_PKCS1_RSAref(void); */
+RSA_METHOD *RSA_PKCS1_RSAref(void);
 
 /* these are the actual SSLeay RSA functions */
 RSA_METHOD *RSA_PKCS1_SSLeay(void);
@@ -135,7 +159,7 @@ RSA *	d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
 int	i2d_RSAPublicKey(RSA *a, unsigned char **pp);
 RSA *	d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
 int 	i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
-#ifndef WIN16
+#ifndef NO_FP_API
 int	RSA_print_fp(FILE *fp, RSA *r,int offset);
 #endif
 
@@ -145,6 +169,9 @@ int	RSA_print(BIO *bp, RSA *r,int offset);
 
 int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
 RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+/* Naughty internal function required elsewhere, to handle a MS structure
+ * that is the same as the netscape one :-) */
+RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)());
 
 /* The following 2 functions sign and verify a X509_SIG ASN1 object
  * inside PKCS#1 padded RSA encryption */
@@ -160,6 +187,31 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
 int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
 	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+void RSA_blinding_off(RSA *rsa);
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_add_none(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_check_none(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+
+int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+int RSA_set_ex_data(RSA *r,int idx,char *arg);
+char *RSA_get_ex_data(RSA *r, int idx);
+
 #else
 
 RSA *	RSA_new();
@@ -172,6 +224,8 @@ int	RSA_public_decrypt();
 int	RSA_private_decrypt();
 void	RSA_free ();
 
+int	RSA_flags();
+
 void RSA_set_default_method();
 
 /* RSA_METHOD *RSA_PKCS1_RSAref(); */
@@ -183,7 +237,7 @@ RSA *	d2i_RSAPublicKey();
 int	i2d_RSAPublicKey();
 RSA *	d2i_RSAPrivateKey();
 int 	i2d_RSAPrivateKey();
-#ifndef WIN16
+#ifndef NO_FP_API
 int	RSA_print_fp();
 #endif
 
@@ -191,13 +245,28 @@ int	RSA_print();
 
 int i2d_Netscape_RSA();
 RSA *d2i_Netscape_RSA();
+RSA *d2i_Netscape_RSA_2();
 
 int RSA_sign();
 int RSA_verify();
 
 int RSA_sign_ASN1_OCTET_STRING();
 int RSA_verify_ASN1_OCTET_STRING();
-
+int RSA_blinding_on();
+void RSA_blinding_off();
+
+int RSA_padding_add_PKCS1_type_1();
+int RSA_padding_check_PKCS1_type_1();
+int RSA_padding_add_PKCS1_type_2();
+int RSA_padding_check_PKCS1_type_2();
+int RSA_padding_add_SSLv23();
+int RSA_padding_check_SSLv23();
+int RSA_padding_add_none();
+int RSA_padding_check_none();
+
+int RSA_get_ex_new_index();
+int RSA_set_ex_data();
+char *RSA_get_ex_data();
 
 #endif
 
@@ -211,12 +280,20 @@ int RSA_verify_ASN1_OCTET_STRING();
 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 103
 #define RSA_F_RSA_GENERATE_KEY				 104
 #define RSA_F_RSA_NEW_METHOD				 105
-#define RSA_F_RSA_PRINT					 106
-#define RSA_F_RSA_PRINT_FP				 107
-#define RSA_F_RSA_SIGN					 108
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 109
-#define RSA_F_RSA_VERIFY				 110
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 111
+#define RSA_F_RSA_PADDING_ADD_NONE			 106
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 107
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 108
+#define RSA_F_RSA_PADDING_ADD_SSLV23			 109
+#define RSA_F_RSA_PADDING_CHECK_NONE			 110
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 111
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 112
+#define RSA_F_RSA_PADDING_CHECK_SSLV23			 113
+#define RSA_F_RSA_PRINT					 114
+#define RSA_F_RSA_PRINT_FP				 115
+#define RSA_F_RSA_SIGN					 116
+#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 117
+#define RSA_F_RSA_VERIFY				 118
+#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 119
 
 /* Reason codes. */
 #define RSA_R_ALGORITHM_MISMATCH			 100
@@ -224,17 +301,21 @@ int RSA_verify_ASN1_OCTET_STRING();
 #define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102
 #define RSA_R_BAD_PAD_BYTE_COUNT			 103
 #define RSA_R_BAD_SIGNATURE				 104
-#define RSA_R_BLOCK_TYPE_IS_NOT_01			 105
-#define RSA_R_BLOCK_TYPE_IS_NOT_02			 106
-#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 107
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 108
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 109
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 110
-#define RSA_R_SSLV3_ROLLBACK_ATTACK			 111
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 112
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 113
-#define RSA_R_UNKNOWN_PADDING_TYPE			 114
-#define RSA_R_WRONG_SIGNATURE_LENGTH			 115
+#define RSA_R_BAD_ZERO_BYTE				 105
+#define RSA_R_BLOCK_TYPE_IS_NOT_01			 106
+#define RSA_R_BLOCK_TYPE_IS_NOT_02			 107
+#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
+#define RSA_R_DATA_TOO_LARGE				 109
+#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
+#define RSA_R_DATA_TOO_SMALL				 111
+#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
+#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
+#define RSA_R_PADDING_CHECK_FAILED			 114
+#define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
+#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
+#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
+#define RSA_R_UNKNOWN_PADDING_TYPE			 118
+#define RSA_R_WRONG_SIGNATURE_LENGTH			 119
  
 #ifdef  __cplusplus
 }
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 04a5ba201..796b3afd4 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -60,6 +60,7 @@
 #include "rsa.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA RSA_str_functs[]=
 	{
 {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0),	"RSA_EAY_PRIVATE_DECRYPT"},
@@ -68,6 +69,14 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0),	"RSA_EAY_PUBLIC_ENCRYPT"},
 {ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0),	"RSA_generate_key"},
 {ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0),	"RSA_new_method"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0),	"RSA_padding_add_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0),	"RSA_padding_add_PKCS1_type_1"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0),	"RSA_padding_add_PKCS1_type_2"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0),	"RSA_padding_add_SSLv23"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0),	"RSA_padding_check_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0),	"RSA_padding_check_PKCS1_type_1"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0),	"RSA_padding_check_PKCS1_type_2"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0),	"RSA_padding_check_SSLv23"},
 {ERR_PACK(0,RSA_F_RSA_PRINT,0),	"RSA_print"},
 {ERR_PACK(0,RSA_F_RSA_PRINT_FP,0),	"RSA_print_fp"},
 {ERR_PACK(0,RSA_F_RSA_SIGN,0),	"RSA_sign"},
@@ -84,12 +93,16 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {RSA_R_BAD_FIXED_HEADER_DECRYPT          ,"bad fixed header decrypt"},
 {RSA_R_BAD_PAD_BYTE_COUNT                ,"bad pad byte count"},
 {RSA_R_BAD_SIGNATURE                     ,"bad signature"},
+{RSA_R_BAD_ZERO_BYTE                     ,"bad zero byte"},
 {RSA_R_BLOCK_TYPE_IS_NOT_01              ,"block type is not 01"},
 {RSA_R_BLOCK_TYPE_IS_NOT_02              ,"block type is not 02"},
 {RSA_R_DATA_GREATER_THAN_MOD_LEN         ,"data greater than mod len"},
+{RSA_R_DATA_TOO_LARGE                    ,"data too large"},
 {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
+{RSA_R_DATA_TOO_SMALL                    ,"data too small"},
 {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY        ,"digest too big for rsa key"},
 {RSA_R_NULL_BEFORE_BLOCK_MISSING         ,"null before block missing"},
+{RSA_R_PADDING_CHECK_FAILED              ,"padding check failed"},
 {RSA_R_SSLV3_ROLLBACK_ATTACK             ,"sslv3 rollback attack"},
 {RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
 {RSA_R_UNKNOWN_ALGORITHM_TYPE            ,"unknown algorithm type"},
@@ -98,14 +111,19 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_RSA_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_RSA,RSA_str_functs);
 		ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 0cab3a5d7..aed2351cf 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -1,5 +1,5 @@
 /* crypto/rsa/rsa_gen.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -62,10 +62,11 @@
 #include "bn.h"
 #include "rsa.h"
 
-RSA *RSA_generate_key(bits, e_value, callback)
+RSA *RSA_generate_key(bits, e_value, callback,cb_arg)
 int bits;
 unsigned long e_value;
-void (*callback)(P_I_I);
+void (*callback)(P_I_I_P);
+char *cb_arg;
 	{
 	RSA *rsa=NULL;
 	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
@@ -95,27 +96,27 @@ void (*callback)(P_I_I);
 	/* generate p and q */
 	for (;;)
 		{
-		rsa->p=BN_generate_prime(bitsp,0,NULL,NULL,callback);
+		rsa->p=BN_generate_prime(bitsp,0,NULL,NULL,callback,cb_arg);
 		if (rsa->p == NULL) goto err;
 		if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
 		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
 		if (BN_is_one(r1)) break;
-		if (callback != NULL) callback(2,n++);
+		if (callback != NULL) callback(2,n++,cb_arg);
 		BN_free(rsa->p);
 		}
-	if (callback != NULL) callback(3,0);
+	if (callback != NULL) callback(3,0,cb_arg);
 	for (;;)
 		{
-		rsa->q=BN_generate_prime(bitsq,0,NULL,NULL,callback);
+		rsa->q=BN_generate_prime(bitsq,0,NULL,NULL,callback,cb_arg);
 		if (rsa->q == NULL) goto err;
 		if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
 		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
 		if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
 			break;
-		if (callback != NULL) callback(2,n++);
+		if (callback != NULL) callback(2,n++,cb_arg);
 		BN_free(rsa->q);
 		}
-	if (callback != NULL) callback(3,1);
+	if (callback != NULL) callback(3,1,cb_arg);
 	if (BN_cmp(rsa->p,rsa->q) < 0)
 		{
 		tmp=rsa->p;
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index c49d0ee0c..95a56f8a2 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -1,5 +1,5 @@
 /* crypto/rsa/rsa_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,13 +57,17 @@
  */
 
 #include <stdio.h>
+#include "crypto.h"
 #include "cryptlib.h"
+#include "lhash.h"
 #include "bn.h"
 #include "rsa.h"
 
-char *RSA_version="RSA part of SSLeay 0.8.1b 29-Jun-1998";
+char *RSA_version="RSA part of SSLeay 0.9.0b 29-Jun-1998";
 
 static RSA_METHOD *default_RSA_meth=NULL;
+static int rsa_meth_num=0;
+static STACK *rsa_meth=NULL;
 
 RSA *RSA_new()
 	{
@@ -112,12 +116,17 @@ RSA_METHOD *meth;
 	ret->dmq1=NULL;
 	ret->iqmp=NULL;
 	ret->references=1;
-	ret->app_data=NULL;
+	ret->method_mod_n=NULL;
+	ret->method_mod_p=NULL;
+	ret->method_mod_q=NULL;
+	ret->blinding=NULL;
+	ret->flags=ret->meth->flags;
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 		Free(ret);
 		ret=NULL;
 		}
+	CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
 	return(ret);
 	}
 
@@ -129,6 +138,9 @@ RSA *r;
 	if (r == NULL) return;
 
 	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+	REF_PRINT("RSA",r);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
@@ -138,6 +150,8 @@ RSA *r;
 		}
 #endif
 
+	CRYPTO_free_ex_data(rsa_meth,(char *)r,&r->ex_data);
+
 	if (r->meth->finish != NULL)
 		r->meth->finish(r);
 
@@ -149,9 +163,37 @@ RSA *r;
 	if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
 	if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
 	if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
 	Free(r);
 	}
 
+int RSA_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+	rsa_meth_num++;
+	return(CRYPTO_get_ex_new_index(rsa_meth_num-1,
+		&rsa_meth,argl,argp,new_func,dup_func,free_func));
+        }
+
+int RSA_set_ex_data(r,idx,arg)
+RSA *r;
+int idx;
+char *arg;
+	{
+	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+	}
+
+char *RSA_get_ex_data(r,idx)
+RSA *r;
+int idx;
+	{
+	return(CRYPTO_get_ex_data(&r->ex_data,idx));
+	}
+
 int RSA_size(r)
 RSA *r;
 	{
@@ -198,3 +240,55 @@ int padding;
 	return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
 	}
 
+int RSA_flags(r)
+RSA *r;
+	{
+	return((r == NULL)?0:r->meth->flags);
+	}
+
+void RSA_blinding_off(rsa)
+RSA *rsa;
+	{
+	if (rsa->blinding != NULL)
+		{
+		BN_BLINDING_free(rsa->blinding);
+		rsa->blinding=NULL;
+		}
+	rsa->flags&= ~RSA_FLAG_BLINDING;
+	}
+
+int RSA_blinding_on(rsa,p_ctx)
+RSA *rsa;
+BN_CTX *p_ctx;
+	{
+	BIGNUM *A,*Ai;
+	BN_CTX *ctx;
+	int ret=0;
+
+	if (p_ctx == NULL)
+		{
+		if ((ctx=BN_CTX_new()) == NULL) goto err;
+		}
+	else
+		ctx=p_ctx;
+
+	if (rsa->blinding != NULL)
+		BN_BLINDING_free(rsa->blinding);
+
+	A=ctx->bn[0];
+	ctx->tos++;
+	if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
+	if ((Ai=BN_mod_inverse(A,rsa->n,ctx)) == NULL) goto err;
+
+	if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,
+		(char *)rsa->method_mod_n)) goto err;
+	rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
+	ctx->tos--;
+	rsa->flags|=RSA_FLAG_BLINDING;
+	BN_free(Ai);
+	ret=1;
+err:
+	if (ctx != p_ctx) BN_CTX_free(ctx);
+	return(ret);
+	}
+
diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index 62c211231..fb0fae5a4 100644
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -1,5 +1,5 @@
 /* crypto/rsa/rsa_saos.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 7c815ed25..28c5571e7 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -1,5 +1,5 @@
 /* crypto/rsa/rsa_sign.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -170,7 +170,7 @@ RSA *rsa;
 			(sigtype == NID_md2WithRSAEncryption)))
 			{
 			/* ok, we will let it through */
-#ifndef WIN16
+#if !defined(NO_STDIO) && !defined(WIN16)
 			fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
 #endif
 			}
diff --git a/crypto/sha/Makefile.ssl b/crypto/sha/Makefile.ssl
index 3c3a9abd4..eeb545d14 100644
--- a/crypto/sha/Makefile.ssl
+++ b/crypto/sha/Makefile.ssl
@@ -2,16 +2,18 @@
 # SSLeay/crypto/sha/Makefile
 #
 
-DIR=	sha
-TOP=	../..
-CC=	cc
+DIR=    sha
+TOP=    ../..
+CC=     cc
 INCLUDES=
 CFLAG=-g
 INSTALLTOP=/usr/local/ssl
-MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
-MAKEFILE=	Makefile.ssl
-AR=		ar r
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+SHA1_ASM_OBJ=
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
@@ -21,25 +23,46 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA1_ASM_OBJ)
 
 SRC= $(LIBSRC)
 
 EXHEADER= sha.h
-HEADER=	sha_locl.h $(EXHEADER)
+HEADER= sha_locl.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
 top:
 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
 
-all:	lib
+all:    lib
 
-lib:	$(LIBOBJ)
+lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
 	sh $(TOP)/util/ranlib.sh $(LIB)
 	@touch lib
 
+# elf
+asm/sx86-elf.o: asm/sx86unix.cpp
+	$(CPP) -DELF asm/sx86unix.cpp | as -o asm/sx86-elf.o
+
+# solaris
+asm/sx86-sol.o: asm/sx86unix.cpp
+	$(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
+	as -o asm/sx86-sol.o asm/sx86-sol.s
+	rm -f asm/sx86-sol.s
+
+# a.out
+asm/sx86-out.o: asm/sx86unix.cpp
+	$(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+
+# bsdi
+asm/sx86bsdi.o: asm/sx86unix.cpp
+	$(CPP) -DBSDI asm/sx86unix.cpp | as -o asm/sx86bsdi.o
+
+asm/sx86unix.cpp:
+	(cd asm; perl sha1-586.pl cpp >sx86unix.cpp)
+
 files:
 	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
@@ -73,7 +96,7 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
 
 errors:
 
diff --git a/crypto/sha/sha.c b/crypto/sha/sha.c
index 2fcd9636e..713fec361 100644
--- a/crypto/sha/sha.c
+++ b/crypto/sha/sha.c
@@ -1,5 +1,5 @@
 /* crypto/sha/sha.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h
index 9e22fa87c..4cf0ea022 100644
--- a/crypto/sha/sha.h
+++ b/crypto/sha/sha.h
@@ -1,5 +1,5 @@
 /* crypto/sha/sha.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -83,19 +83,23 @@ void SHA_Init(SHA_CTX *c);
 void SHA_Update(SHA_CTX *c, unsigned char *data, unsigned long len);
 void SHA_Final(unsigned char *md, SHA_CTX *c);
 unsigned char *SHA(unsigned char *d, unsigned long n,unsigned char *md);
+void SHA_Transform(SHA_CTX *c, unsigned char *data);
 void SHA1_Init(SHA_CTX *c);
 void SHA1_Update(SHA_CTX *c, unsigned char *data, unsigned long len);
 void SHA1_Final(unsigned char *md, SHA_CTX *c);
 unsigned char *SHA1(unsigned char *d, unsigned long n,unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, unsigned char *data);
 #else
 void SHA_Init();
 void SHA_Update();
 void SHA_Final();
 unsigned char *SHA();
+void SHA_Transform();
 void SHA1_Init();
 void SHA1_Update();
 void SHA1_Final();
 unsigned char *SHA1();
+void SHA1_Transform();
 #endif
 
 #ifdef  __cplusplus
diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
index cf381fa39..fe5770d60 100644
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -1,5 +1,5 @@
 /* crypto/sha/sha1_one.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,7 +57,7 @@
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include <string.h>
 #include "sha.h"
 
 unsigned char *SHA1(d, n, md)
diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
index 1a181263a..2b0ae1f0d 100644
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -1,5 +1,5 @@
 /* crypto/sha/sha1dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,12 +57,13 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 #undef  SHA_0
 #define SHA_1
 #include "sha.h"
 #include "sha_locl.h"
 
-char *SHA1_version="SHA1 part of SSLeay 0.8.1b 29-Jun-1998";
+char *SHA1_version="SHA1 part of SSLeay 0.9.0b 29-Jun-1998";
 
 /* Implemented from SHA-1 document - The Secure Hash Algorithm
  */
@@ -79,9 +80,34 @@ char *SHA1_version="SHA1 part of SSLeay 0.8.1b 29-Jun-1998";
 #define K_60_79 0xca62c1d6L
 
 #ifndef NOPROTO
-static void sha1_block(SHA_CTX *c, register unsigned long *p);
+#  ifdef SHA1_ASM
+     void sha1_block_x86(SHA_CTX *c, register unsigned long *p, int num);
+#    define sha1_block sha1_block_x86
+#  else
+     void sha1_block(SHA_CTX *c, register unsigned long *p, int num);
+#  endif
 #else
-static void sha1_block();
+#  ifdef SHA1_ASM
+     void sha1_block_x86();
+#    define sha1_block sha1_block_x86
+#  else
+     void sha1_block();
+#  endif
+#endif
+
+
+#if defined(L_ENDIAN) && defined(SHA1_ASM)
+#  define	M_c2nl 		c2l
+#  define	M_p_c2nl 	p_c2l
+#  define	M_c2nl_p	c2l_p
+#  define	M_p_c2nl_p	p_c2l_p
+#  define	M_nl2c		l2c
+#else
+#  define	M_c2nl 		c2nl
+#  define	M_p_c2nl	p_c2nl
+#  define	M_c2nl_p	c2nl_p
+#  define	M_p_c2nl_p	p_c2nl_p
+#  define	M_nl2c		nl2c
 #endif
 
 void SHA1_Init(c)
@@ -108,7 +134,7 @@ unsigned long len;
 
 	if (len == 0) return;
 
-	l=(c->Nl+(len<<3))&0xffffffff;
+	l=(c->Nl+(len<<3))&0xffffffffL;
 	if (l < c->Nl) /* overflow */
 		c->Nh++;
 	c->Nh+=(len>>29);
@@ -123,16 +149,16 @@ unsigned long len;
 		if ((c->num+len) >= SHA_CBLOCK)
 			{
 			l= p[sw];
-			p_c2nl(data,l,sc);
+			M_p_c2nl(data,l,sc);
 			p[sw++]=l;
 			for (; sw<SHA_LBLOCK; sw++)
 				{
-				c2nl(data,l);
+				M_c2nl(data,l);
 				p[sw]=l;
 				}
 			len-=(SHA_CBLOCK-c->num);
 
-			sha1_block(c,p);
+			sha1_block(c,p,64);
 			c->num=0;
 			/* drop through and do the rest */
 			}
@@ -142,7 +168,7 @@ unsigned long len;
 			if ((sc+len) < 4) /* ugly, add char's to a word */
 				{
 				l= p[sw];
-				p_c2nl_p(data,l,sc,len);
+				M_p_c2nl_p(data,l,sc,len);
 				p[sw]=l;
 				}
 			else
@@ -150,28 +176,51 @@ unsigned long len;
 				ew=(c->num>>2);
 				ec=(c->num&0x03);
 				l= p[sw];
-				p_c2nl(data,l,sc);
+				M_p_c2nl(data,l,sc);
 				p[sw++]=l;
 				for (; sw < ew; sw++)
-					{ c2nl(data,l); p[sw]=l; }
+					{ M_c2nl(data,l); p[sw]=l; }
 				if (ec)
 					{
-					c2nl_p(data,l,ec);
+					M_c2nl_p(data,l,ec);
 					p[sw]=l;
 					}
 				}
 			return;
 			}
 		}
+	/* We can only do the following code for assember, the reason
+	 * being that the sha1_block 'C' version changes the values
+	 * in the 'data' array.  The assember code avoids this and
+	 * copies it to a local array.  I should be able to do this for
+	 * the C version as well....
+	 */
+#if 1
+#if defined(B_ENDIAN) || defined(SHA1_ASM)
+	if ((((unsigned int)data)%sizeof(ULONG)) == 0)
+		{
+		sw=len/SHA_CBLOCK;
+		if (sw)
+			{
+			sw*=SHA_CBLOCK;
+			sha1_block(c,(ULONG *)data,sw);
+			data+=sw;
+			len-=sw;
+			}
+		}
+#endif
+#endif
 	/* we now can process the input data in blocks of SHA_CBLOCK
 	 * chars and save the leftovers to c->data. */
 	p=c->data;
 	while (len >= SHA_CBLOCK)
 		{
 #if defined(B_ENDIAN) || defined(L_ENDIAN)
-		memcpy(p,data,SHA_CBLOCK);
+		if (p != (unsigned long *)data)
+			memcpy(p,data,SHA_CBLOCK);
 		data+=SHA_CBLOCK;
-#ifdef L_ENDIAN
+#  ifdef L_ENDIAN
+#    ifndef SHA1_ASM /* Will not happen */
 		for (sw=(SHA_LBLOCK/4); sw; sw--)
 			{
 			Endian_Reverse32(p[0]);
@@ -180,18 +229,20 @@ unsigned long len;
 			Endian_Reverse32(p[3]);
 			p+=4;
 			}
-#endif
+		p=c->data;
+#    endif
+#  endif
 #else
 		for (sw=(SHA_BLOCK/4); sw; sw--)
 			{
-			c2nl(data,l); *(p++)=l;
-			c2nl(data,l); *(p++)=l;
-			c2nl(data,l); *(p++)=l;
-			c2nl(data,l); *(p++)=l;
+			M_c2nl(data,l); *(p++)=l;
+			M_c2nl(data,l); *(p++)=l;
+			M_c2nl(data,l); *(p++)=l;
+			M_c2nl(data,l); *(p++)=l;
 			}
-#endif
 		p=c->data;
-		sha1_block(c,p);
+#endif
+		sha1_block(c,p,64);
 		len-=SHA_CBLOCK;
 		}
 	ec=(int)len;
@@ -200,16 +251,158 @@ unsigned long len;
 	ec&=0x03;
 
 	for (sw=0; sw < ew; sw++)
-		{ c2nl(data,l); p[sw]=l; }
-	c2nl_p(data,l,ec);
+		{ M_c2nl(data,l); p[sw]=l; }
+	M_c2nl_p(data,l,ec);
 	p[sw]=l;
 	}
 
-static void sha1_block(c, X)
+void SHA1_Transform(c,b)
 SHA_CTX *c;
-register unsigned long *X;
+unsigned char *b;
+	{
+	ULONG p[16];
+#ifndef B_ENDIAN
+	ULONG *q;
+	int i;
+#endif
+
+#if defined(B_ENDIAN) || defined(L_ENDIAN)
+	memcpy(p,b,64);
+#ifdef L_ENDIAN
+	q=p;
+	for (i=(SHA_LBLOCK/4); i; i--)
+		{
+		Endian_Reverse32(q[0]);
+		Endian_Reverse32(q[1]);
+		Endian_Reverse32(q[2]);
+		Endian_Reverse32(q[3]);
+		q+=4;
+		}
+#endif
+#else
+	q=p;
+	for (i=(SHA_LBLOCK/4); i; i--)
+		{
+		ULONG l;
+		c2nl(b,l); *(q++)=l;
+		c2nl(b,l); *(q++)=l;
+		c2nl(b,l); *(q++)=l;
+		c2nl(b,l); *(q++)=l; 
+		} 
+#endif
+	sha1_block(c,p,64);
+	}
+
+#ifndef SHA1_ASM
+
+void sha1_block(c, W, num)
+SHA_CTX *c;
+register unsigned long *W;
+int num;
 	{
 	register ULONG A,B,C,D,E,T;
+	ULONG X[16];
+
+	A=c->h0;
+	B=c->h1;
+	C=c->h2;
+	D=c->h3;
+	E=c->h4;
+
+	for (;;)
+		{
+	BODY_00_15( 0,A,B,C,D,E,T,W);
+	BODY_00_15( 1,T,A,B,C,D,E,W);
+	BODY_00_15( 2,E,T,A,B,C,D,W);
+	BODY_00_15( 3,D,E,T,A,B,C,W);
+	BODY_00_15( 4,C,D,E,T,A,B,W);
+	BODY_00_15( 5,B,C,D,E,T,A,W);
+	BODY_00_15( 6,A,B,C,D,E,T,W);
+	BODY_00_15( 7,T,A,B,C,D,E,W);
+	BODY_00_15( 8,E,T,A,B,C,D,W);
+	BODY_00_15( 9,D,E,T,A,B,C,W);
+	BODY_00_15(10,C,D,E,T,A,B,W);
+	BODY_00_15(11,B,C,D,E,T,A,W);
+	BODY_00_15(12,A,B,C,D,E,T,W);
+	BODY_00_15(13,T,A,B,C,D,E,W);
+	BODY_00_15(14,E,T,A,B,C,D,W);
+	BODY_00_15(15,D,E,T,A,B,C,W);
+	BODY_16_19(16,C,D,E,T,A,B,W,W,W,W);
+	BODY_16_19(17,B,C,D,E,T,A,W,W,W,W);
+	BODY_16_19(18,A,B,C,D,E,T,W,W,W,W);
+	BODY_16_19(19,T,A,B,C,D,E,W,W,W,X);
+
+	BODY_20_31(20,E,T,A,B,C,D,W,W,W,X);
+	BODY_20_31(21,D,E,T,A,B,C,W,W,W,X);
+	BODY_20_31(22,C,D,E,T,A,B,W,W,W,X);
+	BODY_20_31(23,B,C,D,E,T,A,W,W,W,X);
+	BODY_20_31(24,A,B,C,D,E,T,W,W,X,X);
+	BODY_20_31(25,T,A,B,C,D,E,W,W,X,X);
+	BODY_20_31(26,E,T,A,B,C,D,W,W,X,X);
+	BODY_20_31(27,D,E,T,A,B,C,W,W,X,X);
+	BODY_20_31(28,C,D,E,T,A,B,W,W,X,X);
+	BODY_20_31(29,B,C,D,E,T,A,W,W,X,X);
+	BODY_20_31(30,A,B,C,D,E,T,W,X,X,X);
+	BODY_20_31(31,T,A,B,C,D,E,W,X,X,X);
+	BODY_32_39(32,E,T,A,B,C,D,X);
+	BODY_32_39(33,D,E,T,A,B,C,X);
+	BODY_32_39(34,C,D,E,T,A,B,X);
+	BODY_32_39(35,B,C,D,E,T,A,X);
+	BODY_32_39(36,A,B,C,D,E,T,X);
+	BODY_32_39(37,T,A,B,C,D,E,X);
+	BODY_32_39(38,E,T,A,B,C,D,X);
+	BODY_32_39(39,D,E,T,A,B,C,X);
+
+	BODY_40_59(40,C,D,E,T,A,B,X);
+	BODY_40_59(41,B,C,D,E,T,A,X);
+	BODY_40_59(42,A,B,C,D,E,T,X);
+	BODY_40_59(43,T,A,B,C,D,E,X);
+	BODY_40_59(44,E,T,A,B,C,D,X);
+	BODY_40_59(45,D,E,T,A,B,C,X);
+	BODY_40_59(46,C,D,E,T,A,B,X);
+	BODY_40_59(47,B,C,D,E,T,A,X);
+	BODY_40_59(48,A,B,C,D,E,T,X);
+	BODY_40_59(49,T,A,B,C,D,E,X);
+	BODY_40_59(50,E,T,A,B,C,D,X);
+	BODY_40_59(51,D,E,T,A,B,C,X);
+	BODY_40_59(52,C,D,E,T,A,B,X);
+	BODY_40_59(53,B,C,D,E,T,A,X);
+	BODY_40_59(54,A,B,C,D,E,T,X);
+	BODY_40_59(55,T,A,B,C,D,E,X);
+	BODY_40_59(56,E,T,A,B,C,D,X);
+	BODY_40_59(57,D,E,T,A,B,C,X);
+	BODY_40_59(58,C,D,E,T,A,B,X);
+	BODY_40_59(59,B,C,D,E,T,A,X);
+
+	BODY_60_79(60,A,B,C,D,E,T,X);
+	BODY_60_79(61,T,A,B,C,D,E,X);
+	BODY_60_79(62,E,T,A,B,C,D,X);
+	BODY_60_79(63,D,E,T,A,B,C,X);
+	BODY_60_79(64,C,D,E,T,A,B,X);
+	BODY_60_79(65,B,C,D,E,T,A,X);
+	BODY_60_79(66,A,B,C,D,E,T,X);
+	BODY_60_79(67,T,A,B,C,D,E,X);
+	BODY_60_79(68,E,T,A,B,C,D,X);
+	BODY_60_79(69,D,E,T,A,B,C,X);
+	BODY_60_79(70,C,D,E,T,A,B,X);
+	BODY_60_79(71,B,C,D,E,T,A,X);
+	BODY_60_79(72,A,B,C,D,E,T,X);
+	BODY_60_79(73,T,A,B,C,D,E,X);
+	BODY_60_79(74,E,T,A,B,C,D,X);
+	BODY_60_79(75,D,E,T,A,B,C,X);
+	BODY_60_79(76,C,D,E,T,A,B,X);
+	BODY_60_79(77,B,C,D,E,T,A,X);
+	BODY_60_79(78,A,B,C,D,E,T,X);
+	BODY_60_79(79,T,A,B,C,D,E,X);
+	
+	c->h0=(c->h0+E)&0xffffffffL; 
+	c->h1=(c->h1+T)&0xffffffffL;
+	c->h2=(c->h2+A)&0xffffffffL;
+	c->h3=(c->h3+B)&0xffffffffL;
+	c->h4=(c->h4+C)&0xffffffffL;
+
+	num-=64;
+	if (num <= 0) break;
 
 	A=c->h0;
 	B=c->h1;
@@ -217,96 +410,10 @@ register unsigned long *X;
 	D=c->h3;
 	E=c->h4;
 
-	BODY_00_15( 0,A,B,C,D,E,T);
-	BODY_00_15( 1,T,A,B,C,D,E);
-	BODY_00_15( 2,E,T,A,B,C,D);
-	BODY_00_15( 3,D,E,T,A,B,C);
-	BODY_00_15( 4,C,D,E,T,A,B);
-	BODY_00_15( 5,B,C,D,E,T,A);
-	BODY_00_15( 6,A,B,C,D,E,T);
-	BODY_00_15( 7,T,A,B,C,D,E);
-	BODY_00_15( 8,E,T,A,B,C,D);
-	BODY_00_15( 9,D,E,T,A,B,C);
-	BODY_00_15(10,C,D,E,T,A,B);
-	BODY_00_15(11,B,C,D,E,T,A);
-	BODY_00_15(12,A,B,C,D,E,T);
-	BODY_00_15(13,T,A,B,C,D,E);
-	BODY_00_15(14,E,T,A,B,C,D);
-	BODY_00_15(15,D,E,T,A,B,C);
-	BODY_16_19(16,C,D,E,T,A,B);
-	BODY_16_19(17,B,C,D,E,T,A);
-	BODY_16_19(18,A,B,C,D,E,T);
-	BODY_16_19(19,T,A,B,C,D,E);
-
-	BODY_20_39(20,E,T,A,B,C,D);
-	BODY_20_39(21,D,E,T,A,B,C);
-	BODY_20_39(22,C,D,E,T,A,B);
-	BODY_20_39(23,B,C,D,E,T,A);
-	BODY_20_39(24,A,B,C,D,E,T);
-	BODY_20_39(25,T,A,B,C,D,E);
-	BODY_20_39(26,E,T,A,B,C,D);
-	BODY_20_39(27,D,E,T,A,B,C);
-	BODY_20_39(28,C,D,E,T,A,B);
-	BODY_20_39(29,B,C,D,E,T,A);
-	BODY_20_39(30,A,B,C,D,E,T);
-	BODY_20_39(31,T,A,B,C,D,E);
-	BODY_20_39(32,E,T,A,B,C,D);
-	BODY_20_39(33,D,E,T,A,B,C);
-	BODY_20_39(34,C,D,E,T,A,B);
-	BODY_20_39(35,B,C,D,E,T,A);
-	BODY_20_39(36,A,B,C,D,E,T);
-	BODY_20_39(37,T,A,B,C,D,E);
-	BODY_20_39(38,E,T,A,B,C,D);
-	BODY_20_39(39,D,E,T,A,B,C);
-
-	BODY_40_59(40,C,D,E,T,A,B);
-	BODY_40_59(41,B,C,D,E,T,A);
-	BODY_40_59(42,A,B,C,D,E,T);
-	BODY_40_59(43,T,A,B,C,D,E);
-	BODY_40_59(44,E,T,A,B,C,D);
-	BODY_40_59(45,D,E,T,A,B,C);
-	BODY_40_59(46,C,D,E,T,A,B);
-	BODY_40_59(47,B,C,D,E,T,A);
-	BODY_40_59(48,A,B,C,D,E,T);
-	BODY_40_59(49,T,A,B,C,D,E);
-	BODY_40_59(50,E,T,A,B,C,D);
-	BODY_40_59(51,D,E,T,A,B,C);
-	BODY_40_59(52,C,D,E,T,A,B);
-	BODY_40_59(53,B,C,D,E,T,A);
-	BODY_40_59(54,A,B,C,D,E,T);
-	BODY_40_59(55,T,A,B,C,D,E);
-	BODY_40_59(56,E,T,A,B,C,D);
-	BODY_40_59(57,D,E,T,A,B,C);
-	BODY_40_59(58,C,D,E,T,A,B);
-	BODY_40_59(59,B,C,D,E,T,A);
-
-	BODY_60_79(60,A,B,C,D,E,T);
-	BODY_60_79(61,T,A,B,C,D,E);
-	BODY_60_79(62,E,T,A,B,C,D);
-	BODY_60_79(63,D,E,T,A,B,C);
-	BODY_60_79(64,C,D,E,T,A,B);
-	BODY_60_79(65,B,C,D,E,T,A);
-	BODY_60_79(66,A,B,C,D,E,T);
-	BODY_60_79(67,T,A,B,C,D,E);
-	BODY_60_79(68,E,T,A,B,C,D);
-	BODY_60_79(69,D,E,T,A,B,C);
-	BODY_60_79(70,C,D,E,T,A,B);
-	BODY_60_79(71,B,C,D,E,T,A);
-	BODY_60_79(72,A,B,C,D,E,T);
-	BODY_60_79(73,T,A,B,C,D,E);
-	BODY_60_79(74,E,T,A,B,C,D);
-	BODY_60_79(75,D,E,T,A,B,C);
-	BODY_60_79(76,C,D,E,T,A,B);
-	BODY_60_79(77,B,C,D,E,T,A);
-	BODY_60_79(78,A,B,C,D,E,T);
-	BODY_60_79(79,T,A,B,C,D,E);
-
-	c->h0=(c->h0+E)&0xffffffff; 
-	c->h1=(c->h1+T)&0xffffffff;
-	c->h2=(c->h2+A)&0xffffffff;
-	c->h3=(c->h3+B)&0xffffffff;
-	c->h4=(c->h4+C)&0xffffffff;
+	W+=16;
+		}
 	}
+#endif
 
 void SHA1_Final(md, c)
 unsigned char *md;
@@ -326,7 +433,7 @@ SHA_CTX *c;
 	if ((j&0x03) == 0) p[i]=0;
 #endif
 	l=p[i];
-	p_c2nl(cp,l,j&0x03);
+	M_p_c2nl(cp,l,j&0x03);
 	p[i]=l;
 	i++;
 	/* i is the next 'undefined word' */
@@ -334,14 +441,18 @@ SHA_CTX *c;
 		{
 		for (; i<SHA_LBLOCK; i++)
 			p[i]=0;
-		sha1_block(c,p);
+		sha1_block(c,p,64);
 		i=0;
 		}
 	for (; i<(SHA_LBLOCK-2); i++)
 		p[i]=0;
 	p[SHA_LBLOCK-2]=c->Nh;
 	p[SHA_LBLOCK-1]=c->Nl;
-	sha1_block(c,p);
+#if defined(L_ENDIAN) && defined(SHA1_ASM)
+	Endian_Reverse32(p[SHA_LBLOCK-2]);
+	Endian_Reverse32(p[SHA_LBLOCK-1]);
+#endif
+	sha1_block(c,p,64);
 	cp=md;
 	l=c->h0; nl2c(l,cp);
 	l=c->h1; nl2c(l,cp);
@@ -355,19 +466,3 @@ SHA_CTX *c;
 /*	memset((char *)&c,0,sizeof(c));*/
 	}
 
-#ifdef undef
-int printit(l)
-unsigned long *l;
-	{
-	int i,ii;
-
-	for (i=0; i<2; i++)
-		{
-		for (ii=0; ii<8; ii++)
-			{
-			fprintf(stderr,"%08lx ",l[i*8+ii]);
-			}
-		fprintf(stderr,"\n");
-		}
-	}
-#endif
diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c
index 9c172c024..3c62a218b 100644
--- a/crypto/sha/sha1test.c
+++ b/crypto/sha/sha1test.c
@@ -1,5 +1,5 @@
 /* crypto/sha/sha1test.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -133,7 +133,7 @@ char *argv[];
 	r=bigret;
 	if (strcmp(p,r) != 0)
 		{
-		printf("error calculating SHA1 on '%s'\n",p);
+		printf("error calculating SHA1 on 'a' * 1000\n");
 		printf("got %s instead of %s\n",p,r);
 		err++;
 		}
diff --git a/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c
index 311aa6fcc..8ed533ea2 100644
--- a/crypto/sha/sha_dgst.c
+++ b/crypto/sha/sha_dgst.c
@@ -1,5 +1,5 @@
 /* crypto/sha/sha_dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,14 +57,15 @@
  */
 
 #include <stdio.h>
-#define SHA_0
-#undef  SHA_1
+#include <string.h>
+#define  SHA_0
+#undef SHA_1
 #include "sha.h"
 #include "sha_locl.h"
 
-char *SHA_version="SHA part of SSLeay 0.8.1b 29-Jun-1998";
+char *SHA_version="SHA part of SSLeay 0.9.0b 29-Jun-1998";
 
-/* Implemented from SHA document - The Secure Hash Algorithm
+/* Implemented from SHA-0 document - The Secure Hash Algorithm
  */
 
 #define INIT_DATA_h0 (unsigned long)0x67452301L
@@ -79,11 +80,17 @@ char *SHA_version="SHA part of SSLeay 0.8.1b 29-Jun-1998";
 #define K_60_79 0xca62c1d6L
 
 #ifndef NOPROTO
-static void sha_block(SHA_CTX *c, register unsigned long *p);
+   void sha_block(SHA_CTX *c, register unsigned long *p, int num);
 #else
-static void sha_block();
+   void sha_block();
 #endif
 
+#define	M_c2nl 		c2nl
+#define	M_p_c2nl	p_c2nl
+#define	M_c2nl_p	c2nl_p
+#define	M_p_c2nl_p	p_c2nl_p
+#define	M_nl2c		nl2c
+
 void SHA_Init(c)
 SHA_CTX *c;
 	{
@@ -103,12 +110,12 @@ register unsigned char *data;
 unsigned long len;
 	{
 	register ULONG *p;
-	int sw,sc,ew,ec;
+	int ew,ec,sw,sc;
 	ULONG l;
 
 	if (len == 0) return;
 
-	l=(c->Nl+(len<<3))&0xffffffff;
+	l=(c->Nl+(len<<3))&0xffffffffL;
 	if (l < c->Nl) /* overflow */
 		c->Nh++;
 	c->Nh+=(len>>29);
@@ -123,16 +130,16 @@ unsigned long len;
 		if ((c->num+len) >= SHA_CBLOCK)
 			{
 			l= p[sw];
-			p_c2nl(data,l,sc);
+			M_p_c2nl(data,l,sc);
 			p[sw++]=l;
 			for (; sw<SHA_LBLOCK; sw++)
 				{
-				c2nl(data,l);
+				M_c2nl(data,l);
 				p[sw]=l;
 				}
 			len-=(SHA_CBLOCK-c->num);
 
-			sha_block(c,p);
+			sha_block(c,p,64);
 			c->num=0;
 			/* drop through and do the rest */
 			}
@@ -142,7 +149,7 @@ unsigned long len;
 			if ((sc+len) < 4) /* ugly, add char's to a word */
 				{
 				l= p[sw];
-				p_c2nl_p(data,l,sc,len);
+				M_p_c2nl_p(data,l,sc,len);
 				p[sw]=l;
 				}
 			else
@@ -150,28 +157,51 @@ unsigned long len;
 				ew=(c->num>>2);
 				ec=(c->num&0x03);
 				l= p[sw];
-				p_c2nl(data,l,sc);
+				M_p_c2nl(data,l,sc);
 				p[sw++]=l;
 				for (; sw < ew; sw++)
-					{ c2nl(data,l); p[sw]=l; }
+					{ M_c2nl(data,l); p[sw]=l; }
 				if (ec)
 					{
-					c2nl_p(data,l,ec);
+					M_c2nl_p(data,l,ec);
 					p[sw]=l;
 					}
 				}
 			return;
 			}
 		}
+	/* We can only do the following code for assember, the reason
+	 * being that the sha_block 'C' version changes the values
+	 * in the 'data' array.  The assember code avoids this and
+	 * copies it to a local array.  I should be able to do this for
+	 * the C version as well....
+	 */
+#if 1
+#if defined(B_ENDIAN) || defined(SHA_ASM)
+	if ((((unsigned int)data)%sizeof(ULONG)) == 0)
+		{
+		sw=len/SHA_CBLOCK;
+		if (sw)
+			{
+			sw*=SHA_CBLOCK;
+			sha_block(c,(ULONG *)data,sw);
+			data+=sw;
+			len-=sw;
+			}
+		}
+#endif
+#endif
 	/* we now can process the input data in blocks of SHA_CBLOCK
 	 * chars and save the leftovers to c->data. */
 	p=c->data;
 	while (len >= SHA_CBLOCK)
 		{
 #if defined(B_ENDIAN) || defined(L_ENDIAN)
-		memcpy(p,data,SHA_CBLOCK);
+		if (p != (unsigned long *)data)
+			memcpy(p,data,SHA_CBLOCK);
 		data+=SHA_CBLOCK;
-#ifdef L_ENDIAN
+#  ifdef L_ENDIAN
+#    ifndef SHA_ASM /* Will not happen */
 		for (sw=(SHA_LBLOCK/4); sw; sw--)
 			{
 			Endian_Reverse32(p[0]);
@@ -180,18 +210,20 @@ unsigned long len;
 			Endian_Reverse32(p[3]);
 			p+=4;
 			}
-#endif
+		p=c->data;
+#    endif
+#  endif
 #else
-		for (sw=(SHA_LBLOCK/4); sw; sw--)
+		for (sw=(SHA_BLOCK/4); sw; sw--)
 			{
-			c2nl(data,l); *(p++)=l;
-			c2nl(data,l); *(p++)=l;
-			c2nl(data,l); *(p++)=l;
-			c2nl(data,l); *(p++)=l;
+			M_c2nl(data,l); *(p++)=l;
+			M_c2nl(data,l); *(p++)=l;
+			M_c2nl(data,l); *(p++)=l;
+			M_c2nl(data,l); *(p++)=l;
 			}
-#endif
 		p=c->data;
-		sha_block(c,p);
+#endif
+		sha_block(c,p,64);
 		len-=SHA_CBLOCK;
 		}
 	ec=(int)len;
@@ -200,16 +232,55 @@ unsigned long len;
 	ec&=0x03;
 
 	for (sw=0; sw < ew; sw++)
-		{ c2nl(data,l); p[sw]=l; }
-	c2nl_p(data,l,ec);
+		{ M_c2nl(data,l); p[sw]=l; }
+	M_c2nl_p(data,l,ec);
 	p[sw]=l;
 	}
 
-static void sha_block(c, X)
+void SHA_Transform(c,b)
 SHA_CTX *c;
-register unsigned long *X;
+unsigned char *b;
+	{
+	ULONG p[16];
+#if !defined(B_ENDIAN)
+	ULONG *q;
+	int i;
+#endif
+
+#if defined(B_ENDIAN) || defined(L_ENDIAN)
+	memcpy(p,b,64);
+#ifdef L_ENDIAN
+	q=p;
+	for (i=(SHA_LBLOCK/4); i; i--)
+		{
+		Endian_Reverse32(q[0]);
+		Endian_Reverse32(q[1]);
+		Endian_Reverse32(q[2]);
+		Endian_Reverse32(q[3]);
+		q+=4;
+		}
+#endif
+#else
+	q=p;
+	for (i=(SHA_LBLOCK/4); i; i--)
+		{
+		ULONG l;
+		c2nl(b,l); *(q++)=l;
+		c2nl(b,l); *(q++)=l;
+		c2nl(b,l); *(q++)=l;
+		c2nl(b,l); *(q++)=l; 
+		} 
+#endif
+	sha_block(c,p,64);
+	}
+
+void sha_block(c, W, num)
+SHA_CTX *c;
+register unsigned long *W;
+int num;
 	{
 	register ULONG A,B,C,D,E,T;
+	ULONG X[16];
 
 	A=c->h0;
 	B=c->h1;
@@ -217,95 +288,109 @@ register unsigned long *X;
 	D=c->h3;
 	E=c->h4;
 
-	BODY_00_15( 0,A,B,C,D,E,T);
-	BODY_00_15( 1,T,A,B,C,D,E);
-	BODY_00_15( 2,E,T,A,B,C,D);
-	BODY_00_15( 3,D,E,T,A,B,C);
-	BODY_00_15( 4,C,D,E,T,A,B);
-	BODY_00_15( 5,B,C,D,E,T,A);
-	BODY_00_15( 6,A,B,C,D,E,T);
-	BODY_00_15( 7,T,A,B,C,D,E);
-	BODY_00_15( 8,E,T,A,B,C,D);
-	BODY_00_15( 9,D,E,T,A,B,C);
-	BODY_00_15(10,C,D,E,T,A,B);
-	BODY_00_15(11,B,C,D,E,T,A);
-	BODY_00_15(12,A,B,C,D,E,T);
-	BODY_00_15(13,T,A,B,C,D,E);
-	BODY_00_15(14,E,T,A,B,C,D);
-	BODY_00_15(15,D,E,T,A,B,C);
-	BODY_16_19(16,C,D,E,T,A,B);
-	BODY_16_19(17,B,C,D,E,T,A);
-	BODY_16_19(18,A,B,C,D,E,T);
-	BODY_16_19(19,T,A,B,C,D,E);
+	for (;;)
+		{
+	BODY_00_15( 0,A,B,C,D,E,T,W);
+	BODY_00_15( 1,T,A,B,C,D,E,W);
+	BODY_00_15( 2,E,T,A,B,C,D,W);
+	BODY_00_15( 3,D,E,T,A,B,C,W);
+	BODY_00_15( 4,C,D,E,T,A,B,W);
+	BODY_00_15( 5,B,C,D,E,T,A,W);
+	BODY_00_15( 6,A,B,C,D,E,T,W);
+	BODY_00_15( 7,T,A,B,C,D,E,W);
+	BODY_00_15( 8,E,T,A,B,C,D,W);
+	BODY_00_15( 9,D,E,T,A,B,C,W);
+	BODY_00_15(10,C,D,E,T,A,B,W);
+	BODY_00_15(11,B,C,D,E,T,A,W);
+	BODY_00_15(12,A,B,C,D,E,T,W);
+	BODY_00_15(13,T,A,B,C,D,E,W);
+	BODY_00_15(14,E,T,A,B,C,D,W);
+	BODY_00_15(15,D,E,T,A,B,C,W);
+	BODY_16_19(16,C,D,E,T,A,B,W,W,W,W);
+	BODY_16_19(17,B,C,D,E,T,A,W,W,W,W);
+	BODY_16_19(18,A,B,C,D,E,T,W,W,W,W);
+	BODY_16_19(19,T,A,B,C,D,E,W,W,W,X);
+
+	BODY_20_31(20,E,T,A,B,C,D,W,W,W,X);
+	BODY_20_31(21,D,E,T,A,B,C,W,W,W,X);
+	BODY_20_31(22,C,D,E,T,A,B,W,W,W,X);
+	BODY_20_31(23,B,C,D,E,T,A,W,W,W,X);
+	BODY_20_31(24,A,B,C,D,E,T,W,W,X,X);
+	BODY_20_31(25,T,A,B,C,D,E,W,W,X,X);
+	BODY_20_31(26,E,T,A,B,C,D,W,W,X,X);
+	BODY_20_31(27,D,E,T,A,B,C,W,W,X,X);
+	BODY_20_31(28,C,D,E,T,A,B,W,W,X,X);
+	BODY_20_31(29,B,C,D,E,T,A,W,W,X,X);
+	BODY_20_31(30,A,B,C,D,E,T,W,X,X,X);
+	BODY_20_31(31,T,A,B,C,D,E,W,X,X,X);
+	BODY_32_39(32,E,T,A,B,C,D,X);
+	BODY_32_39(33,D,E,T,A,B,C,X);
+	BODY_32_39(34,C,D,E,T,A,B,X);
+	BODY_32_39(35,B,C,D,E,T,A,X);
+	BODY_32_39(36,A,B,C,D,E,T,X);
+	BODY_32_39(37,T,A,B,C,D,E,X);
+	BODY_32_39(38,E,T,A,B,C,D,X);
+	BODY_32_39(39,D,E,T,A,B,C,X);
+
+	BODY_40_59(40,C,D,E,T,A,B,X);
+	BODY_40_59(41,B,C,D,E,T,A,X);
+	BODY_40_59(42,A,B,C,D,E,T,X);
+	BODY_40_59(43,T,A,B,C,D,E,X);
+	BODY_40_59(44,E,T,A,B,C,D,X);
+	BODY_40_59(45,D,E,T,A,B,C,X);
+	BODY_40_59(46,C,D,E,T,A,B,X);
+	BODY_40_59(47,B,C,D,E,T,A,X);
+	BODY_40_59(48,A,B,C,D,E,T,X);
+	BODY_40_59(49,T,A,B,C,D,E,X);
+	BODY_40_59(50,E,T,A,B,C,D,X);
+	BODY_40_59(51,D,E,T,A,B,C,X);
+	BODY_40_59(52,C,D,E,T,A,B,X);
+	BODY_40_59(53,B,C,D,E,T,A,X);
+	BODY_40_59(54,A,B,C,D,E,T,X);
+	BODY_40_59(55,T,A,B,C,D,E,X);
+	BODY_40_59(56,E,T,A,B,C,D,X);
+	BODY_40_59(57,D,E,T,A,B,C,X);
+	BODY_40_59(58,C,D,E,T,A,B,X);
+	BODY_40_59(59,B,C,D,E,T,A,X);
 
-	BODY_20_39(20,E,T,A,B,C,D);
-	BODY_20_39(21,D,E,T,A,B,C);
-	BODY_20_39(22,C,D,E,T,A,B);
-	BODY_20_39(23,B,C,D,E,T,A);
-	BODY_20_39(24,A,B,C,D,E,T);
-	BODY_20_39(25,T,A,B,C,D,E);
-	BODY_20_39(26,E,T,A,B,C,D);
-	BODY_20_39(27,D,E,T,A,B,C);
-	BODY_20_39(28,C,D,E,T,A,B);
-	BODY_20_39(29,B,C,D,E,T,A);
-	BODY_20_39(30,A,B,C,D,E,T);
-	BODY_20_39(31,T,A,B,C,D,E);
-	BODY_20_39(32,E,T,A,B,C,D);
-	BODY_20_39(33,D,E,T,A,B,C);
-	BODY_20_39(34,C,D,E,T,A,B);
-	BODY_20_39(35,B,C,D,E,T,A);
-	BODY_20_39(36,A,B,C,D,E,T);
-	BODY_20_39(37,T,A,B,C,D,E);
-	BODY_20_39(38,E,T,A,B,C,D);
-	BODY_20_39(39,D,E,T,A,B,C);
+	BODY_60_79(60,A,B,C,D,E,T,X);
+	BODY_60_79(61,T,A,B,C,D,E,X);
+	BODY_60_79(62,E,T,A,B,C,D,X);
+	BODY_60_79(63,D,E,T,A,B,C,X);
+	BODY_60_79(64,C,D,E,T,A,B,X);
+	BODY_60_79(65,B,C,D,E,T,A,X);
+	BODY_60_79(66,A,B,C,D,E,T,X);
+	BODY_60_79(67,T,A,B,C,D,E,X);
+	BODY_60_79(68,E,T,A,B,C,D,X);
+	BODY_60_79(69,D,E,T,A,B,C,X);
+	BODY_60_79(70,C,D,E,T,A,B,X);
+	BODY_60_79(71,B,C,D,E,T,A,X);
+	BODY_60_79(72,A,B,C,D,E,T,X);
+	BODY_60_79(73,T,A,B,C,D,E,X);
+	BODY_60_79(74,E,T,A,B,C,D,X);
+	BODY_60_79(75,D,E,T,A,B,C,X);
+	BODY_60_79(76,C,D,E,T,A,B,X);
+	BODY_60_79(77,B,C,D,E,T,A,X);
+	BODY_60_79(78,A,B,C,D,E,T,X);
+	BODY_60_79(79,T,A,B,C,D,E,X);
+	
+	c->h0=(c->h0+E)&0xffffffffL; 
+	c->h1=(c->h1+T)&0xffffffffL;
+	c->h2=(c->h2+A)&0xffffffffL;
+	c->h3=(c->h3+B)&0xffffffffL;
+	c->h4=(c->h4+C)&0xffffffffL;
 
-	BODY_40_59(40,C,D,E,T,A,B);
-	BODY_40_59(41,B,C,D,E,T,A);
-	BODY_40_59(42,A,B,C,D,E,T);
-	BODY_40_59(43,T,A,B,C,D,E);
-	BODY_40_59(44,E,T,A,B,C,D);
-	BODY_40_59(45,D,E,T,A,B,C);
-	BODY_40_59(46,C,D,E,T,A,B);
-	BODY_40_59(47,B,C,D,E,T,A);
-	BODY_40_59(48,A,B,C,D,E,T);
-	BODY_40_59(49,T,A,B,C,D,E);
-	BODY_40_59(50,E,T,A,B,C,D);
-	BODY_40_59(51,D,E,T,A,B,C);
-	BODY_40_59(52,C,D,E,T,A,B);
-	BODY_40_59(53,B,C,D,E,T,A);
-	BODY_40_59(54,A,B,C,D,E,T);
-	BODY_40_59(55,T,A,B,C,D,E);
-	BODY_40_59(56,E,T,A,B,C,D);
-	BODY_40_59(57,D,E,T,A,B,C);
-	BODY_40_59(58,C,D,E,T,A,B);
-	BODY_40_59(59,B,C,D,E,T,A);
+	num-=64;
+	if (num <= 0) break;
 
-	BODY_60_79(60,A,B,C,D,E,T);
-	BODY_60_79(61,T,A,B,C,D,E);
-	BODY_60_79(62,E,T,A,B,C,D);
-	BODY_60_79(63,D,E,T,A,B,C);
-	BODY_60_79(64,C,D,E,T,A,B);
-	BODY_60_79(65,B,C,D,E,T,A);
-	BODY_60_79(66,A,B,C,D,E,T);
-	BODY_60_79(67,T,A,B,C,D,E);
-	BODY_60_79(68,E,T,A,B,C,D);
-	BODY_60_79(69,D,E,T,A,B,C);
-	BODY_60_79(70,C,D,E,T,A,B);
-	BODY_60_79(71,B,C,D,E,T,A);
-	BODY_60_79(72,A,B,C,D,E,T);
-	BODY_60_79(73,T,A,B,C,D,E);
-	BODY_60_79(74,E,T,A,B,C,D);
-	BODY_60_79(75,D,E,T,A,B,C);
-	BODY_60_79(76,C,D,E,T,A,B);
-	BODY_60_79(77,B,C,D,E,T,A);
-	BODY_60_79(78,A,B,C,D,E,T);
-	BODY_60_79(79,T,A,B,C,D,E);
+	A=c->h0;
+	B=c->h1;
+	C=c->h2;
+	D=c->h3;
+	E=c->h4;
 
-	c->h0=(c->h0+E)&0xffffffff; 
-	c->h1=(c->h1+T)&0xffffffff;
-	c->h2=(c->h2+A)&0xffffffff;
-	c->h3=(c->h3+B)&0xffffffff;
-	c->h4=(c->h4+C)&0xffffffff;
+	W+=16;
+		}
 	}
 
 void SHA_Final(md, c)
@@ -326,7 +411,7 @@ SHA_CTX *c;
 	if ((j&0x03) == 0) p[i]=0;
 #endif
 	l=p[i];
-	p_c2nl(cp,l,j&0x03);
+	M_p_c2nl(cp,l,j&0x03);
 	p[i]=l;
 	i++;
 	/* i is the next 'undefined word' */
@@ -334,41 +419,24 @@ SHA_CTX *c;
 		{
 		for (; i<SHA_LBLOCK; i++)
 			p[i]=0;
-		sha_block(c,p);
+		sha_block(c,p,64);
 		i=0;
 		}
 	for (; i<(SHA_LBLOCK-2); i++)
 		p[i]=0;
 	p[SHA_LBLOCK-2]=c->Nh;
 	p[SHA_LBLOCK-1]=c->Nl;
-	sha_block(c,p);
+	sha_block(c,p,64);
 	cp=md;
 	l=c->h0; nl2c(l,cp);
 	l=c->h1; nl2c(l,cp);
 	l=c->h2; nl2c(l,cp);
 	l=c->h3; nl2c(l,cp);
 	l=c->h4; nl2c(l,cp);
+
 	/* clear stuff, sha_block may be leaving some stuff on the stack
 	 * but I'm not worried :-) */
 	c->num=0;
 /*	memset((char *)&c,0,sizeof(c));*/
 	}
 
-
-#ifdef undef
-int printit(l)
-unsigned long *l;
-	{
-	int i,ii;
-
-	for (i=0; i<2; i++)
-		{
-		for (ii=0; ii<8; ii++)
-			{
-			fprintf(stderr,"%08lx ",l[i*8+ii]);
-			}
-		fprintf(stderr,"\n");
-		}
-	}
-#endif
-
diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h
index 0a5cf4699..2814ad15f 100644
--- a/crypto/sha/sha_locl.h
+++ b/crypto/sha/sha_locl.h
@@ -1,5 +1,5 @@
 /* crypto/sha/sha_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -120,7 +120,51 @@
 			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
 			 *((c)++)=(unsigned char)(((l)    )&0xff))
 
-/* I have taken some of this code from my MD5 implementation */
+#undef c2l
+#define c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ), \
+			 l|=(((unsigned long)(*((c)++)))<< 8), \
+			 l|=(((unsigned long)(*((c)++)))<<16), \
+			 l|=(((unsigned long)(*((c)++)))<<24))
+
+#undef p_c2l
+#define p_c2l(c,l,n)	{ \
+			switch (n) { \
+			case 0: l =((unsigned long)(*((c)++))); \
+			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+			case 2: l|=((unsigned long)(*((c)++)))<<16; \
+			case 3: l|=((unsigned long)(*((c)++)))<<24; \
+				} \
+			}
+
+#undef c2l_p
+/* NOTE the pointer is not incremented at the end of this */
+#define c2l_p(c,l,n)	{ \
+			l=0; \
+			(c)+=n; \
+			switch (n) { \
+			case 3: l =((unsigned long)(*(--(c))))<<16; \
+			case 2: l|=((unsigned long)(*(--(c))))<< 8; \
+			case 1: l|=((unsigned long)(*(--(c)))); \
+				} \
+			}
+
+#undef p_c2l_p
+#define p_c2l_p(c,l,sc,len) { \
+			switch (sc) \
+				{ \
+			case 0: l =((unsigned long)(*((c)++))); \
+				if (--len == 0) break; \
+			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+				if (--len == 0) break; \
+			case 2: l|=((unsigned long)(*((c)++)))<<16; \
+				} \
+			}
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
 
 #undef ROTATE
 #if defined(WIN32)
@@ -161,38 +205,42 @@
 
 #ifdef SHA_0
 #undef Xupdate
-#define Xupdate(a,i) \
-	X[(i)&0x0f]=(a)=\
-		(X[(i)&0x0f]^X[((i)+2)&0x0f]^X[((i)+8)&0x0f]^X[((i)+13)&0x0f]);
+#define Xupdate(a,i,ia,ib,ic,id) X[(i)&0x0f]=(a)=\
+	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);
 #endif
 #ifdef SHA_1
 #undef Xupdate
-#define Xupdate(a,i) \
-	(a)=(X[(i)&0x0f]^X[((i)+2)&0x0f]^X[((i)+8)&0x0f]^X[((i)+13)&0x0f]); \
+#define Xupdate(a,i,ia,ib,ic,id) (a)=\
+	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);\
 	X[(i)&0x0f]=(a)=ROTATE((a),1);
 #endif
 
-#define BODY_00_15(i,a,b,c,d,e,f) \
-	(f)=X[i]+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+#define BODY_00_15(i,a,b,c,d,e,f,xa) \
+	(f)=xa[i]+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
 	(b)=ROTATE((b),30);
 
-#define BODY_16_19(i,a,b,c,d,e,f) \
-	Xupdate(f,i); \
+#define BODY_16_19(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+	Xupdate(f,i,xa,xb,xc,xd); \
 	(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
 	(b)=ROTATE((b),30);
 
-#define BODY_20_39(i,a,b,c,d,e,f) \
-	Xupdate(f,i); \
+#define BODY_20_31(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+	Xupdate(f,i,xa,xb,xc,xd); \
+	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+	(b)=ROTATE((b),30);
+
+#define BODY_32_39(i,a,b,c,d,e,f,xa) \
+	Xupdate(f,i,xa,xa,xa,xa); \
 	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
 	(b)=ROTATE((b),30);
 
-#define BODY_40_59(i,a,b,c,d,e,f) \
-	Xupdate(f,i); \
+#define BODY_40_59(i,a,b,c,d,e,f,xa) \
+	Xupdate(f,i,xa,xa,xa,xa); \
 	(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
 	(b)=ROTATE((b),30);
 
-#define BODY_60_79(i,a,b,c,d,e,f) \
-	Xupdate(f,i); \
+#define BODY_60_79(i,a,b,c,d,e,f,xa) \
+	Xupdate(f,i,xa,xa,xa,xa); \
 	(f)=X[(i)&0x0f]+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
 	(b)=ROTATE((b),30);
 
diff --git a/crypto/sha/sha_one.c b/crypto/sha/sha_one.c
index 87da617be..18ab7f61b 100644
--- a/crypto/sha/sha_one.c
+++ b/crypto/sha/sha_one.c
@@ -1,5 +1,5 @@
 /* crypto/sha/sha_one.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,7 +57,7 @@
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include <string.h>
 #include "sha.h"
 
 unsigned char *SHA(d, n, md)
diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c
index 28c2e1923..03816e9b3 100644
--- a/crypto/sha/shatest.c
+++ b/crypto/sha/shatest.c
@@ -1,5 +1,5 @@
 /* crypto/sha/shatest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
index 712089ef3..610ccbb75 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -1,5 +1,5 @@
 /* crypto/stack/stack.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -72,7 +72,7 @@
 #undef MIN_NODES
 #define MIN_NODES	4
 
-char *STACK_version="STACK part of SSLeay 0.8.1b 29-Jun-1998";
+char *STACK_version="STACK part of SSLeay 0.9.0b 29-Jun-1998";
 
 #ifndef NOPROTO
 #define	FP_ICC	(int (*)(const void *,const void *))
@@ -193,14 +193,22 @@ STACK *st;
 int loc;
 	{
 	char *ret;
+	int i,j;
 
 	if ((st->num == 0) || (loc < 0) || (loc >= st->num)) return(NULL);
 
 	ret=st->data[loc];
 	if (loc != st->num-1)
-		memcpy( &(st->data[loc]),
-			&(st->data[loc+1]),
-			sizeof(char *)*(st->num-loc-1));
+		{
+		j=st->num-1;
+		for (i=loc; i<j; i++)
+			st->data[i]=st->data[i+1];
+		/* In theory memcpy is not safe for this
+		 * memcpy( &(st->data[loc]),
+		 *	&(st->data[loc+1]),
+		 *	sizeof(char *)*(st->num-loc-1));
+		 */
+		}
 	st->num--;
 	return(ret);
 	}
diff --git a/crypto/stack/stack.h b/crypto/stack/stack.h
index 66ba83ec4..615eb6ff9 100644
--- a/crypto/stack/stack.h
+++ b/crypto/stack/stack.h
@@ -1,5 +1,5 @@
 /* crypto/stack/stack.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -73,8 +73,8 @@ typedef struct stack_st
 	int (*comp)();
 	} STACK;
 
-#define sk_num(sk)	((sk)->num)
-#define sk_value(sk,n)	((sk)->data[n])
+#define sk_num(sk)		((sk)->num)
+#define sk_value(sk,n)		((sk)->data[n])
 
 #define sk_new_null()	sk_new(NULL)
 #ifndef NOPROTO
diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c
index ae8db3917..e34ce4efa 100644
--- a/crypto/txt_db/txt_db.c
+++ b/crypto/txt_db/txt_db.c
@@ -1,5 +1,5 @@
 /* crypto/txt_db/txt_db.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -66,7 +66,7 @@
 #undef BUFSIZE
 #define BUFSIZE	512
 
-char *TXT_DB_version="TXT_DB part of SSLeay 0.8.1b 29-Jun-1998";
+char *TXT_DB_version="TXT_DB part of SSLeay 0.9.0b 29-Jun-1998";
 
 TXT_DB *TXT_DB_read(in,num)
 BIO *in;
@@ -157,7 +157,7 @@ int num;
 		*(p++)='\0';
 		if ((n != num) || (*f != '\0'))
 			{
-#ifndef WIN16	/* temporaty fix :-( */
+#if !defined(NO_STDIO) && !defined(WIN16)	/* temporaty fix :-( */
 			fprintf(stderr,"wrong number of fields on line %ld\n",ln);
 #endif
 			er=2;
@@ -166,7 +166,7 @@ int num;
 		pp[n]=p;
 		if (!sk_push(ret->data,(char *)pp))
 			{
-#ifndef WIN16	/* temporaty fix :-( */
+#if !defined(NO_STDIO) && !defined(WIN16)	/* temporaty fix :-( */
 			fprintf(stderr,"failure in sk_push\n");
 #endif
 			er=2;
@@ -178,7 +178,7 @@ err:
 	BUF_MEM_free(buf);
 	if (er)
 		{
-#ifndef WIN16
+#if !defined(NO_STDIO) && !defined(WIN16)
 		if (er == 1) fprintf(stderr,"Malloc failure\n");
 #endif
 		if (ret->data != NULL) sk_free(ret->data);
diff --git a/crypto/txt_db/txt_db.h b/crypto/txt_db/txt_db.h
index 4775d5ecc..aca6dae39 100644
--- a/crypto/txt_db/txt_db.h
+++ b/crypto/txt_db/txt_db.h
@@ -1,5 +1,5 @@
 /* crypto/txt_db/txt_db.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/x509/Makefile.ssl b/crypto/x509/Makefile.ssl
index e54a74d1e..1c1ca2ffa 100644
--- a/crypto/x509/Makefile.ssl
+++ b/crypto/x509/Makefile.ssl
@@ -91,6 +91,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 6676a2e40..11725ec94 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -1,5 +1,5 @@
 /* crypto/x509/by_dir.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -250,21 +250,46 @@ X509_NAME *name;
 X509_OBJECT *ret;
 	{
 	BY_DIR *ctx;
-	X509 st_x509;
-	X509_CINF st_x509_cinf;
+	union	{
+		struct	{
+			X509 st_x509;
+			X509_CINF st_x509_cinf;
+			} x509;
+		struct	{
+			X509_CRL st_crl;
+			X509_CRL_INFO st_crl_info;
+			} crl;
+		} data;
 	int ok=0;
 	int i,j,k;
 	unsigned long h;
 	BUF_MEM *b=NULL;
 	struct stat st;
 	X509_OBJECT stmp,*tmp;
+	char *postfix="";
 
 	if (name == NULL) return(0);
 
-	st_x509.cert_info= &st_x509_cinf;
-	st_x509_cinf.subject=name;
-	stmp.data.x509= &st_x509;
 	stmp.type=type;
+	if (type == X509_LU_X509)
+		{
+		data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
+		data.x509.st_x509_cinf.subject=name;
+		stmp.data.x509= &data.x509.st_x509;
+		postfix="";
+		}
+	else if (type == X509_LU_CRL)
+		{
+		data.crl.st_crl.crl= &data.crl.st_crl_info;
+		data.crl.st_crl_info.issuer=name;
+		stmp.data.crl= &data.crl.st_crl;
+		postfix="r";
+		}
+	else
+		{
+		X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
+		goto finish;
+		}
 
 	if ((b=BUF_MEM_new()) == NULL)
 		{
@@ -277,7 +302,7 @@ X509_OBJECT *ret;
 	h=X509_NAME_hash(name);
 	for (i=0; i<ctx->num_dirs; i++)
 		{
-		j=strlen(ctx->dirs[i])+1+8+6+1;
+		j=strlen(ctx->dirs[i])+1+8+6+1+1;
 		if (!BUF_MEM_grow(b,j))
 			{
 			X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
@@ -286,14 +311,25 @@ X509_OBJECT *ret;
 		k=0;
 		for (;;)
 			{
-			sprintf(b->data,"%s/%08lx.%d",ctx->dirs[i],h,k);
+			sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
+				postfix,k);
 			k++;
 			if (stat(b->data,&st) < 0)
 				break;
 			/* found one. */
-			if ((X509_load_cert_file(xl,b->data,
-				ctx->dirs_type[i])) == 0)
+			if (type == X509_LU_X509)
+				{
+				if ((X509_load_cert_file(xl,b->data,
+					ctx->dirs_type[i])) == 0)
+					break;
+				}
+			else if (type == X509_LU_CRL)
+				{
+				if ((X509_load_crl_file(xl,b->data,
+					ctx->dirs_type[i])) == 0)
 					break;
+				}
+			/* else case will caught higher up */
 			}
 
 		/* we have added it to the cache so now pull
@@ -307,7 +343,10 @@ X509_OBJECT *ret;
 			{
 			ok=1;
 			ret->type=tmp->type;
-			ret->data.x509=tmp->data.x509;
+			memcpy(&ret->data,&tmp->data,sizeof(ret->data));
+			/* If we were going to up the reference count,
+			 * we would need to do it on a perl 'type'
+			 * basis */
 	/*		CRYPTO_add(&tmp->data.x509->references,1,
 				CRYPTO_LOCK_X509);*/
 			goto finish;
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 2dac28f54..09ebb9bf0 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -1,5 +1,5 @@
 /* crypto/x509/by_file.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -68,6 +68,8 @@
 #include "x509.h"
 #include "pem.h"
 
+#ifndef NO_STDIO
+
 #ifndef NOPROTO
 static int by_file_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,
 	long argl,char **ret);
@@ -101,7 +103,7 @@ char *argp;
 long argl;
 char **ret;
 	{
-	int ok=0;
+	int ok=0,ok2=0;
 	char *file;
 
 	switch (cmd)
@@ -111,7 +113,9 @@ char **ret;
 			{
 			ok=X509_load_cert_file(ctx,X509_get_default_cert_file(),
 				X509_FILETYPE_PEM);
-			if (!ok)
+			ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(),
+				X509_FILETYPE_PEM);
+			if (!ok || !ok2)
 				{
 				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
 				}
@@ -120,13 +124,18 @@ char **ret;
 				file=(char *)Getenv(X509_get_default_cert_file_env());
 				ok=X509_load_cert_file(ctx,file,
 					X509_FILETYPE_PEM);
+				ok2=X509_load_crl_file(ctx,file,
+					X509_FILETYPE_PEM);
 				}
 			}
 		else
+			{
 			ok=X509_load_cert_file(ctx,argp,(int)argl);
+			ok2=X509_load_crl_file(ctx,argp,(int)argl);
+			}
 		break;
 		}
-	return(ok);
+	return((ok && ok2)?ok:0);
 	}
 
 int X509_load_cert_file(ctx,file,type)
@@ -140,11 +149,7 @@ int type;
 	X509 *x=NULL;
 
 	if (file == NULL) return(1);
-#ifndef WIN16
-	in=BIO_new(BIO_s_file());
-#else
-	in=BIO_new(BIO_s_file_internal_w16());
-#endif
+	in=BIO_new(BIO_s_file_internal());
 
 	if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
 		{
@@ -203,3 +208,75 @@ err:
 	return(ret);
 	}
 
+int X509_load_crl_file(ctx,file,type)
+X509_LOOKUP *ctx;
+char *file;
+int type;
+	{
+	int ret=0;
+	BIO *in=NULL;
+	int i,count=0;
+	X509_CRL *x=NULL;
+
+	if (file == NULL) return(1);
+	in=BIO_new(BIO_s_file_internal());
+
+	if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
+		{
+		X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
+		goto err;
+		}
+
+	if (type == X509_FILETYPE_PEM)
+		{
+		for (;;)
+			{
+			x=PEM_read_bio_X509_CRL(in,NULL,NULL);
+			if (x == NULL)
+				{
+				if ((ERR_GET_REASON(ERR_peek_error()) ==
+					PEM_R_NO_START_LINE) && (count > 0))
+					{
+					ERR_clear_error();
+					break;
+					}
+				else
+					{
+					X509err(X509_F_X509_LOAD_CRL_FILE,
+						ERR_R_PEM_LIB);
+					goto err;
+					}
+				}
+			i=X509_STORE_add_crl(ctx->store_ctx,x);
+			if (!i) goto err;
+			count++;
+			X509_CRL_free(x);
+			x=NULL;
+			}
+		ret=count;
+		}
+	else if (type == X509_FILETYPE_ASN1)
+		{
+		x=d2i_X509_CRL_bio(in,NULL);
+		if (x == NULL)
+			{
+			X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		i=X509_STORE_add_crl(ctx->store_ctx,x);
+		if (!i) goto err;
+		ret=i;
+		}
+	else
+		{
+		X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
+		goto err;
+		}
+err:
+	if (x != NULL) X509_CRL_free(x);
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+
+#endif /* NO_STDIO */
+
diff --git a/crypto/x509/v3_net.c b/crypto/x509/v3_net.c
index 5e79a57f0..0c2d276d1 100644
--- a/crypto/x509/v3_net.c
+++ b/crypto/x509/v3_net.c
@@ -1,5 +1,5 @@
 /* crypto/x509/v3_net.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -66,9 +66,9 @@
 #define NETSCAPE_X509_EXT_NUM	8
 
 static X509_EXTENSION_METHOD netscape_x509_ext[NETSCAPE_X509_EXT_NUM]={
-{NID_netscape_ca_policy_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_ssl_server_name,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_revocation_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
+{NID_netscape_ca_policy_url,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
+{NID_netscape_ssl_server_name,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
+{NID_netscape_revocation_url,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
 {NID_netscape_base_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
 {NID_netscape_cert_type,V_ASN1_BIT_STRING,X509_EXT_PACK_STRING},
 {NID_netscape_ca_revocation_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
diff --git a/crypto/x509/v3_x509.c b/crypto/x509/v3_x509.c
index 57a7b17df..f685aa4c7 100644
--- a/crypto/x509/v3_x509.c
+++ b/crypto/x509/v3_x509.c
@@ -1,5 +1,5 @@
 /* crypto/x509/v3_x509.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,32 +57,197 @@
  */
 
 #include <stdio.h>
+#include <ctype.h>
 #include "stack.h"
 #include "cryptlib.h"
+#include "bio.h"
 #include "asn1.h"
 #include "objects.h"
 #include "x509.h"
 
+#if 0
+static int i2a_key_usage(BIO *bp, X509 *x);
+static int a2i_key_usage(X509 *x, char *str, int len);
+#endif
+
+int X509v3_get_key_usage(X509 *x);
+int X509v3_set_key_usage(X509 *x,unsigned int use);
+int i2a_X509v3_key_usage(BIO *bp, unsigned int use);
+unsigned int a2i_X509v3_key_usage(char *p);
+
 #define STD_X509_EXT_NUM	9
 
-static X509_EXTENSION_METHOD std_x509_ext[STD_X509_EXT_NUM]={
-{NID_subject_key_identifier,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_key_usage,			V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_private_key_usage_period,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_subject_alt_name,		V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_issuer_alt_name,		V_ASN1_BIT_STRING,X509_EXT_PACK_STRING},
-{NID_basic_constraints,		V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_crl_number,		V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_certificate_policies,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_authority_key_identifier,  V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
+#if 0
+static X509_OBJECTS std_x509_ext[STD_X509_EXT_NUM]={
+{NID_subject_key_identifier,	NULL,NULL},
+{NID_key_usage,			a2i_key_usage,i2a_key_usage}, /**/
+{NID_private_key_usage_period,	NULL,NULL},
+{NID_subject_alt_name,		NULL,NULL},
+{NID_issuer_alt_name,		NULL,NULL},
+{NID_basic_constraints,		NULL,NULL},
+{NID_crl_number,		NULL,NULL},
+{NID_certificate_policies,	NULL,NULL},
+{NID_authority_key_identifier,  NULL,NULL},
 	};
+#endif
 
 int X509v3_add_standard_extensions()
 	{
-	int i;
 
+#if 0
 	for (i=0; i<STD_X509_EXT_NUM; i++)
 		if (!X509v3_add_extension(&(std_x509_ext[i])))
 			return(0);
+#endif
+	return(1);
+	}
+
+int X509v3_get_key_usage(x)
+X509 *x;
+	{
+	X509_EXTENSION *ext;
+	ASN1_STRING *st;
+	char *p;
+	int i;
+
+	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+	if (i < 0) return(X509v3_KU_UNDEF);
+	ext=X509_get_ext(x,i);
+	st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
+		X509_EXTENSION_get_data(X509_get_ext(x,i)));
+
+	p=(char *)ASN1_STRING_data(st);
+	if (ASN1_STRING_length(st) == 1)
+		i=p[0];
+	else if (ASN1_STRING_length(st) == 2)
+		i=p[0]|(p[1]<<8);
+	else
+		i=0;
+	return(i);
+	}
+
+static struct
+	{
+	char *name;
+	unsigned int value;
+	} key_usage_data[] ={
+	{"digitalSignature",	X509v3_KU_DIGITAL_SIGNATURE},
+	{"nonRepudiation",	X509v3_KU_NON_REPUDIATION},
+	{"keyEncipherment",	X509v3_KU_KEY_ENCIPHERMENT},
+	{"dataEncipherment",	X509v3_KU_DATA_ENCIPHERMENT},
+	{"keyAgreement",	X509v3_KU_KEY_AGREEMENT},
+	{"keyCertSign",		X509v3_KU_KEY_CERT_SIGN},
+	{"cRLSign",		X509v3_KU_CRL_SIGN},
+	{"encipherOnly",	X509v3_KU_ENCIPHER_ONLY},
+	{"decipherOnly",	X509v3_KU_DECIPHER_ONLY},
+	{NULL,0},
+	};
+
+#if 0
+static int a2i_key_usage(x,str,len)
+X509 *x;
+char *str;
+int len;
+	{
+	return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
+	}
+
+static int i2a_key_usage(bp,x)
+BIO *bp;
+X509 *x;
+	{
+	return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
+	}
+#endif
+
+int i2a_X509v3_key_usage(bp,use)
+BIO *bp;
+unsigned int use;
+	{
+	int i=0,first=1;
+
+	for (;;)
+		{
+		if (use | key_usage_data[i].value)
+			{
+			BIO_printf(bp,"%s%s",((first)?"":" "),
+				key_usage_data[i].name);
+			first=0;
+			}
+		}
 	return(1);
 	}
+
+unsigned int a2i_X509v3_key_usage(p)
+char *p;
+	{
+	unsigned int ret=0;
+	char *q,*s;
+	int i,n;
+
+	q=p;
+	for (;;)
+		{
+		while ((*q != '\0') && isalnum(*q))
+			q++;
+		if (*q == '\0') break;
+		s=q++;
+		while (isalnum(*q))
+			q++;
+		n=q-s;
+		i=0;
+		for (;;)
+			{
+			if (strncmp(key_usage_data[i].name,s,n) == 0)
+				{
+				ret|=key_usage_data[i].value;
+				break;
+				}
+			i++;
+			if (key_usage_data[i].name == NULL)
+				return(X509v3_KU_UNDEF);
+			}
+		}
+	return(ret);
+	}
+
+int X509v3_set_key_usage(x,use)
+X509 *x;
+unsigned int use;
+	{
+	ASN1_OCTET_STRING *os;
+	X509_EXTENSION *ext;
+	int i;
+	unsigned char data[4];
+
+	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+	if (i < 0)
+		{
+		i=X509_get_ext_count(x)+1;
+		if ((ext=X509_EXTENSION_new()) == NULL) return(0);
+		if (!X509_add_ext(x,ext,i))
+			{
+			X509_EXTENSION_free(ext);
+			return(0);
+			}
+		}
+	else
+		ext=X509_get_ext(x,i);
+
+	/* fill in 'ext' */
+	os=X509_EXTENSION_get_data(ext);
+
+	i=0;
+	if (use > 0)
+		{
+		i=1;
+		data[0]=use&0xff;
+		}
+	if (use > 0xff)
+		{
+		i=2;
+		data[1]=(use>>8)&0xff;
+		}
+	return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
+	}
+
diff --git a/crypto/x509/x509.err b/crypto/x509/x509.err
index 7f8b33ed8..8d0862d7d 100644
--- a/crypto/x509/x509.err
+++ b/crypto/x509/x509.err
@@ -13,20 +13,22 @@
 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109
 #define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
 #define X509_F_X509_LOAD_CERT_FILE			 111
-#define X509_F_X509_NAME_ADD_ENTRY			 112
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 113
-#define X509_F_X509_NAME_ENTRY_SET_OBJECT		 114
-#define X509_F_X509_NAME_ONELINE			 115
-#define X509_F_X509_NAME_PRINT				 116
-#define X509_F_X509_PRINT_FP				 117
-#define X509_F_X509_PUBKEY_GET				 118
-#define X509_F_X509_PUBKEY_SET				 119
-#define X509_F_X509_REQ_PRINT				 120
-#define X509_F_X509_REQ_PRINT_FP			 121
-#define X509_F_X509_REQ_TO_X509				 122
-#define X509_F_X509_STORE_ADD_CERT			 123
-#define X509_F_X509_TO_X509_REQ				 124
-#define X509_F_X509_VERIFY_CERT				 125
+#define X509_F_X509_LOAD_CRL_FILE			 112
+#define X509_F_X509_NAME_ADD_ENTRY			 113
+#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 114
+#define X509_F_X509_NAME_ENTRY_SET_OBJECT		 115
+#define X509_F_X509_NAME_ONELINE			 116
+#define X509_F_X509_NAME_PRINT				 117
+#define X509_F_X509_PRINT_FP				 118
+#define X509_F_X509_PUBKEY_GET				 119
+#define X509_F_X509_PUBKEY_SET				 120
+#define X509_F_X509_REQ_PRINT				 121
+#define X509_F_X509_REQ_PRINT_FP			 122
+#define X509_F_X509_REQ_TO_X509				 123
+#define X509_F_X509_STORE_ADD_CERT			 124
+#define X509_F_X509_STORE_ADD_CRL			 125
+#define X509_F_X509_TO_X509_REQ				 126
+#define X509_F_X509_VERIFY_CERT				 127
 
 /* Reason codes. */
 #define X509_R_BAD_X509_FILETYPE			 100
@@ -41,3 +43,4 @@
 #define X509_R_UNKNOWN_NID				 109
 #define X509_R_UNKNOWN_STRING_TYPE			 110
 #define X509_R_UNSUPPORTED_ALGORITHM			 111
+#define X509_R_WRONG_LOOKUP_TYPE			 112
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index a1f755681..95114f7c4 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -1,5 +1,5 @@
 /* crypto/x509/x509.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -90,6 +90,24 @@ extern "C" {
 #define X509_FILETYPE_ASN1	2
 #define X509_FILETYPE_DEFAULT	3
 
+#define X509v3_KU_DIGITAL_SIGNATURE	0x0080
+#define X509v3_KU_NON_REPUDIATION	0x0040
+#define X509v3_KU_KEY_ENCIPHERMENT	0x0020
+#define X509v3_KU_DATA_ENCIPHERMENT	0x0010
+#define X509v3_KU_KEY_AGREEMENT		0x0008
+#define X509v3_KU_KEY_CERT_SIGN		0x0004
+#define X509v3_KU_CRL_SIGN		0x0002
+#define X509v3_KU_ENCIPHER_ONLY		0x0001
+#define X509v3_KU_DECIPHER_ONLY		0x8000
+#define X509v3_KU_UNDEF			0xffff
+
+typedef struct X509_objects_st
+	{
+	int nid;
+	int (*a2i)();
+	int (*i2a)();
+	} X509_OBJECTS;
+
 typedef struct X509_algor_st
 	{
 	ASN1_OBJECT *algorithm;
@@ -133,25 +151,39 @@ typedef struct X509_name_st
 #else
 	char *bytes;
 #endif
+	unsigned long hash; /* Keep the hash around for lookups */
 	} X509_NAME;
 
+#define X509_EX_V_NETSCAPE_HACK		0x8000
+#define X509_EX_V_INIT			0x0001
 typedef struct X509_extension_st
 	{
 	ASN1_OBJECT *object;
 	short critical;
 	short netscape_hack;
 	ASN1_OCTET_STRING *value;
+	long argl;			/* used when decoding */
+	char *argp;			/* used when decoding */
+	void (*ex_free)();		/* clear argp stuff */
 	} X509_EXTENSION;
 
-#define X509_EXT_PACK_UNKNOWN	0
-#define X509_EXT_PACK_STRING	1 /* X509v3_pack_string() */
-
+/* #if 1 */
 typedef struct x509_extension_method_st
 	{
 	int nid;
 	int data_type;
 	int pack_type;
+	void (*ex_clear)();
+	int (*ex_get_bool)();
+	int (*ex_set_bool)();
+	int (*ex_get_str)();
+	int (*ex_set_str)();
+	char *(*ex_get_struct)();
+	int (*ex_set_struct)();
+	int (*a2i)();
+	int (*i2a)();
 	} X509_EXTENSION_METHOD;
+/* #endif */
 
 typedef struct X509_req_info_st
 	{
@@ -307,8 +339,6 @@ typedef struct CBCParameter_st
 	a->sig_alg,a->signature,(char *)a->req_info,r)
 #define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
 	a->sig_alg, a->signature,(char *)a->crl,r)
-#define NETSCAPE_SPKI_verify(a,r) ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC, \
-		a->sig_algor,a->signature, (char *)a->spkac,r)
 
 #define X509_sign(x,pkey,md) \
 	ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
@@ -428,6 +458,9 @@ typedef struct CBCParameter_st
 		(char *)data,md,len)
 #endif
 
+#define X509_EXT_PACK_UNKNOWN	1
+#define X509_EXT_PACK_STRING	2
+
 #define		X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
 /* #define	X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
 #define		X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
@@ -448,7 +481,7 @@ typedef struct CBCParameter_st
 #ifndef SSLEAY_MACROS
 #ifdef HEADER_ENVELOPE_H
 int X509_verify(X509 *a, EVP_PKEY *r);
-char *X509_verify_cert_error_string(int n);
+char *X509_verify_cert_error_string(long n);
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
 int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
@@ -464,7 +497,7 @@ int X509_NAME_digest(X509_NAME *data,EVP_MD *type,
 	unsigned char *md,unsigned int *len);
 #endif
 
-#ifndef WIN16
+#ifndef NO_FP_API
 X509 *d2i_X509_fp(FILE *fp, X509 *x509);
 int i2d_X509_fp(FILE *fp,X509 *x509);
 X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL *crl);
@@ -515,7 +548,7 @@ char *		X509_get_default_cert_dir_env(void );
 char *		X509_get_default_cert_file_env(void );
 char *		X509_get_default_private_dir(void );
 
-X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey);
+X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
 X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
 void ERR_load_X509_strings(void );
 
@@ -674,7 +707,7 @@ int		X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
 unsigned long	X509_NAME_hash(X509_NAME *x);
 
 int		X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
-#ifndef WIN16
+#ifndef NO_FP_API
 int		X509_print_fp(FILE *bp,X509 *x);
 int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
 #endif
@@ -691,9 +724,11 @@ int 		X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
 int		X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
 			char *buf,int len);
 
-int 		X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int oldpos);
+/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
+ * lastpos, seach after that position on. */
+int 		X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
 int 		X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
-			int oldpos);
+			int lastpos);
 X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
 X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
 int 		X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
@@ -711,37 +746,38 @@ ASN1_OBJECT *	X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
 ASN1_STRING *	X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
 
 int		X509v3_get_ext_count(STACK *x);
-int		X509v3_get_ext_by_NID(STACK *x, int nid, int oldpos);
-int		X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int oldpos);
-int		X509v3_get_ext_by_critical(STACK *x, int crit, int oldpos);
+int		X509v3_get_ext_by_NID(STACK *x, int nid, int lastpos);
+int		X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int lastpos);
+int		X509v3_get_ext_by_critical(STACK *x, int crit, int lastpos);
 X509_EXTENSION *X509v3_get_ext(STACK *x, int loc);
 X509_EXTENSION *X509v3_delete_ext(STACK *x, int loc);
 STACK *		X509v3_add_ext(STACK **x, X509_EXTENSION *ex, int loc);
+
 int		X509v3_data_type_by_OBJ(ASN1_OBJECT *obj);
 int		X509v3_data_type_by_NID(int nid);
 int		X509v3_pack_type_by_OBJ(ASN1_OBJECT *obj);
 int		X509v3_pack_type_by_NID(int nid);
 
 int		X509_get_ext_count(X509 *x);
-int		X509_get_ext_by_NID(X509 *x, int nid, int oldpos);
-int		X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int oldpos);
-int		X509_get_ext_by_critical(X509 *x, int crit, int oldpos);
+int		X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
+int		X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
+int		X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
 X509_EXTENSION *X509_get_ext(X509 *x, int loc);
 X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
 int		X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
 
 int		X509_CRL_get_ext_count(X509_CRL *x);
-int		X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int oldpos);
-int		X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int oldpos);
-int		X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int oldpos);
+int		X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
+int		X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
+int		X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
 X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
 X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
 int		X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
 
 int		X509_REVOKED_get_ext_count(X509_REVOKED *x);
-int		X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int oldpos);
-int		X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int oldpos);
-int		X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int oldpos);
+int		X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
+int		X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
+int		X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
 X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
 X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
 int		X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
@@ -787,7 +823,7 @@ int X509_digest();
 int X509_NAME_digest();
 #endif
 
-#ifndef WIN16
+#ifndef NO_FP_API
 X509 *d2i_X509_fp();
 int i2d_X509_fp();
 X509_CRL *d2i_X509_CRL_fp();
@@ -979,7 +1015,7 @@ int		X509_NAME_cmp ();
 unsigned long	X509_NAME_hash();
 
 int		X509_CRL_cmp();
-#ifndef WIN16
+#ifndef NO_FP_API
 int		X509_print_fp();
 int		X509_REQ_print_fp();
 #endif
@@ -1011,12 +1047,12 @@ int		X509v3_get_ext_by_critical();
 X509_EXTENSION *X509v3_get_ext();
 X509_EXTENSION *X509v3_delete_ext();
 STACK *		X509v3_add_ext();
+
 int		X509v3_data_type_by_OBJ();
 int		X509v3_data_type_by_NID();
 int		X509v3_pack_type_by_OBJ();
 int		X509v3_pack_type_by_NID();
 
-
 int		X509_get_ext_count();
 int		X509_get_ext_by_NID();
 int		X509_get_ext_by_OBJ();
@@ -1077,20 +1113,22 @@ X509 *X509_find_by_subject();
 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109
 #define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
 #define X509_F_X509_LOAD_CERT_FILE			 111
-#define X509_F_X509_NAME_ADD_ENTRY			 112
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 113
-#define X509_F_X509_NAME_ENTRY_SET_OBJECT		 114
-#define X509_F_X509_NAME_ONELINE			 115
-#define X509_F_X509_NAME_PRINT				 116
-#define X509_F_X509_PRINT_FP				 117
-#define X509_F_X509_PUBKEY_GET				 118
-#define X509_F_X509_PUBKEY_SET				 119
-#define X509_F_X509_REQ_PRINT				 120
-#define X509_F_X509_REQ_PRINT_FP			 121
-#define X509_F_X509_REQ_TO_X509				 122
-#define X509_F_X509_STORE_ADD_CERT			 123
-#define X509_F_X509_TO_X509_REQ				 124
-#define X509_F_X509_VERIFY_CERT				 125
+#define X509_F_X509_LOAD_CRL_FILE			 112
+#define X509_F_X509_NAME_ADD_ENTRY			 113
+#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 114
+#define X509_F_X509_NAME_ENTRY_SET_OBJECT		 115
+#define X509_F_X509_NAME_ONELINE			 116
+#define X509_F_X509_NAME_PRINT				 117
+#define X509_F_X509_PRINT_FP				 118
+#define X509_F_X509_PUBKEY_GET				 119
+#define X509_F_X509_PUBKEY_SET				 120
+#define X509_F_X509_REQ_PRINT				 121
+#define X509_F_X509_REQ_PRINT_FP			 122
+#define X509_F_X509_REQ_TO_X509				 123
+#define X509_F_X509_STORE_ADD_CERT			 124
+#define X509_F_X509_STORE_ADD_CRL			 125
+#define X509_F_X509_TO_X509_REQ				 126
+#define X509_F_X509_VERIFY_CERT				 127
 
 /* Reason codes. */
 #define X509_R_BAD_X509_FILETYPE			 100
@@ -1105,6 +1143,7 @@ X509 *X509_find_by_subject();
 #define X509_R_UNKNOWN_NID				 109
 #define X509_R_UNKNOWN_STRING_TYPE			 110
 #define X509_R_UNSUPPORTED_ALGORITHM			 111
+#define X509_R_WRONG_LOOKUP_TYPE			 112
  
 #ifdef  __cplusplus
 }
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 14eebbfcb..f9d9510ac 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_cmp.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -188,17 +188,27 @@ X509_NAME *b;
 	}
 
 #ifndef NO_MD5
-/* I should do a DER encoding of the name and then hash it. */
+/* I now DER encode the name and hash it.  Since I cache the DER encoding,
+ * this is reasonably effiecent. */
 unsigned long X509_NAME_hash(x)
 X509_NAME *x;
 	{
 	unsigned long ret=0;
 	unsigned char md[16];
-	char str[256];
+	unsigned char str[256],*p,*pp;
+	int i;
+
+	i=i2d_X509_NAME(x,NULL);
+	if (i > sizeof(str))
+		p=Malloc(i);
+	else
+		p=str;
+
+	pp=p;
+	i2d_X509_NAME(x,&pp);
+	MD5((unsigned char *)p,i,&(md[0]));
+	if (p != str) Free(p);
 
-	X509_NAME_oneline(x,str,256);
-	ret=strlen(str);
-	MD5((unsigned char *)str,ret,&(md[0]));
 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
 		)&0xffffffffL;
@@ -226,7 +236,7 @@ ASN1_INTEGER *serial;
 		if (X509_issuer_and_serial_cmp(x509,&x) == 0)
 			return(x509);
 		}
-	return(x509);
+	return(NULL);
 	}
 
 X509 *X509_find_by_subject(sk,name)
diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
index 235d70f8d..01e22f4cb 100644
--- a/crypto/x509/x509_d2.c
+++ b/crypto/x509/x509_d2.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_d2.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,6 +63,7 @@
 #include "crypto.h"
 #include "x509.h"
 
+#ifndef NO_STDIO
 int X509_STORE_set_default_paths(ctx)
 X509_STORE *ctx;
 	{
@@ -101,6 +102,9 @@ char *path;
 		if (lookup == NULL) return(0);
 		X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM);
 		}
+	if ((path == NULL) && (file == NULL))
+		return(0);
 	return(1);
 	}
 
+#endif
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
index 497923828..d9ab39b15 100644
--- a/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_def.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index bfcc47fe0..930472161 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -60,6 +60,7 @@
 #include "x509.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA X509_str_functs[]=
 	{
 {ERR_PACK(0,X509_F_ADD_CERT_DIR,0),	"ADD_CERT_DIR"},
@@ -74,6 +75,7 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0),	"X509_EXTENSION_create_by_OBJ"},
 {ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0),	"X509_get_pubkey_parameters"},
 {ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0),	"X509_LOAD_CERT_FILE"},
+{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0),	"X509_LOAD_CRL_FILE"},
 {ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0),	"X509_NAME_add_entry"},
 {ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0),	"X509_NAME_ENTRY_create_by_NID"},
 {ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0),	"X509_NAME_ENTRY_set_object"},
@@ -86,6 +88,7 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0),	"X509_REQ_print_fp"},
 {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0),	"X509_REQ_to_X509"},
 {ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0),	"X509_STORE_ADD_CERT"},
+{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0),	"X509_STORE_ADD_CRL"},
 {ERR_PACK(0,X509_F_X509_TO_X509_REQ,0),	"X509_to_X509_REQ"},
 {ERR_PACK(0,X509_F_X509_VERIFY_CERT,0),	"X509_verify_cert"},
 {0,NULL},
@@ -105,17 +108,23 @@ static ERR_STRING_DATA X509_str_reasons[]=
 {X509_R_UNKNOWN_NID                      ,"unknown nid"},
 {X509_R_UNKNOWN_STRING_TYPE              ,"unknown string type"},
 {X509_R_UNSUPPORTED_ALGORITHM            ,"unsupported algorithm"},
+{X509_R_WRONG_LOOKUP_TYPE                ,"wrong lookup type"},
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_X509_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_X509,X509_str_functs);
 		ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c
index 7495183e8..1d76ecfcf 100644
--- a/crypto/x509/x509_ext.c
+++ b/crypto/x509/x509_ext.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_ext.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -70,28 +70,28 @@ X509_CRL *x;
 	return(X509v3_get_ext_count(x->crl->extensions));
 	}
 
-int X509_CRL_get_ext_by_NID(x,nid,oldpos)
+int X509_CRL_get_ext_by_NID(x,nid,lastpos)
 X509_CRL *x;
 int nid;
-int oldpos;
+int lastpos;
 	{
-	return(X509v3_get_ext_by_NID(x->crl->extensions,nid,oldpos));
+	return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
 	}
 
-int X509_CRL_get_ext_by_OBJ(x,obj,oldpos)
+int X509_CRL_get_ext_by_OBJ(x,obj,lastpos)
 X509_CRL *x;
 ASN1_OBJECT *obj;
-int oldpos;
+int lastpos;
 	{
-	return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,oldpos));
+	return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
 	}
 
-int X509_CRL_get_ext_by_critical(x,crit,oldpos)
+int X509_CRL_get_ext_by_critical(x,crit,lastpos)
 X509_CRL *x;
 int crit;
-int oldpos;
+int lastpos;
 	{
-	return(X509v3_get_ext_by_critical(x->crl->extensions,crit,oldpos));
+	return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
 	}
 
 X509_EXTENSION *X509_CRL_get_ext(x,loc)
@@ -122,28 +122,28 @@ X509 *x;
 	return(X509v3_get_ext_count(x->cert_info->extensions));
 	}
 
-int X509_get_ext_by_NID(x,nid,oldpos)
+int X509_get_ext_by_NID(x,nid,lastpos)
 X509 *x;
 int nid;
-int oldpos;
+int lastpos;
 	{
-	return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,oldpos));
+	return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
 	}
 
-int X509_get_ext_by_OBJ(x,obj,oldpos)
+int X509_get_ext_by_OBJ(x,obj,lastpos)
 X509 *x;
 ASN1_OBJECT *obj;
-int oldpos;
+int lastpos;
 	{
-	return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,oldpos));
+	return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
 	}
 
-int X509_get_ext_by_critical(x,crit,oldpos)
+int X509_get_ext_by_critical(x,crit,lastpos)
 X509 *x;
 int crit;
-int oldpos;
+int lastpos;
 	{
-	return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,oldpos));
+	return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
 	}
 
 X509_EXTENSION *X509_get_ext(x,loc)
@@ -174,28 +174,28 @@ X509_REVOKED *x;
 	return(X509v3_get_ext_count(x->extensions));
 	}
 
-int X509_REVOKED_get_ext_by_NID(x,nid,oldpos)
+int X509_REVOKED_get_ext_by_NID(x,nid,lastpos)
 X509_REVOKED *x;
 int nid;
-int oldpos;
+int lastpos;
 	{
-	return(X509v3_get_ext_by_NID(x->extensions,nid,oldpos));
+	return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
 	}
 
-int X509_REVOKED_get_ext_by_OBJ(x,obj,oldpos)
+int X509_REVOKED_get_ext_by_OBJ(x,obj,lastpos)
 X509_REVOKED *x;
 ASN1_OBJECT *obj;
-int oldpos;
+int lastpos;
 	{
-	return(X509v3_get_ext_by_OBJ(x->extensions,obj,oldpos));
+	return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
 	}
 
-int X509_REVOKED_get_ext_by_critical(x,crit,oldpos)
+int X509_REVOKED_get_ext_by_critical(x,crit,lastpos)
 X509_REVOKED *x;
 int crit;
-int oldpos;
+int lastpos;
 	{
-	return(X509v3_get_ext_by_critical(x->extensions,crit,oldpos));
+	return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
 	}
 
 X509_EXTENSION *X509_REVOKED_get_ext(x,loc)
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 455ad5af4..2c7e10a46 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_lu.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,6 +61,9 @@
 #include "lhash.h"
 #include "x509.h"
 
+static STACK *x509_store_meth=NULL;
+static STACK *x509_store_ctx_meth=NULL;
+
 X509_LOOKUP *X509_LOOKUP_new(method)
 X509_LOOKUP_METHOD *method;
 	{
@@ -170,7 +173,7 @@ char *str;
 int len;
 X509_OBJECT *ret;
 	{
-	if ((ctx->method == NULL) || (ctx->method->get_by_alias))
+	if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
 		return(X509_LU_FAIL);
 	return(ctx->method->get_by_alias(ctx,str,len,ret));
 	}
@@ -226,7 +229,7 @@ X509_STORE *X509_STORE_new()
 	ret->get_cert_methods=sk_new_null();
 	ret->verify=NULL;
 	ret->verify_cb=NULL;
-	ret->app_data=NULL;
+	memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
 	ret->references=1;
 	return(ret);
 	}
@@ -264,6 +267,7 @@ X509_STORE *vfy;
 		}
 	sk_free(sk);
 
+	CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data);
 	lh_doall(vfy->certs,cleanup);
 	lh_free(vfy->certs);
 	Free(vfy);
@@ -425,6 +429,7 @@ STACK *chain;
 	ctx->depth=10;
 	ctx->error=0;
 	ctx->current_cert=NULL;
+	memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
 	}
 
 void X509_STORE_CTX_cleanup(ctx)
@@ -435,5 +440,7 @@ X509_STORE_CTX *ctx;
 		sk_pop_free(ctx->chain,X509_free);
 		ctx->chain=NULL;
 		}
+	CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data));
+	memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
 	}
 
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index 2b53af1e6..c0576fd6f 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_obj.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -76,6 +76,7 @@ int len;
 	BUF_MEM *b=NULL;
 	static char hex[17]="0123456789ABCDEF";
 	int gs_doit[4];
+	char tmp_buf[80];
 
 	if (a == NULL) return("NO X509_NAME");
 	if (buf == NULL)
@@ -92,12 +93,10 @@ int len;
 		{
 		ne=(X509_NAME_ENTRY *)sk_value(a->entries,i);
 		n=OBJ_obj2nid(ne->object);
-		if (n == NID_undef)
-			s="UNKNOWN";
-		else
+		if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
 			{
-			s=OBJ_nid2sn(n);
-			if (s == NULL) s="UNKNOWN2";
+			i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
+			s=tmp_buf;
 			}
 		l1=strlen(s);
 
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index 7e79959c8..6aec2427f 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_r2x.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index c1f10c242..5004365ba 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_req.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -66,9 +66,10 @@
 #include "buffer.h"
 #include "pem.h"
 
-X509_REQ *X509_to_X509_REQ(x,pkey)
+X509_REQ *X509_to_X509_REQ(x,pkey,md)
 X509 *x;
 EVP_PKEY *pkey;
+EVP_MD *md;
 	{
 	X509_REQ *ret;
 	X509_REQ_INFO *ri;
@@ -94,9 +95,11 @@ EVP_PKEY *pkey;
 	i=X509_REQ_set_pubkey(ret,X509_get_pubkey(x));
 	if (!i) goto err;
 
-/* NEEDS FIXING EAY EAY EAY */
-	if (!X509_REQ_sign(ret,pkey,EVP_md5()))
-		goto err;
+	if (pkey != NULL)
+		{
+		if (!X509_REQ_sign(ret,pkey,md))
+			goto err;
+		}
 	return(ret);
 err:
 	X509_REQ_free(ret);
@@ -106,6 +109,8 @@ err:
 EVP_PKEY *X509_REQ_get_pubkey(req)
 X509_REQ *req;
 	{
+	if ((req == NULL) || (req->req_info == NULL))
+		return(NULL);
 	return(X509_PUBKEY_get(req->req_info->pubkey));
 	}
 
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index f65ae91f5..5d0a3a0c0 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_set.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index d5fc5839a..408d1c277 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_txt.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,11 +71,11 @@
 #include "pem.h"
 
 char *X509_verify_cert_error_string(n)
-int n;
+long n;
 	{
 	static char buf[100];
 
-	switch (n)
+	switch ((int)n)
 		{
 	case X509_V_OK:
 		return("ok");
@@ -105,9 +105,9 @@ int n;
 		return("format error in certificate's notBefore field");
 	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
 		return("format error in certificate's notAfter field");
-	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FILED:
+	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
 		return("format error in CRL's lastUpdate field");
-	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FILED:
+	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
 		return("format error in CRL's nextUpdate field");
 	case X509_V_ERR_OUT_OF_MEM:
 		return("out of memory");
@@ -121,8 +121,10 @@ int n;
 		return("unable to verify the first certificate");
 	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
 		return("certificate chain too long");
+	case X509_V_ERR_APPLICATION_VERIFICATION:
+		return("application verification failure");
 	default:
-		sprintf(buf,"error number %d",n);
+		sprintf(buf,"error number %ld",n);
 		return(buf);
 		}
 	}
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index 388130b1d..1c03602f0 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_v3.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -81,59 +81,59 @@ STACK *x;
 	return(sk_num(x));
 	}
 
-int X509v3_get_ext_by_NID(x,nid,oldpos)
+int X509v3_get_ext_by_NID(x,nid,lastpos)
 STACK *x;
 int nid;
-int oldpos;
+int lastpos;
 	{
 	ASN1_OBJECT *obj;
 
 	obj=OBJ_nid2obj(nid);
 	if (obj == NULL) return(-2);
-	return(X509v3_get_ext_by_OBJ(x,obj,oldpos));
+	return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
 	}
 
-int X509v3_get_ext_by_OBJ(sk,obj,oldpos)
+int X509v3_get_ext_by_OBJ(sk,obj,lastpos)
 STACK *sk;
 ASN1_OBJECT *obj;
-int oldpos;
+int lastpos;
 	{
 	int n;
 	X509_EXTENSION *ex;
 
 	if (sk == NULL) return(-1);
-	oldpos++;
-	if (oldpos < 0)
-		oldpos=0;
+	lastpos++;
+	if (lastpos < 0)
+		lastpos=0;
 	n=sk_num(sk);
-	for ( ; oldpos < n; oldpos++)
+	for ( ; lastpos < n; lastpos++)
 		{
-		ex=(X509_EXTENSION *)sk_value(sk,oldpos);
+		ex=(X509_EXTENSION *)sk_value(sk,lastpos);
 		if (OBJ_cmp(ex->object,obj) == 0)
-			return(oldpos);
+			return(lastpos);
 		}
 	return(-1);
 	}
 
-int X509v3_get_ext_by_critical(sk,crit,oldpos)
+int X509v3_get_ext_by_critical(sk,crit,lastpos)
 STACK *sk;
 int crit;
-int oldpos;
+int lastpos;
 	{
 	int n;
 	X509_EXTENSION *ex;
 
 	if (sk == NULL) return(-1);
-	oldpos++;
-	if (oldpos < 0)
-		oldpos=0;
+	lastpos++;
+	if (lastpos < 0)
+		lastpos=0;
 	n=sk_num(sk);
-	for ( ; oldpos < n; oldpos++)
+	for ( ; lastpos < n; lastpos++)
 		{
-		ex=(X509_EXTENSION *)sk_value(sk,oldpos);
+		ex=(X509_EXTENSION *)sk_value(sk,lastpos);
 		if (	(ex->critical && crit) ||
 			(!ex->critical && !crit))
-			return(oldpos);
+			return(lastpos);
 		}
 	return(-1);
 	}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index f6dba6f9e..c1be91edb 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_vfy.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -62,6 +62,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
+#include "crypto.h"
 #include "cryptlib.h"
 #include "lhash.h"
 #include "buffer.h"
@@ -79,7 +80,13 @@ static int null_callback();
 static int internal_verify();
 #endif
 
-char *X509_version="X509 part of SSLeay 0.8.1b 29-Jun-1998";
+char *X509_version="X509 part of SSLeay 0.9.0b 29-Jun-1998";
+static STACK *x509_store_ctx_method=NULL;
+static int x509_store_ctx_num=0;
+#if 0
+static int x509_store_num=1;
+static STACK *x509_store_method=NULL;
+#endif
 
 static int null_callback(ok,e)
 int ok;
@@ -427,13 +434,13 @@ ASN1_UTCTIME *ctm;
 		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
 		offset+=(str[3]-'0')*10+(str[4]-'0');
 		if (*str == '-')
-			offset-=offset;
+			offset=-offset;
 		}
 	atm.type=V_ASN1_UTCTIME;
 	atm.length=sizeof(buff2);
 	atm.data=(unsigned char *)buff2;
 
-	X509_gmtime_adj(&atm,offset);
+	X509_gmtime_adj(&atm,-offset);
 
 	i=(buff1[0]-'0')*10+(buff1[1]-'0');
 	if (i < 70) i+=100;
@@ -505,6 +512,8 @@ STACK *chain;
 EVP_PKEY *X509_get_pubkey(x)
 X509 *x;
 	{
+	if ((x == NULL) || (x->cert_info == NULL))
+		return(NULL);
 	return(X509_PUBKEY_get(x->cert_info->key));
 	}
 
@@ -582,4 +591,114 @@ X509 *x;
 	return(ret);	
 	}
 
+int X509_STORE_add_crl(ctx,x)
+X509_STORE *ctx;
+X509_CRL *x;
+	{
+	X509_OBJECT *obj,*r;
+	int ret=1;
+
+	if (x == NULL) return(0);
+	obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
+	if (obj == NULL)
+		{
+		X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	obj->type=X509_LU_CRL;
+	obj->data.crl=x;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+	X509_OBJECT_up_ref_count(obj);
+
+	r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
+	if (r != NULL)
+		{ /* oops, put it back */
+		lh_delete(ctx->certs,(char *)obj);
+		X509_OBJECT_free_contents(obj);
+		Free(obj);
+		lh_insert(ctx->certs,(char *)r);
+		X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+		ret=0;
+		}
+
+	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+	return(ret);	
+	}
+
+int X509_STORE_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+        x509_store_ctx_num++;
+        return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
+		&x509_store_ctx_method,
+                argl,argp,new_func,dup_func,free_func));
+        }
+
+int X509_STORE_CTX_set_ex_data(ctx,idx,data)
+X509_STORE_CTX *ctx;
+int idx;
+char *data;
+	{
+	return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
+	}
+
+char *X509_STORE_CTX_get_ex_data(ctx,idx)
+X509_STORE_CTX *ctx;
+int idx;
+	{
+	return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
+	}
+
+int X509_STORE_CTX_get_error(ctx)
+X509_STORE_CTX *ctx;
+	{
+	return(ctx->error);
+	}
+
+void X509_STORE_CTX_set_error(ctx,err)
+X509_STORE_CTX *ctx;
+int err;
+	{
+	ctx->error=err;
+	}
+
+int X509_STORE_CTX_get_error_depth(ctx)
+X509_STORE_CTX *ctx;
+	{
+	return(ctx->error_depth);
+	}
+
+X509 *X509_STORE_CTX_get_current_cert(ctx)
+X509_STORE_CTX *ctx;
+	{
+	return(ctx->current_cert);
+	}
+
+STACK *X509_STORE_CTX_get_chain(ctx)
+X509_STORE_CTX *ctx;
+	{
+	return(ctx->chain);
+	}
+
+void X509_STORE_CTX_set_cert(ctx,x)
+X509_STORE_CTX *ctx;
+X509 *x;
+	{
+	ctx->cert=x;
+	}
+
+void X509_STORE_CTX_set_chain(ctx,sk)
+X509_STORE_CTX *ctx;
+STACK *sk;
+	{
+	ctx->untrusted=sk;
+	}
+
 
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index b92e1ba43..dfc060f89 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -1,5 +1,5 @@
 /* crypto/x509/x509_vfy.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,6 +63,9 @@
 extern "C" {
 #endif
 
+#include "bio.h"
+#include "crypto.h"
+
 /* Outer object */
 typedef struct x509_hash_dir_st
 	{
@@ -149,12 +152,12 @@ typedef struct x509_store_st
 	int (*verify)();	/* called to verify a certificate */
 	int (*verify_cb)();	/* error callback */
 
-	char *app_data;
+	CRYPTO_EX_DATA ex_data;
 	int references;
 	int depth;		/* how deep to look */
 	}  X509_STORE;
 
-#define X509_STORE_set_depth(ctx,depth)	((ctx)->depth=(depth))
+#define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))
 
 #define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
 #define X509_STORE_set_verify_func(ctx,func)	((ctx)->verify=(func))
@@ -193,19 +196,13 @@ typedef struct x509_store_state_st
 	int error;
 	X509 *current_cert;
 
-	char *app_data;
+	CRYPTO_EX_DATA ex_data;
 	} X509_STORE_CTX;
 
-#define X509_STORE_CTX_set_app_data(ctx,data)	((ctx)->app_data=(data))
-#define X509_STORE_CTX_get_app_data(ctx)	((ctx)->app_data)
-#define X509_STORE_CTX_get_error(ctx)		((ctx)->error)
-#define X509_STORE_CTX_set_error(ctx,s)		((ctx)->error=(s))
-#define X509_STORE_CTX_get_error_depth(ctx)	((ctx)->error_depth)
-#define X509_STORE_CTX_get_current_cert(ctx)	((ctx)->current_cert)
-#define X509_STORE_CTX_get_chain(ctx)		((ctx)->chain)
-
-#define X509_STORE_CTX_set_cert(c,ch)	((c)->cert=(ch))
-#define X509_STORE_CTX_set_chain(c,ch)	((c)->untrusted=(ch))
+#define X509_STORE_CTX_set_app_data(ctx,data) \
+	X509_STORE_CTX_set_ex_data(ctx,0,data)
+#define X509_STORE_CTX_get_app_data(ctx) \
+	X509_STORE_CTX_get_ex_data(ctx,0)
 
 #define X509_L_FILE_LOAD	1
 #define X509_L_ADD_DIR		2
@@ -233,14 +230,18 @@ X509_LOOKUP_METHOD *X509_LOOKUP_dir();
 #define		X509_V_ERR_CRL_HAS_EXPIRED			12
 #define		X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD	13
 #define		X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD	14
-#define		X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FILED	15
-#define		X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FILED	16
+#define		X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD	15
+#define		X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD	16
 #define		X509_V_ERR_OUT_OF_MEM				17
 #define		X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT		18
 #define		X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN		19
 #define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY	20
 #define		X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE	21
 #define		X509_V_ERR_CERT_CHAIN_TOO_LONG			22
+#define		X509_V_ERR_CERT_REVOKED				23
+
+/* The application is not happy */
+#define		X509_V_ERR_APPLICATION_VERIFICATION		50
 
 #ifndef NOPROTO
 #ifdef HEADER_LHASH_H
@@ -261,12 +262,17 @@ X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 
 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
 
 int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
 	X509_OBJECT *ret);
 
 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret);
+
+#ifndef NO_STDIO
 int X509_load_cert_file(X509_LOOKUP *ctx, char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, char *file, int type);
+#endif
 
 void X509v3_cleanup_extensions(void );
 int X509v3_add_extension(X509_EXTENSION_METHOD *x);
@@ -286,9 +292,23 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
 	int len, X509_OBJECT *ret);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
+#ifndef NO_STDIO
 int	X509_STORE_load_locations (X509_STORE *ctx,
 		char *file, char *dir);
 int	X509_STORE_set_default_paths(X509_STORE *ctx);
+#endif
+
+int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+int	X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,char *data);
+char *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
+int	X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+void	X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
+int	X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+X509 *	X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+STACK *	X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+void	X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
+void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK /* X509 */ *sk);
 
 #else
 
@@ -309,11 +329,16 @@ X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir();
 X509_LOOKUP_METHOD *X509_LOOKUP_file();
 
 int X509_STORE_add_cert();
+int X509_STORE_add_crl();
 
 int X509_STORE_get_by_subject();
 
 int X509_LOOKUP_ctrl();
+
+#ifndef NO_STDIO
 int X509_load_cert_file();
+int X509_load_crl_file();
+#endif
 
 void X509v3_cleanup_extensions();
 int X509v3_add_extension();
@@ -329,8 +354,20 @@ int X509_LOOKUP_by_fingerprint();
 int X509_LOOKUP_by_alias();
 int X509_LOOKUP_shutdown();
 
+#ifndef NO_STDIO
 int	X509_STORE_load_locations ();
 int	X509_STORE_set_default_paths();
+#endif
+
+int	X509_STORE_CTX_set_ex_data();
+char *	X509_STORE_CTX_get_ex_data();
+int	X509_STORE_CTX_get_error();
+void	X509_STORE_CTX_set_error();
+int	X509_STORE_CTX_get_error_depth();
+X509 *	X509_STORE_CTX_get_current_cert();
+STACK *	X509_STORE_CTX_get_chain();
+void	X509_STORE_CTX_set_cert();
+void	X509_STORE_CTX_set_chain();
 
 #endif
 
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index 8223ec069..650e71b1b 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509name.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -103,37 +103,38 @@ X509_NAME *name;
 	return(sk_num(name->entries));
 	}
 
-int X509_NAME_get_index_by_NID(name,nid,oldpos)
+int X509_NAME_get_index_by_NID(name,nid,lastpos)
 X509_NAME *name;
 int nid;
-int oldpos;
+int lastpos;
 	{
 	ASN1_OBJECT *obj;
 
 	obj=OBJ_nid2obj(nid);
 	if (obj == NULL) return(-2);
-	return(X509_NAME_get_index_by_OBJ(name,obj,oldpos));
+	return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
 	}
 
-int X509_NAME_get_index_by_OBJ(name,obj,oldpos)
+/* NOTE: you should be passsing -1, not 0 as lastpos */
+int X509_NAME_get_index_by_OBJ(name,obj,lastpos)
 X509_NAME *name;
 ASN1_OBJECT *obj;
-int oldpos;
+int lastpos;
 	{
 	int n;
 	X509_NAME_ENTRY *ne;
 	STACK *sk;
 
 	if (name == NULL) return(-1);
-	if (oldpos < 0)
-		oldpos= -1;
+	if (lastpos < 0)
+		lastpos= -1;
 	sk=name->entries;
 	n=sk_num(sk);
-	for (oldpos++; oldpos < n; oldpos++)
+	for (lastpos++; lastpos < n; lastpos++)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(sk,oldpos);
+		ne=(X509_NAME_ENTRY *)sk_value(sk,lastpos);
 		if (OBJ_cmp(ne->object,obj) == 0)
-			return(oldpos);
+			return(lastpos);
 		}
 	return(-1);
 	}
diff --git a/crypto/x509/x509pack.c b/crypto/x509/x509pack.c
index 949943fca..846f12585 100644
--- a/crypto/x509/x509pack.c
+++ b/crypto/x509/x509pack.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509pack.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -141,7 +141,7 @@ ASN1_OCTET_STRING *os;
 			(ASN1_BIT_STRING **)ex,&p,os->length);
 		break;
 	case V_ASN1_OCTET_STRING:
-		ret=(ASN1_STRING *)d2i_ASN1_BIT_STRING(
+		ret=(ASN1_STRING *)d2i_ASN1_OCTET_STRING(
 			(ASN1_BIT_STRING **)ex,&p,os->length);
 		break;
 	case V_ASN1_IA5STRING:
diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c
index 2ff456f2e..323b25470 100644
--- a/crypto/x509/x509rset.c
+++ b/crypto/x509/x509rset.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509rset.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
index 05d6919d6..42c23bcfc 100644
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x509type.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 2f554f597..b7dde23e9 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -1,5 +1,5 @@
 /* crypto/x509/x_all.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -148,7 +148,7 @@ X509_EXTENSION *ex;
 		(char *(*)())d2i_X509_EXTENSION,(char *)ex));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 X509 *d2i_X509_fp(fp,x509)
 FILE *fp;
 X509 *x509;
@@ -187,7 +187,7 @@ X509_CRL *crl;
 		(char *(*)())d2i_X509_CRL,(char *)crl));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 X509_CRL *d2i_X509_CRL_fp(fp,crl)
 FILE *fp;
 X509_CRL *crl;
@@ -228,7 +228,7 @@ PKCS7 *p7;
 		(char *(*)())d2i_PKCS7,(char *)p7));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 PKCS7 *d2i_PKCS7_fp(fp,p7)
 FILE *fp;
 PKCS7 *p7;
@@ -269,7 +269,7 @@ X509_REQ *req;
 		(char *(*)())d2i_X509_REQ,(char *)req));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 X509_REQ *d2i_X509_REQ_fp(fp,req)
 FILE *fp;
 X509_REQ *req;
@@ -318,7 +318,7 @@ RSA *rsa;
 		(char *(*)())d2i_RSAPrivateKey,(char *)rsa));
 	}
 
-#ifndef WIN16
+#ifndef NO_FP_API
 RSA *d2i_RSAPrivateKey_fp(fp,rsa)
 FILE *fp;
 RSA *rsa;
@@ -386,7 +386,7 @@ RSA *rsa;
 #endif
 
 #ifndef NO_DSA
-#ifndef WIN16
+#ifndef NO_FP_API
 DSA *d2i_DSAPrivateKey_fp(fp,dsa)
 FILE *fp;
 DSA *dsa;
diff --git a/demos/b64.c b/demos/b64.c
index 5e3d20e32..42abc42d3 100644
--- a/demos/b64.c
+++ b/demos/b64.c
@@ -1,5 +1,5 @@
 /* demos/b64.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c
index 81bf35375..920eab397 100644
--- a/demos/bio/saccept.c
+++ b/demos/bio/saccept.c
@@ -70,7 +70,7 @@ char *argv[];
 
 again:
 	/* The first call will setup the accept socket, and the second
-	 * will get a socket.  In this loop, the first actuall accept
+	 * will get a socket.  In this loop, the first actual accept
 	 * will occur in the BIO_read() function. */
 
 	if (BIO_do_accept(in) <= 0) goto err;
diff --git a/demos/prime/prime.c b/demos/prime/prime.c
index 25873731d..e4a17765b 100644
--- a/demos/prime/prime.c
+++ b/demos/prime/prime.c
@@ -1,5 +1,5 @@
 /* demos/prime/prime.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/demos/sign/sign.c b/demos/sign/sign.c
index 280cc633a..5cbce3cdc 100644
--- a/demos/sign/sign.c
+++ b/demos/sign/sign.c
@@ -1,5 +1,5 @@
 /* demos/sign/sign.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/doc/blowfish.doc b/doc/blowfish.doc
index 3a7291f37..8a7f425b3 100644
--- a/doc/blowfish.doc
+++ b/doc/blowfish.doc
@@ -54,20 +54,17 @@ unsigned char *key;
 	72 bytes.  As a warning, blowfish has a very very slow set_key
 	function, it actually runs BF_encrypt 521 times.
 	
-void BF_encrypt(
-unsigned long *data,
-BF_KEY *key,
-int encrypt);
-	This is the Blowfish encryption function that gets called by just about
-	every other Blowfish routine in the library.  You should not use this
-	function except to implement 'modes' of Blowfish.
+void BF_encrypt(unsigned long *data, BF_KEY *key);
+void BF_decrypt(unsigned long *data, BF_KEY *key);
+	These are the Blowfish encryption function that gets called by just
+	about every other Blowfish routine in the library.  You should not
+	use this function except to implement 'modes' of Blowfish.
 	I say this because the
 	functions that call this routine do the conversion from 'char *' to
 	long, and this needs to be done to make sure 'non-aligned' memory
 	access do not occur.
 	Data is a pointer to 2 unsigned long's and key is the
-	BF_KEY to use.  Encryption or decryption is indicated by 'encrypt'.
-	which can have the values BF_ENCRYPT or BF_DECRYPT.
+	BF_KEY to use. 
 
 void BF_ecb_encrypt(
 unsigned char *in,
diff --git a/doc/bn.doc b/doc/bn.doc
index 2358c20f4..47be23b6e 100644
--- a/doc/bn.doc
+++ b/doc/bn.doc
@@ -246,8 +246,8 @@ int BN_is_bit_set(BIGNUM *a, int n);
 	This function return 1 if bit 'n' is set in 'a' else 0.
 
 int BN_set_bit(BIGNUM *a, int n);
-	This function sets bit 'n' to 1 in 'a'.  Return 0 if less than
-	'n' bits in 'a', else 1.  This is a&= ~(1<<n);
+	This function sets bit 'n' to 1 in 'a'. 
+	This is a&= ~(1<<n);
 
 int BN_clear_bit(BIGNUM *a, int n);
 	This function sets bit 'n' to zero in 'a'.  Return 0 if less
@@ -334,7 +334,8 @@ int BN_gcd(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx);
 	'r' has the greatest common divisor of 'a' and 'b'.  'ctx' is
 	used for temporary variables and 0 is returned on error.
 
-int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(),BN_CTX *ctx);
+int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(),BN_CTX *ctx,
+	char *cb_arg);
 	This function is used to check if a BIGNUM ('p') is prime.
 	It performs this test by using the Miller-Rabin randomised
 	primality test.  This is a probalistic test that requires a
@@ -342,7 +343,7 @@ int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(),BN_CTX *ctx);
 	degree of probability.  Since this can take quite some time, a
 	callback function can be passed and it will be called each
 	time 'p' passes a round of the prime testing.  'callback' will
-	be called as follows, callback(1,n) where n is the number of
+	be called as follows, callback(1,n,cb_arg) where n is the number of
 	the round, just passed.  As per usual 'ctx' contains temporary
 	variables used.  If ctx is NULL, it does not matter, a local version
 	will be malloced.  This parameter is present to save some mallocing
@@ -357,6 +358,7 @@ int strong,
 BIGNUM *a,
 BIGNUM *rems,
 void (*callback)());
+char *cb_arg
 	This function is used to generate prime numbers.  It returns a
 	new BIGNUM that has a high probability of being a prime.
 	'bits' is the number of bits that
@@ -373,7 +375,7 @@ void (*callback)());
 	can take quite some time, if callback is not NULL, it is called
 	in the following situations.
 	We have a suspected prime (from a quick sieve),
-	callback(0,sus_prime++).  Each item to be passed to BN_is_prime().
-	callback(1,round++).  Each successful 'round' in BN_is_prime().
-	callback(2,round). For each successful BN_is_prime() test.
+	callback(0,sus_prime++,cb_arg). Each item to be passed to BN_is_prime().
+	callback(1,round++,cb_arg).  Each successful 'round' in BN_is_prime().
+	callback(2,round,cb_arg). For each successful BN_is_prime() test.
 
diff --git a/doc/des.doc b/doc/des.doc
index 1e3015812..5879d968f 100644
--- a/doc/des.doc
+++ b/doc/des.doc
@@ -186,7 +186,7 @@ des_key_schedule ks2,
 des_key_schedule ks3, 
 des_cblock *ivec,
 int enc);
-	This function implements inner triple CBC DES encryption with 3
+	This function implements outer triple CBC DES encryption with 3
 	keys.  What this means is that each 'DES' operation
 	inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))).
 	Again, this is cbc mode so an ivec is requires.
diff --git a/doc/rsa.doc b/doc/rsa.doc
index f899a39bb..f260452bc 100644
--- a/doc/rsa.doc
+++ b/doc/rsa.doc
@@ -113,6 +113,7 @@ RSA *RSA_generate_key(
 int bits;
 unsigned long e;
 void (*callback)();
+char *cb_arg;
 	This routine is used to generate RSA private keys.  It takes
 	quite a period of time to run and should only be used to
 	generate initial private keys that should then be stored
@@ -126,8 +127,9 @@ void (*callback)();
 	The callback function (if not NULL) is called in the following
 	situations.
 	when we have generated a suspected prime number to test,
-	callback(0,num1++).  When it passes a prime number test,
-	callback(1,num2++).  When it is rejected as one of
+	callback(0,num1++,cb_arg).  When it passes a prime number test,
+	callback(1,num2++,cb_arg).  When it is rejected as one of
 	the 2 primes required due to gcd(prime,e value) != 0,
-	callback(2,num3++).  When finally accepted as one of the 2 primes,
-	callback(3,num4++).
+	callback(2,num3++,cb_arg).  When finally accepted as one
+	of the 2 primes, callback(3,num4++,cb_arg).
+
diff --git a/e_os.h b/e_os.h
index 2f2280591..3d142ec2b 100644
--- a/e_os.h
+++ b/e_os.h
@@ -1,5 +1,5 @@
 /* e_os.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,8 +63,16 @@
 extern "C" {
 #endif
 
+/* Used to checking reference counts, most while doing perl5 stuff :-) */
+#ifdef REF_PRINT
+#undef REF_PRINT
+#define REF_PRINT(a,b)	fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a)
+#endif
+
 #ifndef DEVRANDOM
-#undef DEVRANDOM  /* set this to your 'random' device if you have one */
+/* set this to your 'random' device if you have one.
+ * My default, we will try to read this file */
+#define DEVRANDOM "/dev/urandom"
 #endif
 
 #if defined(NOCONST)
@@ -91,7 +99,25 @@ extern "C" {
 #  endif
 #endif
 
+#ifdef WIN32
+#define get_last_sys_error()	GetLastError()
+#define clear_sys_error()	SetLastError(0)
+#else
+#define get_last_sys_error()	errno
+#define clear_sys_error()	errno=0
+#endif
+
+#ifdef WINDOWS
+#define get_last_socket_error()	WSAGetLastError()
+#define clear_socket_error()	WSASetLastError(0)
+#else
+#define get_last_socket_error()	errno
+#define clear_socket_error()	errno=0
+#define ioctlsocket(a,b,c)	ioctl(a,b,c)
+#endif
+
 #ifdef WIN16
+#  define NO_FP_API
 #  define MS_CALLBACK	_far _loadds
 #  define MS_FAR	_far
 #else
@@ -99,6 +125,10 @@ extern "C" {
 #  define MS_FAR
 #endif
 
+#ifdef NO_STDIO
+#  define NO_FP_API
+#endif
+
 #if defined(WINDOWS) || defined(MSDOS)
 
 #ifndef S_IFDIR
@@ -121,9 +151,8 @@ extern "C" {
 #  include <io.h>
 #  include <fcntl.h>
 
-#if defined(WIN16) && (!defined(MONOLITH) || defined(SSLEAY)) && defined(_WINEXITNOPERSIST)
-#  define EXIT(n)		{ if (n == 0) _wsetexit(_WINEXITNOPERSIST); \
-				return(n); }
+#if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+#  define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
 #else
 #  define EXIT(n)		return(n);
 #endif
@@ -138,7 +167,7 @@ extern "C" {
 #  define R_OK	4
 #endif
 #  define SSLEAY_CONF	"ssleay.cnf"
-#  define NUL_DEV		"nul"
+#  define NUL_DEV	"nul"
 #  define RFILE		".rnd"
 
 #else /* The non-microsoft world world */
@@ -191,6 +220,9 @@ extern HINSTANCE _hInstance;
 #      include <netdb.h>
 #      include <sys/types.h>
 #      include <sys/socket.h>
+#      ifdef FILIO_H
+#        include <sys/filio.h> /* Added for FIONBIO under unixware */
+#      endif
 #      include <sys/param.h>
 #      include <sys/time.h> /* Needed under linux for FD_XXX */
 #      include <netinet/in.h>
@@ -234,12 +266,14 @@ extern HINSTANCE _hInstance;
 #ifndef NOPROTO
 #define P_CC_CC	const void *,const void *
 #define P_I_I		int,int 
+#define P_I_I_P		int,int,char *
 #define P_I_I_P_I	int,int,char *,int
 #define P_IP_I_I_P_I	int *,int,int,char *,int
 #define P_V		void 
 #else
 #define P_CC_CC
 #define P_I_I
+#define P_I_I_P
 #define P_IP_I_I_P_I
 #define P_I_I_P_I
 #define P_V
diff --git a/makefile.one b/makefile.one
index afb3127ab..b0931e0d6 100644
--- a/makefile.one
+++ b/makefile.one
@@ -18,6 +18,7 @@ CC=cc
 CFLAG=-O -DTERMIO
 APP_CFLAG=
 LIB_CFLAG=
+SHLIB_CFLAG=
 APP_EX_OBJ=
 SHLIB_EX_OBJ=
 # add extra libraries to this define, for solaris -lsocket -lnsl would
@@ -38,11 +39,25 @@ DES_CRYPT_OBJ=
 DES_CRYPT_SRC=
 BF_ENC_OBJ=
 BF_ENC_SRC=
+CAST_ENC_OBJ=
+CAST_ENC_SRC=
+RC4_ENC_OBJ=
+RC4_ENC_SRC=
+RC5_ENC_OBJ=
+RC5_ENC_SRC=
+MD5_ASM_OBJ=
+MD5_ASM_SRC=
+SHA1_ASM_OBJ=
+SHA1_ASM_SRC=
+RMD160_ASM_OBJ=
+RMD160_ASM_SRC=
 
 # The output directory for everything intersting
 OUT_D=out
 # The output directory for all the temporary muck
 TMP_D=tmp
+# The output directory for the header files
+INC_D=outinc
 
 CP=/bin/cp
 RM=/bin/rm -f
@@ -64,11 +79,9 @@ RSAGLUE=RSAglue
 # BIN_D  - Binary output directory
 # TEST_D - Binary test file output directory
 # LIB_D  - library output directory
-# INC_D  - include directory
 BIN_D=$(OUT_D)
 TEST_D=$(OUT_D)
 LIB_D=$(OUT_D)
-INC_D=$(OUT_D)
 
 # INCL_D - local library directory
 # OBJ_D  - temp object file directory
@@ -78,8 +91,10 @@ INCL_D=$(TMP_D)
 O_SSL=     $(LIB_D)/lib$(SSL).a
 O_CRYPTO=  $(LIB_D)/lib$(CRYPTO).a
 O_RSAGLUE= $(LIB_D)/lib$(RSAGLUE).a
-L_SSL=     $(LIB_D)/lib$(SSL).a
-L_CRYPTO=  $(LIB_D)/lib$(CRYPTO).a
+SO_SSL=    lib$(SSL)
+SO_CRYPTO= lib$(CRYPTO)
+L_SSL=     $(LIB_D)/$(SSL).a
+L_CRYPTO=  $(LIB_D)/$(CRYPTO).a
 
 L_LIBS= $(L_SSL) $(L_CRYPTO)
 #L_LIBS= $(O_SSL) $(O_RSAGLUE) -lrsaref $(O_CRYPTO)
@@ -88,137 +103,152 @@ L_LIBS= $(L_SSL) $(L_CRYPTO)
 # Don't touch anything below this point
 ######################################################
 
-INC=-DFLAT_INC -I$(INC_D) -I$(INCL_D)
+INC=-I$(INC_D) -I$(INCL_D)
 APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG)
 LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG)
+SHLIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) $(SHLIB_CFLAG)
 LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL)
 
 #############################################
-HEADER=$(INCL_D)/e_os.h \
-	$(INCL_D)/cryptlib.h $(INCL_D)/date.h $(INCL_D)/md5_locl.h \
-	$(INCL_D)/sha_locl.h $(INCL_D)/des_locl.h $(INCL_D)/rpc_des.h \
-	$(INCL_D)/podd.h $(INCL_D)/sk.h $(INCL_D)/spr.h \
-	$(INCL_D)/des_ver.h $(INCL_D)/rc2_locl.h $(INCL_D)/idea_lcl.h \
-	$(INCL_D)/bf_pi.h $(INCL_D)/bf_locl.h $(INCL_D)/bn_lcl.h \
-	$(INCL_D)/bn_prime.h $(INCL_D)/obj_dat.h $(INCL_D)/conf_lcl.h \
-	$(INCL_D)/ssl_locl.h $(INCL_D)/rsaref.h $(INCL_D)/apps.h \
-	$(INCL_D)/progs.h $(INCL_D)/s_apps.h $(INCL_D)/testdsa.h \
-	$(INCL_D)/testrsa.h
-
-EXHEADER=$(INC_D)/crypto.h \
-	$(INC_D)/cryptall.h $(INC_D)/md2.h $(INC_D)/md5.h \
-	$(INC_D)/sha.h $(INC_D)/mdc2.h $(INC_D)/des.h \
-	$(INC_D)/rc4.h $(INC_D)/rc2.h $(INC_D)/idea.h \
-	$(INC_D)/blowfish.h $(INC_D)/bn.h $(INC_D)/rsa.h \
-	$(INC_D)/dsa.h $(INC_D)/dh.h $(INC_D)/buffer.h \
-	$(INC_D)/bio.h $(INC_D)/stack.h $(INC_D)/lhash.h \
+HEADER=$(INCL_D)/cryptlib.h \
+	$(INCL_D)/date.h $(INCL_D)/md5_locl.h $(INCL_D)/sha_locl.h \
+	$(INCL_D)/rmd_locl.h $(INCL_D)/rmdconst.h $(INCL_D)/des_locl.h \
+	$(INCL_D)/rpc_des.h $(INCL_D)/podd.h $(INCL_D)/sk.h \
+	$(INCL_D)/spr.h $(INCL_D)/des_ver.h $(INCL_D)/rc2_locl.h \
+	$(INCL_D)/rc4_locl.h $(INCL_D)/rc5_locl.h $(INCL_D)/idea_lcl.h \
+	$(INCL_D)/bf_pi.h $(INCL_D)/bf_locl.h $(INCL_D)/cast_s.h \
+	$(INCL_D)/cast_lcl.h $(INCL_D)/bn_lcl.h $(INCL_D)/bn_prime.h \
+	$(INCL_D)/obj_dat.h $(INCL_D)/conf_lcl.h $(INCL_D)/ssl_locl.h \
+	$(INCL_D)/rsaref.h $(INCL_D)/apps.h $(INCL_D)/progs.h \
+	$(INCL_D)/s_apps.h $(INCL_D)/testdsa.h $(INCL_D)/testrsa.h
+
+EXHEADER=$(INC_D)/e_os.h \
+	$(INC_D)/crypto.h $(INC_D)/cryptall.h $(INC_D)/md2.h \
+	$(INC_D)/md5.h $(INC_D)/sha.h $(INC_D)/mdc2.h \
+	$(INC_D)/hmac.h $(INC_D)/ripemd.h $(INC_D)/des.h \
+	$(INC_D)/rc2.h $(INC_D)/rc4.h $(INC_D)/rc5.h \
+	$(INC_D)/idea.h $(INC_D)/blowfish.h $(INC_D)/cast.h \
+	$(INC_D)/bn.h $(INC_D)/rsa.h $(INC_D)/dsa.h \
+	$(INC_D)/dh.h $(INC_D)/buffer.h $(INC_D)/bio.h \
+	$(INC_D)/bss_file.c $(INC_D)/stack.h $(INC_D)/lhash.h \
 	$(INC_D)/rand.h $(INC_D)/err.h $(INC_D)/objects.h \
 	$(INC_D)/evp.h $(INC_D)/pem.h $(INC_D)/asn1.h \
 	$(INC_D)/asn1_mac.h $(INC_D)/x509.h $(INC_D)/x509_vfy.h \
 	$(INC_D)/conf.h $(INC_D)/txt_db.h $(INC_D)/pkcs7.h \
 	$(INC_D)/ssl.h $(INC_D)/ssl2.h $(INC_D)/ssl3.h \
-	$(INC_D)/ssl23.h
+	$(INC_D)/ssl23.h $(INC_D)/tls1.h
 
 T_OBJ=$(OBJ_D)/md2test.o \
 	$(OBJ_D)/md5test.o $(OBJ_D)/shatest.o $(OBJ_D)/sha1test.o \
-	$(OBJ_D)/mdc2test.o $(OBJ_D)/destest.o $(OBJ_D)/rc4test.o \
-	$(OBJ_D)/rc2test.o $(OBJ_D)/ideatest.o $(OBJ_D)/bftest.o \
-	$(OBJ_D)/bntest.o $(OBJ_D)/exptest.o $(OBJ_D)/dsatest.o \
-	$(OBJ_D)/dhtest.o $(OBJ_D)/randtest.o $(OBJ_D)/ssltest.o
+	$(OBJ_D)/mdc2test.o $(OBJ_D)/hmactest.o $(OBJ_D)/rmdtest.o \
+	$(OBJ_D)/destest.o $(OBJ_D)/rc2test.o $(OBJ_D)/rc4test.o \
+	$(OBJ_D)/rc5test.o $(OBJ_D)/ideatest.o $(OBJ_D)/bftest.o \
+	$(OBJ_D)/casttest.o $(OBJ_D)/bntest.o $(OBJ_D)/exptest.o \
+	$(OBJ_D)/dsatest.o $(OBJ_D)/dhtest.o $(OBJ_D)/randtest.o \
+	$(OBJ_D)/ssltest.o
 
 E_OBJ=$(OBJ_D)/verify.o \
 	$(OBJ_D)/asn1pars.o $(OBJ_D)/req.o $(OBJ_D)/dgst.o \
 	$(OBJ_D)/dh.o $(OBJ_D)/enc.o $(OBJ_D)/gendh.o \
-	$(OBJ_D)/errstr.o $(OBJ_D)/ca.o $(OBJ_D)/gendsa.o \
-	$(OBJ_D)/pkcs7.o $(OBJ_D)/crl2p7.o $(OBJ_D)/crl.o \
-	$(OBJ_D)/rsa.o $(OBJ_D)/dsa.o $(OBJ_D)/dsaparam.o \
-	$(OBJ_D)/x509.o $(OBJ_D)/genrsa.o $(OBJ_D)/s_server.o \
-	$(OBJ_D)/s_client.o $(OBJ_D)/speed.o $(OBJ_D)/s_time.o \
-	$(OBJ_D)/apps.o $(OBJ_D)/s_cb.o $(OBJ_D)/s_socket.o \
-	$(OBJ_D)/version.o $(OBJ_D)/sess_id.o $(OBJ_D)/ciphers.o \
-	$(OBJ_D)/ssleay.o
+	$(OBJ_D)/errstr.o $(OBJ_D)/ca.o $(OBJ_D)/pkcs7.o \
+	$(OBJ_D)/crl2p7.o $(OBJ_D)/crl.o $(OBJ_D)/rsa.o \
+	$(OBJ_D)/dsa.o $(OBJ_D)/dsaparam.o $(OBJ_D)/x509.o \
+	$(OBJ_D)/genrsa.o $(OBJ_D)/s_server.o $(OBJ_D)/s_client.o \
+	$(OBJ_D)/speed.o $(OBJ_D)/s_time.o $(OBJ_D)/apps.o \
+	$(OBJ_D)/s_cb.o $(OBJ_D)/s_socket.o $(OBJ_D)/version.o \
+	$(OBJ_D)/sess_id.o $(OBJ_D)/ciphers.o $(OBJ_D)/ssleay.o
 
 CRYPTOOBJ=$(OBJ_D)/cryptlib.o \
-	$(OBJ_D)/mem.o $(OBJ_D)/cversion.o $(OBJ_D)/md2_dgst.o \
-	$(OBJ_D)/md5_dgst.o $(OBJ_D)/md2_one.o $(OBJ_D)/md5_one.o \
-	$(OBJ_D)/sha_dgst.o $(OBJ_D)/sha1dgst.o $(OBJ_D)/sha_one.o \
-	$(OBJ_D)/sha1_one.o $(OBJ_D)/mdc2dgst.o $(OBJ_D)/mdc2_one.o \
-	$(OBJ_D)/set_key.o $(OBJ_D)/ecb_enc.o $(OBJ_D)/ede_enc.o \
-	$(OBJ_D)/cbc_enc.o $(OBJ_D)/cbc3_enc.o $(OBJ_D)/ecb3_enc.o \
+	$(OBJ_D)/mem.o $(OBJ_D)/cversion.o $(OBJ_D)/ex_data.o \
+	$(OBJ_D)/cpt_err.o $(OBJ_D)/md2_dgst.o $(OBJ_D)/md2_one.o \
+	$(OBJ_D)/md5_dgst.o $(OBJ_D)/md5_one.o $(OBJ_D)/sha_dgst.o \
+	$(OBJ_D)/sha1dgst.o $(OBJ_D)/sha_one.o $(OBJ_D)/sha1_one.o \
+	$(OBJ_D)/mdc2dgst.o $(OBJ_D)/mdc2_one.o $(OBJ_D)/hmac.o \
+	$(OBJ_D)/rmd_dgst.o $(OBJ_D)/rmd_one.o $(OBJ_D)/set_key.o \
+	$(OBJ_D)/ecb_enc.o $(OBJ_D)/cbc_enc.o $(OBJ_D)/ecb3_enc.o \
 	$(OBJ_D)/cfb64enc.o $(OBJ_D)/cfb64ede.o $(OBJ_D)/cfb_enc.o \
 	$(OBJ_D)/ofb64ede.o $(OBJ_D)/enc_read.o $(OBJ_D)/enc_writ.o \
-	$(OBJ_D)/ncbc_enc.o $(OBJ_D)/ofb64enc.o $(OBJ_D)/ofb_enc.o \
-	$(OBJ_D)/str2key.o $(OBJ_D)/pcbc_enc.o $(OBJ_D)/qud_cksm.o \
-	$(OBJ_D)/rand_key.o $(OBJ_D)/des_enc.o $(OBJ_D)/fcrypt_b.o \
-	$(OBJ_D)/read2pwd.o $(OBJ_D)/fcrypt.o $(OBJ_D)/xcbc_enc.o \
-	$(OBJ_D)/read_pwd.o $(OBJ_D)/rpc_enc.o $(OBJ_D)/cbc_cksm.o \
-	$(OBJ_D)/supp.o $(OBJ_D)/rc4_enc.o $(OBJ_D)/rc2_ecb.o \
-	$(OBJ_D)/rc2_skey.o $(OBJ_D)/rc2_cbc.o $(OBJ_D)/rc2cfb64.o \
-	$(OBJ_D)/rc2ofb64.o $(OBJ_D)/i_cbc.o $(OBJ_D)/i_cfb64.o \
-	$(OBJ_D)/i_ofb64.o $(OBJ_D)/i_ecb.o $(OBJ_D)/i_skey.o \
-	$(OBJ_D)/bf_skey.o $(OBJ_D)/bf_ecb.o $(OBJ_D)/bf_enc.o \
-	$(OBJ_D)/bf_cbc.o $(OBJ_D)/bf_cfb64.o $(OBJ_D)/bf_ofb64.o \
+	$(OBJ_D)/ofb64enc.o $(OBJ_D)/ofb_enc.o $(OBJ_D)/str2key.o \
+	$(OBJ_D)/pcbc_enc.o $(OBJ_D)/qud_cksm.o $(OBJ_D)/rand_key.o \
+	$(OBJ_D)/des_enc.o $(OBJ_D)/fcrypt_b.o $(OBJ_D)/read2pwd.o \
+	$(OBJ_D)/fcrypt.o $(OBJ_D)/xcbc_enc.o $(OBJ_D)/read_pwd.o \
+	$(OBJ_D)/rpc_enc.o $(OBJ_D)/cbc_cksm.o $(OBJ_D)/supp.o \
+	$(OBJ_D)/rc2_ecb.o $(OBJ_D)/rc2_skey.o $(OBJ_D)/rc2_cbc.o \
+	$(OBJ_D)/rc2cfb64.o $(OBJ_D)/rc2ofb64.o $(OBJ_D)/rc4_skey.o \
+	$(OBJ_D)/rc4_enc.o $(OBJ_D)/rc5_skey.o $(OBJ_D)/rc5_ecb.o \
+	$(OBJ_D)/rc5_enc.o $(OBJ_D)/rc5cfb64.o $(OBJ_D)/rc5ofb64.o \
+	$(OBJ_D)/i_cbc.o $(OBJ_D)/i_cfb64.o $(OBJ_D)/i_ofb64.o \
+	$(OBJ_D)/i_ecb.o $(OBJ_D)/i_skey.o $(OBJ_D)/bf_skey.o \
+	$(OBJ_D)/bf_ecb.o $(OBJ_D)/bf_enc.o $(OBJ_D)/bf_cfb64.o \
+	$(OBJ_D)/bf_ofb64.o $(OBJ_D)/c_skey.o $(OBJ_D)/c_ecb.o \
+	$(OBJ_D)/c_enc.o $(OBJ_D)/c_cfb64.o $(OBJ_D)/c_ofb64.o \
 	$(OBJ_D)/bn_add.o $(OBJ_D)/bn_div.o $(OBJ_D)/bn_exp.o \
 	$(OBJ_D)/bn_lib.o $(OBJ_D)/bn_mod.o $(OBJ_D)/bn_mul.o \
 	$(OBJ_D)/bn_print.o $(OBJ_D)/bn_rand.o $(OBJ_D)/bn_shift.o \
-	$(OBJ_D)/bn_sub.o $(OBJ_D)/bn_word.o $(OBJ_D)/bn_gcd.o \
-	$(OBJ_D)/bn_prime.o $(OBJ_D)/bn_err.o $(OBJ_D)/bn_sqr.o \
-	$(OBJ_D)/bn_mulw.o $(OBJ_D)/bn_recp.o $(OBJ_D)/bn_mont.o \
-	$(OBJ_D)/rsa_enc.o $(OBJ_D)/rsa_gen.o $(OBJ_D)/rsa_lib.o \
-	$(OBJ_D)/rsa_sign.o $(OBJ_D)/rsa_saos.o $(OBJ_D)/rsa_err.o \
-	$(OBJ_D)/dsa_gen.o $(OBJ_D)/dsa_key.o $(OBJ_D)/dsa_lib.o \
-	$(OBJ_D)/dsa_vrf.o $(OBJ_D)/dsa_sign.o $(OBJ_D)/dsa_err.o \
-	$(OBJ_D)/dh_gen.o $(OBJ_D)/dh_key.o $(OBJ_D)/dh_lib.o \
-	$(OBJ_D)/dh_check.o $(OBJ_D)/dh_err.o $(OBJ_D)/buffer.o \
-	$(OBJ_D)/buf_err.o $(OBJ_D)/bio_lib.o $(OBJ_D)/bio_cb.o \
-	$(OBJ_D)/bio_err.o $(OBJ_D)/bss_mem.o $(OBJ_D)/bss_null.o \
-	$(OBJ_D)/bss_fd.o $(OBJ_D)/bss_file.o $(OBJ_D)/bss_sock.o \
-	$(OBJ_D)/bss_conn.o $(OBJ_D)/bf_null.o $(OBJ_D)/bf_buff.o \
-	$(OBJ_D)/b_print.o $(OBJ_D)/b_dump.o $(OBJ_D)/b_sock.o \
-	$(OBJ_D)/bss_acpt.o $(OBJ_D)/bf_nbio.o $(OBJ_D)/stack.o \
-	$(OBJ_D)/lhash.o $(OBJ_D)/lh_stats.o $(OBJ_D)/md_rand.o \
-	$(OBJ_D)/randfile.o $(OBJ_D)/err.o $(OBJ_D)/err_all.o \
-	$(OBJ_D)/err_prn.o $(OBJ_D)/obj_dat.o $(OBJ_D)/obj_lib.o \
-	$(OBJ_D)/obj_err.o $(OBJ_D)/encode.o $(OBJ_D)/digest.o \
-	$(OBJ_D)/evp_enc.o $(OBJ_D)/evp_key.o $(OBJ_D)/e_ecb_d.o \
-	$(OBJ_D)/e_cbc_d.o $(OBJ_D)/e_cfb_d.o $(OBJ_D)/e_ofb_d.o \
-	$(OBJ_D)/e_ecb_i.o $(OBJ_D)/e_cbc_i.o $(OBJ_D)/e_cfb_i.o \
-	$(OBJ_D)/e_ofb_i.o $(OBJ_D)/e_ecb_3d.o $(OBJ_D)/e_cbc_3d.o \
-	$(OBJ_D)/e_rc4.o $(OBJ_D)/names.o $(OBJ_D)/e_cfb_3d.o \
-	$(OBJ_D)/e_ofb_3d.o $(OBJ_D)/e_xcbc_d.o $(OBJ_D)/e_ecb_r2.o \
-	$(OBJ_D)/e_cbc_r2.o $(OBJ_D)/e_cfb_r2.o $(OBJ_D)/e_ofb_r2.o \
-	$(OBJ_D)/e_ecb_bf.o $(OBJ_D)/e_cbc_bf.o $(OBJ_D)/e_cfb_bf.o \
-	$(OBJ_D)/e_ofb_bf.o $(OBJ_D)/m_null.o $(OBJ_D)/m_md2.o \
-	$(OBJ_D)/m_md5.o $(OBJ_D)/m_sha.o $(OBJ_D)/m_sha1.o \
-	$(OBJ_D)/m_dss.o $(OBJ_D)/m_dss1.o $(OBJ_D)/m_mdc2.o \
-	$(OBJ_D)/p_open.o $(OBJ_D)/p_seal.o $(OBJ_D)/p_sign.o \
-	$(OBJ_D)/p_verify.o $(OBJ_D)/p_lib.o $(OBJ_D)/bio_md.o \
-	$(OBJ_D)/bio_b64.o $(OBJ_D)/bio_enc.o $(OBJ_D)/evp_err.o \
-	$(OBJ_D)/e_null.o $(OBJ_D)/c_all.o $(OBJ_D)/pem_sign.o \
-	$(OBJ_D)/pem_seal.o $(OBJ_D)/pem_info.o $(OBJ_D)/pem_lib.o \
-	$(OBJ_D)/pem_all.o $(OBJ_D)/pem_err.o $(OBJ_D)/a_object.o \
-	$(OBJ_D)/a_bitstr.o $(OBJ_D)/a_utctm.o $(OBJ_D)/a_int.o \
-	$(OBJ_D)/a_octet.o $(OBJ_D)/a_print.o $(OBJ_D)/a_type.o \
-	$(OBJ_D)/a_set.o $(OBJ_D)/a_dup.o $(OBJ_D)/a_d2i_fp.o \
-	$(OBJ_D)/a_i2d_fp.o $(OBJ_D)/a_sign.o $(OBJ_D)/a_digest.o \
-	$(OBJ_D)/a_verify.o $(OBJ_D)/x_algor.o $(OBJ_D)/x_val.o \
-	$(OBJ_D)/x_pubkey.o $(OBJ_D)/x_sig.o $(OBJ_D)/x_req.o \
-	$(OBJ_D)/x_attrib.o $(OBJ_D)/x_name.o $(OBJ_D)/x_cinf.o \
-	$(OBJ_D)/x_x509.o $(OBJ_D)/x_crl.o $(OBJ_D)/x_info.o \
-	$(OBJ_D)/x_spki.o $(OBJ_D)/d2i_r_pr.o $(OBJ_D)/i2d_r_pr.o \
-	$(OBJ_D)/d2i_r_pu.o $(OBJ_D)/i2d_r_pu.o $(OBJ_D)/d2i_s_pr.o \
-	$(OBJ_D)/i2d_s_pr.o $(OBJ_D)/d2i_s_pu.o $(OBJ_D)/i2d_s_pu.o \
-	$(OBJ_D)/d2i_pu.o $(OBJ_D)/d2i_pr.o $(OBJ_D)/i2d_pu.o \
-	$(OBJ_D)/i2d_pr.o $(OBJ_D)/t_req.o $(OBJ_D)/t_x509.o \
-	$(OBJ_D)/t_pkey.o $(OBJ_D)/p7_i_s.o $(OBJ_D)/p7_signi.o \
-	$(OBJ_D)/p7_signd.o $(OBJ_D)/p7_recip.o $(OBJ_D)/p7_enc_c.o \
-	$(OBJ_D)/p7_evp.o $(OBJ_D)/p7_dgst.o $(OBJ_D)/p7_s_e.o \
-	$(OBJ_D)/p7_enc.o $(OBJ_D)/p7_lib.o $(OBJ_D)/f_int.o \
-	$(OBJ_D)/f_string.o $(OBJ_D)/i2d_dhp.o $(OBJ_D)/i2d_dsap.o \
-	$(OBJ_D)/d2i_dhp.o $(OBJ_D)/d2i_dsap.o $(OBJ_D)/n_pkey.o \
-	$(OBJ_D)/a_hdr.o $(OBJ_D)/x_pkey.o $(OBJ_D)/a_bool.o \
-	$(OBJ_D)/x_exten.o $(OBJ_D)/asn1_par.o $(OBJ_D)/asn1_lib.o \
-	$(OBJ_D)/asn1_err.o $(OBJ_D)/a_meth.o $(OBJ_D)/a_bytes.o \
+	$(OBJ_D)/bn_sub.o $(OBJ_D)/bn_word.o $(OBJ_D)/bn_blind.o \
+	$(OBJ_D)/bn_gcd.o $(OBJ_D)/bn_prime.o $(OBJ_D)/bn_err.o \
+	$(OBJ_D)/bn_sqr.o $(OBJ_D)/bn_mulw.o $(OBJ_D)/bn_recp.o \
+	$(OBJ_D)/bn_mont.o $(OBJ_D)/bn_mpi.o $(OBJ_D)/rsa_eay.o \
+	$(OBJ_D)/rsa_gen.o $(OBJ_D)/rsa_lib.o $(OBJ_D)/rsa_sign.o \
+	$(OBJ_D)/rsa_saos.o $(OBJ_D)/rsa_err.o $(OBJ_D)/rsa_pk1.o \
+	$(OBJ_D)/rsa_ssl.o $(OBJ_D)/rsa_none.o $(OBJ_D)/dsa_gen.o \
+	$(OBJ_D)/dsa_key.o $(OBJ_D)/dsa_lib.o $(OBJ_D)/dsa_vrf.o \
+	$(OBJ_D)/dsa_sign.o $(OBJ_D)/dsa_err.o $(OBJ_D)/dh_gen.o \
+	$(OBJ_D)/dh_key.o $(OBJ_D)/dh_lib.o $(OBJ_D)/dh_check.o \
+	$(OBJ_D)/dh_err.o $(OBJ_D)/buffer.o $(OBJ_D)/buf_err.o \
+	$(OBJ_D)/bio_lib.o $(OBJ_D)/bio_cb.o $(OBJ_D)/bio_err.o \
+	$(OBJ_D)/bss_mem.o $(OBJ_D)/bss_null.o $(OBJ_D)/bss_fd.o \
+	$(OBJ_D)/bss_file.o $(OBJ_D)/bss_sock.o $(OBJ_D)/bss_conn.o \
+	$(OBJ_D)/bf_null.o $(OBJ_D)/bf_buff.o $(OBJ_D)/b_print.o \
+	$(OBJ_D)/b_dump.o $(OBJ_D)/b_sock.o $(OBJ_D)/bss_acpt.o \
+	$(OBJ_D)/bf_nbio.o $(OBJ_D)/stack.o $(OBJ_D)/lhash.o \
+	$(OBJ_D)/lh_stats.o $(OBJ_D)/md_rand.o $(OBJ_D)/randfile.o \
+	$(OBJ_D)/err.o $(OBJ_D)/err_all.o $(OBJ_D)/err_prn.o \
+	$(OBJ_D)/obj_dat.o $(OBJ_D)/obj_lib.o $(OBJ_D)/obj_err.o \
+	$(OBJ_D)/encode.o $(OBJ_D)/digest.o $(OBJ_D)/evp_enc.o \
+	$(OBJ_D)/evp_key.o $(OBJ_D)/e_ecb_d.o $(OBJ_D)/e_cbc_d.o \
+	$(OBJ_D)/e_cfb_d.o $(OBJ_D)/e_ofb_d.o $(OBJ_D)/e_ecb_i.o \
+	$(OBJ_D)/e_cbc_i.o $(OBJ_D)/e_cfb_i.o $(OBJ_D)/e_ofb_i.o \
+	$(OBJ_D)/e_ecb_3d.o $(OBJ_D)/e_cbc_3d.o $(OBJ_D)/e_rc4.o \
+	$(OBJ_D)/names.o $(OBJ_D)/e_cfb_3d.o $(OBJ_D)/e_ofb_3d.o \
+	$(OBJ_D)/e_xcbc_d.o $(OBJ_D)/e_ecb_r2.o $(OBJ_D)/e_cbc_r2.o \
+	$(OBJ_D)/e_cfb_r2.o $(OBJ_D)/e_ofb_r2.o $(OBJ_D)/e_ecb_bf.o \
+	$(OBJ_D)/e_cbc_bf.o $(OBJ_D)/e_cfb_bf.o $(OBJ_D)/e_ofb_bf.o \
+	$(OBJ_D)/e_ecb_c.o $(OBJ_D)/e_cbc_c.o $(OBJ_D)/e_cfb_c.o \
+	$(OBJ_D)/e_ofb_c.o $(OBJ_D)/e_ecb_r5.o $(OBJ_D)/e_cbc_r5.o \
+	$(OBJ_D)/e_cfb_r5.o $(OBJ_D)/e_ofb_r5.o $(OBJ_D)/m_null.o \
+	$(OBJ_D)/m_md2.o $(OBJ_D)/m_md5.o $(OBJ_D)/m_sha.o \
+	$(OBJ_D)/m_sha1.o $(OBJ_D)/m_dss.o $(OBJ_D)/m_dss1.o \
+	$(OBJ_D)/m_mdc2.o $(OBJ_D)/m_ripemd.o $(OBJ_D)/p_open.o \
+	$(OBJ_D)/p_seal.o $(OBJ_D)/p_sign.o $(OBJ_D)/p_verify.o \
+	$(OBJ_D)/p_lib.o $(OBJ_D)/p_enc.o $(OBJ_D)/p_dec.o \
+	$(OBJ_D)/bio_md.o $(OBJ_D)/bio_b64.o $(OBJ_D)/bio_enc.o \
+	$(OBJ_D)/evp_err.o $(OBJ_D)/e_null.o $(OBJ_D)/c_all.o \
+	$(OBJ_D)/evp_lib.o $(OBJ_D)/pem_sign.o $(OBJ_D)/pem_seal.o \
+	$(OBJ_D)/pem_info.o $(OBJ_D)/pem_lib.o $(OBJ_D)/pem_all.o \
+	$(OBJ_D)/pem_err.o $(OBJ_D)/a_object.o $(OBJ_D)/a_bitstr.o \
+	$(OBJ_D)/a_utctm.o $(OBJ_D)/a_int.o $(OBJ_D)/a_octet.o \
+	$(OBJ_D)/a_print.o $(OBJ_D)/a_type.o $(OBJ_D)/a_set.o \
+	$(OBJ_D)/a_dup.o $(OBJ_D)/a_d2i_fp.o $(OBJ_D)/a_i2d_fp.o \
+	$(OBJ_D)/a_sign.o $(OBJ_D)/a_digest.o $(OBJ_D)/a_verify.o \
+	$(OBJ_D)/x_algor.o $(OBJ_D)/x_val.o $(OBJ_D)/x_pubkey.o \
+	$(OBJ_D)/x_sig.o $(OBJ_D)/x_req.o $(OBJ_D)/x_attrib.o \
+	$(OBJ_D)/x_name.o $(OBJ_D)/x_cinf.o $(OBJ_D)/x_x509.o \
+	$(OBJ_D)/x_crl.o $(OBJ_D)/x_info.o $(OBJ_D)/x_spki.o \
+	$(OBJ_D)/d2i_r_pr.o $(OBJ_D)/i2d_r_pr.o $(OBJ_D)/d2i_r_pu.o \
+	$(OBJ_D)/i2d_r_pu.o $(OBJ_D)/d2i_s_pr.o $(OBJ_D)/i2d_s_pr.o \
+	$(OBJ_D)/d2i_s_pu.o $(OBJ_D)/i2d_s_pu.o $(OBJ_D)/d2i_pu.o \
+	$(OBJ_D)/d2i_pr.o $(OBJ_D)/i2d_pu.o $(OBJ_D)/i2d_pr.o \
+	$(OBJ_D)/t_req.o $(OBJ_D)/t_x509.o $(OBJ_D)/t_pkey.o \
+	$(OBJ_D)/p7_i_s.o $(OBJ_D)/p7_signi.o $(OBJ_D)/p7_signd.o \
+	$(OBJ_D)/p7_recip.o $(OBJ_D)/p7_enc_c.o $(OBJ_D)/p7_evp.o \
+	$(OBJ_D)/p7_dgst.o $(OBJ_D)/p7_s_e.o $(OBJ_D)/p7_enc.o \
+	$(OBJ_D)/p7_lib.o $(OBJ_D)/f_int.o $(OBJ_D)/f_string.o \
+	$(OBJ_D)/i2d_dhp.o $(OBJ_D)/i2d_dsap.o $(OBJ_D)/d2i_dhp.o \
+	$(OBJ_D)/d2i_dsap.o $(OBJ_D)/n_pkey.o $(OBJ_D)/a_hdr.o \
+	$(OBJ_D)/x_pkey.o $(OBJ_D)/a_bool.o $(OBJ_D)/x_exten.o \
+	$(OBJ_D)/asn1_par.o $(OBJ_D)/asn1_lib.o $(OBJ_D)/asn1_err.o \
+	$(OBJ_D)/a_meth.o $(OBJ_D)/a_bytes.o $(OBJ_D)/evp_asn1.o \
 	$(OBJ_D)/x509_def.o $(OBJ_D)/x509_d2.o $(OBJ_D)/x509_r2x.o \
 	$(OBJ_D)/x509_cmp.o $(OBJ_D)/x509_obj.o $(OBJ_D)/x509_req.o \
 	$(OBJ_D)/x509_vfy.o $(OBJ_D)/x509_set.o $(OBJ_D)/x509rset.o \
@@ -232,38 +262,51 @@ CRYPTOOBJ=$(OBJ_D)/cryptlib.o \
 
 SSLOBJ=$(OBJ_D)/s2_meth.o \
 	$(OBJ_D)/s2_srvr.o $(OBJ_D)/s2_clnt.o $(OBJ_D)/s2_lib.o \
-	$(OBJ_D)/s2_pkt.o $(OBJ_D)/s2_enc.o $(OBJ_D)/s3_meth.o \
+	$(OBJ_D)/s2_enc.o $(OBJ_D)/s2_pkt.o $(OBJ_D)/s3_meth.o \
 	$(OBJ_D)/s3_srvr.o $(OBJ_D)/s3_clnt.o $(OBJ_D)/s3_lib.o \
-	$(OBJ_D)/s3_pkt.o $(OBJ_D)/s3_enc.o $(OBJ_D)/s3_both.o \
+	$(OBJ_D)/s3_enc.o $(OBJ_D)/s3_pkt.o $(OBJ_D)/s3_both.o \
 	$(OBJ_D)/s23_meth.o $(OBJ_D)/s23_srvr.o $(OBJ_D)/s23_clnt.o \
-	$(OBJ_D)/s23_lib.o $(OBJ_D)/s23_pkt.o $(OBJ_D)/ssl_lib.o \
-	$(OBJ_D)/ssl_err2.o $(OBJ_D)/ssl_cert.o $(OBJ_D)/ssl_sess.o \
-	$(OBJ_D)/ssl_ciph.o $(OBJ_D)/ssl_stat.o $(OBJ_D)/ssl_rsa.o \
-	$(OBJ_D)/ssl_asn1.o $(OBJ_D)/ssl_txt.o $(OBJ_D)/ssl_algs.o \
-	$(OBJ_D)/bio_ssl.o $(OBJ_D)/ssl_err.o
+	$(OBJ_D)/s23_lib.o $(OBJ_D)/s23_pkt.o $(OBJ_D)/t1_meth.o \
+	$(OBJ_D)/t1_srvr.o $(OBJ_D)/t1_clnt.o $(OBJ_D)/t1_lib.o \
+	$(OBJ_D)/t1_enc.o $(OBJ_D)/ssl_lib.o $(OBJ_D)/ssl_err2.o \
+	$(OBJ_D)/ssl_cert.o $(OBJ_D)/ssl_sess.o $(OBJ_D)/ssl_ciph.o \
+	$(OBJ_D)/ssl_stat.o $(OBJ_D)/ssl_rsa.o $(OBJ_D)/ssl_asn1.o \
+	$(OBJ_D)/ssl_txt.o $(OBJ_D)/ssl_algs.o $(OBJ_D)/bio_ssl.o \
+	$(OBJ_D)/ssl_err.o
 
 RSAGLUEOBJ=$(OBJ_D)/rsaref.o \
 	$(OBJ_D)/rsar_err.o
 
 T_EXE=$(TEST_D)/md2test \
 	$(TEST_D)/md5test $(TEST_D)/shatest $(TEST_D)/sha1test \
-	$(TEST_D)/mdc2test $(TEST_D)/destest $(TEST_D)/rc4test \
-	$(TEST_D)/rc2test $(TEST_D)/ideatest $(TEST_D)/bftest \
-	$(TEST_D)/bntest $(TEST_D)/exptest $(TEST_D)/dsatest \
-	$(TEST_D)/dhtest $(TEST_D)/randtest $(TEST_D)/ssltest
+	$(TEST_D)/mdc2test $(TEST_D)/hmactest $(TEST_D)/rmdtest \
+	$(TEST_D)/destest $(TEST_D)/rc2test $(TEST_D)/rc4test \
+	$(TEST_D)/rc5test $(TEST_D)/ideatest $(TEST_D)/bftest \
+	$(TEST_D)/casttest $(TEST_D)/bntest $(TEST_D)/exptest \
+	$(TEST_D)/dsatest $(TEST_D)/dhtest $(TEST_D)/randtest \
+	$(TEST_D)/ssltest
 
 ###################################################################
-all: banner $(OUT_D) $(TMP_D) headers lib exe
+all: banner $(TMP_D) $(BIN_D) $(TEST_D) $(LIB_D) $(INC_D) headers lib exe
 
 banner:
 
 
-$(OUT_D):
-	$(MKDIR) $(OUT_D)
-
 $(TMP_D):
 	$(MKDIR) $(TMP_D)
 
+$(BIN_D):
+	$(MKDIR) $(BIN_D)
+
+$(TEST_D):
+	$(MKDIR) $(TEST_D)
+
+$(LIB_D):
+	$(MKDIR) $(LIB_D)
+
+$(INC_D):
+	$(MKDIR) $(INC_D)
+
 headers: $(HEADER) $(EXHEADER)
 
 lib: $(LIBS_DEP)
@@ -275,10 +318,10 @@ install:
 	$(MKDIR) $(INSTALLTOP)/bin
 	$(MKDIR) $(INSTALLTOP)/include
 	$(MKDIR) $(INSTALLTOP)/lib
-	$(CP) $(INC_D)/*.h $(INSTALLTOP)/include
+	$(CP) $(INC_D)/*.[ch] $(INSTALLTOP)/include
 	$(CP) $(BIN_D)/$(E_EXE) $(INSTALLTOP)/bin
-	$(CP) $(LIB_D)/$(O_SSL) $(INSTALLTOP)/lib
-	$(CP) $(LIB_D)/$(O_CRYPTO) $(INSTALLTOP)/lib
+	$(CP) $(O_SSL) $(INSTALLTOP)/lib
+	$(CP) $(O_CRYPTO) $(INSTALLTOP)/lib
 
 clean:
 	$(RM) $(TMP_D)/*.*
@@ -287,21 +330,24 @@ vclean:
 	$(RM) $(TMP_D)/*.*
 	$(RM) $(OUT_D)/*.*
 
-$(INCL_D)/e_os.h: $(SRC_D)/./e_os.h
-	$(CP) $(SRC_D)/./e_os.h $(INCL_D)/e_os.h
-
 $(INCL_D)/cryptlib.h: $(SRC_D)/crypto/cryptlib.h
 	$(CP) $(SRC_D)/crypto/cryptlib.h $(INCL_D)/cryptlib.h
 
 $(INCL_D)/date.h: $(SRC_D)/crypto/date.h
 	$(CP) $(SRC_D)/crypto/date.h $(INCL_D)/date.h
 
-$(INCL_D)/md5_locl.h: $(SRC_D)/crypto/md/md5_locl.h
-	$(CP) $(SRC_D)/crypto/md/md5_locl.h $(INCL_D)/md5_locl.h
+$(INCL_D)/md5_locl.h: $(SRC_D)/crypto/md5/md5_locl.h
+	$(CP) $(SRC_D)/crypto/md5/md5_locl.h $(INCL_D)/md5_locl.h
 
 $(INCL_D)/sha_locl.h: $(SRC_D)/crypto/sha/sha_locl.h
 	$(CP) $(SRC_D)/crypto/sha/sha_locl.h $(INCL_D)/sha_locl.h
 
+$(INCL_D)/rmd_locl.h: $(SRC_D)/crypto/ripemd/rmd_locl.h
+	$(CP) $(SRC_D)/crypto/ripemd/rmd_locl.h $(INCL_D)/rmd_locl.h
+
+$(INCL_D)/rmdconst.h: $(SRC_D)/crypto/ripemd/rmdconst.h
+	$(CP) $(SRC_D)/crypto/ripemd/rmdconst.h $(INCL_D)/rmdconst.h
+
 $(INCL_D)/des_locl.h: $(SRC_D)/crypto/des/des_locl.h
 	$(CP) $(SRC_D)/crypto/des/des_locl.h $(INCL_D)/des_locl.h
 
@@ -323,6 +369,12 @@ $(INCL_D)/des_ver.h: $(SRC_D)/crypto/des/des_ver.h
 $(INCL_D)/rc2_locl.h: $(SRC_D)/crypto/rc2/rc2_locl.h
 	$(CP) $(SRC_D)/crypto/rc2/rc2_locl.h $(INCL_D)/rc2_locl.h
 
+$(INCL_D)/rc4_locl.h: $(SRC_D)/crypto/rc4/rc4_locl.h
+	$(CP) $(SRC_D)/crypto/rc4/rc4_locl.h $(INCL_D)/rc4_locl.h
+
+$(INCL_D)/rc5_locl.h: $(SRC_D)/crypto/rc5/rc5_locl.h
+	$(CP) $(SRC_D)/crypto/rc5/rc5_locl.h $(INCL_D)/rc5_locl.h
+
 $(INCL_D)/idea_lcl.h: $(SRC_D)/crypto/idea/idea_lcl.h
 	$(CP) $(SRC_D)/crypto/idea/idea_lcl.h $(INCL_D)/idea_lcl.h
 
@@ -332,6 +384,12 @@ $(INCL_D)/bf_pi.h: $(SRC_D)/crypto/bf/bf_pi.h
 $(INCL_D)/bf_locl.h: $(SRC_D)/crypto/bf/bf_locl.h
 	$(CP) $(SRC_D)/crypto/bf/bf_locl.h $(INCL_D)/bf_locl.h
 
+$(INCL_D)/cast_s.h: $(SRC_D)/crypto/cast/cast_s.h
+	$(CP) $(SRC_D)/crypto/cast/cast_s.h $(INCL_D)/cast_s.h
+
+$(INCL_D)/cast_lcl.h: $(SRC_D)/crypto/cast/cast_lcl.h
+	$(CP) $(SRC_D)/crypto/cast/cast_lcl.h $(INCL_D)/cast_lcl.h
+
 $(INCL_D)/bn_lcl.h: $(SRC_D)/crypto/bn/bn_lcl.h
 	$(CP) $(SRC_D)/crypto/bn/bn_lcl.h $(INCL_D)/bn_lcl.h
 
@@ -365,17 +423,20 @@ $(INCL_D)/testdsa.h: $(SRC_D)/apps/testdsa.h
 $(INCL_D)/testrsa.h: $(SRC_D)/apps/testrsa.h
 	$(CP) $(SRC_D)/apps/testrsa.h $(INCL_D)/testrsa.h
 
+$(INC_D)/e_os.h: $(SRC_D)/./e_os.h
+	$(CP) $(SRC_D)/./e_os.h $(INC_D)/e_os.h
+
 $(INC_D)/crypto.h: $(SRC_D)/crypto/crypto.h
 	$(CP) $(SRC_D)/crypto/crypto.h $(INC_D)/crypto.h
 
 $(INC_D)/cryptall.h: $(SRC_D)/crypto/cryptall.h
 	$(CP) $(SRC_D)/crypto/cryptall.h $(INC_D)/cryptall.h
 
-$(INC_D)/md2.h: $(SRC_D)/crypto/md/md2.h
-	$(CP) $(SRC_D)/crypto/md/md2.h $(INC_D)/md2.h
+$(INC_D)/md2.h: $(SRC_D)/crypto/md2/md2.h
+	$(CP) $(SRC_D)/crypto/md2/md2.h $(INC_D)/md2.h
 
-$(INC_D)/md5.h: $(SRC_D)/crypto/md/md5.h
-	$(CP) $(SRC_D)/crypto/md/md5.h $(INC_D)/md5.h
+$(INC_D)/md5.h: $(SRC_D)/crypto/md5/md5.h
+	$(CP) $(SRC_D)/crypto/md5/md5.h $(INC_D)/md5.h
 
 $(INC_D)/sha.h: $(SRC_D)/crypto/sha/sha.h
 	$(CP) $(SRC_D)/crypto/sha/sha.h $(INC_D)/sha.h
@@ -383,14 +444,23 @@ $(INC_D)/sha.h: $(SRC_D)/crypto/sha/sha.h
 $(INC_D)/mdc2.h: $(SRC_D)/crypto/mdc2/mdc2.h
 	$(CP) $(SRC_D)/crypto/mdc2/mdc2.h $(INC_D)/mdc2.h
 
+$(INC_D)/hmac.h: $(SRC_D)/crypto/hmac/hmac.h
+	$(CP) $(SRC_D)/crypto/hmac/hmac.h $(INC_D)/hmac.h
+
+$(INC_D)/ripemd.h: $(SRC_D)/crypto/ripemd/ripemd.h
+	$(CP) $(SRC_D)/crypto/ripemd/ripemd.h $(INC_D)/ripemd.h
+
 $(INC_D)/des.h: $(SRC_D)/crypto/des/des.h
 	$(CP) $(SRC_D)/crypto/des/des.h $(INC_D)/des.h
 
+$(INC_D)/rc2.h: $(SRC_D)/crypto/rc2/rc2.h
+	$(CP) $(SRC_D)/crypto/rc2/rc2.h $(INC_D)/rc2.h
+
 $(INC_D)/rc4.h: $(SRC_D)/crypto/rc4/rc4.h
 	$(CP) $(SRC_D)/crypto/rc4/rc4.h $(INC_D)/rc4.h
 
-$(INC_D)/rc2.h: $(SRC_D)/crypto/rc2/rc2.h
-	$(CP) $(SRC_D)/crypto/rc2/rc2.h $(INC_D)/rc2.h
+$(INC_D)/rc5.h: $(SRC_D)/crypto/rc5/rc5.h
+	$(CP) $(SRC_D)/crypto/rc5/rc5.h $(INC_D)/rc5.h
 
 $(INC_D)/idea.h: $(SRC_D)/crypto/idea/idea.h
 	$(CP) $(SRC_D)/crypto/idea/idea.h $(INC_D)/idea.h
@@ -398,6 +468,9 @@ $(INC_D)/idea.h: $(SRC_D)/crypto/idea/idea.h
 $(INC_D)/blowfish.h: $(SRC_D)/crypto/bf/blowfish.h
 	$(CP) $(SRC_D)/crypto/bf/blowfish.h $(INC_D)/blowfish.h
 
+$(INC_D)/cast.h: $(SRC_D)/crypto/cast/cast.h
+	$(CP) $(SRC_D)/crypto/cast/cast.h $(INC_D)/cast.h
+
 $(INC_D)/bn.h: $(SRC_D)/crypto/bn/bn.h
 	$(CP) $(SRC_D)/crypto/bn/bn.h $(INC_D)/bn.h
 
@@ -416,6 +489,9 @@ $(INC_D)/buffer.h: $(SRC_D)/crypto/buffer/buffer.h
 $(INC_D)/bio.h: $(SRC_D)/crypto/bio/bio.h
 	$(CP) $(SRC_D)/crypto/bio/bio.h $(INC_D)/bio.h
 
+$(INC_D)/bss_file.c: $(SRC_D)/crypto/bio/bss_file.c
+	$(CP) $(SRC_D)/crypto/bio/bss_file.c $(INC_D)/bss_file.c
+
 $(INC_D)/stack.h: $(SRC_D)/crypto/stack/stack.h
 	$(CP) $(SRC_D)/crypto/stack/stack.h $(INC_D)/stack.h
 
@@ -470,11 +546,14 @@ $(INC_D)/ssl3.h: $(SRC_D)/ssl/ssl3.h
 $(INC_D)/ssl23.h: $(SRC_D)/ssl/ssl23.h
 	$(CP) $(SRC_D)/ssl/ssl23.h $(INC_D)/ssl23.h
 
-$(OBJ_D)/md2test.o: $(SRC_D)/crypto/md/md2test.c
-	$(CC) -o $(OBJ_D)/md2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/md/md2test.c
+$(INC_D)/tls1.h: $(SRC_D)/ssl/tls1.h
+	$(CP) $(SRC_D)/ssl/tls1.h $(INC_D)/tls1.h
+
+$(OBJ_D)/md2test.o: $(SRC_D)/crypto/md2/md2test.c
+	$(CC) -o $(OBJ_D)/md2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/md2/md2test.c
 
-$(OBJ_D)/md5test.o: $(SRC_D)/crypto/md/md5test.c
-	$(CC) -o $(OBJ_D)/md5test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/md/md5test.c
+$(OBJ_D)/md5test.o: $(SRC_D)/crypto/md5/md5test.c
+	$(CC) -o $(OBJ_D)/md5test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/md5/md5test.c
 
 $(OBJ_D)/shatest.o: $(SRC_D)/crypto/sha/shatest.c
 	$(CC) -o $(OBJ_D)/shatest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/sha/shatest.c
@@ -485,14 +564,23 @@ $(OBJ_D)/sha1test.o: $(SRC_D)/crypto/sha/sha1test.c
 $(OBJ_D)/mdc2test.o: $(SRC_D)/crypto/mdc2/mdc2test.c
 	$(CC) -o $(OBJ_D)/mdc2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2test.c
 
+$(OBJ_D)/hmactest.o: $(SRC_D)/crypto/hmac/hmactest.c
+	$(CC) -o $(OBJ_D)/hmactest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/hmac/hmactest.c
+
+$(OBJ_D)/rmdtest.o: $(SRC_D)/crypto/ripemd/rmdtest.c
+	$(CC) -o $(OBJ_D)/rmdtest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/ripemd/rmdtest.c
+
 $(OBJ_D)/destest.o: $(SRC_D)/crypto/des/destest.c
 	$(CC) -o $(OBJ_D)/destest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/des/destest.c
 
+$(OBJ_D)/rc2test.o: $(SRC_D)/crypto/rc2/rc2test.c
+	$(CC) -o $(OBJ_D)/rc2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2test.c
+
 $(OBJ_D)/rc4test.o: $(SRC_D)/crypto/rc4/rc4test.c
 	$(CC) -o $(OBJ_D)/rc4test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4test.c
 
-$(OBJ_D)/rc2test.o: $(SRC_D)/crypto/rc2/rc2test.c
-	$(CC) -o $(OBJ_D)/rc2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2test.c
+$(OBJ_D)/rc5test.o: $(SRC_D)/crypto/rc5/rc5test.c
+	$(CC) -o $(OBJ_D)/rc5test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5test.c
 
 $(OBJ_D)/ideatest.o: $(SRC_D)/crypto/idea/ideatest.c
 	$(CC) -o $(OBJ_D)/ideatest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/idea/ideatest.c
@@ -500,6 +588,9 @@ $(OBJ_D)/ideatest.o: $(SRC_D)/crypto/idea/ideatest.c
 $(OBJ_D)/bftest.o: $(SRC_D)/crypto/bf/bftest.c
 	$(CC) -o $(OBJ_D)/bftest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/bf/bftest.c
 
+$(OBJ_D)/casttest.o: $(SRC_D)/crypto/cast/casttest.c
+	$(CC) -o $(OBJ_D)/casttest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/cast/casttest.c
+
 $(OBJ_D)/bntest.o: $(SRC_D)/crypto/bn/bntest.c
 	$(CC) -o $(OBJ_D)/bntest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/bn/bntest.c
 
@@ -545,9 +636,6 @@ $(OBJ_D)/errstr.o: $(SRC_D)/apps/errstr.c
 $(OBJ_D)/ca.o: $(SRC_D)/apps/ca.c
 	$(CC) -o $(OBJ_D)/ca.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/ca.c
 
-$(OBJ_D)/gendsa.o: $(SRC_D)/apps/gendsa.c
-	$(CC) -o $(OBJ_D)/gendsa.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/gendsa.c
-
 $(OBJ_D)/pkcs7.o: $(SRC_D)/apps/pkcs7.c
 	$(CC) -o $(OBJ_D)/pkcs7.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/pkcs7.c
 
@@ -606,907 +694,1012 @@ $(OBJ_D)/ssleay.o: $(SRC_D)/apps/ssleay.c
 	$(CC) -o $(OBJ_D)/ssleay.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/ssleay.c
 
 $(OBJ_D)/cryptlib.o: $(SRC_D)/crypto/cryptlib.c
-	$(CC) -o $(OBJ_D)/cryptlib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/cryptlib.c
+	$(CC) -o $(OBJ_D)/cryptlib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cryptlib.c
 
 $(OBJ_D)/mem.o: $(SRC_D)/crypto/mem.c
-	$(CC) -o $(OBJ_D)/mem.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/mem.c
+	$(CC) -o $(OBJ_D)/mem.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/mem.c
 
 $(OBJ_D)/cversion.o: $(SRC_D)/crypto/cversion.c
-	$(CC) -o $(OBJ_D)/cversion.o $(LIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)/crypto/cversion.c
+	$(CC) -o $(OBJ_D)/cversion.o  $(LIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)/crypto/cversion.c
+
+$(OBJ_D)/ex_data.o: $(SRC_D)/crypto/ex_data.c
+	$(CC) -o $(OBJ_D)/ex_data.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/ex_data.c
 
-$(OBJ_D)/md2_dgst.o: $(SRC_D)/crypto/md/md2_dgst.c
-	$(CC) -o $(OBJ_D)/md2_dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/md/md2_dgst.c
+$(OBJ_D)/cpt_err.o: $(SRC_D)/crypto/cpt_err.c
+	$(CC) -o $(OBJ_D)/cpt_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cpt_err.c
 
-$(OBJ_D)/md5_dgst.o: $(SRC_D)/crypto/md/md5_dgst.c
-	$(CC) -o $(OBJ_D)/md5_dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/md/md5_dgst.c
+$(OBJ_D)/md2_dgst.o: $(SRC_D)/crypto/md2/md2_dgst.c
+	$(CC) -o $(OBJ_D)/md2_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md2/md2_dgst.c
 
-$(OBJ_D)/md2_one.o: $(SRC_D)/crypto/md/md2_one.c
-	$(CC) -o $(OBJ_D)/md2_one.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/md/md2_one.c
+$(OBJ_D)/md2_one.o: $(SRC_D)/crypto/md2/md2_one.c
+	$(CC) -o $(OBJ_D)/md2_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md2/md2_one.c
 
-$(OBJ_D)/md5_one.o: $(SRC_D)/crypto/md/md5_one.c
-	$(CC) -o $(OBJ_D)/md5_one.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/md/md5_one.c
+$(OBJ_D)/md5_dgst.o: $(SRC_D)/crypto/md5/md5_dgst.c
+	$(CC) -o $(OBJ_D)/md5_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md5/md5_dgst.c
+
+$(OBJ_D)/md5_one.o: $(SRC_D)/crypto/md5/md5_one.c
+	$(CC) -o $(OBJ_D)/md5_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md5/md5_one.c
 
 $(OBJ_D)/sha_dgst.o: $(SRC_D)/crypto/sha/sha_dgst.c
-	$(CC) -o $(OBJ_D)/sha_dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha_dgst.c
+	$(CC) -o $(OBJ_D)/sha_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha_dgst.c
 
 $(OBJ_D)/sha1dgst.o: $(SRC_D)/crypto/sha/sha1dgst.c
-	$(CC) -o $(OBJ_D)/sha1dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha1dgst.c
+	$(CC) -o $(OBJ_D)/sha1dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha1dgst.c
 
 $(OBJ_D)/sha_one.o: $(SRC_D)/crypto/sha/sha_one.c
-	$(CC) -o $(OBJ_D)/sha_one.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha_one.c
+	$(CC) -o $(OBJ_D)/sha_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha_one.c
 
 $(OBJ_D)/sha1_one.o: $(SRC_D)/crypto/sha/sha1_one.c
-	$(CC) -o $(OBJ_D)/sha1_one.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha1_one.c
+	$(CC) -o $(OBJ_D)/sha1_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha1_one.c
 
 $(OBJ_D)/mdc2dgst.o: $(SRC_D)/crypto/mdc2/mdc2dgst.c
-	$(CC) -o $(OBJ_D)/mdc2dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2dgst.c
+	$(CC) -o $(OBJ_D)/mdc2dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2dgst.c
 
 $(OBJ_D)/mdc2_one.o: $(SRC_D)/crypto/mdc2/mdc2_one.c
-	$(CC) -o $(OBJ_D)/mdc2_one.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2_one.c
+	$(CC) -o $(OBJ_D)/mdc2_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2_one.c
+
+$(OBJ_D)/hmac.o: $(SRC_D)/crypto/hmac/hmac.c
+	$(CC) -o $(OBJ_D)/hmac.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/hmac/hmac.c
+
+$(OBJ_D)/rmd_dgst.o: $(SRC_D)/crypto/ripemd/rmd_dgst.c
+	$(CC) -o $(OBJ_D)/rmd_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/ripemd/rmd_dgst.c
+
+$(OBJ_D)/rmd_one.o: $(SRC_D)/crypto/ripemd/rmd_one.c
+	$(CC) -o $(OBJ_D)/rmd_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/ripemd/rmd_one.c
 
 $(OBJ_D)/set_key.o: $(SRC_D)/crypto/des/set_key.c
-	$(CC) -o $(OBJ_D)/set_key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/set_key.c
+	$(CC) -o $(OBJ_D)/set_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/set_key.c
 
 $(OBJ_D)/ecb_enc.o: $(SRC_D)/crypto/des/ecb_enc.c
-	$(CC) -o $(OBJ_D)/ecb_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ecb_enc.c
-
-$(OBJ_D)/ede_enc.o: $(SRC_D)/crypto/des/ede_enc.c
-	$(CC) -o $(OBJ_D)/ede_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ede_enc.c
+	$(CC) -o $(OBJ_D)/ecb_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ecb_enc.c
 
 $(OBJ_D)/cbc_enc.o: $(SRC_D)/crypto/des/cbc_enc.c
-	$(CC) -o $(OBJ_D)/cbc_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc_enc.c
-
-$(OBJ_D)/cbc3_enc.o: $(SRC_D)/crypto/des/cbc3_enc.c
-	$(CC) -o $(OBJ_D)/cbc3_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc3_enc.c
+	$(CC) -o $(OBJ_D)/cbc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc_enc.c
 
 $(OBJ_D)/ecb3_enc.o: $(SRC_D)/crypto/des/ecb3_enc.c
-	$(CC) -o $(OBJ_D)/ecb3_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ecb3_enc.c
+	$(CC) -o $(OBJ_D)/ecb3_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ecb3_enc.c
 
 $(OBJ_D)/cfb64enc.o: $(SRC_D)/crypto/des/cfb64enc.c
-	$(CC) -o $(OBJ_D)/cfb64enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb64enc.c
+	$(CC) -o $(OBJ_D)/cfb64enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb64enc.c
 
 $(OBJ_D)/cfb64ede.o: $(SRC_D)/crypto/des/cfb64ede.c
-	$(CC) -o $(OBJ_D)/cfb64ede.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb64ede.c
+	$(CC) -o $(OBJ_D)/cfb64ede.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb64ede.c
 
 $(OBJ_D)/cfb_enc.o: $(SRC_D)/crypto/des/cfb_enc.c
-	$(CC) -o $(OBJ_D)/cfb_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb_enc.c
+	$(CC) -o $(OBJ_D)/cfb_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb_enc.c
 
 $(OBJ_D)/ofb64ede.o: $(SRC_D)/crypto/des/ofb64ede.c
-	$(CC) -o $(OBJ_D)/ofb64ede.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb64ede.c
+	$(CC) -o $(OBJ_D)/ofb64ede.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb64ede.c
 
 $(OBJ_D)/enc_read.o: $(SRC_D)/crypto/des/enc_read.c
-	$(CC) -o $(OBJ_D)/enc_read.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/enc_read.c
+	$(CC) -o $(OBJ_D)/enc_read.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/enc_read.c
 
 $(OBJ_D)/enc_writ.o: $(SRC_D)/crypto/des/enc_writ.c
-	$(CC) -o $(OBJ_D)/enc_writ.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/enc_writ.c
-
-$(OBJ_D)/ncbc_enc.o: $(SRC_D)/crypto/des/ncbc_enc.c
-	$(CC) -o $(OBJ_D)/ncbc_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ncbc_enc.c
+	$(CC) -o $(OBJ_D)/enc_writ.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/enc_writ.c
 
 $(OBJ_D)/ofb64enc.o: $(SRC_D)/crypto/des/ofb64enc.c
-	$(CC) -o $(OBJ_D)/ofb64enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb64enc.c
+	$(CC) -o $(OBJ_D)/ofb64enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb64enc.c
 
 $(OBJ_D)/ofb_enc.o: $(SRC_D)/crypto/des/ofb_enc.c
-	$(CC) -o $(OBJ_D)/ofb_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb_enc.c
+	$(CC) -o $(OBJ_D)/ofb_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb_enc.c
 
 $(OBJ_D)/str2key.o: $(SRC_D)/crypto/des/str2key.c
-	$(CC) -o $(OBJ_D)/str2key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/str2key.c
+	$(CC) -o $(OBJ_D)/str2key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/str2key.c
 
 $(OBJ_D)/pcbc_enc.o: $(SRC_D)/crypto/des/pcbc_enc.c
-	$(CC) -o $(OBJ_D)/pcbc_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/pcbc_enc.c
+	$(CC) -o $(OBJ_D)/pcbc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/pcbc_enc.c
 
 $(OBJ_D)/qud_cksm.o: $(SRC_D)/crypto/des/qud_cksm.c
-	$(CC) -o $(OBJ_D)/qud_cksm.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/qud_cksm.c
+	$(CC) -o $(OBJ_D)/qud_cksm.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/qud_cksm.c
 
 $(OBJ_D)/rand_key.o: $(SRC_D)/crypto/des/rand_key.c
-	$(CC) -o $(OBJ_D)/rand_key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/rand_key.c
+	$(CC) -o $(OBJ_D)/rand_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/rand_key.c
 
 $(OBJ_D)/des_enc.o: $(SRC_D)/crypto/des/des_enc.c
-	$(CC) -o $(OBJ_D)/des_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/des_enc.c
+	$(CC) -o $(OBJ_D)/des_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/des_enc.c
 
 $(OBJ_D)/fcrypt_b.o: $(SRC_D)/crypto/des/fcrypt_b.c
-	$(CC) -o $(OBJ_D)/fcrypt_b.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/fcrypt_b.c
+	$(CC) -o $(OBJ_D)/fcrypt_b.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/fcrypt_b.c
 
 $(OBJ_D)/read2pwd.o: $(SRC_D)/crypto/des/read2pwd.c
-	$(CC) -o $(OBJ_D)/read2pwd.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/read2pwd.c
+	$(CC) -o $(OBJ_D)/read2pwd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/read2pwd.c
 
 $(OBJ_D)/fcrypt.o: $(SRC_D)/crypto/des/fcrypt.c
-	$(CC) -o $(OBJ_D)/fcrypt.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/fcrypt.c
+	$(CC) -o $(OBJ_D)/fcrypt.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/fcrypt.c
 
 $(OBJ_D)/xcbc_enc.o: $(SRC_D)/crypto/des/xcbc_enc.c
-	$(CC) -o $(OBJ_D)/xcbc_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/xcbc_enc.c
+	$(CC) -o $(OBJ_D)/xcbc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/xcbc_enc.c
 
 $(OBJ_D)/read_pwd.o: $(SRC_D)/crypto/des/read_pwd.c
-	$(CC) -o $(OBJ_D)/read_pwd.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/read_pwd.c
+	$(CC) -o $(OBJ_D)/read_pwd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/read_pwd.c
 
 $(OBJ_D)/rpc_enc.o: $(SRC_D)/crypto/des/rpc_enc.c
-	$(CC) -o $(OBJ_D)/rpc_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/rpc_enc.c
+	$(CC) -o $(OBJ_D)/rpc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/rpc_enc.c
 
 $(OBJ_D)/cbc_cksm.o: $(SRC_D)/crypto/des/cbc_cksm.c
-	$(CC) -o $(OBJ_D)/cbc_cksm.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc_cksm.c
+	$(CC) -o $(OBJ_D)/cbc_cksm.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc_cksm.c
 
 $(OBJ_D)/supp.o: $(SRC_D)/crypto/des/supp.c
-	$(CC) -o $(OBJ_D)/supp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/supp.c
-
-$(OBJ_D)/rc4_enc.o: $(SRC_D)/crypto/rc4/rc4_enc.c
-	$(CC) -o $(OBJ_D)/rc4_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4_enc.c
+	$(CC) -o $(OBJ_D)/supp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/supp.c
 
 $(OBJ_D)/rc2_ecb.o: $(SRC_D)/crypto/rc2/rc2_ecb.c
-	$(CC) -o $(OBJ_D)/rc2_ecb.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_ecb.c
+	$(CC) -o $(OBJ_D)/rc2_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_ecb.c
 
 $(OBJ_D)/rc2_skey.o: $(SRC_D)/crypto/rc2/rc2_skey.c
-	$(CC) -o $(OBJ_D)/rc2_skey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_skey.c
+	$(CC) -o $(OBJ_D)/rc2_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_skey.c
 
 $(OBJ_D)/rc2_cbc.o: $(SRC_D)/crypto/rc2/rc2_cbc.c
-	$(CC) -o $(OBJ_D)/rc2_cbc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_cbc.c
+	$(CC) -o $(OBJ_D)/rc2_cbc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_cbc.c
 
 $(OBJ_D)/rc2cfb64.o: $(SRC_D)/crypto/rc2/rc2cfb64.c
-	$(CC) -o $(OBJ_D)/rc2cfb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2cfb64.c
+	$(CC) -o $(OBJ_D)/rc2cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2cfb64.c
 
 $(OBJ_D)/rc2ofb64.o: $(SRC_D)/crypto/rc2/rc2ofb64.c
-	$(CC) -o $(OBJ_D)/rc2ofb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2ofb64.c
+	$(CC) -o $(OBJ_D)/rc2ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2ofb64.c
+
+$(OBJ_D)/rc4_skey.o: $(SRC_D)/crypto/rc4/rc4_skey.c
+	$(CC) -o $(OBJ_D)/rc4_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4_skey.c
+
+$(OBJ_D)/rc4_enc.o: $(SRC_D)/crypto/rc4/rc4_enc.c
+	$(CC) -o $(OBJ_D)/rc4_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4_enc.c
+
+$(OBJ_D)/rc5_skey.o: $(SRC_D)/crypto/rc5/rc5_skey.c
+	$(CC) -o $(OBJ_D)/rc5_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5_skey.c
+
+$(OBJ_D)/rc5_ecb.o: $(SRC_D)/crypto/rc5/rc5_ecb.c
+	$(CC) -o $(OBJ_D)/rc5_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5_ecb.c
+
+$(OBJ_D)/rc5_enc.o: $(SRC_D)/crypto/rc5/rc5_enc.c
+	$(CC) -o $(OBJ_D)/rc5_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5_enc.c
+
+$(OBJ_D)/rc5cfb64.o: $(SRC_D)/crypto/rc5/rc5cfb64.c
+	$(CC) -o $(OBJ_D)/rc5cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5cfb64.c
+
+$(OBJ_D)/rc5ofb64.o: $(SRC_D)/crypto/rc5/rc5ofb64.c
+	$(CC) -o $(OBJ_D)/rc5ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5ofb64.c
 
 $(OBJ_D)/i_cbc.o: $(SRC_D)/crypto/idea/i_cbc.c
-	$(CC) -o $(OBJ_D)/i_cbc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_cbc.c
+	$(CC) -o $(OBJ_D)/i_cbc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_cbc.c
 
 $(OBJ_D)/i_cfb64.o: $(SRC_D)/crypto/idea/i_cfb64.c
-	$(CC) -o $(OBJ_D)/i_cfb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_cfb64.c
+	$(CC) -o $(OBJ_D)/i_cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_cfb64.c
 
 $(OBJ_D)/i_ofb64.o: $(SRC_D)/crypto/idea/i_ofb64.c
-	$(CC) -o $(OBJ_D)/i_ofb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_ofb64.c
+	$(CC) -o $(OBJ_D)/i_ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_ofb64.c
 
 $(OBJ_D)/i_ecb.o: $(SRC_D)/crypto/idea/i_ecb.c
-	$(CC) -o $(OBJ_D)/i_ecb.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_ecb.c
+	$(CC) -o $(OBJ_D)/i_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_ecb.c
 
 $(OBJ_D)/i_skey.o: $(SRC_D)/crypto/idea/i_skey.c
-	$(CC) -o $(OBJ_D)/i_skey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_skey.c
+	$(CC) -o $(OBJ_D)/i_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_skey.c
 
 $(OBJ_D)/bf_skey.o: $(SRC_D)/crypto/bf/bf_skey.c
-	$(CC) -o $(OBJ_D)/bf_skey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_skey.c
+	$(CC) -o $(OBJ_D)/bf_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_skey.c
 
 $(OBJ_D)/bf_ecb.o: $(SRC_D)/crypto/bf/bf_ecb.c
-	$(CC) -o $(OBJ_D)/bf_ecb.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_ecb.c
+	$(CC) -o $(OBJ_D)/bf_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_ecb.c
 
 $(OBJ_D)/bf_enc.o: $(SRC_D)/crypto/bf/bf_enc.c
-	$(CC) -o $(OBJ_D)/bf_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_enc.c
-
-$(OBJ_D)/bf_cbc.o: $(SRC_D)/crypto/bf/bf_cbc.c
-	$(CC) -o $(OBJ_D)/bf_cbc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_cbc.c
+	$(CC) -o $(OBJ_D)/bf_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_enc.c
 
 $(OBJ_D)/bf_cfb64.o: $(SRC_D)/crypto/bf/bf_cfb64.c
-	$(CC) -o $(OBJ_D)/bf_cfb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_cfb64.c
+	$(CC) -o $(OBJ_D)/bf_cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_cfb64.c
 
 $(OBJ_D)/bf_ofb64.o: $(SRC_D)/crypto/bf/bf_ofb64.c
-	$(CC) -o $(OBJ_D)/bf_ofb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_ofb64.c
+	$(CC) -o $(OBJ_D)/bf_ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_ofb64.c
+
+$(OBJ_D)/c_skey.o: $(SRC_D)/crypto/cast/c_skey.c
+	$(CC) -o $(OBJ_D)/c_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_skey.c
+
+$(OBJ_D)/c_ecb.o: $(SRC_D)/crypto/cast/c_ecb.c
+	$(CC) -o $(OBJ_D)/c_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_ecb.c
+
+$(OBJ_D)/c_enc.o: $(SRC_D)/crypto/cast/c_enc.c
+	$(CC) -o $(OBJ_D)/c_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_enc.c
+
+$(OBJ_D)/c_cfb64.o: $(SRC_D)/crypto/cast/c_cfb64.c
+	$(CC) -o $(OBJ_D)/c_cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_cfb64.c
+
+$(OBJ_D)/c_ofb64.o: $(SRC_D)/crypto/cast/c_ofb64.c
+	$(CC) -o $(OBJ_D)/c_ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_ofb64.c
 
 $(OBJ_D)/bn_add.o: $(SRC_D)/crypto/bn/bn_add.c
-	$(CC) -o $(OBJ_D)/bn_add.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_add.c
+	$(CC) -o $(OBJ_D)/bn_add.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_add.c
 
 $(OBJ_D)/bn_div.o: $(SRC_D)/crypto/bn/bn_div.c
-	$(CC) -o $(OBJ_D)/bn_div.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_div.c
+	$(CC) -o $(OBJ_D)/bn_div.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_div.c
 
 $(OBJ_D)/bn_exp.o: $(SRC_D)/crypto/bn/bn_exp.c
-	$(CC) -o $(OBJ_D)/bn_exp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_exp.c
+	$(CC) -o $(OBJ_D)/bn_exp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_exp.c
 
 $(OBJ_D)/bn_lib.o: $(SRC_D)/crypto/bn/bn_lib.c
-	$(CC) -o $(OBJ_D)/bn_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_lib.c
+	$(CC) -o $(OBJ_D)/bn_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_lib.c
 
 $(OBJ_D)/bn_mod.o: $(SRC_D)/crypto/bn/bn_mod.c
-	$(CC) -o $(OBJ_D)/bn_mod.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mod.c
+	$(CC) -o $(OBJ_D)/bn_mod.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mod.c
 
 $(OBJ_D)/bn_mul.o: $(SRC_D)/crypto/bn/bn_mul.c
-	$(CC) -o $(OBJ_D)/bn_mul.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mul.c
+	$(CC) -o $(OBJ_D)/bn_mul.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mul.c
 
 $(OBJ_D)/bn_print.o: $(SRC_D)/crypto/bn/bn_print.c
-	$(CC) -o $(OBJ_D)/bn_print.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_print.c
+	$(CC) -o $(OBJ_D)/bn_print.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_print.c
 
 $(OBJ_D)/bn_rand.o: $(SRC_D)/crypto/bn/bn_rand.c
-	$(CC) -o $(OBJ_D)/bn_rand.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_rand.c
+	$(CC) -o $(OBJ_D)/bn_rand.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_rand.c
 
 $(OBJ_D)/bn_shift.o: $(SRC_D)/crypto/bn/bn_shift.c
-	$(CC) -o $(OBJ_D)/bn_shift.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_shift.c
+	$(CC) -o $(OBJ_D)/bn_shift.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_shift.c
 
 $(OBJ_D)/bn_sub.o: $(SRC_D)/crypto/bn/bn_sub.c
-	$(CC) -o $(OBJ_D)/bn_sub.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_sub.c
+	$(CC) -o $(OBJ_D)/bn_sub.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_sub.c
 
 $(OBJ_D)/bn_word.o: $(SRC_D)/crypto/bn/bn_word.c
-	$(CC) -o $(OBJ_D)/bn_word.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_word.c
+	$(CC) -o $(OBJ_D)/bn_word.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_word.c
+
+$(OBJ_D)/bn_blind.o: $(SRC_D)/crypto/bn/bn_blind.c
+	$(CC) -o $(OBJ_D)/bn_blind.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_blind.c
 
 $(OBJ_D)/bn_gcd.o: $(SRC_D)/crypto/bn/bn_gcd.c
-	$(CC) -o $(OBJ_D)/bn_gcd.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_gcd.c
+	$(CC) -o $(OBJ_D)/bn_gcd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_gcd.c
 
 $(OBJ_D)/bn_prime.o: $(SRC_D)/crypto/bn/bn_prime.c
-	$(CC) -o $(OBJ_D)/bn_prime.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_prime.c
+	$(CC) -o $(OBJ_D)/bn_prime.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_prime.c
 
 $(OBJ_D)/bn_err.o: $(SRC_D)/crypto/bn/bn_err.c
-	$(CC) -o $(OBJ_D)/bn_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_err.c
+	$(CC) -o $(OBJ_D)/bn_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_err.c
 
 $(OBJ_D)/bn_sqr.o: $(SRC_D)/crypto/bn/bn_sqr.c
-	$(CC) -o $(OBJ_D)/bn_sqr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_sqr.c
+	$(CC) -o $(OBJ_D)/bn_sqr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_sqr.c
 
 $(OBJ_D)/bn_mulw.o: $(SRC_D)/crypto/bn/bn_mulw.c
-	$(CC) -o $(OBJ_D)/bn_mulw.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mulw.c
+	$(CC) -o $(OBJ_D)/bn_mulw.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mulw.c
 
 $(OBJ_D)/bn_recp.o: $(SRC_D)/crypto/bn/bn_recp.c
-	$(CC) -o $(OBJ_D)/bn_recp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_recp.c
+	$(CC) -o $(OBJ_D)/bn_recp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_recp.c
 
 $(OBJ_D)/bn_mont.o: $(SRC_D)/crypto/bn/bn_mont.c
-	$(CC) -o $(OBJ_D)/bn_mont.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mont.c
+	$(CC) -o $(OBJ_D)/bn_mont.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mont.c
 
-$(OBJ_D)/rsa_enc.o: $(SRC_D)/crypto/rsa/rsa_enc.c
-	$(CC) -o $(OBJ_D)/rsa_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_enc.c
+$(OBJ_D)/bn_mpi.o: $(SRC_D)/crypto/bn/bn_mpi.c
+	$(CC) -o $(OBJ_D)/bn_mpi.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mpi.c
+
+$(OBJ_D)/rsa_eay.o: $(SRC_D)/crypto/rsa/rsa_eay.c
+	$(CC) -o $(OBJ_D)/rsa_eay.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_eay.c
 
 $(OBJ_D)/rsa_gen.o: $(SRC_D)/crypto/rsa/rsa_gen.c
-	$(CC) -o $(OBJ_D)/rsa_gen.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_gen.c
+	$(CC) -o $(OBJ_D)/rsa_gen.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_gen.c
 
 $(OBJ_D)/rsa_lib.o: $(SRC_D)/crypto/rsa/rsa_lib.c
-	$(CC) -o $(OBJ_D)/rsa_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_lib.c
+	$(CC) -o $(OBJ_D)/rsa_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_lib.c
 
 $(OBJ_D)/rsa_sign.o: $(SRC_D)/crypto/rsa/rsa_sign.c
-	$(CC) -o $(OBJ_D)/rsa_sign.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_sign.c
+	$(CC) -o $(OBJ_D)/rsa_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_sign.c
 
 $(OBJ_D)/rsa_saos.o: $(SRC_D)/crypto/rsa/rsa_saos.c
-	$(CC) -o $(OBJ_D)/rsa_saos.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_saos.c
+	$(CC) -o $(OBJ_D)/rsa_saos.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_saos.c
 
 $(OBJ_D)/rsa_err.o: $(SRC_D)/crypto/rsa/rsa_err.c
-	$(CC) -o $(OBJ_D)/rsa_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_err.c
+	$(CC) -o $(OBJ_D)/rsa_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_err.c
+
+$(OBJ_D)/rsa_pk1.o: $(SRC_D)/crypto/rsa/rsa_pk1.c
+	$(CC) -o $(OBJ_D)/rsa_pk1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_pk1.c
+
+$(OBJ_D)/rsa_ssl.o: $(SRC_D)/crypto/rsa/rsa_ssl.c
+	$(CC) -o $(OBJ_D)/rsa_ssl.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_ssl.c
+
+$(OBJ_D)/rsa_none.o: $(SRC_D)/crypto/rsa/rsa_none.c
+	$(CC) -o $(OBJ_D)/rsa_none.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_none.c
 
 $(OBJ_D)/dsa_gen.o: $(SRC_D)/crypto/dsa/dsa_gen.c
-	$(CC) -o $(OBJ_D)/dsa_gen.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_gen.c
+	$(CC) -o $(OBJ_D)/dsa_gen.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_gen.c
 
 $(OBJ_D)/dsa_key.o: $(SRC_D)/crypto/dsa/dsa_key.c
-	$(CC) -o $(OBJ_D)/dsa_key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_key.c
+	$(CC) -o $(OBJ_D)/dsa_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_key.c
 
 $(OBJ_D)/dsa_lib.o: $(SRC_D)/crypto/dsa/dsa_lib.c
-	$(CC) -o $(OBJ_D)/dsa_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_lib.c
+	$(CC) -o $(OBJ_D)/dsa_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_lib.c
 
 $(OBJ_D)/dsa_vrf.o: $(SRC_D)/crypto/dsa/dsa_vrf.c
-	$(CC) -o $(OBJ_D)/dsa_vrf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_vrf.c
+	$(CC) -o $(OBJ_D)/dsa_vrf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_vrf.c
 
 $(OBJ_D)/dsa_sign.o: $(SRC_D)/crypto/dsa/dsa_sign.c
-	$(CC) -o $(OBJ_D)/dsa_sign.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_sign.c
+	$(CC) -o $(OBJ_D)/dsa_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_sign.c
 
 $(OBJ_D)/dsa_err.o: $(SRC_D)/crypto/dsa/dsa_err.c
-	$(CC) -o $(OBJ_D)/dsa_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_err.c
+	$(CC) -o $(OBJ_D)/dsa_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_err.c
 
 $(OBJ_D)/dh_gen.o: $(SRC_D)/crypto/dh/dh_gen.c
-	$(CC) -o $(OBJ_D)/dh_gen.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_gen.c
+	$(CC) -o $(OBJ_D)/dh_gen.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_gen.c
 
 $(OBJ_D)/dh_key.o: $(SRC_D)/crypto/dh/dh_key.c
-	$(CC) -o $(OBJ_D)/dh_key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_key.c
+	$(CC) -o $(OBJ_D)/dh_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_key.c
 
 $(OBJ_D)/dh_lib.o: $(SRC_D)/crypto/dh/dh_lib.c
-	$(CC) -o $(OBJ_D)/dh_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_lib.c
+	$(CC) -o $(OBJ_D)/dh_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_lib.c
 
 $(OBJ_D)/dh_check.o: $(SRC_D)/crypto/dh/dh_check.c
-	$(CC) -o $(OBJ_D)/dh_check.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_check.c
+	$(CC) -o $(OBJ_D)/dh_check.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_check.c
 
 $(OBJ_D)/dh_err.o: $(SRC_D)/crypto/dh/dh_err.c
-	$(CC) -o $(OBJ_D)/dh_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_err.c
+	$(CC) -o $(OBJ_D)/dh_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_err.c
 
 $(OBJ_D)/buffer.o: $(SRC_D)/crypto/buffer/buffer.c
-	$(CC) -o $(OBJ_D)/buffer.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/buffer/buffer.c
+	$(CC) -o $(OBJ_D)/buffer.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/buffer/buffer.c
 
 $(OBJ_D)/buf_err.o: $(SRC_D)/crypto/buffer/buf_err.c
-	$(CC) -o $(OBJ_D)/buf_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/buffer/buf_err.c
+	$(CC) -o $(OBJ_D)/buf_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/buffer/buf_err.c
 
 $(OBJ_D)/bio_lib.o: $(SRC_D)/crypto/bio/bio_lib.c
-	$(CC) -o $(OBJ_D)/bio_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_lib.c
+	$(CC) -o $(OBJ_D)/bio_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_lib.c
 
 $(OBJ_D)/bio_cb.o: $(SRC_D)/crypto/bio/bio_cb.c
-	$(CC) -o $(OBJ_D)/bio_cb.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_cb.c
+	$(CC) -o $(OBJ_D)/bio_cb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_cb.c
 
 $(OBJ_D)/bio_err.o: $(SRC_D)/crypto/bio/bio_err.c
-	$(CC) -o $(OBJ_D)/bio_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_err.c
+	$(CC) -o $(OBJ_D)/bio_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_err.c
 
 $(OBJ_D)/bss_mem.o: $(SRC_D)/crypto/bio/bss_mem.c
-	$(CC) -o $(OBJ_D)/bss_mem.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_mem.c
+	$(CC) -o $(OBJ_D)/bss_mem.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_mem.c
 
 $(OBJ_D)/bss_null.o: $(SRC_D)/crypto/bio/bss_null.c
-	$(CC) -o $(OBJ_D)/bss_null.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_null.c
+	$(CC) -o $(OBJ_D)/bss_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_null.c
 
 $(OBJ_D)/bss_fd.o: $(SRC_D)/crypto/bio/bss_fd.c
-	$(CC) -o $(OBJ_D)/bss_fd.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_fd.c
+	$(CC) -o $(OBJ_D)/bss_fd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_fd.c
 
 $(OBJ_D)/bss_file.o: $(SRC_D)/crypto/bio/bss_file.c
-	$(CC) -o $(OBJ_D)/bss_file.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_file.c
+	$(CC) -o $(OBJ_D)/bss_file.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_file.c
 
 $(OBJ_D)/bss_sock.o: $(SRC_D)/crypto/bio/bss_sock.c
-	$(CC) -o $(OBJ_D)/bss_sock.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_sock.c
+	$(CC) -o $(OBJ_D)/bss_sock.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_sock.c
 
 $(OBJ_D)/bss_conn.o: $(SRC_D)/crypto/bio/bss_conn.c
-	$(CC) -o $(OBJ_D)/bss_conn.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_conn.c
+	$(CC) -o $(OBJ_D)/bss_conn.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_conn.c
 
 $(OBJ_D)/bf_null.o: $(SRC_D)/crypto/bio/bf_null.c
-	$(CC) -o $(OBJ_D)/bf_null.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_null.c
+	$(CC) -o $(OBJ_D)/bf_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_null.c
 
 $(OBJ_D)/bf_buff.o: $(SRC_D)/crypto/bio/bf_buff.c
-	$(CC) -o $(OBJ_D)/bf_buff.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_buff.c
+	$(CC) -o $(OBJ_D)/bf_buff.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_buff.c
 
 $(OBJ_D)/b_print.o: $(SRC_D)/crypto/bio/b_print.c
-	$(CC) -o $(OBJ_D)/b_print.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_print.c
+	$(CC) -o $(OBJ_D)/b_print.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_print.c
 
 $(OBJ_D)/b_dump.o: $(SRC_D)/crypto/bio/b_dump.c
-	$(CC) -o $(OBJ_D)/b_dump.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_dump.c
+	$(CC) -o $(OBJ_D)/b_dump.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_dump.c
 
 $(OBJ_D)/b_sock.o: $(SRC_D)/crypto/bio/b_sock.c
-	$(CC) -o $(OBJ_D)/b_sock.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_sock.c
+	$(CC) -o $(OBJ_D)/b_sock.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_sock.c
 
 $(OBJ_D)/bss_acpt.o: $(SRC_D)/crypto/bio/bss_acpt.c
-	$(CC) -o $(OBJ_D)/bss_acpt.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_acpt.c
+	$(CC) -o $(OBJ_D)/bss_acpt.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_acpt.c
 
 $(OBJ_D)/bf_nbio.o: $(SRC_D)/crypto/bio/bf_nbio.c
-	$(CC) -o $(OBJ_D)/bf_nbio.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_nbio.c
+	$(CC) -o $(OBJ_D)/bf_nbio.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_nbio.c
 
 $(OBJ_D)/stack.o: $(SRC_D)/crypto/stack/stack.c
-	$(CC) -o $(OBJ_D)/stack.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/stack/stack.c
+	$(CC) -o $(OBJ_D)/stack.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/stack/stack.c
 
 $(OBJ_D)/lhash.o: $(SRC_D)/crypto/lhash/lhash.c
-	$(CC) -o $(OBJ_D)/lhash.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/lhash/lhash.c
+	$(CC) -o $(OBJ_D)/lhash.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/lhash/lhash.c
 
 $(OBJ_D)/lh_stats.o: $(SRC_D)/crypto/lhash/lh_stats.c
-	$(CC) -o $(OBJ_D)/lh_stats.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/lhash/lh_stats.c
+	$(CC) -o $(OBJ_D)/lh_stats.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/lhash/lh_stats.c
 
 $(OBJ_D)/md_rand.o: $(SRC_D)/crypto/rand/md_rand.c
-	$(CC) -o $(OBJ_D)/md_rand.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rand/md_rand.c
+	$(CC) -o $(OBJ_D)/md_rand.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rand/md_rand.c
 
 $(OBJ_D)/randfile.o: $(SRC_D)/crypto/rand/randfile.c
-	$(CC) -o $(OBJ_D)/randfile.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rand/randfile.c
+	$(CC) -o $(OBJ_D)/randfile.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rand/randfile.c
 
 $(OBJ_D)/err.o: $(SRC_D)/crypto/err/err.c
-	$(CC) -o $(OBJ_D)/err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err.c
+	$(CC) -o $(OBJ_D)/err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err.c
 
 $(OBJ_D)/err_all.o: $(SRC_D)/crypto/err/err_all.c
-	$(CC) -o $(OBJ_D)/err_all.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err_all.c
+	$(CC) -o $(OBJ_D)/err_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err_all.c
 
 $(OBJ_D)/err_prn.o: $(SRC_D)/crypto/err/err_prn.c
-	$(CC) -o $(OBJ_D)/err_prn.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err_prn.c
+	$(CC) -o $(OBJ_D)/err_prn.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err_prn.c
 
 $(OBJ_D)/obj_dat.o: $(SRC_D)/crypto/objects/obj_dat.c
-	$(CC) -o $(OBJ_D)/obj_dat.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_dat.c
+	$(CC) -o $(OBJ_D)/obj_dat.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_dat.c
 
 $(OBJ_D)/obj_lib.o: $(SRC_D)/crypto/objects/obj_lib.c
-	$(CC) -o $(OBJ_D)/obj_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_lib.c
+	$(CC) -o $(OBJ_D)/obj_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_lib.c
 
 $(OBJ_D)/obj_err.o: $(SRC_D)/crypto/objects/obj_err.c
-	$(CC) -o $(OBJ_D)/obj_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_err.c
+	$(CC) -o $(OBJ_D)/obj_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_err.c
 
 $(OBJ_D)/encode.o: $(SRC_D)/crypto/evp/encode.c
-	$(CC) -o $(OBJ_D)/encode.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/encode.c
+	$(CC) -o $(OBJ_D)/encode.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/encode.c
 
 $(OBJ_D)/digest.o: $(SRC_D)/crypto/evp/digest.c
-	$(CC) -o $(OBJ_D)/digest.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/digest.c
+	$(CC) -o $(OBJ_D)/digest.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/digest.c
 
 $(OBJ_D)/evp_enc.o: $(SRC_D)/crypto/evp/evp_enc.c
-	$(CC) -o $(OBJ_D)/evp_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_enc.c
+	$(CC) -o $(OBJ_D)/evp_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_enc.c
 
 $(OBJ_D)/evp_key.o: $(SRC_D)/crypto/evp/evp_key.c
-	$(CC) -o $(OBJ_D)/evp_key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_key.c
+	$(CC) -o $(OBJ_D)/evp_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_key.c
 
 $(OBJ_D)/e_ecb_d.o: $(SRC_D)/crypto/evp/e_ecb_d.c
-	$(CC) -o $(OBJ_D)/e_ecb_d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_d.c
+	$(CC) -o $(OBJ_D)/e_ecb_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_d.c
 
 $(OBJ_D)/e_cbc_d.o: $(SRC_D)/crypto/evp/e_cbc_d.c
-	$(CC) -o $(OBJ_D)/e_cbc_d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_d.c
+	$(CC) -o $(OBJ_D)/e_cbc_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_d.c
 
 $(OBJ_D)/e_cfb_d.o: $(SRC_D)/crypto/evp/e_cfb_d.c
-	$(CC) -o $(OBJ_D)/e_cfb_d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_d.c
+	$(CC) -o $(OBJ_D)/e_cfb_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_d.c
 
 $(OBJ_D)/e_ofb_d.o: $(SRC_D)/crypto/evp/e_ofb_d.c
-	$(CC) -o $(OBJ_D)/e_ofb_d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_d.c
+	$(CC) -o $(OBJ_D)/e_ofb_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_d.c
 
 $(OBJ_D)/e_ecb_i.o: $(SRC_D)/crypto/evp/e_ecb_i.c
-	$(CC) -o $(OBJ_D)/e_ecb_i.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_i.c
+	$(CC) -o $(OBJ_D)/e_ecb_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_i.c
 
 $(OBJ_D)/e_cbc_i.o: $(SRC_D)/crypto/evp/e_cbc_i.c
-	$(CC) -o $(OBJ_D)/e_cbc_i.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_i.c
+	$(CC) -o $(OBJ_D)/e_cbc_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_i.c
 
 $(OBJ_D)/e_cfb_i.o: $(SRC_D)/crypto/evp/e_cfb_i.c
-	$(CC) -o $(OBJ_D)/e_cfb_i.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_i.c
+	$(CC) -o $(OBJ_D)/e_cfb_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_i.c
 
 $(OBJ_D)/e_ofb_i.o: $(SRC_D)/crypto/evp/e_ofb_i.c
-	$(CC) -o $(OBJ_D)/e_ofb_i.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_i.c
+	$(CC) -o $(OBJ_D)/e_ofb_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_i.c
 
 $(OBJ_D)/e_ecb_3d.o: $(SRC_D)/crypto/evp/e_ecb_3d.c
-	$(CC) -o $(OBJ_D)/e_ecb_3d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_3d.c
+	$(CC) -o $(OBJ_D)/e_ecb_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_3d.c
 
 $(OBJ_D)/e_cbc_3d.o: $(SRC_D)/crypto/evp/e_cbc_3d.c
-	$(CC) -o $(OBJ_D)/e_cbc_3d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_3d.c
+	$(CC) -o $(OBJ_D)/e_cbc_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_3d.c
 
 $(OBJ_D)/e_rc4.o: $(SRC_D)/crypto/evp/e_rc4.c
-	$(CC) -o $(OBJ_D)/e_rc4.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_rc4.c
+	$(CC) -o $(OBJ_D)/e_rc4.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_rc4.c
 
 $(OBJ_D)/names.o: $(SRC_D)/crypto/evp/names.c
-	$(CC) -o $(OBJ_D)/names.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/names.c
+	$(CC) -o $(OBJ_D)/names.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/names.c
 
 $(OBJ_D)/e_cfb_3d.o: $(SRC_D)/crypto/evp/e_cfb_3d.c
-	$(CC) -o $(OBJ_D)/e_cfb_3d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_3d.c
+	$(CC) -o $(OBJ_D)/e_cfb_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_3d.c
 
 $(OBJ_D)/e_ofb_3d.o: $(SRC_D)/crypto/evp/e_ofb_3d.c
-	$(CC) -o $(OBJ_D)/e_ofb_3d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_3d.c
+	$(CC) -o $(OBJ_D)/e_ofb_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_3d.c
 
 $(OBJ_D)/e_xcbc_d.o: $(SRC_D)/crypto/evp/e_xcbc_d.c
-	$(CC) -o $(OBJ_D)/e_xcbc_d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_xcbc_d.c
+	$(CC) -o $(OBJ_D)/e_xcbc_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_xcbc_d.c
 
 $(OBJ_D)/e_ecb_r2.o: $(SRC_D)/crypto/evp/e_ecb_r2.c
-	$(CC) -o $(OBJ_D)/e_ecb_r2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_r2.c
+	$(CC) -o $(OBJ_D)/e_ecb_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_r2.c
 
 $(OBJ_D)/e_cbc_r2.o: $(SRC_D)/crypto/evp/e_cbc_r2.c
-	$(CC) -o $(OBJ_D)/e_cbc_r2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_r2.c
+	$(CC) -o $(OBJ_D)/e_cbc_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_r2.c
 
 $(OBJ_D)/e_cfb_r2.o: $(SRC_D)/crypto/evp/e_cfb_r2.c
-	$(CC) -o $(OBJ_D)/e_cfb_r2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_r2.c
+	$(CC) -o $(OBJ_D)/e_cfb_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_r2.c
 
 $(OBJ_D)/e_ofb_r2.o: $(SRC_D)/crypto/evp/e_ofb_r2.c
-	$(CC) -o $(OBJ_D)/e_ofb_r2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_r2.c
+	$(CC) -o $(OBJ_D)/e_ofb_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_r2.c
 
 $(OBJ_D)/e_ecb_bf.o: $(SRC_D)/crypto/evp/e_ecb_bf.c
-	$(CC) -o $(OBJ_D)/e_ecb_bf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_bf.c
+	$(CC) -o $(OBJ_D)/e_ecb_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_bf.c
 
 $(OBJ_D)/e_cbc_bf.o: $(SRC_D)/crypto/evp/e_cbc_bf.c
-	$(CC) -o $(OBJ_D)/e_cbc_bf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_bf.c
+	$(CC) -o $(OBJ_D)/e_cbc_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_bf.c
 
 $(OBJ_D)/e_cfb_bf.o: $(SRC_D)/crypto/evp/e_cfb_bf.c
-	$(CC) -o $(OBJ_D)/e_cfb_bf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_bf.c
+	$(CC) -o $(OBJ_D)/e_cfb_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_bf.c
 
 $(OBJ_D)/e_ofb_bf.o: $(SRC_D)/crypto/evp/e_ofb_bf.c
-	$(CC) -o $(OBJ_D)/e_ofb_bf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_bf.c
+	$(CC) -o $(OBJ_D)/e_ofb_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_bf.c
+
+$(OBJ_D)/e_ecb_c.o: $(SRC_D)/crypto/evp/e_ecb_c.c
+	$(CC) -o $(OBJ_D)/e_ecb_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_c.c
+
+$(OBJ_D)/e_cbc_c.o: $(SRC_D)/crypto/evp/e_cbc_c.c
+	$(CC) -o $(OBJ_D)/e_cbc_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_c.c
+
+$(OBJ_D)/e_cfb_c.o: $(SRC_D)/crypto/evp/e_cfb_c.c
+	$(CC) -o $(OBJ_D)/e_cfb_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_c.c
+
+$(OBJ_D)/e_ofb_c.o: $(SRC_D)/crypto/evp/e_ofb_c.c
+	$(CC) -o $(OBJ_D)/e_ofb_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_c.c
+
+$(OBJ_D)/e_ecb_r5.o: $(SRC_D)/crypto/evp/e_ecb_r5.c
+	$(CC) -o $(OBJ_D)/e_ecb_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_r5.c
+
+$(OBJ_D)/e_cbc_r5.o: $(SRC_D)/crypto/evp/e_cbc_r5.c
+	$(CC) -o $(OBJ_D)/e_cbc_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_r5.c
+
+$(OBJ_D)/e_cfb_r5.o: $(SRC_D)/crypto/evp/e_cfb_r5.c
+	$(CC) -o $(OBJ_D)/e_cfb_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_r5.c
+
+$(OBJ_D)/e_ofb_r5.o: $(SRC_D)/crypto/evp/e_ofb_r5.c
+	$(CC) -o $(OBJ_D)/e_ofb_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_r5.c
 
 $(OBJ_D)/m_null.o: $(SRC_D)/crypto/evp/m_null.c
-	$(CC) -o $(OBJ_D)/m_null.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_null.c
+	$(CC) -o $(OBJ_D)/m_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_null.c
 
 $(OBJ_D)/m_md2.o: $(SRC_D)/crypto/evp/m_md2.c
-	$(CC) -o $(OBJ_D)/m_md2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_md2.c
+	$(CC) -o $(OBJ_D)/m_md2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_md2.c
 
 $(OBJ_D)/m_md5.o: $(SRC_D)/crypto/evp/m_md5.c
-	$(CC) -o $(OBJ_D)/m_md5.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_md5.c
+	$(CC) -o $(OBJ_D)/m_md5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_md5.c
 
 $(OBJ_D)/m_sha.o: $(SRC_D)/crypto/evp/m_sha.c
-	$(CC) -o $(OBJ_D)/m_sha.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_sha.c
+	$(CC) -o $(OBJ_D)/m_sha.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_sha.c
 
 $(OBJ_D)/m_sha1.o: $(SRC_D)/crypto/evp/m_sha1.c
-	$(CC) -o $(OBJ_D)/m_sha1.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_sha1.c
+	$(CC) -o $(OBJ_D)/m_sha1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_sha1.c
 
 $(OBJ_D)/m_dss.o: $(SRC_D)/crypto/evp/m_dss.c
-	$(CC) -o $(OBJ_D)/m_dss.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_dss.c
+	$(CC) -o $(OBJ_D)/m_dss.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_dss.c
 
 $(OBJ_D)/m_dss1.o: $(SRC_D)/crypto/evp/m_dss1.c
-	$(CC) -o $(OBJ_D)/m_dss1.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_dss1.c
+	$(CC) -o $(OBJ_D)/m_dss1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_dss1.c
 
 $(OBJ_D)/m_mdc2.o: $(SRC_D)/crypto/evp/m_mdc2.c
-	$(CC) -o $(OBJ_D)/m_mdc2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_mdc2.c
+	$(CC) -o $(OBJ_D)/m_mdc2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_mdc2.c
+
+$(OBJ_D)/m_ripemd.o: $(SRC_D)/crypto/evp/m_ripemd.c
+	$(CC) -o $(OBJ_D)/m_ripemd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_ripemd.c
 
 $(OBJ_D)/p_open.o: $(SRC_D)/crypto/evp/p_open.c
-	$(CC) -o $(OBJ_D)/p_open.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_open.c
+	$(CC) -o $(OBJ_D)/p_open.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_open.c
 
 $(OBJ_D)/p_seal.o: $(SRC_D)/crypto/evp/p_seal.c
-	$(CC) -o $(OBJ_D)/p_seal.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_seal.c
+	$(CC) -o $(OBJ_D)/p_seal.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_seal.c
 
 $(OBJ_D)/p_sign.o: $(SRC_D)/crypto/evp/p_sign.c
-	$(CC) -o $(OBJ_D)/p_sign.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_sign.c
+	$(CC) -o $(OBJ_D)/p_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_sign.c
 
 $(OBJ_D)/p_verify.o: $(SRC_D)/crypto/evp/p_verify.c
-	$(CC) -o $(OBJ_D)/p_verify.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_verify.c
+	$(CC) -o $(OBJ_D)/p_verify.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_verify.c
 
 $(OBJ_D)/p_lib.o: $(SRC_D)/crypto/evp/p_lib.c
-	$(CC) -o $(OBJ_D)/p_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_lib.c
+	$(CC) -o $(OBJ_D)/p_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_lib.c
+
+$(OBJ_D)/p_enc.o: $(SRC_D)/crypto/evp/p_enc.c
+	$(CC) -o $(OBJ_D)/p_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_enc.c
+
+$(OBJ_D)/p_dec.o: $(SRC_D)/crypto/evp/p_dec.c
+	$(CC) -o $(OBJ_D)/p_dec.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_dec.c
 
 $(OBJ_D)/bio_md.o: $(SRC_D)/crypto/evp/bio_md.c
-	$(CC) -o $(OBJ_D)/bio_md.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_md.c
+	$(CC) -o $(OBJ_D)/bio_md.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_md.c
 
 $(OBJ_D)/bio_b64.o: $(SRC_D)/crypto/evp/bio_b64.c
-	$(CC) -o $(OBJ_D)/bio_b64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_b64.c
+	$(CC) -o $(OBJ_D)/bio_b64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_b64.c
 
 $(OBJ_D)/bio_enc.o: $(SRC_D)/crypto/evp/bio_enc.c
-	$(CC) -o $(OBJ_D)/bio_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_enc.c
+	$(CC) -o $(OBJ_D)/bio_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_enc.c
 
 $(OBJ_D)/evp_err.o: $(SRC_D)/crypto/evp/evp_err.c
-	$(CC) -o $(OBJ_D)/evp_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_err.c
+	$(CC) -o $(OBJ_D)/evp_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_err.c
 
 $(OBJ_D)/e_null.o: $(SRC_D)/crypto/evp/e_null.c
-	$(CC) -o $(OBJ_D)/e_null.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_null.c
+	$(CC) -o $(OBJ_D)/e_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_null.c
 
 $(OBJ_D)/c_all.o: $(SRC_D)/crypto/evp/c_all.c
-	$(CC) -o $(OBJ_D)/c_all.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/c_all.c
+	$(CC) -o $(OBJ_D)/c_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/c_all.c
+
+$(OBJ_D)/evp_lib.o: $(SRC_D)/crypto/evp/evp_lib.c
+	$(CC) -o $(OBJ_D)/evp_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_lib.c
 
 $(OBJ_D)/pem_sign.o: $(SRC_D)/crypto/pem/pem_sign.c
-	$(CC) -o $(OBJ_D)/pem_sign.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_sign.c
+	$(CC) -o $(OBJ_D)/pem_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_sign.c
 
 $(OBJ_D)/pem_seal.o: $(SRC_D)/crypto/pem/pem_seal.c
-	$(CC) -o $(OBJ_D)/pem_seal.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_seal.c
+	$(CC) -o $(OBJ_D)/pem_seal.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_seal.c
 
 $(OBJ_D)/pem_info.o: $(SRC_D)/crypto/pem/pem_info.c
-	$(CC) -o $(OBJ_D)/pem_info.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_info.c
+	$(CC) -o $(OBJ_D)/pem_info.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_info.c
 
 $(OBJ_D)/pem_lib.o: $(SRC_D)/crypto/pem/pem_lib.c
-	$(CC) -o $(OBJ_D)/pem_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_lib.c
+	$(CC) -o $(OBJ_D)/pem_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_lib.c
 
 $(OBJ_D)/pem_all.o: $(SRC_D)/crypto/pem/pem_all.c
-	$(CC) -o $(OBJ_D)/pem_all.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_all.c
+	$(CC) -o $(OBJ_D)/pem_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_all.c
 
 $(OBJ_D)/pem_err.o: $(SRC_D)/crypto/pem/pem_err.c
-	$(CC) -o $(OBJ_D)/pem_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_err.c
+	$(CC) -o $(OBJ_D)/pem_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_err.c
 
 $(OBJ_D)/a_object.o: $(SRC_D)/crypto/asn1/a_object.c
-	$(CC) -o $(OBJ_D)/a_object.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_object.c
+	$(CC) -o $(OBJ_D)/a_object.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_object.c
 
 $(OBJ_D)/a_bitstr.o: $(SRC_D)/crypto/asn1/a_bitstr.c
-	$(CC) -o $(OBJ_D)/a_bitstr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bitstr.c
+	$(CC) -o $(OBJ_D)/a_bitstr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bitstr.c
 
 $(OBJ_D)/a_utctm.o: $(SRC_D)/crypto/asn1/a_utctm.c
-	$(CC) -o $(OBJ_D)/a_utctm.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_utctm.c
+	$(CC) -o $(OBJ_D)/a_utctm.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_utctm.c
 
 $(OBJ_D)/a_int.o: $(SRC_D)/crypto/asn1/a_int.c
-	$(CC) -o $(OBJ_D)/a_int.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_int.c
+	$(CC) -o $(OBJ_D)/a_int.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_int.c
 
 $(OBJ_D)/a_octet.o: $(SRC_D)/crypto/asn1/a_octet.c
-	$(CC) -o $(OBJ_D)/a_octet.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_octet.c
+	$(CC) -o $(OBJ_D)/a_octet.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_octet.c
 
 $(OBJ_D)/a_print.o: $(SRC_D)/crypto/asn1/a_print.c
-	$(CC) -o $(OBJ_D)/a_print.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_print.c
+	$(CC) -o $(OBJ_D)/a_print.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_print.c
 
 $(OBJ_D)/a_type.o: $(SRC_D)/crypto/asn1/a_type.c
-	$(CC) -o $(OBJ_D)/a_type.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_type.c
+	$(CC) -o $(OBJ_D)/a_type.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_type.c
 
 $(OBJ_D)/a_set.o: $(SRC_D)/crypto/asn1/a_set.c
-	$(CC) -o $(OBJ_D)/a_set.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_set.c
+	$(CC) -o $(OBJ_D)/a_set.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_set.c
 
 $(OBJ_D)/a_dup.o: $(SRC_D)/crypto/asn1/a_dup.c
-	$(CC) -o $(OBJ_D)/a_dup.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_dup.c
+	$(CC) -o $(OBJ_D)/a_dup.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_dup.c
 
 $(OBJ_D)/a_d2i_fp.o: $(SRC_D)/crypto/asn1/a_d2i_fp.c
-	$(CC) -o $(OBJ_D)/a_d2i_fp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_d2i_fp.c
+	$(CC) -o $(OBJ_D)/a_d2i_fp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_d2i_fp.c
 
 $(OBJ_D)/a_i2d_fp.o: $(SRC_D)/crypto/asn1/a_i2d_fp.c
-	$(CC) -o $(OBJ_D)/a_i2d_fp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_i2d_fp.c
+	$(CC) -o $(OBJ_D)/a_i2d_fp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_i2d_fp.c
 
 $(OBJ_D)/a_sign.o: $(SRC_D)/crypto/asn1/a_sign.c
-	$(CC) -o $(OBJ_D)/a_sign.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_sign.c
+	$(CC) -o $(OBJ_D)/a_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_sign.c
 
 $(OBJ_D)/a_digest.o: $(SRC_D)/crypto/asn1/a_digest.c
-	$(CC) -o $(OBJ_D)/a_digest.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_digest.c
+	$(CC) -o $(OBJ_D)/a_digest.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_digest.c
 
 $(OBJ_D)/a_verify.o: $(SRC_D)/crypto/asn1/a_verify.c
-	$(CC) -o $(OBJ_D)/a_verify.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_verify.c
+	$(CC) -o $(OBJ_D)/a_verify.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_verify.c
 
 $(OBJ_D)/x_algor.o: $(SRC_D)/crypto/asn1/x_algor.c
-	$(CC) -o $(OBJ_D)/x_algor.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_algor.c
+	$(CC) -o $(OBJ_D)/x_algor.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_algor.c
 
 $(OBJ_D)/x_val.o: $(SRC_D)/crypto/asn1/x_val.c
-	$(CC) -o $(OBJ_D)/x_val.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_val.c
+	$(CC) -o $(OBJ_D)/x_val.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_val.c
 
 $(OBJ_D)/x_pubkey.o: $(SRC_D)/crypto/asn1/x_pubkey.c
-	$(CC) -o $(OBJ_D)/x_pubkey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_pubkey.c
+	$(CC) -o $(OBJ_D)/x_pubkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_pubkey.c
 
 $(OBJ_D)/x_sig.o: $(SRC_D)/crypto/asn1/x_sig.c
-	$(CC) -o $(OBJ_D)/x_sig.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_sig.c
+	$(CC) -o $(OBJ_D)/x_sig.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_sig.c
 
 $(OBJ_D)/x_req.o: $(SRC_D)/crypto/asn1/x_req.c
-	$(CC) -o $(OBJ_D)/x_req.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_req.c
+	$(CC) -o $(OBJ_D)/x_req.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_req.c
 
 $(OBJ_D)/x_attrib.o: $(SRC_D)/crypto/asn1/x_attrib.c
-	$(CC) -o $(OBJ_D)/x_attrib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_attrib.c
+	$(CC) -o $(OBJ_D)/x_attrib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_attrib.c
 
 $(OBJ_D)/x_name.o: $(SRC_D)/crypto/asn1/x_name.c
-	$(CC) -o $(OBJ_D)/x_name.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_name.c
+	$(CC) -o $(OBJ_D)/x_name.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_name.c
 
 $(OBJ_D)/x_cinf.o: $(SRC_D)/crypto/asn1/x_cinf.c
-	$(CC) -o $(OBJ_D)/x_cinf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_cinf.c
+	$(CC) -o $(OBJ_D)/x_cinf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_cinf.c
 
 $(OBJ_D)/x_x509.o: $(SRC_D)/crypto/asn1/x_x509.c
-	$(CC) -o $(OBJ_D)/x_x509.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_x509.c
+	$(CC) -o $(OBJ_D)/x_x509.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_x509.c
 
 $(OBJ_D)/x_crl.o: $(SRC_D)/crypto/asn1/x_crl.c
-	$(CC) -o $(OBJ_D)/x_crl.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_crl.c
+	$(CC) -o $(OBJ_D)/x_crl.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_crl.c
 
 $(OBJ_D)/x_info.o: $(SRC_D)/crypto/asn1/x_info.c
-	$(CC) -o $(OBJ_D)/x_info.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_info.c
+	$(CC) -o $(OBJ_D)/x_info.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_info.c
 
 $(OBJ_D)/x_spki.o: $(SRC_D)/crypto/asn1/x_spki.c
-	$(CC) -o $(OBJ_D)/x_spki.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_spki.c
+	$(CC) -o $(OBJ_D)/x_spki.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_spki.c
 
 $(OBJ_D)/d2i_r_pr.o: $(SRC_D)/crypto/asn1/d2i_r_pr.c
-	$(CC) -o $(OBJ_D)/d2i_r_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_r_pr.c
+	$(CC) -o $(OBJ_D)/d2i_r_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_r_pr.c
 
 $(OBJ_D)/i2d_r_pr.o: $(SRC_D)/crypto/asn1/i2d_r_pr.c
-	$(CC) -o $(OBJ_D)/i2d_r_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_r_pr.c
+	$(CC) -o $(OBJ_D)/i2d_r_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_r_pr.c
 
 $(OBJ_D)/d2i_r_pu.o: $(SRC_D)/crypto/asn1/d2i_r_pu.c
-	$(CC) -o $(OBJ_D)/d2i_r_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_r_pu.c
+	$(CC) -o $(OBJ_D)/d2i_r_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_r_pu.c
 
 $(OBJ_D)/i2d_r_pu.o: $(SRC_D)/crypto/asn1/i2d_r_pu.c
-	$(CC) -o $(OBJ_D)/i2d_r_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_r_pu.c
+	$(CC) -o $(OBJ_D)/i2d_r_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_r_pu.c
 
 $(OBJ_D)/d2i_s_pr.o: $(SRC_D)/crypto/asn1/d2i_s_pr.c
-	$(CC) -o $(OBJ_D)/d2i_s_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_s_pr.c
+	$(CC) -o $(OBJ_D)/d2i_s_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_s_pr.c
 
 $(OBJ_D)/i2d_s_pr.o: $(SRC_D)/crypto/asn1/i2d_s_pr.c
-	$(CC) -o $(OBJ_D)/i2d_s_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_s_pr.c
+	$(CC) -o $(OBJ_D)/i2d_s_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_s_pr.c
 
 $(OBJ_D)/d2i_s_pu.o: $(SRC_D)/crypto/asn1/d2i_s_pu.c
-	$(CC) -o $(OBJ_D)/d2i_s_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_s_pu.c
+	$(CC) -o $(OBJ_D)/d2i_s_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_s_pu.c
 
 $(OBJ_D)/i2d_s_pu.o: $(SRC_D)/crypto/asn1/i2d_s_pu.c
-	$(CC) -o $(OBJ_D)/i2d_s_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_s_pu.c
+	$(CC) -o $(OBJ_D)/i2d_s_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_s_pu.c
 
 $(OBJ_D)/d2i_pu.o: $(SRC_D)/crypto/asn1/d2i_pu.c
-	$(CC) -o $(OBJ_D)/d2i_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_pu.c
+	$(CC) -o $(OBJ_D)/d2i_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_pu.c
 
 $(OBJ_D)/d2i_pr.o: $(SRC_D)/crypto/asn1/d2i_pr.c
-	$(CC) -o $(OBJ_D)/d2i_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_pr.c
+	$(CC) -o $(OBJ_D)/d2i_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_pr.c
 
 $(OBJ_D)/i2d_pu.o: $(SRC_D)/crypto/asn1/i2d_pu.c
-	$(CC) -o $(OBJ_D)/i2d_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_pu.c
+	$(CC) -o $(OBJ_D)/i2d_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_pu.c
 
 $(OBJ_D)/i2d_pr.o: $(SRC_D)/crypto/asn1/i2d_pr.c
-	$(CC) -o $(OBJ_D)/i2d_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_pr.c
+	$(CC) -o $(OBJ_D)/i2d_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_pr.c
 
 $(OBJ_D)/t_req.o: $(SRC_D)/crypto/asn1/t_req.c
-	$(CC) -o $(OBJ_D)/t_req.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_req.c
+	$(CC) -o $(OBJ_D)/t_req.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_req.c
 
 $(OBJ_D)/t_x509.o: $(SRC_D)/crypto/asn1/t_x509.c
-	$(CC) -o $(OBJ_D)/t_x509.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_x509.c
+	$(CC) -o $(OBJ_D)/t_x509.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_x509.c
 
 $(OBJ_D)/t_pkey.o: $(SRC_D)/crypto/asn1/t_pkey.c
-	$(CC) -o $(OBJ_D)/t_pkey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_pkey.c
+	$(CC) -o $(OBJ_D)/t_pkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_pkey.c
 
 $(OBJ_D)/p7_i_s.o: $(SRC_D)/crypto/asn1/p7_i_s.c
-	$(CC) -o $(OBJ_D)/p7_i_s.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_i_s.c
+	$(CC) -o $(OBJ_D)/p7_i_s.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_i_s.c
 
 $(OBJ_D)/p7_signi.o: $(SRC_D)/crypto/asn1/p7_signi.c
-	$(CC) -o $(OBJ_D)/p7_signi.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_signi.c
+	$(CC) -o $(OBJ_D)/p7_signi.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_signi.c
 
 $(OBJ_D)/p7_signd.o: $(SRC_D)/crypto/asn1/p7_signd.c
-	$(CC) -o $(OBJ_D)/p7_signd.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_signd.c
+	$(CC) -o $(OBJ_D)/p7_signd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_signd.c
 
 $(OBJ_D)/p7_recip.o: $(SRC_D)/crypto/asn1/p7_recip.c
-	$(CC) -o $(OBJ_D)/p7_recip.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_recip.c
+	$(CC) -o $(OBJ_D)/p7_recip.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_recip.c
 
 $(OBJ_D)/p7_enc_c.o: $(SRC_D)/crypto/asn1/p7_enc_c.c
-	$(CC) -o $(OBJ_D)/p7_enc_c.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_enc_c.c
+	$(CC) -o $(OBJ_D)/p7_enc_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_enc_c.c
 
 $(OBJ_D)/p7_evp.o: $(SRC_D)/crypto/asn1/p7_evp.c
-	$(CC) -o $(OBJ_D)/p7_evp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_evp.c
+	$(CC) -o $(OBJ_D)/p7_evp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_evp.c
 
 $(OBJ_D)/p7_dgst.o: $(SRC_D)/crypto/asn1/p7_dgst.c
-	$(CC) -o $(OBJ_D)/p7_dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_dgst.c
+	$(CC) -o $(OBJ_D)/p7_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_dgst.c
 
 $(OBJ_D)/p7_s_e.o: $(SRC_D)/crypto/asn1/p7_s_e.c
-	$(CC) -o $(OBJ_D)/p7_s_e.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_s_e.c
+	$(CC) -o $(OBJ_D)/p7_s_e.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_s_e.c
 
 $(OBJ_D)/p7_enc.o: $(SRC_D)/crypto/asn1/p7_enc.c
-	$(CC) -o $(OBJ_D)/p7_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_enc.c
+	$(CC) -o $(OBJ_D)/p7_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_enc.c
 
 $(OBJ_D)/p7_lib.o: $(SRC_D)/crypto/asn1/p7_lib.c
-	$(CC) -o $(OBJ_D)/p7_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_lib.c
+	$(CC) -o $(OBJ_D)/p7_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_lib.c
 
 $(OBJ_D)/f_int.o: $(SRC_D)/crypto/asn1/f_int.c
-	$(CC) -o $(OBJ_D)/f_int.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/f_int.c
+	$(CC) -o $(OBJ_D)/f_int.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/f_int.c
 
 $(OBJ_D)/f_string.o: $(SRC_D)/crypto/asn1/f_string.c
-	$(CC) -o $(OBJ_D)/f_string.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/f_string.c
+	$(CC) -o $(OBJ_D)/f_string.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/f_string.c
 
 $(OBJ_D)/i2d_dhp.o: $(SRC_D)/crypto/asn1/i2d_dhp.c
-	$(CC) -o $(OBJ_D)/i2d_dhp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_dhp.c
+	$(CC) -o $(OBJ_D)/i2d_dhp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_dhp.c
 
 $(OBJ_D)/i2d_dsap.o: $(SRC_D)/crypto/asn1/i2d_dsap.c
-	$(CC) -o $(OBJ_D)/i2d_dsap.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_dsap.c
+	$(CC) -o $(OBJ_D)/i2d_dsap.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_dsap.c
 
 $(OBJ_D)/d2i_dhp.o: $(SRC_D)/crypto/asn1/d2i_dhp.c
-	$(CC) -o $(OBJ_D)/d2i_dhp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_dhp.c
+	$(CC) -o $(OBJ_D)/d2i_dhp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_dhp.c
 
 $(OBJ_D)/d2i_dsap.o: $(SRC_D)/crypto/asn1/d2i_dsap.c
-	$(CC) -o $(OBJ_D)/d2i_dsap.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_dsap.c
+	$(CC) -o $(OBJ_D)/d2i_dsap.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_dsap.c
 
 $(OBJ_D)/n_pkey.o: $(SRC_D)/crypto/asn1/n_pkey.c
-	$(CC) -o $(OBJ_D)/n_pkey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/n_pkey.c
+	$(CC) -o $(OBJ_D)/n_pkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/n_pkey.c
 
 $(OBJ_D)/a_hdr.o: $(SRC_D)/crypto/asn1/a_hdr.c
-	$(CC) -o $(OBJ_D)/a_hdr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_hdr.c
+	$(CC) -o $(OBJ_D)/a_hdr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_hdr.c
 
 $(OBJ_D)/x_pkey.o: $(SRC_D)/crypto/asn1/x_pkey.c
-	$(CC) -o $(OBJ_D)/x_pkey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_pkey.c
+	$(CC) -o $(OBJ_D)/x_pkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_pkey.c
 
 $(OBJ_D)/a_bool.o: $(SRC_D)/crypto/asn1/a_bool.c
-	$(CC) -o $(OBJ_D)/a_bool.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bool.c
+	$(CC) -o $(OBJ_D)/a_bool.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bool.c
 
 $(OBJ_D)/x_exten.o: $(SRC_D)/crypto/asn1/x_exten.c
-	$(CC) -o $(OBJ_D)/x_exten.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_exten.c
+	$(CC) -o $(OBJ_D)/x_exten.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_exten.c
 
 $(OBJ_D)/asn1_par.o: $(SRC_D)/crypto/asn1/asn1_par.c
-	$(CC) -o $(OBJ_D)/asn1_par.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_par.c
+	$(CC) -o $(OBJ_D)/asn1_par.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_par.c
 
 $(OBJ_D)/asn1_lib.o: $(SRC_D)/crypto/asn1/asn1_lib.c
-	$(CC) -o $(OBJ_D)/asn1_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_lib.c
+	$(CC) -o $(OBJ_D)/asn1_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_lib.c
 
 $(OBJ_D)/asn1_err.o: $(SRC_D)/crypto/asn1/asn1_err.c
-	$(CC) -o $(OBJ_D)/asn1_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_err.c
+	$(CC) -o $(OBJ_D)/asn1_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_err.c
 
 $(OBJ_D)/a_meth.o: $(SRC_D)/crypto/asn1/a_meth.c
-	$(CC) -o $(OBJ_D)/a_meth.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_meth.c
+	$(CC) -o $(OBJ_D)/a_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_meth.c
 
 $(OBJ_D)/a_bytes.o: $(SRC_D)/crypto/asn1/a_bytes.c
-	$(CC) -o $(OBJ_D)/a_bytes.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bytes.c
+	$(CC) -o $(OBJ_D)/a_bytes.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bytes.c
+
+$(OBJ_D)/evp_asn1.o: $(SRC_D)/crypto/asn1/evp_asn1.c
+	$(CC) -o $(OBJ_D)/evp_asn1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/evp_asn1.c
 
 $(OBJ_D)/x509_def.o: $(SRC_D)/crypto/x509/x509_def.c
-	$(CC) -o $(OBJ_D)/x509_def.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_def.c
+	$(CC) -o $(OBJ_D)/x509_def.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_def.c
 
 $(OBJ_D)/x509_d2.o: $(SRC_D)/crypto/x509/x509_d2.c
-	$(CC) -o $(OBJ_D)/x509_d2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_d2.c
+	$(CC) -o $(OBJ_D)/x509_d2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_d2.c
 
 $(OBJ_D)/x509_r2x.o: $(SRC_D)/crypto/x509/x509_r2x.c
-	$(CC) -o $(OBJ_D)/x509_r2x.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_r2x.c
+	$(CC) -o $(OBJ_D)/x509_r2x.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_r2x.c
 
 $(OBJ_D)/x509_cmp.o: $(SRC_D)/crypto/x509/x509_cmp.c
-	$(CC) -o $(OBJ_D)/x509_cmp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_cmp.c
+	$(CC) -o $(OBJ_D)/x509_cmp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_cmp.c
 
 $(OBJ_D)/x509_obj.o: $(SRC_D)/crypto/x509/x509_obj.c
-	$(CC) -o $(OBJ_D)/x509_obj.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_obj.c
+	$(CC) -o $(OBJ_D)/x509_obj.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_obj.c
 
 $(OBJ_D)/x509_req.o: $(SRC_D)/crypto/x509/x509_req.c
-	$(CC) -o $(OBJ_D)/x509_req.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_req.c
+	$(CC) -o $(OBJ_D)/x509_req.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_req.c
 
 $(OBJ_D)/x509_vfy.o: $(SRC_D)/crypto/x509/x509_vfy.c
-	$(CC) -o $(OBJ_D)/x509_vfy.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_vfy.c
+	$(CC) -o $(OBJ_D)/x509_vfy.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_vfy.c
 
 $(OBJ_D)/x509_set.o: $(SRC_D)/crypto/x509/x509_set.c
-	$(CC) -o $(OBJ_D)/x509_set.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_set.c
+	$(CC) -o $(OBJ_D)/x509_set.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_set.c
 
 $(OBJ_D)/x509rset.o: $(SRC_D)/crypto/x509/x509rset.c
-	$(CC) -o $(OBJ_D)/x509rset.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509rset.c
+	$(CC) -o $(OBJ_D)/x509rset.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509rset.c
 
 $(OBJ_D)/x509_err.o: $(SRC_D)/crypto/x509/x509_err.c
-	$(CC) -o $(OBJ_D)/x509_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_err.c
+	$(CC) -o $(OBJ_D)/x509_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_err.c
 
 $(OBJ_D)/x509name.o: $(SRC_D)/crypto/x509/x509name.c
-	$(CC) -o $(OBJ_D)/x509name.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509name.c
+	$(CC) -o $(OBJ_D)/x509name.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509name.c
 
 $(OBJ_D)/x509_v3.o: $(SRC_D)/crypto/x509/x509_v3.c
-	$(CC) -o $(OBJ_D)/x509_v3.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_v3.c
+	$(CC) -o $(OBJ_D)/x509_v3.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_v3.c
 
 $(OBJ_D)/x509_ext.o: $(SRC_D)/crypto/x509/x509_ext.c
-	$(CC) -o $(OBJ_D)/x509_ext.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_ext.c
+	$(CC) -o $(OBJ_D)/x509_ext.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_ext.c
 
 $(OBJ_D)/x509pack.o: $(SRC_D)/crypto/x509/x509pack.c
-	$(CC) -o $(OBJ_D)/x509pack.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509pack.c
+	$(CC) -o $(OBJ_D)/x509pack.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509pack.c
 
 $(OBJ_D)/x509type.o: $(SRC_D)/crypto/x509/x509type.c
-	$(CC) -o $(OBJ_D)/x509type.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509type.c
+	$(CC) -o $(OBJ_D)/x509type.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509type.c
 
 $(OBJ_D)/x509_lu.o: $(SRC_D)/crypto/x509/x509_lu.c
-	$(CC) -o $(OBJ_D)/x509_lu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_lu.c
+	$(CC) -o $(OBJ_D)/x509_lu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_lu.c
 
 $(OBJ_D)/x_all.o: $(SRC_D)/crypto/x509/x_all.c
-	$(CC) -o $(OBJ_D)/x_all.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x_all.c
+	$(CC) -o $(OBJ_D)/x_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x_all.c
 
 $(OBJ_D)/x509_txt.o: $(SRC_D)/crypto/x509/x509_txt.c
-	$(CC) -o $(OBJ_D)/x509_txt.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_txt.c
+	$(CC) -o $(OBJ_D)/x509_txt.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_txt.c
 
 $(OBJ_D)/by_file.o: $(SRC_D)/crypto/x509/by_file.c
-	$(CC) -o $(OBJ_D)/by_file.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/by_file.c
+	$(CC) -o $(OBJ_D)/by_file.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/by_file.c
 
 $(OBJ_D)/by_dir.o: $(SRC_D)/crypto/x509/by_dir.c
-	$(CC) -o $(OBJ_D)/by_dir.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/by_dir.c
+	$(CC) -o $(OBJ_D)/by_dir.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/by_dir.c
 
 $(OBJ_D)/v3_net.o: $(SRC_D)/crypto/x509/v3_net.c
-	$(CC) -o $(OBJ_D)/v3_net.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/v3_net.c
+	$(CC) -o $(OBJ_D)/v3_net.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/v3_net.c
 
 $(OBJ_D)/v3_x509.o: $(SRC_D)/crypto/x509/v3_x509.c
-	$(CC) -o $(OBJ_D)/v3_x509.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/v3_x509.c
+	$(CC) -o $(OBJ_D)/v3_x509.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/v3_x509.c
 
 $(OBJ_D)/conf.o: $(SRC_D)/crypto/conf/conf.c
-	$(CC) -o $(OBJ_D)/conf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/conf/conf.c
+	$(CC) -o $(OBJ_D)/conf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/conf/conf.c
 
 $(OBJ_D)/conf_err.o: $(SRC_D)/crypto/conf/conf_err.c
-	$(CC) -o $(OBJ_D)/conf_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/conf/conf_err.c
+	$(CC) -o $(OBJ_D)/conf_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/conf/conf_err.c
 
 $(OBJ_D)/txt_db.o: $(SRC_D)/crypto/txt_db/txt_db.c
-	$(CC) -o $(OBJ_D)/txt_db.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/txt_db/txt_db.c
+	$(CC) -o $(OBJ_D)/txt_db.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/txt_db/txt_db.c
 
 $(OBJ_D)/pk7_lib.o: $(SRC_D)/crypto/pkcs7/pk7_lib.c
-	$(CC) -o $(OBJ_D)/pk7_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pk7_lib.c
+	$(CC) -o $(OBJ_D)/pk7_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pk7_lib.c
 
 $(OBJ_D)/pkcs7err.o: $(SRC_D)/crypto/pkcs7/pkcs7err.c
-	$(CC) -o $(OBJ_D)/pkcs7err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pkcs7err.c
+	$(CC) -o $(OBJ_D)/pkcs7err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pkcs7err.c
 
 $(OBJ_D)/pk7_doit.o: $(SRC_D)/crypto/pkcs7/pk7_doit.c
-	$(CC) -o $(OBJ_D)/pk7_doit.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pk7_doit.c
+	$(CC) -o $(OBJ_D)/pk7_doit.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pk7_doit.c
 
 $(OBJ_D)/s2_meth.o: $(SRC_D)/ssl/s2_meth.c
-	$(CC) -o $(OBJ_D)/s2_meth.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_meth.c
+	$(CC) -o $(OBJ_D)/s2_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_meth.c
 
 $(OBJ_D)/s2_srvr.o: $(SRC_D)/ssl/s2_srvr.c
-	$(CC) -o $(OBJ_D)/s2_srvr.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_srvr.c
+	$(CC) -o $(OBJ_D)/s2_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_srvr.c
 
 $(OBJ_D)/s2_clnt.o: $(SRC_D)/ssl/s2_clnt.c
-	$(CC) -o $(OBJ_D)/s2_clnt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_clnt.c
+	$(CC) -o $(OBJ_D)/s2_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_clnt.c
 
 $(OBJ_D)/s2_lib.o: $(SRC_D)/ssl/s2_lib.c
-	$(CC) -o $(OBJ_D)/s2_lib.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_lib.c
-
-$(OBJ_D)/s2_pkt.o: $(SRC_D)/ssl/s2_pkt.c
-	$(CC) -o $(OBJ_D)/s2_pkt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_pkt.c
+	$(CC) -o $(OBJ_D)/s2_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_lib.c
 
 $(OBJ_D)/s2_enc.o: $(SRC_D)/ssl/s2_enc.c
-	$(CC) -o $(OBJ_D)/s2_enc.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_enc.c
+	$(CC) -o $(OBJ_D)/s2_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_enc.c
+
+$(OBJ_D)/s2_pkt.o: $(SRC_D)/ssl/s2_pkt.c
+	$(CC) -o $(OBJ_D)/s2_pkt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_pkt.c
 
 $(OBJ_D)/s3_meth.o: $(SRC_D)/ssl/s3_meth.c
-	$(CC) -o $(OBJ_D)/s3_meth.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_meth.c
+	$(CC) -o $(OBJ_D)/s3_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_meth.c
 
 $(OBJ_D)/s3_srvr.o: $(SRC_D)/ssl/s3_srvr.c
-	$(CC) -o $(OBJ_D)/s3_srvr.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_srvr.c
+	$(CC) -o $(OBJ_D)/s3_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_srvr.c
 
 $(OBJ_D)/s3_clnt.o: $(SRC_D)/ssl/s3_clnt.c
-	$(CC) -o $(OBJ_D)/s3_clnt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_clnt.c
+	$(CC) -o $(OBJ_D)/s3_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_clnt.c
 
 $(OBJ_D)/s3_lib.o: $(SRC_D)/ssl/s3_lib.c
-	$(CC) -o $(OBJ_D)/s3_lib.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_lib.c
-
-$(OBJ_D)/s3_pkt.o: $(SRC_D)/ssl/s3_pkt.c
-	$(CC) -o $(OBJ_D)/s3_pkt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_pkt.c
+	$(CC) -o $(OBJ_D)/s3_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_lib.c
 
 $(OBJ_D)/s3_enc.o: $(SRC_D)/ssl/s3_enc.c
-	$(CC) -o $(OBJ_D)/s3_enc.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_enc.c
+	$(CC) -o $(OBJ_D)/s3_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_enc.c
+
+$(OBJ_D)/s3_pkt.o: $(SRC_D)/ssl/s3_pkt.c
+	$(CC) -o $(OBJ_D)/s3_pkt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_pkt.c
 
 $(OBJ_D)/s3_both.o: $(SRC_D)/ssl/s3_both.c
-	$(CC) -o $(OBJ_D)/s3_both.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_both.c
+	$(CC) -o $(OBJ_D)/s3_both.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_both.c
 
 $(OBJ_D)/s23_meth.o: $(SRC_D)/ssl/s23_meth.c
-	$(CC) -o $(OBJ_D)/s23_meth.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_meth.c
+	$(CC) -o $(OBJ_D)/s23_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_meth.c
 
 $(OBJ_D)/s23_srvr.o: $(SRC_D)/ssl/s23_srvr.c
-	$(CC) -o $(OBJ_D)/s23_srvr.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_srvr.c
+	$(CC) -o $(OBJ_D)/s23_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_srvr.c
 
 $(OBJ_D)/s23_clnt.o: $(SRC_D)/ssl/s23_clnt.c
-	$(CC) -o $(OBJ_D)/s23_clnt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_clnt.c
+	$(CC) -o $(OBJ_D)/s23_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_clnt.c
 
 $(OBJ_D)/s23_lib.o: $(SRC_D)/ssl/s23_lib.c
-	$(CC) -o $(OBJ_D)/s23_lib.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_lib.c
+	$(CC) -o $(OBJ_D)/s23_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_lib.c
 
 $(OBJ_D)/s23_pkt.o: $(SRC_D)/ssl/s23_pkt.c
-	$(CC) -o $(OBJ_D)/s23_pkt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_pkt.c
+	$(CC) -o $(OBJ_D)/s23_pkt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_pkt.c
+
+$(OBJ_D)/t1_meth.o: $(SRC_D)/ssl/t1_meth.c
+	$(CC) -o $(OBJ_D)/t1_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_meth.c
+
+$(OBJ_D)/t1_srvr.o: $(SRC_D)/ssl/t1_srvr.c
+	$(CC) -o $(OBJ_D)/t1_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_srvr.c
+
+$(OBJ_D)/t1_clnt.o: $(SRC_D)/ssl/t1_clnt.c
+	$(CC) -o $(OBJ_D)/t1_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_clnt.c
+
+$(OBJ_D)/t1_lib.o: $(SRC_D)/ssl/t1_lib.c
+	$(CC) -o $(OBJ_D)/t1_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_lib.c
+
+$(OBJ_D)/t1_enc.o: $(SRC_D)/ssl/t1_enc.c
+	$(CC) -o $(OBJ_D)/t1_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_enc.c
 
 $(OBJ_D)/ssl_lib.o: $(SRC_D)/ssl/ssl_lib.c
-	$(CC) -o $(OBJ_D)/ssl_lib.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_lib.c
+	$(CC) -o $(OBJ_D)/ssl_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_lib.c
 
 $(OBJ_D)/ssl_err2.o: $(SRC_D)/ssl/ssl_err2.c
-	$(CC) -o $(OBJ_D)/ssl_err2.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_err2.c
+	$(CC) -o $(OBJ_D)/ssl_err2.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_err2.c
 
 $(OBJ_D)/ssl_cert.o: $(SRC_D)/ssl/ssl_cert.c
-	$(CC) -o $(OBJ_D)/ssl_cert.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_cert.c
+	$(CC) -o $(OBJ_D)/ssl_cert.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_cert.c
 
 $(OBJ_D)/ssl_sess.o: $(SRC_D)/ssl/ssl_sess.c
-	$(CC) -o $(OBJ_D)/ssl_sess.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_sess.c
+	$(CC) -o $(OBJ_D)/ssl_sess.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_sess.c
 
 $(OBJ_D)/ssl_ciph.o: $(SRC_D)/ssl/ssl_ciph.c
-	$(CC) -o $(OBJ_D)/ssl_ciph.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_ciph.c
+	$(CC) -o $(OBJ_D)/ssl_ciph.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_ciph.c
 
 $(OBJ_D)/ssl_stat.o: $(SRC_D)/ssl/ssl_stat.c
-	$(CC) -o $(OBJ_D)/ssl_stat.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_stat.c
+	$(CC) -o $(OBJ_D)/ssl_stat.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_stat.c
 
 $(OBJ_D)/ssl_rsa.o: $(SRC_D)/ssl/ssl_rsa.c
-	$(CC) -o $(OBJ_D)/ssl_rsa.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_rsa.c
+	$(CC) -o $(OBJ_D)/ssl_rsa.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_rsa.c
 
 $(OBJ_D)/ssl_asn1.o: $(SRC_D)/ssl/ssl_asn1.c
-	$(CC) -o $(OBJ_D)/ssl_asn1.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_asn1.c
+	$(CC) -o $(OBJ_D)/ssl_asn1.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_asn1.c
 
 $(OBJ_D)/ssl_txt.o: $(SRC_D)/ssl/ssl_txt.c
-	$(CC) -o $(OBJ_D)/ssl_txt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_txt.c
+	$(CC) -o $(OBJ_D)/ssl_txt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_txt.c
 
 $(OBJ_D)/ssl_algs.o: $(SRC_D)/ssl/ssl_algs.c
-	$(CC) -o $(OBJ_D)/ssl_algs.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_algs.c
+	$(CC) -o $(OBJ_D)/ssl_algs.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_algs.c
 
 $(OBJ_D)/bio_ssl.o: $(SRC_D)/ssl/bio_ssl.c
-	$(CC) -o $(OBJ_D)/bio_ssl.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/bio_ssl.c
+	$(CC) -o $(OBJ_D)/bio_ssl.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/bio_ssl.c
 
 $(OBJ_D)/ssl_err.o: $(SRC_D)/ssl/ssl_err.c
-	$(CC) -o $(OBJ_D)/ssl_err.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_err.c
+	$(CC) -o $(OBJ_D)/ssl_err.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_err.c
 
 $(OBJ_D)/rsaref.o: $(SRC_D)/rsaref/rsaref.c
-	$(CC) -o $(OBJ_D)/rsaref.o $(LIB_CFLAGS) -c $(SRC_D)/rsaref/rsaref.c
+	$(CC) -o $(OBJ_D)/rsaref.o  $(LIB_CFLAGS) -c $(SRC_D)/rsaref/rsaref.c
 
 $(OBJ_D)/rsar_err.o: $(SRC_D)/rsaref/rsar_err.c
-	$(CC) -o $(OBJ_D)/rsar_err.o $(LIB_CFLAGS) -c $(SRC_D)/rsaref/rsar_err.c
+	$(CC) -o $(OBJ_D)/rsar_err.o  $(LIB_CFLAGS) -c $(SRC_D)/rsaref/rsar_err.c
 
 $(TEST_D)/md2test: $(OBJ_D)/md2test.o $(LIBS_DEP)
 	$(LINK) -o $(TEST_D)/md2test $(LFLAGS) $(OBJ_D)/md2test.o $(L_LIBS) $(EX_LIBS)
@@ -1523,14 +1716,23 @@ $(TEST_D)/sha1test: $(OBJ_D)/sha1test.o $(LIBS_DEP)
 $(TEST_D)/mdc2test: $(OBJ_D)/mdc2test.o $(LIBS_DEP)
 	$(LINK) -o $(TEST_D)/mdc2test $(LFLAGS) $(OBJ_D)/mdc2test.o $(L_LIBS) $(EX_LIBS)
 
+$(TEST_D)/hmactest: $(OBJ_D)/hmactest.o $(LIBS_DEP)
+	$(LINK) -o $(TEST_D)/hmactest $(LFLAGS) $(OBJ_D)/hmactest.o $(L_LIBS) $(EX_LIBS)
+
+$(TEST_D)/rmdtest: $(OBJ_D)/rmdtest.o $(LIBS_DEP)
+	$(LINK) -o $(TEST_D)/rmdtest $(LFLAGS) $(OBJ_D)/rmdtest.o $(L_LIBS) $(EX_LIBS)
+
 $(TEST_D)/destest: $(OBJ_D)/destest.o $(LIBS_DEP)
 	$(LINK) -o $(TEST_D)/destest $(LFLAGS) $(OBJ_D)/destest.o $(L_LIBS) $(EX_LIBS)
 
+$(TEST_D)/rc2test: $(OBJ_D)/rc2test.o $(LIBS_DEP)
+	$(LINK) -o $(TEST_D)/rc2test $(LFLAGS) $(OBJ_D)/rc2test.o $(L_LIBS) $(EX_LIBS)
+
 $(TEST_D)/rc4test: $(OBJ_D)/rc4test.o $(LIBS_DEP)
 	$(LINK) -o $(TEST_D)/rc4test $(LFLAGS) $(OBJ_D)/rc4test.o $(L_LIBS) $(EX_LIBS)
 
-$(TEST_D)/rc2test: $(OBJ_D)/rc2test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/rc2test $(LFLAGS) $(OBJ_D)/rc2test.o $(L_LIBS) $(EX_LIBS)
+$(TEST_D)/rc5test: $(OBJ_D)/rc5test.o $(LIBS_DEP)
+	$(LINK) -o $(TEST_D)/rc5test $(LFLAGS) $(OBJ_D)/rc5test.o $(L_LIBS) $(EX_LIBS)
 
 $(TEST_D)/ideatest: $(OBJ_D)/ideatest.o $(LIBS_DEP)
 	$(LINK) -o $(TEST_D)/ideatest $(LFLAGS) $(OBJ_D)/ideatest.o $(L_LIBS) $(EX_LIBS)
@@ -1538,6 +1740,9 @@ $(TEST_D)/ideatest: $(OBJ_D)/ideatest.o $(LIBS_DEP)
 $(TEST_D)/bftest: $(OBJ_D)/bftest.o $(LIBS_DEP)
 	$(LINK) -o $(TEST_D)/bftest $(LFLAGS) $(OBJ_D)/bftest.o $(L_LIBS) $(EX_LIBS)
 
+$(TEST_D)/casttest: $(OBJ_D)/casttest.o $(LIBS_DEP)
+	$(LINK) -o $(TEST_D)/casttest $(LFLAGS) $(OBJ_D)/casttest.o $(L_LIBS) $(EX_LIBS)
+
 $(TEST_D)/bntest: $(OBJ_D)/bntest.o $(LIBS_DEP)
 	$(LINK) -o $(TEST_D)/bntest $(LFLAGS) $(OBJ_D)/bntest.o $(L_LIBS) $(EX_LIBS)
 
@@ -1556,20 +1761,20 @@ $(TEST_D)/randtest: $(OBJ_D)/randtest.o $(LIBS_DEP)
 $(TEST_D)/ssltest: $(OBJ_D)/ssltest.o $(LIBS_DEP)
 	$(LINK) -o $(TEST_D)/ssltest $(LFLAGS) $(OBJ_D)/ssltest.o $(L_LIBS) $(EX_LIBS)
 
-$(O_SSL): $(SSLOBJ)
-	$(RM) $(O_SSL)
-	$(MKLIB) $(O_SSL) $(SSLOBJ)
-	$(RANLIB) $(O_SSL)
+$(LIB_D)/$(O_SSL): $(SSLOBJ)
+	$(RM) $(LIB_D)/$(O_SSL)
+	$(MKLIB) $(LIB_D)/$(O_SSL) $(SSLOBJ)
+	$(RANLIB) $(LIB_D)/$(O_SSL)
 
-$(O_RSAGLUE): $(RSAGLUEOBJ)
-	$(RM) $(O_RSAGLUE)
-	$(MKLIB) $(O_RSAGLUE) $(RSAGLUEOBJ)
-	$(RANLIB) $(O_RSAGLUE)
+$(LIB_D)/$(O_RSAGLUE): $(RSAGLUEOBJ)
+	$(RM) $(LIB_D)/$(O_RSAGLUE)
+	$(MKLIB) $(LIB_D)/$(O_RSAGLUE) $(RSAGLUEOBJ)
+	$(RANLIB) $(LIB_D)/$(O_RSAGLUE)
 
-$(O_CRYPTO): $(CRYPTOOBJ)
-	$(RM) $(O_CRYPTO)
-	$(MKLIB) $(O_CRYPTO) $(CRYPTOOBJ)
-	$(RANLIB) $(O_CRYPTO)
+$(LIB_D)/$(O_CRYPTO): $(CRYPTOOBJ)
+	$(RM) $(LIB_D)/$(O_CRYPTO)
+	$(MKLIB) $(LIB_D)/$(O_CRYPTO) $(CRYPTOOBJ)
+	$(RANLIB) $(LIB_D)/$(O_CRYPTO)
 
 $(BIN_D)/$(E_EXE): $(E_OBJ) $(LIBS_DEP)
 	$(LINK) -o $(BIN_D)/$(E_EXE) $(LFLAGS) $(E_OBJ) $(L_LIBS) $(EX_LIBS)
diff --git a/ms/certCA.srl b/ms/certCA.srl
index 60d3b2f4a..d6b24041c 100644
--- a/ms/certCA.srl
+++ b/ms/certCA.srl
@@ -1 +1 @@
-15
+19
diff --git a/ms/certCA.ss b/ms/certCA.ss
index 7ce37179d..6bfccc7c4 100644
--- a/ms/certCA.ss
+++ b/ms/certCA.ss
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
 MIIBXDCCAQYCAQAwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV
-BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05NzA3MTkx
-MTA1MTFaFw05NzA4MTgxMTA1MTFaMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
+BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05NzExMjgw
+MDA3MzBaFw05NzEyMjgwMDA3MzBaMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
 b2RneSBCcm90aGVyczERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEF
-AANLADBIAkEA3dU4kgK/MVnr7Q3p+Nl5y1TRXPk5L9dNOJ0BoCjKC2wLXSzwcj5c
-Vx2X5WiIeDDH2Dt7AbDvtGhBLVOiq0LuuwIDAQABMA0GCSqGSIb3DQEBBAUAA0EA
-gT6uyZYLx1chz1oV3GnvlbUsWd1x1Y4UQ/KqIP3wr2Bh270CYlWZfm1xiHlQQ6Jf
-DPEMSzr1e1VcRUCT25z7KQ==
+AANLADBIAkEAwOKExbdfKLemEMGOKeBgqI3abJE9yzf3WhrPcQLRAyM85YPxk0DQ
+YWwhEh9i2BxGWYAZ7Krv1EqdsViCQBGuBQIDAQABMA0GCSqGSIb3DQEBBAUAA0EA
+VXYhZ1FnfBFIjHiYV8PD4uQuVJLhNa2q3cSWX1HTHfbrAPa/lMSUWuWcYwD3lBeb
+D69W77B0LqAfVajBQwbXkQ==
 -----END CERTIFICATE-----
diff --git a/ms/certU.ss b/ms/certU.ss
index 6166bf9de..6a0302ed1 100644
--- a/ms/certU.ss
+++ b/ms/certU.ss
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIBcTCCARsCARQwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV
-BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05NzA3MTkx
-MTA1MTZaFw05NzA4MTgxMTA1MTZaME4xCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
+MIIBcTCCARsCARgwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV
+BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05NzExMjgw
+MDA3MzRaFw05NzEyMjgwMDA3MzRaME4xCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
 b2RneSBCcm90aGVyczESMBAGA1UEAxMJQnJvdGhlciAxMRIwEAYDVQQDEwlCcm90
-aGVyIDIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxcxzGnflhfIiyt/ijc3WvWKK
-ajZOXnzKDmIo+ENc3Q16oJLkom0FdsYyVbYs9LEyHhApuurrLUH/odPyegqcAQID
-AQABMA0GCSqGSIb3DQEBBAUAA0EAlWvxkrsdbIUj3KSDqvMPYewgV1BAaluuYGCu
-TwllD+yfuZjSzOZbE0tQCigh2yhcGWRin6ngwd+wtxTAnaomMQ==
+aGVyIDIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyfgRHCZvlyq9yiQisWmetnpb
+DZMhZB+HjuxQxp3gEpI7P8q5Z5tXIU5+OFAfIRkRdMGa/UK+NVg7AJ6UYyIR3wID
+AQABMA0GCSqGSIb3DQEBBAUAA0EAgH3htGAw6tMcZYANofqYr96RhjnxzCGZkUq3
+SH9thHUBywcXQo6BUpGxUXFExW4NA2f49OWQxf8kYrVAXHcCsA==
 -----END CERTIFICATE-----
diff --git a/ms/keyCA.ss b/ms/keyCA.ss
index 6c007bdad..9ed3e7dc4 100644
--- a/ms/keyCA.ss
+++ b/ms/keyCA.ss
@@ -1,9 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBAN3VOJICvzFZ6+0N6fjZectU0Vz5OS/XTTidAaAoygtsC10s8HI+
-XFcdl+VoiHgwx9g7ewGw77RoQS1ToqtC7rsCAwEAAQJAECcKa3dPvKQzjZtJwhjz
-yV5vsDlldJpUwR6Nk7/kllgw4rK2AQJKVXqe6lAv8+P3Pny/XEtUe7YZ0Q/i1L23
-QQIhAP8cckDTFzyaP8O7Hy/SL70e8a8FbHbSl5keVIkNHL2pAiEA3psXWV+eruDd
-l9ERN9ARLqR5VehhnTLKIw+MhHKPH8MCIQCVXDBAZ9Z48s5WaF3v/51XmqBhmklQ
-oCeFzE4uF3E2UQIhAN3T92ScoOjsNGZBdMMFmNm+FRvCwuN/5Wci64hhELc5AiAd
-RjOJzXN5tfiPfl97WF0LCb1UXsL54/+2yI6hTg3xng==
+MIIBOwIBAAJBAMDihMW3Xyi3phDBjingYKiN2myRPcs391oaz3EC0QMjPOWD8ZNA
+0GFsIRIfYtgcRlmAGeyq79RKnbFYgkARrgUCAwEAAQJAGEWo/ZRoth/+Fse0kxJ4
+N126acURKJx/VOhgyFDZanJxxwhaXRRkZZfXgFP5StY2lAOrcuMnsDjc8XYNrvcE
+wQIhAOXcIp0eZfoPAAuhoQ2bd94dg8QX+8Hv38oJBUuduTs1AiEA1tHvlMrRC1dp
+mPUWooFaRFfadFvCMJy5ouGQ24bKMZECIB1YiHbEvcI6DghuHzCsi5Yo8HyljzfI
+VyrlEe8AePiNAiEAv6Hxpnsy9noZAlEIyxi3TKZOg2Rjm/gDhfDQx3S7pHECIQDC
+R6w+uHZzVJ50/kNh3mJow2W2+Rffkk2hcM4r5Sf4Vg==
 -----END RSA PRIVATE KEY-----
diff --git a/ms/keyU.ss b/ms/keyU.ss
index fad45f946..ab6287619 100644
--- a/ms/keyU.ss
+++ b/ms/keyU.ss
@@ -1,9 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAMXMcxp35YXyIsrf4o3N1r1iimo2Tl58yg5iKPhDXN0NeqCS5KJt
-BXbGMlW2LPSxMh4QKbrq6y1B/6HT8noKnAECAwEAAQJAVJ21z+jio36GK8vDG26n
-IrV5CR7aP8malrSfWjVXEKjm4BR5on5C+TuVeV67WgwIEtIuwyzRefQuBLnmtJsT
-UQIhAOhPQ4NjInS7vXTrvVM/cXEHj+gMN0yq1Lrijo6qM/QrAiEA2fg7mr8Erj86
-t5kM2/clEnA4lMNg2UnfMEkBbEyW/oMCIQClSUgq4kzwq2coGlaRNZGcLxo3qwFp
-fh5vfaSaYwUmEwIhALRkw/ezRY1sWQ0gBst5hF35MGq2NE5A3A1bLmlSDdk/AiEA
-kuVZHwwJIzGrCf9RqJ7CEHs4gPda3OeOiu0+f6M9dvc=
+MIIBOgIBAAJBAMn4ERwmb5cqvcokIrFpnrZ6Ww2TIWQfh47sUMad4BKSOz/KuWeb
+VyFOfjhQHyEZEXTBmv1CvjVYOwCelGMiEd8CAwEAAQJAEu/4orwT4Ie4bfi/bAUs
+RY3pdbdi/SFbs5IC7OymsvbqO/J5/6lTLKX/CFUvXjbpd922jfNMQzdalOfZ7R+K
+aQIhAP9DOq6eFRbNqzxxDadOOSLFEcWBZwzIX12zoPgxarPDAiEAyo1tF3zbU93G
+WQ1yjlhXYm07VdoZV0CUI6dKkB0ok7UCIEmiQhZHAbxfPcskrZSaiv7NrE+2AVz9
+nAzymTefQbFzAiAFCODmTY8yFXghrIjlauK5Kpfn+WTZ21wTSsw6qs7gZQIhAK2l
+vwdD73PZSW928dZ9VoV7Dh7Klflf6J+xrJIibP7z
 -----END RSA PRIVATE KEY-----
diff --git a/ms/libeay16.def b/ms/libeay16.def
index 9e036c5c6..65bbad629 100644
--- a/ms/libeay16.def
+++ b/ms/libeay16.def
@@ -21,6 +21,8 @@ EXPORTS
     _SSLeay_add_all_digests             @510
     _SSLeay_version                     @2
     _ASN1_BIT_STRING_asn1_meth          @3
+    _ASN1_BIT_STRING_get_bit            @1060
+    _ASN1_BIT_STRING_set_bit            @1061
     _ASN1_HEADER_free                   @4
     _ASN1_HEADER_new                    @5
     _ASN1_IA5STRING_asn1_meth           @6
@@ -40,12 +42,17 @@ EXPORTS
     _ASN1_STRING_type_new               @20
     _ASN1_TYPE_free                     @21
     _ASN1_TYPE_get                      @916
+    _ASN1_TYPE_get_int_octetstring      @1076
+    _ASN1_TYPE_get_octetstring          @1077
     _ASN1_TYPE_new                      @22
     _ASN1_TYPE_set                      @917
+    _ASN1_TYPE_set_int_octetstring      @1078
+    _ASN1_TYPE_set_octetstring          @1079
     _ASN1_UNIVERSALSTRING_to_string     @23
     _ASN1_UTCTIME_check                 @24
     _ASN1_UTCTIME_print                 @25
     _ASN1_UTCTIME_set                   @26
+    _ASN1_UTCTIME_set_string            @1080
     _ASN1_check_infinite_end            @27
     _ASN1_d2i_bio                       @28
     _ASN1_digest                        @30
@@ -59,6 +66,7 @@ EXPORTS
     _ASN1_verify                        @39
     _BF_cbc_encrypt                     @40
     _BF_cfb64_encrypt                   @41
+    _BF_decrypt                         @987
     _BF_ecb_encrypt                     @42
     _BF_encrypt                         @43
     _BF_ofb64_encrypt                   @44
@@ -67,7 +75,6 @@ EXPORTS
     _BIO_accept                         @51
     _BIO_copy_next_retry                @955
     _BIO_ctrl                           @52
-    _BIO_ctrl_int                       @53
     _BIO_debug_callback                 @54
     _BIO_dump                           @55
     _BIO_dup_chain                      @56
@@ -89,6 +96,8 @@ EXPORTS
     _BIO_get_retry_reason               @74
     _BIO_gethostbyname                  @75
     _BIO_gets                           @76
+    _BIO_ghbn_ctrl                      @1003
+    _BIO_int_ctrl                       @53
     _BIO_new                            @78
     _BIO_new_accept                     @79
     _BIO_new_connect                    @80
@@ -96,16 +105,16 @@ EXPORTS
     _BIO_new_socket                     @84
     _BIO_pop                            @85
     _BIO_printf                         @86
+    _BIO_ptr_ctrl                       @969
     _BIO_push                           @87
     _BIO_puts                           @88
     _BIO_read                           @89
     _BIO_s_accept                       @90
     _BIO_s_connect                      @91
     _BIO_s_fd                           @92
-    _BIO_s_file_internal_w16            @94
     _BIO_s_mem                          @95
     _BIO_s_null                         @96
-    _BIO_s_socket                       @99
+    _BIO_s_socket                       @98
     _BIO_set                            @100
     _BIO_set_cipher                     @101
     _BIO_set_tcp_ndelay                 @102
@@ -116,6 +125,11 @@ EXPORTS
     _BIO_sock_should_retry              @107
     _BIO_socket_ioctl                   @108
     _BIO_write                          @109
+    _BN_BLINDING_convert                @973
+    _BN_BLINDING_free                   @981
+    _BN_BLINDING_invert                 @974
+    _BN_BLINDING_new                    @980
+    _BN_BLINDING_update                 @975
     _BN_CTX_free                        @110
     _BN_CTX_new                         @111
     _BN_MONT_CTX_free                   @112
@@ -123,23 +137,27 @@ EXPORTS
     _BN_MONT_CTX_set                    @114
     _BN_add                             @115
     _BN_add_word                        @116
-    _BN_ascii2bn                        @117
     _BN_bin2bn                          @118
-    _BN_bn2ascii                        @119
     _BN_bn2bin                          @120
+    _BN_bn2dec                          @1002
+    _BN_bn2hex                          @119
+    _BN_bn2mpi                          @1058
     _BN_clear                           @121
     _BN_clear_bit                       @122
     _BN_clear_free                      @123
     _BN_cmp                             @124
     _BN_copy                            @125
+    _BN_dec2bn                          @1001
     _BN_div                             @126
     _BN_div_word                        @127
     _BN_dup                             @128
+    _BN_exp                             @998
     _BN_free                            @129
     _BN_from_montgomery                 @130
     _BN_gcd                             @131
     _BN_generate_prime                  @132
     _BN_get_word                        @133
+    _BN_hex2bn                          @117
     _BN_is_bit_set                      @134
     _BN_is_prime                        @135
     _BN_lshift                          @136
@@ -155,7 +173,9 @@ EXPORTS
     _BN_mod_mul_montgomery              @146
     _BN_mod_mul_reciprocal              @147
     _BN_mod_word                        @148
+    _BN_mpi2bn                          @1059
     _BN_mul                             @149
+    _BN_mul_word                        @999
     _BN_new                             @150
     _BN_num_bits                        @151
     _BN_num_bits_word                   @152
@@ -169,6 +189,7 @@ EXPORTS
     _BN_set_word                        @161
     _BN_sqr                             @162
     _BN_sub                             @163
+    _BN_sub_word                        @1000
     _BN_to_ASN1_INTEGER                 @164
     _BN_ucmp                            @165
     _BN_value_one                       @166
@@ -176,6 +197,13 @@ EXPORTS
     _BUF_MEM_grow                       @168
     _BUF_MEM_new                        @169
     _BUF_strdup                         @170
+    _CAST_cbc_encrypt                   @992
+    _CAST_cfb64_encrypt                 @993
+    _CAST_decrypt                       @990
+    _CAST_ecb_encrypt                   @991
+    _CAST_encrypt                       @989
+    _CAST_ofb64_encrypt                 @994
+    _CAST_set_key                       @988
     _CONF_free                          @171
     _CONF_get_number                    @172
     _CONF_get_section                   @173
@@ -186,20 +214,27 @@ EXPORTS
     _CRYPTO_dbg_malloc                  @178
     _CRYPTO_dbg_realloc                 @179
     _CRYPTO_dbg_remalloc                @180
+    _CRYPTO_dup_ex_data                 @1025
     _CRYPTO_free                        @181
+    _CRYPTO_free_ex_data                @1004
     _CRYPTO_get_add_lock_callback       @182
+    _CRYPTO_get_ex_data                 @1005
+    _CRYPTO_get_ex_new_index            @1041
     _CRYPTO_get_id_callback             @183
     _CRYPTO_get_lock_name               @184
     _CRYPTO_get_locking_callback        @185
     _CRYPTO_get_mem_functions           @186
+    _CRYPTO_get_new_lockid              @1026
     _CRYPTO_lock                        @187
     _CRYPTO_malloc                      @188
     _CRYPTO_mem_ctrl                    @189
     _CRYPTO_mem_leaks                   @190
     _CRYPTO_mem_leaks_cb                @191
+    _CRYPTO_new_ex_data                 @1027
     _CRYPTO_realloc                     @193
     _CRYPTO_remalloc                    @194
     _CRYPTO_set_add_lock_callback       @195
+    _CRYPTO_set_ex_data                 @1007
     _CRYPTO_set_id_callback             @196
     _CRYPTO_set_locking_callback        @197
     _CRYPTO_set_mem_functions           @198
@@ -223,6 +258,7 @@ EXPORTS
     _DSA_size                           @218
     _DSA_verify                         @219
     _DSAparams_print                    @220
+    _ERR_add_error_data                 @1081
     _ERR_clear_error                    @222
     _ERR_error_string                   @223
     _ERR_free_strings                   @224
@@ -230,6 +266,7 @@ EXPORTS
     _ERR_get_err_state_table            @226
     _ERR_get_error                      @227
     _ERR_get_error_line                 @228
+    _ERR_get_next_error_library         @966
     _ERR_get_state                      @229
     _ERR_get_string_table               @230
     _ERR_lib_error_string               @231
@@ -238,6 +275,7 @@ EXPORTS
     _ERR_load_BN_strings                @234
     _ERR_load_BUF_strings               @235
     _ERR_load_CONF_strings              @236
+    _ERR_load_CRYPTOlib_strings         @1009
     _ERR_load_DH_strings                @237
     _ERR_load_DSA_strings               @238
     _ERR_load_ERR_strings               @239
@@ -255,8 +293,14 @@ EXPORTS
     _ERR_put_error                      @252
     _ERR_reason_error_string            @253
     _ERR_remove_state                   @254
+    _ERR_set_error_data                 @1082
     _EVP_BytesToKey                     @255
     _EVP_CIPHER_CTX_cleanup             @256
+    _EVP_CIPHER_CTX_init                @961
+    _EVP_CIPHER_asn1_to_param           @1083
+    _EVP_CIPHER_get_asn1_iv             @1085
+    _EVP_CIPHER_param_to_asn1           @1084
+    _EVP_CIPHER_set_asn1_iv             @1086
     _EVP_CipherFinal                    @257
     _EVP_CipherInit                     @258
     _EVP_CipherUpdate                   @259
@@ -280,7 +324,11 @@ EXPORTS
     _EVP_OpenFinal                      @277
     _EVP_OpenInit                       @278
     _EVP_PKEY_assign                    @279
+    _EVP_PKEY_bits                      @1010
+    _EVP_PKEY_cmp_parameters            @967
     _EVP_PKEY_copy_parameters           @280
+    _EVP_PKEY_decrypt                   @1070
+    _EVP_PKEY_encrypt                   @1071
     _EVP_PKEY_free                      @281
     _EVP_PKEY_missing_parameters        @282
     _EVP_PKEY_new                       @283
@@ -298,6 +346,10 @@ EXPORTS
     _EVP_bf_cfb                         @295
     _EVP_bf_ecb                         @296
     _EVP_bf_ofb                         @297
+    _EVP_cast5_cbc                      @983
+    _EVP_cast5_cfb                      @984
+    _EVP_cast5_ecb                      @985
+    _EVP_cast5_ofb                      @986
     _EVP_cleanup                        @298
     _EVP_delete_alias                   @941
     _EVP_des_cbc                        @299
@@ -327,15 +379,26 @@ EXPORTS
     _EVP_md5                            @323
     _EVP_md_null                        @324
     _EVP_mdc2                           @942
+    _EVP_rc2_40_cbc                     @959
     _EVP_rc2_cbc                        @325
     _EVP_rc2_cfb                        @326
     _EVP_rc2_ecb                        @327
     _EVP_rc2_ofb                        @328
     _EVP_rc4                            @329
+    _EVP_rc4_40                         @960
+    _EVP_rc5_32_12_16_cbc               @1087
+    _EVP_rc5_32_12_16_cfb               @1088
+    _EVP_rc5_32_12_16_ecb               @1089
+    _EVP_rc5_32_12_16_ofb               @1090
     _EVP_read_pw_string                 @330
     _EVP_set_pw_prompt                  @331
     _EVP_sha                            @332
     _EVP_sha1                           @333
+    _HMAC                               @962
+    _HMAC_Final                         @965
+    _HMAC_Init                          @963
+    _HMAC_Update                        @964
+    _HMAC_cleanup                       @968
     _MD2                                @334
     _MD2_Final                          @335
     _MD2_Init                           @336
@@ -344,6 +407,7 @@ EXPORTS
     _MD5                                @339
     _MD5_Final                          @340
     _MD5_Init                           @341
+    _MD5_Transform                      @1011
     _MD5_Update                         @342
     _MDC2                               @343
     _MDC2_Final                         @344
@@ -359,7 +423,8 @@ EXPORTS
     _OBJ_bsearch                        @354
     _OBJ_cleanup                        @355
     _OBJ_cmp                            @356
-    _OBJ_create_and_add_object          @357
+    _OBJ_create                         @357
+    _OBJ_create_objects                 @997
     _OBJ_dup                            @358
     _OBJ_ln2nid                         @359
     _OBJ_new_nid                        @360
@@ -388,7 +453,7 @@ EXPORTS
     _PEM_read_bio_PKCS7                 @398
     _PEM_read_bio_PrivateKey            @399
     _PEM_read_bio_RSAPrivateKey         @400
-    _PEM_read_bio_RSAPublicKey          @948
+    _PEM_read_bio_RSAPublicKey          @943
     _PEM_read_bio_X509                  @401
     _PEM_read_bio_X509_CRL              @402
     _PEM_read_bio_X509_REQ              @403
@@ -399,7 +464,7 @@ EXPORTS
     _PEM_write_bio_PKCS7                @418
     _PEM_write_bio_PrivateKey           @419
     _PEM_write_bio_RSAPrivateKey        @420
-    _PEM_write_bio_RSAPublicKey         @950
+    _PEM_write_bio_RSAPublicKey         @944
     _PEM_write_bio_X509                 @421
     _PEM_write_bio_X509_CRL             @422
     _PEM_write_bio_X509_REQ             @423
@@ -416,6 +481,7 @@ EXPORTS
     _PKCS7_ISSUER_AND_SERIAL_new        @434
     _PKCS7_RECIP_INFO_free              @435
     _PKCS7_RECIP_INFO_new               @436
+    _PKCS7_RECIP_INFO_set               @1072
     _PKCS7_SIGNED_free                  @437
     _PKCS7_SIGNED_new                   @438
     _PKCS7_SIGNER_INFO_free             @439
@@ -425,6 +491,8 @@ EXPORTS
     _PKCS7_SIGN_ENVELOPE_new            @442
     _PKCS7_add_certificate              @932
     _PKCS7_add_crl                      @933
+    _PKCS7_add_recipient                @1073
+    _PKCS7_add_recipient_info           @1074
     _PKCS7_add_signature                @938
     _PKCS7_add_signer                   @931
     _PKCS7_cert_from_signer_info        @939
@@ -434,10 +502,11 @@ EXPORTS
     _PKCS7_dataInit                     @937
     _PKCS7_dataSign                     @935
     _PKCS7_dataVerify                   @936
-    _PKCS7_dup                          @924
+    _PKCS7_dup                          @443
     _PKCS7_free                         @444
     _PKCS7_get_signer_info              @940
     _PKCS7_new                          @445
+    _PKCS7_set_cipher                   @1075
     _PKCS7_set_content                  @929
     _PKCS7_set_type                     @928
     _RAND_bytes                         @464
@@ -449,6 +518,7 @@ EXPORTS
     _RAND_write_file                    @470
     _RC2_cbc_encrypt                    @471
     _RC2_cfb64_encrypt                  @472
+    _RC2_decrypt                        @995
     _RC2_ecb_encrypt                    @473
     _RC2_encrypt                        @474
     _RC2_ofb64_encrypt                  @475
@@ -456,20 +526,46 @@ EXPORTS
     _RC4                                @477
     _RC4_options                        @478
     _RC4_set_key                        @479
+    _RC5_32_cbc_encrypt                 @1051
+    _RC5_32_cfb64_encrypt               @1052
+    _RC5_32_decrypt                     @1050
+    _RC5_32_ecb_encrypt                 @1048
+    _RC5_32_encrypt                     @1049
+    _RC5_32_ofb64_encrypt               @1053
+    _RC5_32_set_key                     @1047
+    _RIPEMD160                          @1045
+    _RIPEMD160_Final                    @1044
+    _RIPEMD160_Init                     @1042
+    _RIPEMD160_Transform                @1046
+    _RIPEMD160_Update                   @1043
     _RSAPrivateKey_asn1_meth            @480
     _RSAPrivateKey_dup                  @481
     _RSAPublicKey_dup                   @482
     _RSA_PKCS1_SSLeay                   @483
+    _RSA_blinding_off                   @978
+    _RSA_blinding_on                    @977
+    _RSA_flags                          @956
     _RSA_free                           @484
     _RSA_generate_key                   @485
+    _RSA_get_ex_data                    @1029
+    _RSA_get_ex_new_index               @1030
     _RSA_new                            @486
     _RSA_new_method                     @487
+    _RSA_padding_add_PKCS1_type_1       @1031
+    _RSA_padding_add_PKCS1_type_2       @1032
+    _RSA_padding_add_SSLv23             @1033
+    _RSA_padding_add_none               @1034
+    _RSA_padding_check_PKCS1_type_1     @1035
+    _RSA_padding_check_PKCS1_type_2     @1036
+    _RSA_padding_check_SSLv23           @1037
+    _RSA_padding_check_none             @1038
     _RSA_print                          @488
     _RSA_private_decrypt                @490
     _RSA_private_encrypt                @491
     _RSA_public_decrypt                 @492
     _RSA_public_encrypt                 @493
     _RSA_set_default_method             @494
+    _RSA_set_ex_data                    @1028
     _RSA_sign                           @495
     _RSA_sign_ASN1_OCTET_STRING         @496
     _RSA_size                           @497
@@ -479,9 +575,11 @@ EXPORTS
     _SHA1                               @501
     _SHA1_Final                         @502
     _SHA1_Init                          @503
+    _SHA1_Transform                     @1012
     _SHA1_Update                        @504
     _SHA_Final                          @505
     _SHA_Init                           @506
+    _SHA_Transform                      @1013
     _SHA_Update                         @507
     _TXT_DB_create_index                @511
     _TXT_DB_free                        @512
@@ -594,8 +692,18 @@ EXPORTS
     _X509_SIG_free                      @620
     _X509_SIG_new                       @621
     _X509_STORE_CTX_cleanup             @622
+    _X509_STORE_CTX_get_chain           @1014
+    _X509_STORE_CTX_get_current_cert    @1015
+    _X509_STORE_CTX_get_error           @1016
+    _X509_STORE_CTX_get_error_depth     @1017
+    _X509_STORE_CTX_get_ex_data         @1018
     _X509_STORE_CTX_init                @623
+    _X509_STORE_CTX_set_cert            @1020
+    _X509_STORE_CTX_set_chain           @1021
+    _X509_STORE_CTX_set_error           @1022
+    _X509_STORE_CTX_set_ex_data         @1023
     _X509_STORE_add_cert                @624
+    _X509_STORE_add_crl                 @957
     _X509_STORE_add_lookup              @625
     _X509_STORE_free                    @626
     _X509_STORE_get_by_subject          @627
@@ -637,6 +745,7 @@ EXPORTS
     _X509_issuer_name_cmp               @661
     _X509_issuer_name_hash              @662
     _X509_load_cert_file                @663
+    _X509_load_crl_file                 @958
     _X509_new                           @664
     _X509_print                         @665
     _X509_set_issuer_name               @667
@@ -675,10 +784,12 @@ EXPORTS
     _a2i_ASN1_STRING                    @701
     _asn1_Finish                        @702
     _asn1_GetSequence                   @703
+    _asn1_add_error                     @1091
+    _bn_add_words                       @1039
     _bn_div64                           @704
     _bn_expand2                         @705
-    _bn_mul_add_word                    @706
-    _bn_mul_word                        @707
+    _bn_mul_add_words                   @706
+    _bn_mul_words                       @707
     _bn_qadd                            @708
     _bn_qsub                            @709
     _bn_sqr_words                       @710
@@ -706,6 +817,7 @@ EXPORTS
     _d2i_NETSCAPE_SPKAC                 @733
     _d2i_NETSCAPE_SPKI                  @734
     _d2i_Netscape_RSA                   @735
+    _d2i_Netscape_RSA_2                 @1040
     _d2i_PKCS7                          @736
     _d2i_PKCS7_DIGEST                   @737
     _d2i_PKCS7_ENCRYPT                  @738
@@ -716,13 +828,13 @@ EXPORTS
     _d2i_PKCS7_SIGNED                   @743
     _d2i_PKCS7_SIGNER_INFO              @744
     _d2i_PKCS7_SIGN_ENVELOPE            @745
-    _d2i_PKCS7_bio                      @925
+    _d2i_PKCS7_bio                      @746
     _d2i_PrivateKey                     @748
     _d2i_PublicKey                      @749
     _d2i_RSAPrivateKey                  @750
     _d2i_RSAPrivateKey_bio              @751
     _d2i_RSAPublicKey                   @753
-    _d2i_RSAPublicKey_bio               @951
+    _d2i_RSAPublicKey_bio               @945
     _d2i_X509                           @754
     _d2i_X509_ALGOR                     @755
     _d2i_X509_ATTRIBUTE                 @756
@@ -742,7 +854,6 @@ EXPORTS
     _d2i_X509_SIG                       @772
     _d2i_X509_VAL                       @773
     _d2i_X509_bio                       @774
-    _des_3cbc_encrypt                   @776
     _des_cbc_cksum                      @777
     _des_cbc_encrypt                    @778
     _des_cblock_print_file              @779
@@ -813,13 +924,13 @@ EXPORTS
     _i2d_PKCS7_SIGNED                   @846
     _i2d_PKCS7_SIGNER_INFO              @847
     _i2d_PKCS7_SIGN_ENVELOPE            @848
-    _i2d_PKCS7_bio                      @926
+    _i2d_PKCS7_bio                      @849
     _i2d_PrivateKey                     @851
     _i2d_PublicKey                      @852
     _i2d_RSAPrivateKey                  @853
     _i2d_RSAPrivateKey_bio              @854
     _i2d_RSAPublicKey                   @856
-    _i2d_RSAPublicKey_bio               @953
+    _i2d_RSAPublicKey_bio               @946
     _i2d_X509                           @857
     _i2d_X509_ALGOR                     @858
     _i2d_X509_ATTRIBUTE                 @859
@@ -839,6 +950,7 @@ EXPORTS
     _i2d_X509_SIG                       @875
     _i2d_X509_VAL                       @876
     _i2d_X509_bio                       @877
+    _i2t_ASN1_OBJECT                    @979
     _idea_cbc_encrypt                   @879
     _idea_cfb64_encrypt                 @880
     _idea_ecb_encrypt                   @881
diff --git a/ms/libeay32.def b/ms/libeay32.def
index 26595fcae..196c52216 100644
--- a/ms/libeay32.def
+++ b/ms/libeay32.def
@@ -13,6 +13,8 @@ EXPORTS
     SSLeay_add_all_digests             @510
     SSLeay_version                     @2
     ASN1_BIT_STRING_asn1_meth          @3
+    ASN1_BIT_STRING_get_bit            @1060
+    ASN1_BIT_STRING_set_bit            @1061
     ASN1_HEADER_free                   @4
     ASN1_HEADER_new                    @5
     ASN1_IA5STRING_asn1_meth           @6
@@ -32,12 +34,17 @@ EXPORTS
     ASN1_STRING_type_new               @20
     ASN1_TYPE_free                     @21
     ASN1_TYPE_get                      @916
+    ASN1_TYPE_get_int_octetstring      @1076
+    ASN1_TYPE_get_octetstring          @1077
     ASN1_TYPE_new                      @22
     ASN1_TYPE_set                      @917
+    ASN1_TYPE_set_int_octetstring      @1078
+    ASN1_TYPE_set_octetstring          @1079
     ASN1_UNIVERSALSTRING_to_string     @23
     ASN1_UTCTIME_check                 @24
     ASN1_UTCTIME_print                 @25
     ASN1_UTCTIME_set                   @26
+    ASN1_UTCTIME_set_string            @1080
     ASN1_check_infinite_end            @27
     ASN1_d2i_bio                       @28
     ASN1_d2i_fp                        @29
@@ -53,6 +60,7 @@ EXPORTS
     ASN1_verify                        @39
     BF_cbc_encrypt                     @40
     BF_cfb64_encrypt                   @41
+    BF_decrypt                         @987
     BF_ecb_encrypt                     @42
     BF_encrypt                         @43
     BF_ofb64_encrypt                   @44
@@ -61,7 +69,6 @@ EXPORTS
     BIO_accept                         @51
     BIO_copy_next_retry                @955
     BIO_ctrl                           @52
-    BIO_ctrl_int                       @53
     BIO_debug_callback                 @54
     BIO_dump                           @55
     BIO_dup_chain                      @56
@@ -83,6 +90,8 @@ EXPORTS
     BIO_get_retry_reason               @74
     BIO_gethostbyname                  @75
     BIO_gets                           @76
+    BIO_ghbn_ctrl                      @1003
+    BIO_int_ctrl                       @53
     BIO_new                            @78
     BIO_new_accept                     @79
     BIO_new_connect                    @80
@@ -92,6 +101,7 @@ EXPORTS
     BIO_new_socket                     @84
     BIO_pop                            @85
     BIO_printf                         @86
+    BIO_ptr_ctrl                       @969
     BIO_push                           @87
     BIO_puts                           @88
     BIO_read                           @89
@@ -101,7 +111,7 @@ EXPORTS
     BIO_s_file                         @93
     BIO_s_mem                          @95
     BIO_s_null                         @96
-    BIO_s_socket                       @99
+    BIO_s_socket                       @98
     BIO_set                            @100
     BIO_set_cipher                     @101
     BIO_set_tcp_ndelay                 @102
@@ -112,6 +122,11 @@ EXPORTS
     BIO_sock_should_retry              @107
     BIO_socket_ioctl                   @108
     BIO_write                          @109
+    BN_BLINDING_convert                @973
+    BN_BLINDING_free                   @981
+    BN_BLINDING_invert                 @974
+    BN_BLINDING_new                    @980
+    BN_BLINDING_update                 @975
     BN_CTX_free                        @110
     BN_CTX_new                         @111
     BN_MONT_CTX_free                   @112
@@ -119,23 +134,27 @@ EXPORTS
     BN_MONT_CTX_set                    @114
     BN_add                             @115
     BN_add_word                        @116
-    BN_ascii2bn                        @117
     BN_bin2bn                          @118
-    BN_bn2ascii                        @119
     BN_bn2bin                          @120
+    BN_bn2dec                          @1002
+    BN_bn2hex                          @119
+    BN_bn2mpi                          @1058
     BN_clear                           @121
     BN_clear_bit                       @122
     BN_clear_free                      @123
     BN_cmp                             @124
     BN_copy                            @125
+    BN_dec2bn                          @1001
     BN_div                             @126
     BN_div_word                        @127
     BN_dup                             @128
+    BN_exp                             @998
     BN_free                            @129
     BN_from_montgomery                 @130
     BN_gcd                             @131
     BN_generate_prime                  @132
     BN_get_word                        @133
+    BN_hex2bn                          @117
     BN_is_bit_set                      @134
     BN_is_prime                        @135
     BN_lshift                          @136
@@ -151,7 +170,9 @@ EXPORTS
     BN_mod_mul_montgomery              @146
     BN_mod_mul_reciprocal              @147
     BN_mod_word                        @148
+    BN_mpi2bn                          @1059
     BN_mul                             @149
+    BN_mul_word                        @999
     BN_new                             @150
     BN_num_bits                        @151
     BN_num_bits_word                   @152
@@ -166,6 +187,7 @@ EXPORTS
     BN_set_word                        @161
     BN_sqr                             @162
     BN_sub                             @163
+    BN_sub_word                        @1000
     BN_to_ASN1_INTEGER                 @164
     BN_ucmp                            @165
     BN_value_one                       @166
@@ -173,6 +195,13 @@ EXPORTS
     BUF_MEM_grow                       @168
     BUF_MEM_new                        @169
     BUF_strdup                         @170
+    CAST_cbc_encrypt                   @992
+    CAST_cfb64_encrypt                 @993
+    CAST_decrypt                       @990
+    CAST_ecb_encrypt                   @991
+    CAST_encrypt                       @989
+    CAST_ofb64_encrypt                 @994
+    CAST_set_key                       @988
     CONF_free                          @171
     CONF_get_number                    @172
     CONF_get_section                   @173
@@ -183,21 +212,28 @@ EXPORTS
     CRYPTO_dbg_malloc                  @178
     CRYPTO_dbg_realloc                 @179
     CRYPTO_dbg_remalloc                @180
+    CRYPTO_dup_ex_data                 @1025
     CRYPTO_free                        @181
+    CRYPTO_free_ex_data                @1004
     CRYPTO_get_add_lock_callback       @182
+    CRYPTO_get_ex_data                 @1005
+    CRYPTO_get_ex_new_index            @1041
     CRYPTO_get_id_callback             @183
     CRYPTO_get_lock_name               @184
     CRYPTO_get_locking_callback        @185
     CRYPTO_get_mem_functions           @186
+    CRYPTO_get_new_lockid              @1026
     CRYPTO_lock                        @187
     CRYPTO_malloc                      @188
     CRYPTO_mem_ctrl                    @189
     CRYPTO_mem_leaks                   @190
     CRYPTO_mem_leaks_cb                @191
     CRYPTO_mem_leaks_fp                @192
+    CRYPTO_new_ex_data                 @1027
     CRYPTO_realloc                     @193
     CRYPTO_remalloc                    @194
     CRYPTO_set_add_lock_callback       @195
+    CRYPTO_set_ex_data                 @1007
     CRYPTO_set_id_callback             @196
     CRYPTO_set_locking_callback        @197
     CRYPTO_set_mem_functions           @198
@@ -224,6 +260,7 @@ EXPORTS
     DSA_verify                         @219
     DSAparams_print                    @220
     DSAparams_print_fp                 @221
+    ERR_add_error_data                 @1081
     ERR_clear_error                    @222
     ERR_error_string                   @223
     ERR_free_strings                   @224
@@ -231,6 +268,7 @@ EXPORTS
     ERR_get_err_state_table            @226
     ERR_get_error                      @227
     ERR_get_error_line                 @228
+    ERR_get_next_error_library         @966
     ERR_get_state                      @229
     ERR_get_string_table               @230
     ERR_lib_error_string               @231
@@ -239,6 +277,7 @@ EXPORTS
     ERR_load_BN_strings                @234
     ERR_load_BUF_strings               @235
     ERR_load_CONF_strings              @236
+    ERR_load_CRYPTO_strings            @1009
     ERR_load_DH_strings                @237
     ERR_load_DSA_strings               @238
     ERR_load_ERR_strings               @239
@@ -257,8 +296,14 @@ EXPORTS
     ERR_put_error                      @252
     ERR_reason_error_string            @253
     ERR_remove_state                   @254
+    ERR_set_error_data                 @1082
     EVP_BytesToKey                     @255
     EVP_CIPHER_CTX_cleanup             @256
+    EVP_CIPHER_CTX_init                @961
+    EVP_CIPHER_asn1_to_param           @1083
+    EVP_CIPHER_get_asn1_iv             @1085
+    EVP_CIPHER_param_to_asn1           @1084
+    EVP_CIPHER_set_asn1_iv             @1086
     EVP_CipherFinal                    @257
     EVP_CipherInit                     @258
     EVP_CipherUpdate                   @259
@@ -282,7 +327,11 @@ EXPORTS
     EVP_OpenFinal                      @277
     EVP_OpenInit                       @278
     EVP_PKEY_assign                    @279
+    EVP_PKEY_bits                      @1010
+    EVP_PKEY_cmp_parameters            @967
     EVP_PKEY_copy_parameters           @280
+    EVP_PKEY_decrypt                   @1070
+    EVP_PKEY_encrypt                   @1071
     EVP_PKEY_free                      @281
     EVP_PKEY_missing_parameters        @282
     EVP_PKEY_new                       @283
@@ -300,6 +349,10 @@ EXPORTS
     EVP_bf_cfb                         @295
     EVP_bf_ecb                         @296
     EVP_bf_ofb                         @297
+    EVP_cast5_cbc                      @983
+    EVP_cast5_cfb                      @984
+    EVP_cast5_ecb                      @985
+    EVP_cast5_ofb                      @986
     EVP_cleanup                        @298
     EVP_delete_alias                   @941
     EVP_des_cbc                        @299
@@ -329,15 +382,26 @@ EXPORTS
     EVP_md5                            @323
     EVP_md_null                        @324
     EVP_mdc2                           @942
+    EVP_rc2_40_cbc                     @959
     EVP_rc2_cbc                        @325
     EVP_rc2_cfb                        @326
     EVP_rc2_ecb                        @327
     EVP_rc2_ofb                        @328
     EVP_rc4                            @329
+    EVP_rc4_40                         @960
+    EVP_rc5_32_12_16_cbc               @1087
+    EVP_rc5_32_12_16_cfb               @1088
+    EVP_rc5_32_12_16_ecb               @1089
+    EVP_rc5_32_12_16_ofb               @1090
     EVP_read_pw_string                 @330
     EVP_set_pw_prompt                  @331
     EVP_sha                            @332
     EVP_sha1                           @333
+    HMAC                               @962
+    HMAC_Final                         @965
+    HMAC_Init                          @963
+    HMAC_Update                        @964
+    HMAC_cleanup                       @968
     MD2                                @334
     MD2_Final                          @335
     MD2_Init                           @336
@@ -346,6 +410,7 @@ EXPORTS
     MD5                                @339
     MD5_Final                          @340
     MD5_Init                           @341
+    MD5_Transform                      @1011
     MD5_Update                         @342
     MDC2                               @343
     MDC2_Final                         @344
@@ -361,7 +426,8 @@ EXPORTS
     OBJ_bsearch                        @354
     OBJ_cleanup                        @355
     OBJ_cmp                            @356
-    OBJ_create_and_add_object          @357
+    OBJ_create                         @357
+    OBJ_create_objects                 @997
     OBJ_dup                            @358
     OBJ_ln2nid                         @359
     OBJ_new_nid                        @360
@@ -404,7 +470,7 @@ EXPORTS
     PEM_read_bio_PKCS7                 @398
     PEM_read_bio_PrivateKey            @399
     PEM_read_bio_RSAPrivateKey         @400
-    PEM_read_bio_RSAPublicKey          @948
+    PEM_read_bio_RSAPublicKey          @943
     PEM_read_bio_X509                  @401
     PEM_read_bio_X509_CRL              @402
     PEM_read_bio_X509_REQ              @403
@@ -426,7 +492,7 @@ EXPORTS
     PEM_write_bio_PKCS7                @418
     PEM_write_bio_PrivateKey           @419
     PEM_write_bio_RSAPrivateKey        @420
-    PEM_write_bio_RSAPublicKey         @950
+    PEM_write_bio_RSAPublicKey         @944
     PEM_write_bio_X509                 @421
     PEM_write_bio_X509_CRL             @422
     PEM_write_bio_X509_REQ             @423
@@ -443,6 +509,7 @@ EXPORTS
     PKCS7_ISSUER_AND_SERIAL_new        @434
     PKCS7_RECIP_INFO_free              @435
     PKCS7_RECIP_INFO_new               @436
+    PKCS7_RECIP_INFO_set               @1072
     PKCS7_SIGNED_free                  @437
     PKCS7_SIGNED_new                   @438
     PKCS7_SIGNER_INFO_free             @439
@@ -452,6 +519,8 @@ EXPORTS
     PKCS7_SIGN_ENVELOPE_new            @442
     PKCS7_add_certificate              @932
     PKCS7_add_crl                      @933
+    PKCS7_add_recipient                @1073
+    PKCS7_add_recipient_info           @1074
     PKCS7_add_signature                @938
     PKCS7_add_signer                   @931
     PKCS7_cert_from_signer_info        @939
@@ -461,10 +530,11 @@ EXPORTS
     PKCS7_dataInit                     @937
     PKCS7_dataSign                     @935
     PKCS7_dataVerify                   @936
-    PKCS7_dup                          @924
+    PKCS7_dup                          @443
     PKCS7_free                         @444
     PKCS7_get_signer_info              @940
     PKCS7_new                          @445
+    PKCS7_set_cipher                   @1075
     PKCS7_set_content                  @929
     PKCS7_set_type                     @928
     RAND_bytes                         @464
@@ -476,6 +546,7 @@ EXPORTS
     RAND_write_file                    @470
     RC2_cbc_encrypt                    @471
     RC2_cfb64_encrypt                  @472
+    RC2_decrypt                        @995
     RC2_ecb_encrypt                    @473
     RC2_encrypt                        @474
     RC2_ofb64_encrypt                  @475
@@ -483,14 +554,39 @@ EXPORTS
     RC4                                @477
     RC4_options                        @478
     RC4_set_key                        @479
+    RC5_32_cbc_encrypt                 @1051
+    RC5_32_cfb64_encrypt               @1052
+    RC5_32_decrypt                     @1050
+    RC5_32_ecb_encrypt                 @1048
+    RC5_32_encrypt                     @1049
+    RC5_32_ofb64_encrypt               @1053
+    RC5_32_set_key                     @1047
+    RIPEMD160                          @1045
+    RIPEMD160_Final                    @1044
+    RIPEMD160_Init                     @1042
+    RIPEMD160_Transform                @1046
+    RIPEMD160_Update                   @1043
     RSAPrivateKey_asn1_meth            @480
     RSAPrivateKey_dup                  @481
     RSAPublicKey_dup                   @482
     RSA_PKCS1_SSLeay                   @483
+    RSA_blinding_off                   @978
+    RSA_blinding_on                    @977
+    RSA_flags                          @956
     RSA_free                           @484
     RSA_generate_key                   @485
+    RSA_get_ex_data                    @1029
+    RSA_get_ex_new_index               @1030
     RSA_new                            @486
     RSA_new_method                     @487
+    RSA_padding_add_PKCS1_type_1       @1031
+    RSA_padding_add_PKCS1_type_2       @1032
+    RSA_padding_add_SSLv23             @1033
+    RSA_padding_add_none               @1034
+    RSA_padding_check_PKCS1_type_1     @1035
+    RSA_padding_check_PKCS1_type_2     @1036
+    RSA_padding_check_SSLv23           @1037
+    RSA_padding_check_none             @1038
     RSA_print                          @488
     RSA_print_fp                       @489
     RSA_private_decrypt                @490
@@ -498,6 +594,7 @@ EXPORTS
     RSA_public_decrypt                 @492
     RSA_public_encrypt                 @493
     RSA_set_default_method             @494
+    RSA_set_ex_data                    @1028
     RSA_sign                           @495
     RSA_sign_ASN1_OCTET_STRING         @496
     RSA_size                           @497
@@ -507,9 +604,11 @@ EXPORTS
     SHA1                               @501
     SHA1_Final                         @502
     SHA1_Init                          @503
+    SHA1_Transform                     @1012
     SHA1_Update                        @504
     SHA_Final                          @505
     SHA_Init                           @506
+    SHA_Transform                      @1013
     SHA_Update                         @507
     TXT_DB_create_index                @511
     TXT_DB_free                        @512
@@ -623,8 +722,18 @@ EXPORTS
     X509_SIG_free                      @620
     X509_SIG_new                       @621
     X509_STORE_CTX_cleanup             @622
+    X509_STORE_CTX_get_chain           @1014
+    X509_STORE_CTX_get_current_cert    @1015
+    X509_STORE_CTX_get_error           @1016
+    X509_STORE_CTX_get_error_depth     @1017
+    X509_STORE_CTX_get_ex_data         @1018
     X509_STORE_CTX_init                @623
+    X509_STORE_CTX_set_cert            @1020
+    X509_STORE_CTX_set_chain           @1021
+    X509_STORE_CTX_set_error           @1022
+    X509_STORE_CTX_set_ex_data         @1023
     X509_STORE_add_cert                @624
+    X509_STORE_add_crl                 @957
     X509_STORE_add_lookup              @625
     X509_STORE_free                    @626
     X509_STORE_get_by_subject          @627
@@ -666,6 +775,7 @@ EXPORTS
     X509_issuer_name_cmp               @661
     X509_issuer_name_hash              @662
     X509_load_cert_file                @663
+    X509_load_crl_file                 @958
     X509_new                           @664
     X509_print                         @665
     X509_print_fp                      @666
@@ -705,10 +815,12 @@ EXPORTS
     a2i_ASN1_STRING                    @701
     asn1_Finish                        @702
     asn1_GetSequence                   @703
+    asn1_add_error                     @1091
+    bn_add_words                       @1039
     bn_div64                           @704
     bn_expand2                         @705
-    bn_mul_add_word                    @706
-    bn_mul_word                        @707
+    bn_mul_add_words                   @706
+    bn_mul_words                       @707
     bn_qadd                            @708
     bn_qsub                            @709
     bn_sqr_words                       @710
@@ -737,6 +849,7 @@ EXPORTS
     d2i_NETSCAPE_SPKAC                 @733
     d2i_NETSCAPE_SPKI                  @734
     d2i_Netscape_RSA                   @735
+    d2i_Netscape_RSA_2                 @1040
     d2i_PKCS7                          @736
     d2i_PKCS7_DIGEST                   @737
     d2i_PKCS7_ENCRYPT                  @738
@@ -747,15 +860,15 @@ EXPORTS
     d2i_PKCS7_SIGNED                   @743
     d2i_PKCS7_SIGNER_INFO              @744
     d2i_PKCS7_SIGN_ENVELOPE            @745
-    d2i_PKCS7_bio                      @925
-    d2i_PKCS7_fp                       @922
+    d2i_PKCS7_bio                      @746
+    d2i_PKCS7_fp                       @747
     d2i_PrivateKey                     @748
     d2i_PublicKey                      @749
     d2i_RSAPrivateKey                  @750
     d2i_RSAPrivateKey_bio              @751
     d2i_RSAPrivateKey_fp               @752
     d2i_RSAPublicKey                   @753
-    d2i_RSAPublicKey_bio               @951
+    d2i_RSAPublicKey_bio               @945
     d2i_RSAPublicKey_fp                @952
     d2i_X509                           @754
     d2i_X509_ALGOR                     @755
@@ -779,7 +892,6 @@ EXPORTS
     d2i_X509_VAL                       @773
     d2i_X509_bio                       @774
     d2i_X509_fp                        @775
-    des_3cbc_encrypt                   @776
     des_cbc_cksum                      @777
     des_cbc_encrypt                    @778
     des_cblock_print_file              @779
@@ -851,15 +963,15 @@ EXPORTS
     i2d_PKCS7_SIGNED                   @846
     i2d_PKCS7_SIGNER_INFO              @847
     i2d_PKCS7_SIGN_ENVELOPE            @848
-    i2d_PKCS7_bio                      @926
-    i2d_PKCS7_fp                       @923
+    i2d_PKCS7_bio                      @849
+    i2d_PKCS7_fp                       @850
     i2d_PrivateKey                     @851
     i2d_PublicKey                      @852
     i2d_RSAPrivateKey                  @853
     i2d_RSAPrivateKey_bio              @854
     i2d_RSAPrivateKey_fp               @855
     i2d_RSAPublicKey                   @856
-    i2d_RSAPublicKey_bio               @953
+    i2d_RSAPublicKey_bio               @946
     i2d_RSAPublicKey_fp                @954
     i2d_X509                           @857
     i2d_X509_ALGOR                     @858
@@ -883,6 +995,7 @@ EXPORTS
     i2d_X509_VAL                       @876
     i2d_X509_bio                       @877
     i2d_X509_fp                        @878
+    i2t_ASN1_OBJECT                    @979
     idea_cbc_encrypt                   @879
     idea_cfb64_encrypt                 @880
     idea_ecb_encrypt                   @881
diff --git a/ms/ntdll.mak b/ms/ntdll.mak
index f552216ce..044cd909b 100644
--- a/ms/ntdll.mak
+++ b/ms/ntdll.mak
@@ -15,9 +15,10 @@ INSTALLTOP=\usr\local\ssl
 
 # Set your compiler options
 CC=cl
-CFLAG=/W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN /MD
+CFLAG= /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
 APP_CFLAG=
-LIB_CFLAG= /GD
+LIB_CFLAG= /GD -D_WINDLL -D_DLL
+SHLIB_CFLAG=
 APP_EX_OBJ=setargv.obj
 SHLIB_EX_OBJ=
 # add extra libraries to this define, for solaris -lsocket -lnsl would
@@ -30,19 +31,33 @@ SRC_D=.
 LINK=link
 LFLAGS=/nologo /subsystem:console /machine:I386 /opt:ref
 
-BN_MULW_OBJ=crypto\bn\asm\x86nt32.obj
-BN_MULW_SRC=crypto\bn\asm\x86nt32.asm
-DES_ENC_OBJ=crypto\des\asm\d-win32.obj crypto\des\asm\c-win32.obj
-DES_ENC_SRC=crypto\des\asm\d-win32.asm crypto\des\asm\c-win32.asm
+BN_MULW_OBJ=crypto\bn\asm\bn-win32.obj
+BN_MULW_SRC=crypto\bn\asm\bn-win32.asm
+DES_ENC_OBJ=crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj
+DES_ENC_SRC=crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm
 DES_CRYPT_OBJ=
 DES_CRYPT_SRC=
 BF_ENC_OBJ=crypto\bf\asm\b-win32.obj
 BF_ENC_SRC=crypto\bf\asm\b-win32.asm
+CAST_ENC_OBJ=crypto\cast\asm\c-win32.obj
+CAST_ENC_SRC=crypto\cast\asm\c-win32.asm
+RC4_ENC_OBJ=crypto\rc4\asm\r4-win32.obj
+RC4_ENC_SRC=crypto\rc4\asm\r4-win32.asm
+RC5_ENC_OBJ=crypto\rc5\asm\r5-win32.obj
+RC5_ENC_SRC=crypto\rc5\asm\r5-win32.asm
+MD5_ASM_OBJ=crypto\md5\asm\m5-win32.obj
+MD5_ASM_SRC=crypto\md5\asm\m5-win32.asm
+SHA1_ASM_OBJ=crypto\sha\asm\s1-win32.obj
+SHA1_ASM_SRC=crypto\sha\asm\s1-win32.asm
+RMD160_ASM_OBJ=crypto\ripemd\asm\rm-win32.obj
+RMD160_ASM_SRC=crypto\ripemd\asm\rm-win32.asm
 
 # The output directory for everything intersting
-OUT_D=out
+OUT_D=out32dll
 # The output directory for all the temporary muck
-TMP_D=tmp
+TMP_D=tmp32dll
+# The output directory for the header files
+INC_D=inc32
 
 CP=copy
 RM=del
@@ -64,11 +79,9 @@ RSAGLUE=RSAglue
 # BIN_D  - Binary output directory
 # TEST_D - Binary test file output directory
 # LIB_D  - library output directory
-# INC_D  - include directory
 BIN_D=$(OUT_D)
 TEST_D=$(OUT_D)
 LIB_D=$(OUT_D)
-INC_D=$(OUT_D)
 
 # INCL_D - local library directory
 # OBJ_D  - temp object file directory
@@ -78,6 +91,8 @@ INCL_D=$(TMP_D)
 O_SSL=     $(LIB_D)\$(SSL).dll
 O_CRYPTO=  $(LIB_D)\$(CRYPTO).dll
 O_RSAGLUE= $(LIB_D)\$(RSAGLUE).lib
+SO_SSL=    $(SSL)
+SO_CRYPTO= $(CRYPTO)
 L_SSL=     $(LIB_D)\$(SSL).lib
 L_CRYPTO=  $(LIB_D)\$(CRYPTO).lib
 
@@ -88,137 +103,153 @@ L_LIBS= $(L_SSL) $(L_CRYPTO)
 # Don't touch anything below this point
 ######################################################
 
-INC=-DFLAT_INC -I$(INC_D) -I$(INCL_D)
+INC=-I$(INC_D) -I$(INCL_D)
 APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG)
 LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG)
+SHLIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) $(SHLIB_CFLAG)
 LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL)
 
 #############################################
-HEADER=$(INCL_D)\e_os.h \
-	$(INCL_D)\cryptlib.h $(INCL_D)\date.h $(INCL_D)\md5_locl.h \
-	$(INCL_D)\sha_locl.h $(INCL_D)\des_locl.h $(INCL_D)\rpc_des.h \
-	$(INCL_D)\podd.h $(INCL_D)\sk.h $(INCL_D)\spr.h \
-	$(INCL_D)\des_ver.h $(INCL_D)\rc2_locl.h $(INCL_D)\idea_lcl.h \
-	$(INCL_D)\bf_pi.h $(INCL_D)\bf_locl.h $(INCL_D)\bn_lcl.h \
-	$(INCL_D)\bn_prime.h $(INCL_D)\obj_dat.h $(INCL_D)\conf_lcl.h \
-	$(INCL_D)\ssl_locl.h $(INCL_D)\rsaref.h $(INCL_D)\apps.h \
-	$(INCL_D)\progs.h $(INCL_D)\s_apps.h $(INCL_D)\testdsa.h \
-	$(INCL_D)\testrsa.h
-
-EXHEADER=$(INC_D)\crypto.h \
-	$(INC_D)\cryptall.h $(INC_D)\md2.h $(INC_D)\md5.h \
-	$(INC_D)\sha.h $(INC_D)\mdc2.h $(INC_D)\des.h \
-	$(INC_D)\rc4.h $(INC_D)\rc2.h $(INC_D)\idea.h \
-	$(INC_D)\blowfish.h $(INC_D)\bn.h $(INC_D)\rsa.h \
-	$(INC_D)\dsa.h $(INC_D)\dh.h $(INC_D)\buffer.h \
-	$(INC_D)\bio.h $(INC_D)\stack.h $(INC_D)\lhash.h \
+HEADER=$(INCL_D)\cryptlib.h \
+	$(INCL_D)\date.h $(INCL_D)\md5_locl.h $(INCL_D)\sha_locl.h \
+	$(INCL_D)\rmd_locl.h $(INCL_D)\rmdconst.h $(INCL_D)\des_locl.h \
+	$(INCL_D)\rpc_des.h $(INCL_D)\podd.h $(INCL_D)\sk.h \
+	$(INCL_D)\spr.h $(INCL_D)\des_ver.h $(INCL_D)\rc2_locl.h \
+	$(INCL_D)\rc4_locl.h $(INCL_D)\rc5_locl.h $(INCL_D)\idea_lcl.h \
+	$(INCL_D)\bf_pi.h $(INCL_D)\bf_locl.h $(INCL_D)\cast_s.h \
+	$(INCL_D)\cast_lcl.h $(INCL_D)\bn_lcl.h $(INCL_D)\bn_prime.h \
+	$(INCL_D)\obj_dat.h $(INCL_D)\conf_lcl.h $(INCL_D)\ssl_locl.h \
+	$(INCL_D)\rsaref.h $(INCL_D)\apps.h $(INCL_D)\progs.h \
+	$(INCL_D)\s_apps.h $(INCL_D)\testdsa.h $(INCL_D)\testrsa.h
+
+EXHEADER=$(INC_D)\e_os.h \
+	$(INC_D)\crypto.h $(INC_D)\cryptall.h $(INC_D)\md2.h \
+	$(INC_D)\md5.h $(INC_D)\sha.h $(INC_D)\mdc2.h \
+	$(INC_D)\hmac.h $(INC_D)\ripemd.h $(INC_D)\des.h \
+	$(INC_D)\rc2.h $(INC_D)\rc4.h $(INC_D)\rc5.h \
+	$(INC_D)\idea.h $(INC_D)\blowfish.h $(INC_D)\cast.h \
+	$(INC_D)\bn.h $(INC_D)\rsa.h $(INC_D)\dsa.h \
+	$(INC_D)\dh.h $(INC_D)\buffer.h $(INC_D)\bio.h \
+	$(INC_D)\bss_file.c $(INC_D)\stack.h $(INC_D)\lhash.h \
 	$(INC_D)\rand.h $(INC_D)\err.h $(INC_D)\objects.h \
 	$(INC_D)\evp.h $(INC_D)\pem.h $(INC_D)\asn1.h \
 	$(INC_D)\asn1_mac.h $(INC_D)\x509.h $(INC_D)\x509_vfy.h \
 	$(INC_D)\conf.h $(INC_D)\txt_db.h $(INC_D)\pkcs7.h \
 	$(INC_D)\ssl.h $(INC_D)\ssl2.h $(INC_D)\ssl3.h \
-	$(INC_D)\ssl23.h
+	$(INC_D)\ssl23.h $(INC_D)\tls1.h
 
 T_OBJ=$(OBJ_D)\md2test.obj \
 	$(OBJ_D)\md5test.obj $(OBJ_D)\shatest.obj $(OBJ_D)\sha1test.obj \
-	$(OBJ_D)\mdc2test.obj $(OBJ_D)\destest.obj $(OBJ_D)\rc4test.obj \
-	$(OBJ_D)\rc2test.obj $(OBJ_D)\ideatest.obj $(OBJ_D)\bftest.obj \
-	$(OBJ_D)\bntest.obj $(OBJ_D)\exptest.obj $(OBJ_D)\dsatest.obj \
-	$(OBJ_D)\dhtest.obj $(OBJ_D)\randtest.obj $(OBJ_D)\ssltest.obj
+	$(OBJ_D)\mdc2test.obj $(OBJ_D)\hmactest.obj $(OBJ_D)\rmdtest.obj \
+	$(OBJ_D)\destest.obj $(OBJ_D)\rc2test.obj $(OBJ_D)\rc4test.obj \
+	$(OBJ_D)\rc5test.obj $(OBJ_D)\ideatest.obj $(OBJ_D)\bftest.obj \
+	$(OBJ_D)\casttest.obj $(OBJ_D)\bntest.obj $(OBJ_D)\exptest.obj \
+	$(OBJ_D)\dsatest.obj $(OBJ_D)\dhtest.obj $(OBJ_D)\randtest.obj \
+	$(OBJ_D)\ssltest.obj
 
 E_OBJ=$(OBJ_D)\verify.obj \
 	$(OBJ_D)\asn1pars.obj $(OBJ_D)\req.obj $(OBJ_D)\dgst.obj \
 	$(OBJ_D)\dh.obj $(OBJ_D)\enc.obj $(OBJ_D)\gendh.obj \
-	$(OBJ_D)\errstr.obj $(OBJ_D)\ca.obj $(OBJ_D)\gendsa.obj \
-	$(OBJ_D)\pkcs7.obj $(OBJ_D)\crl2p7.obj $(OBJ_D)\crl.obj \
-	$(OBJ_D)\rsa.obj $(OBJ_D)\dsa.obj $(OBJ_D)\dsaparam.obj \
-	$(OBJ_D)\x509.obj $(OBJ_D)\genrsa.obj $(OBJ_D)\s_server.obj \
-	$(OBJ_D)\s_client.obj $(OBJ_D)\speed.obj $(OBJ_D)\s_time.obj \
-	$(OBJ_D)\apps.obj $(OBJ_D)\s_cb.obj $(OBJ_D)\s_socket.obj \
-	$(OBJ_D)\version.obj $(OBJ_D)\sess_id.obj $(OBJ_D)\ciphers.obj \
-	$(OBJ_D)\ssleay.obj
+	$(OBJ_D)\errstr.obj $(OBJ_D)\ca.obj $(OBJ_D)\pkcs7.obj \
+	$(OBJ_D)\crl2p7.obj $(OBJ_D)\crl.obj $(OBJ_D)\rsa.obj \
+	$(OBJ_D)\dsa.obj $(OBJ_D)\dsaparam.obj $(OBJ_D)\x509.obj \
+	$(OBJ_D)\genrsa.obj $(OBJ_D)\s_server.obj $(OBJ_D)\s_client.obj \
+	$(OBJ_D)\speed.obj $(OBJ_D)\s_time.obj $(OBJ_D)\apps.obj \
+	$(OBJ_D)\s_cb.obj $(OBJ_D)\s_socket.obj $(OBJ_D)\version.obj \
+	$(OBJ_D)\sess_id.obj $(OBJ_D)\ciphers.obj $(OBJ_D)\ssleay.obj
 
 CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
-	$(OBJ_D)\mem.obj $(OBJ_D)\cversion.obj $(OBJ_D)\md2_dgst.obj \
-	$(OBJ_D)\md5_dgst.obj $(OBJ_D)\md2_one.obj $(OBJ_D)\md5_one.obj \
-	$(OBJ_D)\sha_dgst.obj $(OBJ_D)\sha1dgst.obj $(OBJ_D)\sha_one.obj \
-	$(OBJ_D)\sha1_one.obj $(OBJ_D)\mdc2dgst.obj $(OBJ_D)\mdc2_one.obj \
-	$(OBJ_D)\set_key.obj $(OBJ_D)\ecb_enc.obj $(OBJ_D)\ede_enc.obj \
-	$(OBJ_D)\cbc_enc.obj $(OBJ_D)\cbc3_enc.obj $(OBJ_D)\ecb3_enc.obj \
+	$(OBJ_D)\mem.obj $(OBJ_D)\cversion.obj $(OBJ_D)\ex_data.obj \
+	$(OBJ_D)\cpt_err.obj $(OBJ_D)\md2_dgst.obj $(OBJ_D)\md2_one.obj \
+	$(OBJ_D)\md5_dgst.obj $(MD5_ASM_OBJ) $(OBJ_D)\md5_one.obj \
+	$(OBJ_D)\sha_dgst.obj $(OBJ_D)\sha1dgst.obj $(SHA1_ASM_OBJ) \
+	$(OBJ_D)\sha_one.obj $(OBJ_D)\sha1_one.obj $(OBJ_D)\mdc2dgst.obj \
+	$(OBJ_D)\mdc2_one.obj $(OBJ_D)\hmac.obj $(OBJ_D)\rmd_dgst.obj \
+	$(RMD160_ASM_OBJ) $(OBJ_D)\rmd_one.obj $(OBJ_D)\set_key.obj \
+	$(OBJ_D)\ecb_enc.obj $(OBJ_D)\cbc_enc.obj $(OBJ_D)\ecb3_enc.obj \
 	$(OBJ_D)\cfb64enc.obj $(OBJ_D)\cfb64ede.obj $(OBJ_D)\cfb_enc.obj \
 	$(OBJ_D)\ofb64ede.obj $(OBJ_D)\enc_read.obj $(OBJ_D)\enc_writ.obj \
-	$(OBJ_D)\ncbc_enc.obj $(OBJ_D)\ofb64enc.obj $(OBJ_D)\ofb_enc.obj \
-	$(OBJ_D)\str2key.obj $(OBJ_D)\pcbc_enc.obj $(OBJ_D)\qud_cksm.obj \
-	$(OBJ_D)\rand_key.obj $(DES_ENC_OBJ) $(OBJ_D)\read2pwd.obj \
-	$(OBJ_D)\fcrypt.obj $(OBJ_D)\xcbc_enc.obj $(OBJ_D)\read_pwd.obj \
-	$(OBJ_D)\rpc_enc.obj $(OBJ_D)\cbc_cksm.obj $(OBJ_D)\supp.obj \
-	$(OBJ_D)\rc4_enc.obj $(OBJ_D)\rc2_ecb.obj $(OBJ_D)\rc2_skey.obj \
-	$(OBJ_D)\rc2_cbc.obj $(OBJ_D)\rc2cfb64.obj $(OBJ_D)\rc2ofb64.obj \
-	$(OBJ_D)\i_cbc.obj $(OBJ_D)\i_cfb64.obj $(OBJ_D)\i_ofb64.obj \
-	$(OBJ_D)\i_ecb.obj $(OBJ_D)\i_skey.obj $(OBJ_D)\bf_skey.obj \
-	$(OBJ_D)\bf_ecb.obj $(BF_ENC_OBJ) $(OBJ_D)\bf_cbc.obj \
-	$(OBJ_D)\bf_cfb64.obj $(OBJ_D)\bf_ofb64.obj $(OBJ_D)\bn_add.obj \
+	$(OBJ_D)\ofb64enc.obj $(OBJ_D)\ofb_enc.obj $(OBJ_D)\str2key.obj \
+	$(OBJ_D)\pcbc_enc.obj $(OBJ_D)\qud_cksm.obj $(OBJ_D)\rand_key.obj \
+	$(DES_ENC_OBJ) $(OBJ_D)\read2pwd.obj $(OBJ_D)\fcrypt.obj \
+	$(OBJ_D)\xcbc_enc.obj $(OBJ_D)\read_pwd.obj $(OBJ_D)\rpc_enc.obj \
+	$(OBJ_D)\cbc_cksm.obj $(OBJ_D)\supp.obj $(OBJ_D)\rc2_ecb.obj \
+	$(OBJ_D)\rc2_skey.obj $(OBJ_D)\rc2_cbc.obj $(OBJ_D)\rc2cfb64.obj \
+	$(OBJ_D)\rc2ofb64.obj $(OBJ_D)\rc4_skey.obj $(RC4_ENC_OBJ) \
+	$(OBJ_D)\rc5_skey.obj $(OBJ_D)\rc5_ecb.obj $(RC5_ENC_OBJ) \
+	$(OBJ_D)\rc5cfb64.obj $(OBJ_D)\rc5ofb64.obj $(OBJ_D)\i_cbc.obj \
+	$(OBJ_D)\i_cfb64.obj $(OBJ_D)\i_ofb64.obj $(OBJ_D)\i_ecb.obj \
+	$(OBJ_D)\i_skey.obj $(OBJ_D)\bf_skey.obj $(OBJ_D)\bf_ecb.obj \
+	$(BF_ENC_OBJ) $(OBJ_D)\bf_cfb64.obj $(OBJ_D)\bf_ofb64.obj \
+	$(OBJ_D)\c_skey.obj $(OBJ_D)\c_ecb.obj $(CAST_ENC_OBJ) \
+	$(OBJ_D)\c_cfb64.obj $(OBJ_D)\c_ofb64.obj $(OBJ_D)\bn_add.obj \
 	$(OBJ_D)\bn_div.obj $(OBJ_D)\bn_exp.obj $(OBJ_D)\bn_lib.obj \
 	$(OBJ_D)\bn_mod.obj $(OBJ_D)\bn_mul.obj $(OBJ_D)\bn_print.obj \
 	$(OBJ_D)\bn_rand.obj $(OBJ_D)\bn_shift.obj $(OBJ_D)\bn_sub.obj \
-	$(OBJ_D)\bn_word.obj $(OBJ_D)\bn_gcd.obj $(OBJ_D)\bn_prime.obj \
-	$(OBJ_D)\bn_err.obj $(OBJ_D)\bn_sqr.obj $(BN_MULW_OBJ) \
-	$(OBJ_D)\bn_recp.obj $(OBJ_D)\bn_mont.obj $(OBJ_D)\rsa_enc.obj \
-	$(OBJ_D)\rsa_gen.obj $(OBJ_D)\rsa_lib.obj $(OBJ_D)\rsa_sign.obj \
-	$(OBJ_D)\rsa_saos.obj $(OBJ_D)\rsa_err.obj $(OBJ_D)\dsa_gen.obj \
-	$(OBJ_D)\dsa_key.obj $(OBJ_D)\dsa_lib.obj $(OBJ_D)\dsa_vrf.obj \
-	$(OBJ_D)\dsa_sign.obj $(OBJ_D)\dsa_err.obj $(OBJ_D)\dh_gen.obj \
-	$(OBJ_D)\dh_key.obj $(OBJ_D)\dh_lib.obj $(OBJ_D)\dh_check.obj \
-	$(OBJ_D)\dh_err.obj $(OBJ_D)\buffer.obj $(OBJ_D)\buf_err.obj \
-	$(OBJ_D)\bio_lib.obj $(OBJ_D)\bio_cb.obj $(OBJ_D)\bio_err.obj \
-	$(OBJ_D)\bss_mem.obj $(OBJ_D)\bss_null.obj $(OBJ_D)\bss_fd.obj \
-	$(OBJ_D)\bss_file.obj $(OBJ_D)\bss_sock.obj $(OBJ_D)\bss_conn.obj \
-	$(OBJ_D)\bf_null.obj $(OBJ_D)\bf_buff.obj $(OBJ_D)\b_print.obj \
-	$(OBJ_D)\b_dump.obj $(OBJ_D)\b_sock.obj $(OBJ_D)\bss_acpt.obj \
-	$(OBJ_D)\bf_nbio.obj $(OBJ_D)\stack.obj $(OBJ_D)\lhash.obj \
-	$(OBJ_D)\lh_stats.obj $(OBJ_D)\md_rand.obj $(OBJ_D)\randfile.obj \
-	$(OBJ_D)\err.obj $(OBJ_D)\err_all.obj $(OBJ_D)\err_prn.obj \
-	$(OBJ_D)\obj_dat.obj $(OBJ_D)\obj_lib.obj $(OBJ_D)\obj_err.obj \
-	$(OBJ_D)\encode.obj $(OBJ_D)\digest.obj $(OBJ_D)\evp_enc.obj \
-	$(OBJ_D)\evp_key.obj $(OBJ_D)\e_ecb_d.obj $(OBJ_D)\e_cbc_d.obj \
-	$(OBJ_D)\e_cfb_d.obj $(OBJ_D)\e_ofb_d.obj $(OBJ_D)\e_ecb_i.obj \
-	$(OBJ_D)\e_cbc_i.obj $(OBJ_D)\e_cfb_i.obj $(OBJ_D)\e_ofb_i.obj \
-	$(OBJ_D)\e_ecb_3d.obj $(OBJ_D)\e_cbc_3d.obj $(OBJ_D)\e_rc4.obj \
-	$(OBJ_D)\names.obj $(OBJ_D)\e_cfb_3d.obj $(OBJ_D)\e_ofb_3d.obj \
-	$(OBJ_D)\e_xcbc_d.obj $(OBJ_D)\e_ecb_r2.obj $(OBJ_D)\e_cbc_r2.obj \
-	$(OBJ_D)\e_cfb_r2.obj $(OBJ_D)\e_ofb_r2.obj $(OBJ_D)\e_ecb_bf.obj \
-	$(OBJ_D)\e_cbc_bf.obj $(OBJ_D)\e_cfb_bf.obj $(OBJ_D)\e_ofb_bf.obj \
-	$(OBJ_D)\m_null.obj $(OBJ_D)\m_md2.obj $(OBJ_D)\m_md5.obj \
-	$(OBJ_D)\m_sha.obj $(OBJ_D)\m_sha1.obj $(OBJ_D)\m_dss.obj \
-	$(OBJ_D)\m_dss1.obj $(OBJ_D)\m_mdc2.obj $(OBJ_D)\p_open.obj \
-	$(OBJ_D)\p_seal.obj $(OBJ_D)\p_sign.obj $(OBJ_D)\p_verify.obj \
-	$(OBJ_D)\p_lib.obj $(OBJ_D)\bio_md.obj $(OBJ_D)\bio_b64.obj \
-	$(OBJ_D)\bio_enc.obj $(OBJ_D)\evp_err.obj $(OBJ_D)\e_null.obj \
-	$(OBJ_D)\c_all.obj $(OBJ_D)\pem_sign.obj $(OBJ_D)\pem_seal.obj \
-	$(OBJ_D)\pem_info.obj $(OBJ_D)\pem_lib.obj $(OBJ_D)\pem_all.obj \
-	$(OBJ_D)\pem_err.obj $(OBJ_D)\a_object.obj $(OBJ_D)\a_bitstr.obj \
-	$(OBJ_D)\a_utctm.obj $(OBJ_D)\a_int.obj $(OBJ_D)\a_octet.obj \
-	$(OBJ_D)\a_print.obj $(OBJ_D)\a_type.obj $(OBJ_D)\a_set.obj \
-	$(OBJ_D)\a_dup.obj $(OBJ_D)\a_d2i_fp.obj $(OBJ_D)\a_i2d_fp.obj \
-	$(OBJ_D)\a_sign.obj $(OBJ_D)\a_digest.obj $(OBJ_D)\a_verify.obj \
-	$(OBJ_D)\x_algor.obj $(OBJ_D)\x_val.obj $(OBJ_D)\x_pubkey.obj \
-	$(OBJ_D)\x_sig.obj $(OBJ_D)\x_req.obj $(OBJ_D)\x_attrib.obj \
-	$(OBJ_D)\x_name.obj $(OBJ_D)\x_cinf.obj $(OBJ_D)\x_x509.obj \
-	$(OBJ_D)\x_crl.obj $(OBJ_D)\x_info.obj $(OBJ_D)\x_spki.obj \
-	$(OBJ_D)\d2i_r_pr.obj $(OBJ_D)\i2d_r_pr.obj $(OBJ_D)\d2i_r_pu.obj \
-	$(OBJ_D)\i2d_r_pu.obj $(OBJ_D)\d2i_s_pr.obj $(OBJ_D)\i2d_s_pr.obj \
-	$(OBJ_D)\d2i_s_pu.obj $(OBJ_D)\i2d_s_pu.obj $(OBJ_D)\d2i_pu.obj \
-	$(OBJ_D)\d2i_pr.obj $(OBJ_D)\i2d_pu.obj $(OBJ_D)\i2d_pr.obj \
-	$(OBJ_D)\t_req.obj $(OBJ_D)\t_x509.obj $(OBJ_D)\t_pkey.obj \
-	$(OBJ_D)\p7_i_s.obj $(OBJ_D)\p7_signi.obj $(OBJ_D)\p7_signd.obj \
-	$(OBJ_D)\p7_recip.obj $(OBJ_D)\p7_enc_c.obj $(OBJ_D)\p7_evp.obj \
-	$(OBJ_D)\p7_dgst.obj $(OBJ_D)\p7_s_e.obj $(OBJ_D)\p7_enc.obj \
-	$(OBJ_D)\p7_lib.obj $(OBJ_D)\f_int.obj $(OBJ_D)\f_string.obj \
-	$(OBJ_D)\i2d_dhp.obj $(OBJ_D)\i2d_dsap.obj $(OBJ_D)\d2i_dhp.obj \
-	$(OBJ_D)\d2i_dsap.obj $(OBJ_D)\n_pkey.obj $(OBJ_D)\a_hdr.obj \
-	$(OBJ_D)\x_pkey.obj $(OBJ_D)\a_bool.obj $(OBJ_D)\x_exten.obj \
-	$(OBJ_D)\asn1_par.obj $(OBJ_D)\asn1_lib.obj $(OBJ_D)\asn1_err.obj \
-	$(OBJ_D)\a_meth.obj $(OBJ_D)\a_bytes.obj $(OBJ_D)\x509_def.obj \
+	$(OBJ_D)\bn_word.obj $(OBJ_D)\bn_blind.obj $(OBJ_D)\bn_gcd.obj \
+	$(OBJ_D)\bn_prime.obj $(OBJ_D)\bn_err.obj $(OBJ_D)\bn_sqr.obj \
+	$(BN_MULW_OBJ) $(OBJ_D)\bn_recp.obj $(OBJ_D)\bn_mont.obj \
+	$(OBJ_D)\bn_mpi.obj $(OBJ_D)\rsa_eay.obj $(OBJ_D)\rsa_gen.obj \
+	$(OBJ_D)\rsa_lib.obj $(OBJ_D)\rsa_sign.obj $(OBJ_D)\rsa_saos.obj \
+	$(OBJ_D)\rsa_err.obj $(OBJ_D)\rsa_pk1.obj $(OBJ_D)\rsa_ssl.obj \
+	$(OBJ_D)\rsa_none.obj $(OBJ_D)\dsa_gen.obj $(OBJ_D)\dsa_key.obj \
+	$(OBJ_D)\dsa_lib.obj $(OBJ_D)\dsa_vrf.obj $(OBJ_D)\dsa_sign.obj \
+	$(OBJ_D)\dsa_err.obj $(OBJ_D)\dh_gen.obj $(OBJ_D)\dh_key.obj \
+	$(OBJ_D)\dh_lib.obj $(OBJ_D)\dh_check.obj $(OBJ_D)\dh_err.obj \
+	$(OBJ_D)\buffer.obj $(OBJ_D)\buf_err.obj $(OBJ_D)\bio_lib.obj \
+	$(OBJ_D)\bio_cb.obj $(OBJ_D)\bio_err.obj $(OBJ_D)\bss_mem.obj \
+	$(OBJ_D)\bss_null.obj $(OBJ_D)\bss_fd.obj $(OBJ_D)\bss_file.obj \
+	$(OBJ_D)\bss_sock.obj $(OBJ_D)\bss_conn.obj $(OBJ_D)\bf_null.obj \
+	$(OBJ_D)\bf_buff.obj $(OBJ_D)\b_print.obj $(OBJ_D)\b_dump.obj \
+	$(OBJ_D)\b_sock.obj $(OBJ_D)\bss_acpt.obj $(OBJ_D)\bf_nbio.obj \
+	$(OBJ_D)\stack.obj $(OBJ_D)\lhash.obj $(OBJ_D)\lh_stats.obj \
+	$(OBJ_D)\md_rand.obj $(OBJ_D)\randfile.obj $(OBJ_D)\err.obj \
+	$(OBJ_D)\err_all.obj $(OBJ_D)\err_prn.obj $(OBJ_D)\obj_dat.obj \
+	$(OBJ_D)\obj_lib.obj $(OBJ_D)\obj_err.obj $(OBJ_D)\encode.obj \
+	$(OBJ_D)\digest.obj $(OBJ_D)\evp_enc.obj $(OBJ_D)\evp_key.obj \
+	$(OBJ_D)\e_ecb_d.obj $(OBJ_D)\e_cbc_d.obj $(OBJ_D)\e_cfb_d.obj \
+	$(OBJ_D)\e_ofb_d.obj $(OBJ_D)\e_ecb_i.obj $(OBJ_D)\e_cbc_i.obj \
+	$(OBJ_D)\e_cfb_i.obj $(OBJ_D)\e_ofb_i.obj $(OBJ_D)\e_ecb_3d.obj \
+	$(OBJ_D)\e_cbc_3d.obj $(OBJ_D)\e_rc4.obj $(OBJ_D)\names.obj \
+	$(OBJ_D)\e_cfb_3d.obj $(OBJ_D)\e_ofb_3d.obj $(OBJ_D)\e_xcbc_d.obj \
+	$(OBJ_D)\e_ecb_r2.obj $(OBJ_D)\e_cbc_r2.obj $(OBJ_D)\e_cfb_r2.obj \
+	$(OBJ_D)\e_ofb_r2.obj $(OBJ_D)\e_ecb_bf.obj $(OBJ_D)\e_cbc_bf.obj \
+	$(OBJ_D)\e_cfb_bf.obj $(OBJ_D)\e_ofb_bf.obj $(OBJ_D)\e_ecb_c.obj \
+	$(OBJ_D)\e_cbc_c.obj $(OBJ_D)\e_cfb_c.obj $(OBJ_D)\e_ofb_c.obj \
+	$(OBJ_D)\e_ecb_r5.obj $(OBJ_D)\e_cbc_r5.obj $(OBJ_D)\e_cfb_r5.obj \
+	$(OBJ_D)\e_ofb_r5.obj $(OBJ_D)\m_null.obj $(OBJ_D)\m_md2.obj \
+	$(OBJ_D)\m_md5.obj $(OBJ_D)\m_sha.obj $(OBJ_D)\m_sha1.obj \
+	$(OBJ_D)\m_dss.obj $(OBJ_D)\m_dss1.obj $(OBJ_D)\m_mdc2.obj \
+	$(OBJ_D)\m_ripemd.obj $(OBJ_D)\p_open.obj $(OBJ_D)\p_seal.obj \
+	$(OBJ_D)\p_sign.obj $(OBJ_D)\p_verify.obj $(OBJ_D)\p_lib.obj \
+	$(OBJ_D)\p_enc.obj $(OBJ_D)\p_dec.obj $(OBJ_D)\bio_md.obj \
+	$(OBJ_D)\bio_b64.obj $(OBJ_D)\bio_enc.obj $(OBJ_D)\evp_err.obj \
+	$(OBJ_D)\e_null.obj $(OBJ_D)\c_all.obj $(OBJ_D)\evp_lib.obj \
+	$(OBJ_D)\pem_sign.obj $(OBJ_D)\pem_seal.obj $(OBJ_D)\pem_info.obj \
+	$(OBJ_D)\pem_lib.obj $(OBJ_D)\pem_all.obj $(OBJ_D)\pem_err.obj \
+	$(OBJ_D)\a_object.obj $(OBJ_D)\a_bitstr.obj $(OBJ_D)\a_utctm.obj \
+	$(OBJ_D)\a_int.obj $(OBJ_D)\a_octet.obj $(OBJ_D)\a_print.obj \
+	$(OBJ_D)\a_type.obj $(OBJ_D)\a_set.obj $(OBJ_D)\a_dup.obj \
+	$(OBJ_D)\a_d2i_fp.obj $(OBJ_D)\a_i2d_fp.obj $(OBJ_D)\a_sign.obj \
+	$(OBJ_D)\a_digest.obj $(OBJ_D)\a_verify.obj $(OBJ_D)\x_algor.obj \
+	$(OBJ_D)\x_val.obj $(OBJ_D)\x_pubkey.obj $(OBJ_D)\x_sig.obj \
+	$(OBJ_D)\x_req.obj $(OBJ_D)\x_attrib.obj $(OBJ_D)\x_name.obj \
+	$(OBJ_D)\x_cinf.obj $(OBJ_D)\x_x509.obj $(OBJ_D)\x_crl.obj \
+	$(OBJ_D)\x_info.obj $(OBJ_D)\x_spki.obj $(OBJ_D)\d2i_r_pr.obj \
+	$(OBJ_D)\i2d_r_pr.obj $(OBJ_D)\d2i_r_pu.obj $(OBJ_D)\i2d_r_pu.obj \
+	$(OBJ_D)\d2i_s_pr.obj $(OBJ_D)\i2d_s_pr.obj $(OBJ_D)\d2i_s_pu.obj \
+	$(OBJ_D)\i2d_s_pu.obj $(OBJ_D)\d2i_pu.obj $(OBJ_D)\d2i_pr.obj \
+	$(OBJ_D)\i2d_pu.obj $(OBJ_D)\i2d_pr.obj $(OBJ_D)\t_req.obj \
+	$(OBJ_D)\t_x509.obj $(OBJ_D)\t_pkey.obj $(OBJ_D)\p7_i_s.obj \
+	$(OBJ_D)\p7_signi.obj $(OBJ_D)\p7_signd.obj $(OBJ_D)\p7_recip.obj \
+	$(OBJ_D)\p7_enc_c.obj $(OBJ_D)\p7_evp.obj $(OBJ_D)\p7_dgst.obj \
+	$(OBJ_D)\p7_s_e.obj $(OBJ_D)\p7_enc.obj $(OBJ_D)\p7_lib.obj \
+	$(OBJ_D)\f_int.obj $(OBJ_D)\f_string.obj $(OBJ_D)\i2d_dhp.obj \
+	$(OBJ_D)\i2d_dsap.obj $(OBJ_D)\d2i_dhp.obj $(OBJ_D)\d2i_dsap.obj \
+	$(OBJ_D)\n_pkey.obj $(OBJ_D)\a_hdr.obj $(OBJ_D)\x_pkey.obj \
+	$(OBJ_D)\a_bool.obj $(OBJ_D)\x_exten.obj $(OBJ_D)\asn1_par.obj \
+	$(OBJ_D)\asn1_lib.obj $(OBJ_D)\asn1_err.obj $(OBJ_D)\a_meth.obj \
+	$(OBJ_D)\a_bytes.obj $(OBJ_D)\evp_asn1.obj $(OBJ_D)\x509_def.obj \
 	$(OBJ_D)\x509_d2.obj $(OBJ_D)\x509_r2x.obj $(OBJ_D)\x509_cmp.obj \
 	$(OBJ_D)\x509_obj.obj $(OBJ_D)\x509_req.obj $(OBJ_D)\x509_vfy.obj \
 	$(OBJ_D)\x509_set.obj $(OBJ_D)\x509rset.obj $(OBJ_D)\x509_err.obj \
@@ -231,38 +262,51 @@ CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
 
 SSLOBJ=$(OBJ_D)\s2_meth.obj \
 	$(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \
-	$(OBJ_D)\s2_pkt.obj $(OBJ_D)\s2_enc.obj $(OBJ_D)\s3_meth.obj \
+	$(OBJ_D)\s2_enc.obj $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s3_meth.obj \
 	$(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \
-	$(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_both.obj \
+	$(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_both.obj \
 	$(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj $(OBJ_D)\s23_clnt.obj \
-	$(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj $(OBJ_D)\ssl_lib.obj \
-	$(OBJ_D)\ssl_err2.obj $(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj \
-	$(OBJ_D)\ssl_ciph.obj $(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj \
-	$(OBJ_D)\ssl_asn1.obj $(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj \
-	$(OBJ_D)\bio_ssl.obj $(OBJ_D)\ssl_err.obj
+	$(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj $(OBJ_D)\t1_meth.obj \
+	$(OBJ_D)\t1_srvr.obj $(OBJ_D)\t1_clnt.obj $(OBJ_D)\t1_lib.obj \
+	$(OBJ_D)\t1_enc.obj $(OBJ_D)\ssl_lib.obj $(OBJ_D)\ssl_err2.obj \
+	$(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj $(OBJ_D)\ssl_ciph.obj \
+	$(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj $(OBJ_D)\ssl_asn1.obj \
+	$(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj $(OBJ_D)\bio_ssl.obj \
+	$(OBJ_D)\ssl_err.obj
 
 RSAGLUEOBJ=$(OBJ_D)\rsaref.obj \
 	$(OBJ_D)\rsar_err.obj
 
 T_EXE=$(TEST_D)\md2test.exe \
 	$(TEST_D)\md5test.exe $(TEST_D)\shatest.exe $(TEST_D)\sha1test.exe \
-	$(TEST_D)\mdc2test.exe $(TEST_D)\destest.exe $(TEST_D)\rc4test.exe \
-	$(TEST_D)\rc2test.exe $(TEST_D)\ideatest.exe $(TEST_D)\bftest.exe \
-	$(TEST_D)\bntest.exe $(TEST_D)\exptest.exe $(TEST_D)\dsatest.exe \
-	$(TEST_D)\dhtest.exe $(TEST_D)\randtest.exe $(TEST_D)\ssltest.exe
+	$(TEST_D)\mdc2test.exe $(TEST_D)\hmactest.exe $(TEST_D)\rmdtest.exe \
+	$(TEST_D)\destest.exe $(TEST_D)\rc2test.exe $(TEST_D)\rc4test.exe \
+	$(TEST_D)\rc5test.exe $(TEST_D)\ideatest.exe $(TEST_D)\bftest.exe \
+	$(TEST_D)\casttest.exe $(TEST_D)\bntest.exe $(TEST_D)\exptest.exe \
+	$(TEST_D)\dsatest.exe $(TEST_D)\dhtest.exe $(TEST_D)\randtest.exe \
+	$(TEST_D)\ssltest.exe
 
 ###################################################################
-all: banner $(OUT_D) $(TMP_D) headers lib exe
+all: banner $(TMP_D) $(BIN_D) $(TEST_D) $(LIB_D) $(INC_D) headers lib exe
 
 banner:
 
 
-$(OUT_D):
-	$(MKDIR) $(OUT_D)
-
 $(TMP_D):
 	$(MKDIR) $(TMP_D)
 
+$(BIN_D):
+	$(MKDIR) $(BIN_D)
+
+$(TEST_D):
+	$(MKDIR) $(TEST_D)
+
+$(LIB_D):
+	$(MKDIR) $(LIB_D)
+
+$(INC_D):
+	$(MKDIR) $(INC_D)
+
 headers: $(HEADER) $(EXHEADER)
 
 lib: $(LIBS_DEP)
@@ -274,10 +318,10 @@ install:
 	$(MKDIR) $(INSTALLTOP)\bin
 	$(MKDIR) $(INSTALLTOP)\include
 	$(MKDIR) $(INSTALLTOP)\lib
-	$(CP) $(INC_D)\*.h $(INSTALLTOP)\include
+	$(CP) $(INC_D)\*.[ch] $(INSTALLTOP)\include
 	$(CP) $(BIN_D)\$(E_EXE).exe $(INSTALLTOP)\bin
-	$(CP) $(LIB_D)\$(O_SSL) $(INSTALLTOP)\lib
-	$(CP) $(LIB_D)\$(O_CRYPTO) $(INSTALLTOP)\lib
+	$(CP) $(O_SSL) $(INSTALLTOP)\lib
+	$(CP) $(O_CRYPTO) $(INSTALLTOP)\lib
 
 clean:
 	$(RM) $(TMP_D)\*.*
@@ -286,21 +330,24 @@ vclean:
 	$(RM) $(TMP_D)\*.*
 	$(RM) $(OUT_D)\*.*
 
-$(INCL_D)\e_os.h: $(SRC_D)\.\e_os.h
-	$(CP) $(SRC_D)\.\e_os.h $(INCL_D)\e_os.h
-
 $(INCL_D)\cryptlib.h: $(SRC_D)\crypto\cryptlib.h
 	$(CP) $(SRC_D)\crypto\cryptlib.h $(INCL_D)\cryptlib.h
 
 $(INCL_D)\date.h: $(SRC_D)\crypto\date.h
 	$(CP) $(SRC_D)\crypto\date.h $(INCL_D)\date.h
 
-$(INCL_D)\md5_locl.h: $(SRC_D)\crypto\md\md5_locl.h
-	$(CP) $(SRC_D)\crypto\md\md5_locl.h $(INCL_D)\md5_locl.h
+$(INCL_D)\md5_locl.h: $(SRC_D)\crypto\md5\md5_locl.h
+	$(CP) $(SRC_D)\crypto\md5\md5_locl.h $(INCL_D)\md5_locl.h
 
 $(INCL_D)\sha_locl.h: $(SRC_D)\crypto\sha\sha_locl.h
 	$(CP) $(SRC_D)\crypto\sha\sha_locl.h $(INCL_D)\sha_locl.h
 
+$(INCL_D)\rmd_locl.h: $(SRC_D)\crypto\ripemd\rmd_locl.h
+	$(CP) $(SRC_D)\crypto\ripemd\rmd_locl.h $(INCL_D)\rmd_locl.h
+
+$(INCL_D)\rmdconst.h: $(SRC_D)\crypto\ripemd\rmdconst.h
+	$(CP) $(SRC_D)\crypto\ripemd\rmdconst.h $(INCL_D)\rmdconst.h
+
 $(INCL_D)\des_locl.h: $(SRC_D)\crypto\des\des_locl.h
 	$(CP) $(SRC_D)\crypto\des\des_locl.h $(INCL_D)\des_locl.h
 
@@ -322,6 +369,12 @@ $(INCL_D)\des_ver.h: $(SRC_D)\crypto\des\des_ver.h
 $(INCL_D)\rc2_locl.h: $(SRC_D)\crypto\rc2\rc2_locl.h
 	$(CP) $(SRC_D)\crypto\rc2\rc2_locl.h $(INCL_D)\rc2_locl.h
 
+$(INCL_D)\rc4_locl.h: $(SRC_D)\crypto\rc4\rc4_locl.h
+	$(CP) $(SRC_D)\crypto\rc4\rc4_locl.h $(INCL_D)\rc4_locl.h
+
+$(INCL_D)\rc5_locl.h: $(SRC_D)\crypto\rc5\rc5_locl.h
+	$(CP) $(SRC_D)\crypto\rc5\rc5_locl.h $(INCL_D)\rc5_locl.h
+
 $(INCL_D)\idea_lcl.h: $(SRC_D)\crypto\idea\idea_lcl.h
 	$(CP) $(SRC_D)\crypto\idea\idea_lcl.h $(INCL_D)\idea_lcl.h
 
@@ -331,6 +384,12 @@ $(INCL_D)\bf_pi.h: $(SRC_D)\crypto\bf\bf_pi.h
 $(INCL_D)\bf_locl.h: $(SRC_D)\crypto\bf\bf_locl.h
 	$(CP) $(SRC_D)\crypto\bf\bf_locl.h $(INCL_D)\bf_locl.h
 
+$(INCL_D)\cast_s.h: $(SRC_D)\crypto\cast\cast_s.h
+	$(CP) $(SRC_D)\crypto\cast\cast_s.h $(INCL_D)\cast_s.h
+
+$(INCL_D)\cast_lcl.h: $(SRC_D)\crypto\cast\cast_lcl.h
+	$(CP) $(SRC_D)\crypto\cast\cast_lcl.h $(INCL_D)\cast_lcl.h
+
 $(INCL_D)\bn_lcl.h: $(SRC_D)\crypto\bn\bn_lcl.h
 	$(CP) $(SRC_D)\crypto\bn\bn_lcl.h $(INCL_D)\bn_lcl.h
 
@@ -364,17 +423,20 @@ $(INCL_D)\testdsa.h: $(SRC_D)\apps\testdsa.h
 $(INCL_D)\testrsa.h: $(SRC_D)\apps\testrsa.h
 	$(CP) $(SRC_D)\apps\testrsa.h $(INCL_D)\testrsa.h
 
+$(INC_D)\e_os.h: $(SRC_D)\.\e_os.h
+	$(CP) $(SRC_D)\.\e_os.h $(INC_D)\e_os.h
+
 $(INC_D)\crypto.h: $(SRC_D)\crypto\crypto.h
 	$(CP) $(SRC_D)\crypto\crypto.h $(INC_D)\crypto.h
 
 $(INC_D)\cryptall.h: $(SRC_D)\crypto\cryptall.h
 	$(CP) $(SRC_D)\crypto\cryptall.h $(INC_D)\cryptall.h
 
-$(INC_D)\md2.h: $(SRC_D)\crypto\md\md2.h
-	$(CP) $(SRC_D)\crypto\md\md2.h $(INC_D)\md2.h
+$(INC_D)\md2.h: $(SRC_D)\crypto\md2\md2.h
+	$(CP) $(SRC_D)\crypto\md2\md2.h $(INC_D)\md2.h
 
-$(INC_D)\md5.h: $(SRC_D)\crypto\md\md5.h
-	$(CP) $(SRC_D)\crypto\md\md5.h $(INC_D)\md5.h
+$(INC_D)\md5.h: $(SRC_D)\crypto\md5\md5.h
+	$(CP) $(SRC_D)\crypto\md5\md5.h $(INC_D)\md5.h
 
 $(INC_D)\sha.h: $(SRC_D)\crypto\sha\sha.h
 	$(CP) $(SRC_D)\crypto\sha\sha.h $(INC_D)\sha.h
@@ -382,14 +444,23 @@ $(INC_D)\sha.h: $(SRC_D)\crypto\sha\sha.h
 $(INC_D)\mdc2.h: $(SRC_D)\crypto\mdc2\mdc2.h
 	$(CP) $(SRC_D)\crypto\mdc2\mdc2.h $(INC_D)\mdc2.h
 
+$(INC_D)\hmac.h: $(SRC_D)\crypto\hmac\hmac.h
+	$(CP) $(SRC_D)\crypto\hmac\hmac.h $(INC_D)\hmac.h
+
+$(INC_D)\ripemd.h: $(SRC_D)\crypto\ripemd\ripemd.h
+	$(CP) $(SRC_D)\crypto\ripemd\ripemd.h $(INC_D)\ripemd.h
+
 $(INC_D)\des.h: $(SRC_D)\crypto\des\des.h
 	$(CP) $(SRC_D)\crypto\des\des.h $(INC_D)\des.h
 
+$(INC_D)\rc2.h: $(SRC_D)\crypto\rc2\rc2.h
+	$(CP) $(SRC_D)\crypto\rc2\rc2.h $(INC_D)\rc2.h
+
 $(INC_D)\rc4.h: $(SRC_D)\crypto\rc4\rc4.h
 	$(CP) $(SRC_D)\crypto\rc4\rc4.h $(INC_D)\rc4.h
 
-$(INC_D)\rc2.h: $(SRC_D)\crypto\rc2\rc2.h
-	$(CP) $(SRC_D)\crypto\rc2\rc2.h $(INC_D)\rc2.h
+$(INC_D)\rc5.h: $(SRC_D)\crypto\rc5\rc5.h
+	$(CP) $(SRC_D)\crypto\rc5\rc5.h $(INC_D)\rc5.h
 
 $(INC_D)\idea.h: $(SRC_D)\crypto\idea\idea.h
 	$(CP) $(SRC_D)\crypto\idea\idea.h $(INC_D)\idea.h
@@ -397,6 +468,9 @@ $(INC_D)\idea.h: $(SRC_D)\crypto\idea\idea.h
 $(INC_D)\blowfish.h: $(SRC_D)\crypto\bf\blowfish.h
 	$(CP) $(SRC_D)\crypto\bf\blowfish.h $(INC_D)\blowfish.h
 
+$(INC_D)\cast.h: $(SRC_D)\crypto\cast\cast.h
+	$(CP) $(SRC_D)\crypto\cast\cast.h $(INC_D)\cast.h
+
 $(INC_D)\bn.h: $(SRC_D)\crypto\bn\bn.h
 	$(CP) $(SRC_D)\crypto\bn\bn.h $(INC_D)\bn.h
 
@@ -415,6 +489,9 @@ $(INC_D)\buffer.h: $(SRC_D)\crypto\buffer\buffer.h
 $(INC_D)\bio.h: $(SRC_D)\crypto\bio\bio.h
 	$(CP) $(SRC_D)\crypto\bio\bio.h $(INC_D)\bio.h
 
+$(INC_D)\bss_file.c: $(SRC_D)\crypto\bio\bss_file.c
+	$(CP) $(SRC_D)\crypto\bio\bss_file.c $(INC_D)\bss_file.c
+
 $(INC_D)\stack.h: $(SRC_D)\crypto\stack\stack.h
 	$(CP) $(SRC_D)\crypto\stack\stack.h $(INC_D)\stack.h
 
@@ -469,11 +546,14 @@ $(INC_D)\ssl3.h: $(SRC_D)\ssl\ssl3.h
 $(INC_D)\ssl23.h: $(SRC_D)\ssl\ssl23.h
 	$(CP) $(SRC_D)\ssl\ssl23.h $(INC_D)\ssl23.h
 
-$(OBJ_D)\md2test.obj: $(SRC_D)\crypto\md\md2test.c
-	$(CC) /Fo$(OBJ_D)\md2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md\md2test.c
+$(INC_D)\tls1.h: $(SRC_D)\ssl\tls1.h
+	$(CP) $(SRC_D)\ssl\tls1.h $(INC_D)\tls1.h
+
+$(OBJ_D)\md2test.obj: $(SRC_D)\crypto\md2\md2test.c
+	$(CC) /Fo$(OBJ_D)\md2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md2\md2test.c
 
-$(OBJ_D)\md5test.obj: $(SRC_D)\crypto\md\md5test.c
-	$(CC) /Fo$(OBJ_D)\md5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md\md5test.c
+$(OBJ_D)\md5test.obj: $(SRC_D)\crypto\md5\md5test.c
+	$(CC) /Fo$(OBJ_D)\md5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md5\md5test.c
 
 $(OBJ_D)\shatest.obj: $(SRC_D)\crypto\sha\shatest.c
 	$(CC) /Fo$(OBJ_D)\shatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\shatest.c
@@ -484,14 +564,23 @@ $(OBJ_D)\sha1test.obj: $(SRC_D)\crypto\sha\sha1test.c
 $(OBJ_D)\mdc2test.obj: $(SRC_D)\crypto\mdc2\mdc2test.c
 	$(CC) /Fo$(OBJ_D)\mdc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2test.c
 
+$(OBJ_D)\hmactest.obj: $(SRC_D)\crypto\hmac\hmactest.c
+	$(CC) /Fo$(OBJ_D)\hmactest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\hmac\hmactest.c
+
+$(OBJ_D)\rmdtest.obj: $(SRC_D)\crypto\ripemd\rmdtest.c
+	$(CC) /Fo$(OBJ_D)\rmdtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmdtest.c
+
 $(OBJ_D)\destest.obj: $(SRC_D)\crypto\des\destest.c
 	$(CC) /Fo$(OBJ_D)\destest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\des\destest.c
 
+$(OBJ_D)\rc2test.obj: $(SRC_D)\crypto\rc2\rc2test.c
+	$(CC) /Fo$(OBJ_D)\rc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2test.c
+
 $(OBJ_D)\rc4test.obj: $(SRC_D)\crypto\rc4\rc4test.c
 	$(CC) /Fo$(OBJ_D)\rc4test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4test.c
 
-$(OBJ_D)\rc2test.obj: $(SRC_D)\crypto\rc2\rc2test.c
-	$(CC) /Fo$(OBJ_D)\rc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2test.c
+$(OBJ_D)\rc5test.obj: $(SRC_D)\crypto\rc5\rc5test.c
+	$(CC) /Fo$(OBJ_D)\rc5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5test.c
 
 $(OBJ_D)\ideatest.obj: $(SRC_D)\crypto\idea\ideatest.c
 	$(CC) /Fo$(OBJ_D)\ideatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\idea\ideatest.c
@@ -499,6 +588,9 @@ $(OBJ_D)\ideatest.obj: $(SRC_D)\crypto\idea\ideatest.c
 $(OBJ_D)\bftest.obj: $(SRC_D)\crypto\bf\bftest.c
 	$(CC) /Fo$(OBJ_D)\bftest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bf\bftest.c
 
+$(OBJ_D)\casttest.obj: $(SRC_D)\crypto\cast\casttest.c
+	$(CC) /Fo$(OBJ_D)\casttest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\cast\casttest.c
+
 $(OBJ_D)\bntest.obj: $(SRC_D)\crypto\bn\bntest.c
 	$(CC) /Fo$(OBJ_D)\bntest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\bntest.c
 
@@ -544,9 +636,6 @@ $(OBJ_D)\errstr.obj: $(SRC_D)\apps\errstr.c
 $(OBJ_D)\ca.obj: $(SRC_D)\apps\ca.c
 	$(CC) /Fo$(OBJ_D)\ca.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ca.c
 
-$(OBJ_D)\gendsa.obj: $(SRC_D)\apps\gendsa.c
-	$(CC) /Fo$(OBJ_D)\gendsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\gendsa.c
-
 $(OBJ_D)\pkcs7.obj: $(SRC_D)\apps\pkcs7.c
 	$(CC) /Fo$(OBJ_D)\pkcs7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\pkcs7.c
 
@@ -604,920 +693,1043 @@ $(OBJ_D)\ciphers.obj: $(SRC_D)\apps\ciphers.c
 $(OBJ_D)\ssleay.obj: $(SRC_D)\apps\ssleay.c
 	$(CC) /Fo$(OBJ_D)\ssleay.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ssleay.c
 
-crypto\bn\asm\x86nt32.obj: crypto\bn\asm\x86nt32.asm
-	$(ASM) /Focrypto\bn\asm\x86nt32.obj $(SRC_D)\crypto\bn\asm\x86nt32.asm
+crypto\bn\asm\bn-win32.obj: crypto\bn\asm\bn-win32.asm
+	$(ASM) /Focrypto\bn\asm\bn-win32.obj $(SRC_D)\crypto\bn\asm\bn-win32.asm
 
 crypto\des\asm\d-win32.obj: crypto\des\asm\d-win32.asm
 	$(ASM) /Focrypto\des\asm\d-win32.obj $(SRC_D)\crypto\des\asm\d-win32.asm
 
-crypto\des\asm\c-win32.obj: crypto\des\asm\c-win32.asm
-	$(ASM) /Focrypto\des\asm\c-win32.obj $(SRC_D)\crypto\des\asm\c-win32.asm
+crypto\des\asm\y-win32.obj: crypto\des\asm\y-win32.asm
+	$(ASM) /Focrypto\des\asm\y-win32.obj $(SRC_D)\crypto\des\asm\y-win32.asm
 
 crypto\bf\asm\b-win32.obj: crypto\bf\asm\b-win32.asm
 	$(ASM) /Focrypto\bf\asm\b-win32.obj $(SRC_D)\crypto\bf\asm\b-win32.asm
 
+crypto\cast\asm\c-win32.obj: crypto\cast\asm\c-win32.asm
+	$(ASM) /Focrypto\cast\asm\c-win32.obj $(SRC_D)\crypto\cast\asm\c-win32.asm
+
+crypto\rc4\asm\r4-win32.obj: crypto\rc4\asm\r4-win32.asm
+	$(ASM) /Focrypto\rc4\asm\r4-win32.obj $(SRC_D)\crypto\rc4\asm\r4-win32.asm
+
+crypto\rc5\asm\r5-win32.obj: crypto\rc5\asm\r5-win32.asm
+	$(ASM) /Focrypto\rc5\asm\r5-win32.obj $(SRC_D)\crypto\rc5\asm\r5-win32.asm
+
+crypto\md5\asm\m5-win32.obj: crypto\md5\asm\m5-win32.asm
+	$(ASM) /Focrypto\md5\asm\m5-win32.obj $(SRC_D)\crypto\md5\asm\m5-win32.asm
+
+crypto\sha\asm\s1-win32.obj: crypto\sha\asm\s1-win32.asm
+	$(ASM) /Focrypto\sha\asm\s1-win32.obj $(SRC_D)\crypto\sha\asm\s1-win32.asm
+
+crypto\ripemd\asm\rm-win32.obj: crypto\ripemd\asm\rm-win32.asm
+	$(ASM) /Focrypto\ripemd\asm\rm-win32.obj $(SRC_D)\crypto\ripemd\asm\rm-win32.asm
+
 $(OBJ_D)\cryptlib.obj: $(SRC_D)\crypto\cryptlib.c
-	$(CC) /Fo$(OBJ_D)\cryptlib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\cryptlib.c
+	$(CC) /Fo$(OBJ_D)\cryptlib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cryptlib.c
 
 $(OBJ_D)\mem.obj: $(SRC_D)\crypto\mem.c
-	$(CC) /Fo$(OBJ_D)\mem.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mem.c
+	$(CC) /Fo$(OBJ_D)\mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mem.c
 
 $(OBJ_D)\cversion.obj: $(SRC_D)\crypto\cversion.c
-	$(CC) /Fo$(OBJ_D)\cversion.obj $(LIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)\crypto\cversion.c
+	$(CC) /Fo$(OBJ_D)\cversion.obj  $(SHLIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)\crypto\cversion.c
 
-$(OBJ_D)\md2_dgst.obj: $(SRC_D)\crypto\md\md2_dgst.c
-	$(CC) /Fo$(OBJ_D)\md2_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md2_dgst.c
+$(OBJ_D)\ex_data.obj: $(SRC_D)\crypto\ex_data.c
+	$(CC) /Fo$(OBJ_D)\ex_data.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ex_data.c
 
-$(OBJ_D)\md5_dgst.obj: $(SRC_D)\crypto\md\md5_dgst.c
-	$(CC) /Fo$(OBJ_D)\md5_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md5_dgst.c
+$(OBJ_D)\cpt_err.obj: $(SRC_D)\crypto\cpt_err.c
+	$(CC) /Fo$(OBJ_D)\cpt_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cpt_err.c
 
-$(OBJ_D)\md2_one.obj: $(SRC_D)\crypto\md\md2_one.c
-	$(CC) /Fo$(OBJ_D)\md2_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md2_one.c
+$(OBJ_D)\md2_dgst.obj: $(SRC_D)\crypto\md2\md2_dgst.c
+	$(CC) /Fo$(OBJ_D)\md2_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_dgst.c
 
-$(OBJ_D)\md5_one.obj: $(SRC_D)\crypto\md\md5_one.c
-	$(CC) /Fo$(OBJ_D)\md5_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md5_one.c
+$(OBJ_D)\md2_one.obj: $(SRC_D)\crypto\md2\md2_one.c
+	$(CC) /Fo$(OBJ_D)\md2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_one.c
+
+$(OBJ_D)\md5_dgst.obj: $(SRC_D)\crypto\md5\md5_dgst.c
+	$(CC) /Fo$(OBJ_D)\md5_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_dgst.c
+
+$(OBJ_D)\md5_one.obj: $(SRC_D)\crypto\md5\md5_one.c
+	$(CC) /Fo$(OBJ_D)\md5_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_one.c
 
 $(OBJ_D)\sha_dgst.obj: $(SRC_D)\crypto\sha\sha_dgst.c
-	$(CC) /Fo$(OBJ_D)\sha_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_dgst.c
+	$(CC) /Fo$(OBJ_D)\sha_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_dgst.c
 
 $(OBJ_D)\sha1dgst.obj: $(SRC_D)\crypto\sha\sha1dgst.c
-	$(CC) /Fo$(OBJ_D)\sha1dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1dgst.c
+	$(CC) /Fo$(OBJ_D)\sha1dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1dgst.c
 
 $(OBJ_D)\sha_one.obj: $(SRC_D)\crypto\sha\sha_one.c
-	$(CC) /Fo$(OBJ_D)\sha_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_one.c
+	$(CC) /Fo$(OBJ_D)\sha_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_one.c
 
 $(OBJ_D)\sha1_one.obj: $(SRC_D)\crypto\sha\sha1_one.c
-	$(CC) /Fo$(OBJ_D)\sha1_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1_one.c
+	$(CC) /Fo$(OBJ_D)\sha1_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1_one.c
 
 $(OBJ_D)\mdc2dgst.obj: $(SRC_D)\crypto\mdc2\mdc2dgst.c
-	$(CC) /Fo$(OBJ_D)\mdc2dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2dgst.c
+	$(CC) /Fo$(OBJ_D)\mdc2dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2dgst.c
 
 $(OBJ_D)\mdc2_one.obj: $(SRC_D)\crypto\mdc2\mdc2_one.c
-	$(CC) /Fo$(OBJ_D)\mdc2_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2_one.c
+	$(CC) /Fo$(OBJ_D)\mdc2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2_one.c
+
+$(OBJ_D)\hmac.obj: $(SRC_D)\crypto\hmac\hmac.c
+	$(CC) /Fo$(OBJ_D)\hmac.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\hmac\hmac.c
+
+$(OBJ_D)\rmd_dgst.obj: $(SRC_D)\crypto\ripemd\rmd_dgst.c
+	$(CC) /Fo$(OBJ_D)\rmd_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_dgst.c
+
+$(OBJ_D)\rmd_one.obj: $(SRC_D)\crypto\ripemd\rmd_one.c
+	$(CC) /Fo$(OBJ_D)\rmd_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_one.c
 
 $(OBJ_D)\set_key.obj: $(SRC_D)\crypto\des\set_key.c
-	$(CC) /Fo$(OBJ_D)\set_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\set_key.c
+	$(CC) /Fo$(OBJ_D)\set_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\set_key.c
 
 $(OBJ_D)\ecb_enc.obj: $(SRC_D)\crypto\des\ecb_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb_enc.c
-
-$(OBJ_D)\ede_enc.obj: $(SRC_D)\crypto\des\ede_enc.c
-	$(CC) /Fo$(OBJ_D)\ede_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ede_enc.c
+	$(CC) /Fo$(OBJ_D)\ecb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb_enc.c
 
 $(OBJ_D)\cbc_enc.obj: $(SRC_D)\crypto\des\cbc_enc.c
-	$(CC) /Fo$(OBJ_D)\cbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_enc.c
-
-$(OBJ_D)\cbc3_enc.obj: $(SRC_D)\crypto\des\cbc3_enc.c
-	$(CC) /Fo$(OBJ_D)\cbc3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc3_enc.c
+	$(CC) /Fo$(OBJ_D)\cbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_enc.c
 
 $(OBJ_D)\ecb3_enc.obj: $(SRC_D)\crypto\des\ecb3_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb3_enc.c
+	$(CC) /Fo$(OBJ_D)\ecb3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb3_enc.c
 
 $(OBJ_D)\cfb64enc.obj: $(SRC_D)\crypto\des\cfb64enc.c
-	$(CC) /Fo$(OBJ_D)\cfb64enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64enc.c
+	$(CC) /Fo$(OBJ_D)\cfb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64enc.c
 
 $(OBJ_D)\cfb64ede.obj: $(SRC_D)\crypto\des\cfb64ede.c
-	$(CC) /Fo$(OBJ_D)\cfb64ede.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64ede.c
+	$(CC) /Fo$(OBJ_D)\cfb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64ede.c
 
 $(OBJ_D)\cfb_enc.obj: $(SRC_D)\crypto\des\cfb_enc.c
-	$(CC) /Fo$(OBJ_D)\cfb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb_enc.c
+	$(CC) /Fo$(OBJ_D)\cfb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb_enc.c
 
 $(OBJ_D)\ofb64ede.obj: $(SRC_D)\crypto\des\ofb64ede.c
-	$(CC) /Fo$(OBJ_D)\ofb64ede.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64ede.c
+	$(CC) /Fo$(OBJ_D)\ofb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64ede.c
 
 $(OBJ_D)\enc_read.obj: $(SRC_D)\crypto\des\enc_read.c
-	$(CC) /Fo$(OBJ_D)\enc_read.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_read.c
+	$(CC) /Fo$(OBJ_D)\enc_read.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_read.c
 
 $(OBJ_D)\enc_writ.obj: $(SRC_D)\crypto\des\enc_writ.c
-	$(CC) /Fo$(OBJ_D)\enc_writ.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_writ.c
-
-$(OBJ_D)\ncbc_enc.obj: $(SRC_D)\crypto\des\ncbc_enc.c
-	$(CC) /Fo$(OBJ_D)\ncbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ncbc_enc.c
+	$(CC) /Fo$(OBJ_D)\enc_writ.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_writ.c
 
 $(OBJ_D)\ofb64enc.obj: $(SRC_D)\crypto\des\ofb64enc.c
-	$(CC) /Fo$(OBJ_D)\ofb64enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64enc.c
+	$(CC) /Fo$(OBJ_D)\ofb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64enc.c
 
 $(OBJ_D)\ofb_enc.obj: $(SRC_D)\crypto\des\ofb_enc.c
-	$(CC) /Fo$(OBJ_D)\ofb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb_enc.c
+	$(CC) /Fo$(OBJ_D)\ofb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb_enc.c
 
 $(OBJ_D)\str2key.obj: $(SRC_D)\crypto\des\str2key.c
-	$(CC) /Fo$(OBJ_D)\str2key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\str2key.c
+	$(CC) /Fo$(OBJ_D)\str2key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\str2key.c
 
 $(OBJ_D)\pcbc_enc.obj: $(SRC_D)\crypto\des\pcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\pcbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\pcbc_enc.c
+	$(CC) /Fo$(OBJ_D)\pcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\pcbc_enc.c
 
 $(OBJ_D)\qud_cksm.obj: $(SRC_D)\crypto\des\qud_cksm.c
-	$(CC) /Fo$(OBJ_D)\qud_cksm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\qud_cksm.c
+	$(CC) /Fo$(OBJ_D)\qud_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\qud_cksm.c
 
 $(OBJ_D)\rand_key.obj: $(SRC_D)\crypto\des\rand_key.c
-	$(CC) /Fo$(OBJ_D)\rand_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\rand_key.c
+	$(CC) /Fo$(OBJ_D)\rand_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rand_key.c
 
 $(OBJ_D)\des_enc.obj: $(SRC_D)\crypto\des\des_enc.c
-	$(CC) /Fo$(OBJ_D)\des_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\des_enc.c
+	$(CC) /Fo$(OBJ_D)\des_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\des_enc.c
 
 $(OBJ_D)\fcrypt_b.obj: $(SRC_D)\crypto\des\fcrypt_b.c
-	$(CC) /Fo$(OBJ_D)\fcrypt_b.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt_b.c
+	$(CC) /Fo$(OBJ_D)\fcrypt_b.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt_b.c
 
 $(OBJ_D)\read2pwd.obj: $(SRC_D)\crypto\des\read2pwd.c
-	$(CC) /Fo$(OBJ_D)\read2pwd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\read2pwd.c
+	$(CC) /Fo$(OBJ_D)\read2pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read2pwd.c
 
 $(OBJ_D)\fcrypt.obj: $(SRC_D)\crypto\des\fcrypt.c
-	$(CC) /Fo$(OBJ_D)\fcrypt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt.c
+	$(CC) /Fo$(OBJ_D)\fcrypt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt.c
 
 $(OBJ_D)\xcbc_enc.obj: $(SRC_D)\crypto\des\xcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\xcbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\xcbc_enc.c
+	$(CC) /Fo$(OBJ_D)\xcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\xcbc_enc.c
 
 $(OBJ_D)\read_pwd.obj: $(SRC_D)\crypto\des\read_pwd.c
-	$(CC) /Fo$(OBJ_D)\read_pwd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\read_pwd.c
+	$(CC) /Fo$(OBJ_D)\read_pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read_pwd.c
 
 $(OBJ_D)\rpc_enc.obj: $(SRC_D)\crypto\des\rpc_enc.c
-	$(CC) /Fo$(OBJ_D)\rpc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\rpc_enc.c
+	$(CC) /Fo$(OBJ_D)\rpc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rpc_enc.c
 
 $(OBJ_D)\cbc_cksm.obj: $(SRC_D)\crypto\des\cbc_cksm.c
-	$(CC) /Fo$(OBJ_D)\cbc_cksm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_cksm.c
+	$(CC) /Fo$(OBJ_D)\cbc_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_cksm.c
 
 $(OBJ_D)\supp.obj: $(SRC_D)\crypto\des\supp.c
-	$(CC) /Fo$(OBJ_D)\supp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\supp.c
-
-$(OBJ_D)\rc4_enc.obj: $(SRC_D)\crypto\rc4\rc4_enc.c
-	$(CC) /Fo$(OBJ_D)\rc4_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_enc.c
+	$(CC) /Fo$(OBJ_D)\supp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\supp.c
 
 $(OBJ_D)\rc2_ecb.obj: $(SRC_D)\crypto\rc2\rc2_ecb.c
-	$(CC) /Fo$(OBJ_D)\rc2_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_ecb.c
+	$(CC) /Fo$(OBJ_D)\rc2_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_ecb.c
 
 $(OBJ_D)\rc2_skey.obj: $(SRC_D)\crypto\rc2\rc2_skey.c
-	$(CC) /Fo$(OBJ_D)\rc2_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_skey.c
+	$(CC) /Fo$(OBJ_D)\rc2_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_skey.c
 
 $(OBJ_D)\rc2_cbc.obj: $(SRC_D)\crypto\rc2\rc2_cbc.c
-	$(CC) /Fo$(OBJ_D)\rc2_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_cbc.c
+	$(CC) /Fo$(OBJ_D)\rc2_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_cbc.c
 
 $(OBJ_D)\rc2cfb64.obj: $(SRC_D)\crypto\rc2\rc2cfb64.c
-	$(CC) /Fo$(OBJ_D)\rc2cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2cfb64.c
+	$(CC) /Fo$(OBJ_D)\rc2cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2cfb64.c
 
 $(OBJ_D)\rc2ofb64.obj: $(SRC_D)\crypto\rc2\rc2ofb64.c
-	$(CC) /Fo$(OBJ_D)\rc2ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2ofb64.c
+	$(CC) /Fo$(OBJ_D)\rc2ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2ofb64.c
+
+$(OBJ_D)\rc4_skey.obj: $(SRC_D)\crypto\rc4\rc4_skey.c
+	$(CC) /Fo$(OBJ_D)\rc4_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_skey.c
+
+$(OBJ_D)\rc4_enc.obj: $(SRC_D)\crypto\rc4\rc4_enc.c
+	$(CC) /Fo$(OBJ_D)\rc4_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_enc.c
+
+$(OBJ_D)\rc5_skey.obj: $(SRC_D)\crypto\rc5\rc5_skey.c
+	$(CC) /Fo$(OBJ_D)\rc5_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_skey.c
+
+$(OBJ_D)\rc5_ecb.obj: $(SRC_D)\crypto\rc5\rc5_ecb.c
+	$(CC) /Fo$(OBJ_D)\rc5_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_ecb.c
+
+$(OBJ_D)\rc5_enc.obj: $(SRC_D)\crypto\rc5\rc5_enc.c
+	$(CC) /Fo$(OBJ_D)\rc5_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_enc.c
+
+$(OBJ_D)\rc5cfb64.obj: $(SRC_D)\crypto\rc5\rc5cfb64.c
+	$(CC) /Fo$(OBJ_D)\rc5cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5cfb64.c
+
+$(OBJ_D)\rc5ofb64.obj: $(SRC_D)\crypto\rc5\rc5ofb64.c
+	$(CC) /Fo$(OBJ_D)\rc5ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5ofb64.c
 
 $(OBJ_D)\i_cbc.obj: $(SRC_D)\crypto\idea\i_cbc.c
-	$(CC) /Fo$(OBJ_D)\i_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cbc.c
+	$(CC) /Fo$(OBJ_D)\i_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cbc.c
 
 $(OBJ_D)\i_cfb64.obj: $(SRC_D)\crypto\idea\i_cfb64.c
-	$(CC) /Fo$(OBJ_D)\i_cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cfb64.c
+	$(CC) /Fo$(OBJ_D)\i_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cfb64.c
 
 $(OBJ_D)\i_ofb64.obj: $(SRC_D)\crypto\idea\i_ofb64.c
-	$(CC) /Fo$(OBJ_D)\i_ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ofb64.c
+	$(CC) /Fo$(OBJ_D)\i_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ofb64.c
 
 $(OBJ_D)\i_ecb.obj: $(SRC_D)\crypto\idea\i_ecb.c
-	$(CC) /Fo$(OBJ_D)\i_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ecb.c
+	$(CC) /Fo$(OBJ_D)\i_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ecb.c
 
 $(OBJ_D)\i_skey.obj: $(SRC_D)\crypto\idea\i_skey.c
-	$(CC) /Fo$(OBJ_D)\i_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_skey.c
+	$(CC) /Fo$(OBJ_D)\i_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_skey.c
 
 $(OBJ_D)\bf_skey.obj: $(SRC_D)\crypto\bf\bf_skey.c
-	$(CC) /Fo$(OBJ_D)\bf_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_skey.c
+	$(CC) /Fo$(OBJ_D)\bf_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_skey.c
 
 $(OBJ_D)\bf_ecb.obj: $(SRC_D)\crypto\bf\bf_ecb.c
-	$(CC) /Fo$(OBJ_D)\bf_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ecb.c
+	$(CC) /Fo$(OBJ_D)\bf_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ecb.c
 
 $(OBJ_D)\bf_enc.obj: $(SRC_D)\crypto\bf\bf_enc.c
-	$(CC) /Fo$(OBJ_D)\bf_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_enc.c
-
-$(OBJ_D)\bf_cbc.obj: $(SRC_D)\crypto\bf\bf_cbc.c
-	$(CC) /Fo$(OBJ_D)\bf_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cbc.c
+	$(CC) /Fo$(OBJ_D)\bf_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_enc.c
 
 $(OBJ_D)\bf_cfb64.obj: $(SRC_D)\crypto\bf\bf_cfb64.c
-	$(CC) /Fo$(OBJ_D)\bf_cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cfb64.c
+	$(CC) /Fo$(OBJ_D)\bf_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cfb64.c
 
 $(OBJ_D)\bf_ofb64.obj: $(SRC_D)\crypto\bf\bf_ofb64.c
-	$(CC) /Fo$(OBJ_D)\bf_ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ofb64.c
+	$(CC) /Fo$(OBJ_D)\bf_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ofb64.c
+
+$(OBJ_D)\c_skey.obj: $(SRC_D)\crypto\cast\c_skey.c
+	$(CC) /Fo$(OBJ_D)\c_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_skey.c
+
+$(OBJ_D)\c_ecb.obj: $(SRC_D)\crypto\cast\c_ecb.c
+	$(CC) /Fo$(OBJ_D)\c_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ecb.c
+
+$(OBJ_D)\c_enc.obj: $(SRC_D)\crypto\cast\c_enc.c
+	$(CC) /Fo$(OBJ_D)\c_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_enc.c
+
+$(OBJ_D)\c_cfb64.obj: $(SRC_D)\crypto\cast\c_cfb64.c
+	$(CC) /Fo$(OBJ_D)\c_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_cfb64.c
+
+$(OBJ_D)\c_ofb64.obj: $(SRC_D)\crypto\cast\c_ofb64.c
+	$(CC) /Fo$(OBJ_D)\c_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ofb64.c
 
 $(OBJ_D)\bn_add.obj: $(SRC_D)\crypto\bn\bn_add.c
-	$(CC) /Fo$(OBJ_D)\bn_add.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_add.c
+	$(CC) /Fo$(OBJ_D)\bn_add.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_add.c
 
 $(OBJ_D)\bn_div.obj: $(SRC_D)\crypto\bn\bn_div.c
-	$(CC) /Fo$(OBJ_D)\bn_div.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_div.c
+	$(CC) /Fo$(OBJ_D)\bn_div.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_div.c
 
 $(OBJ_D)\bn_exp.obj: $(SRC_D)\crypto\bn\bn_exp.c
-	$(CC) /Fo$(OBJ_D)\bn_exp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp.c
+	$(CC) /Fo$(OBJ_D)\bn_exp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp.c
 
 $(OBJ_D)\bn_lib.obj: $(SRC_D)\crypto\bn\bn_lib.c
-	$(CC) /Fo$(OBJ_D)\bn_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_lib.c
+	$(CC) /Fo$(OBJ_D)\bn_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_lib.c
 
 $(OBJ_D)\bn_mod.obj: $(SRC_D)\crypto\bn\bn_mod.c
-	$(CC) /Fo$(OBJ_D)\bn_mod.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mod.c
+	$(CC) /Fo$(OBJ_D)\bn_mod.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mod.c
 
 $(OBJ_D)\bn_mul.obj: $(SRC_D)\crypto\bn\bn_mul.c
-	$(CC) /Fo$(OBJ_D)\bn_mul.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mul.c
+	$(CC) /Fo$(OBJ_D)\bn_mul.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mul.c
 
 $(OBJ_D)\bn_print.obj: $(SRC_D)\crypto\bn\bn_print.c
-	$(CC) /Fo$(OBJ_D)\bn_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_print.c
+	$(CC) /Fo$(OBJ_D)\bn_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_print.c
 
 $(OBJ_D)\bn_rand.obj: $(SRC_D)\crypto\bn\bn_rand.c
-	$(CC) /Fo$(OBJ_D)\bn_rand.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_rand.c
+	$(CC) /Fo$(OBJ_D)\bn_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_rand.c
 
 $(OBJ_D)\bn_shift.obj: $(SRC_D)\crypto\bn\bn_shift.c
-	$(CC) /Fo$(OBJ_D)\bn_shift.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_shift.c
+	$(CC) /Fo$(OBJ_D)\bn_shift.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_shift.c
 
 $(OBJ_D)\bn_sub.obj: $(SRC_D)\crypto\bn\bn_sub.c
-	$(CC) /Fo$(OBJ_D)\bn_sub.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sub.c
+	$(CC) /Fo$(OBJ_D)\bn_sub.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sub.c
 
 $(OBJ_D)\bn_word.obj: $(SRC_D)\crypto\bn\bn_word.c
-	$(CC) /Fo$(OBJ_D)\bn_word.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_word.c
+	$(CC) /Fo$(OBJ_D)\bn_word.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_word.c
+
+$(OBJ_D)\bn_blind.obj: $(SRC_D)\crypto\bn\bn_blind.c
+	$(CC) /Fo$(OBJ_D)\bn_blind.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_blind.c
 
 $(OBJ_D)\bn_gcd.obj: $(SRC_D)\crypto\bn\bn_gcd.c
-	$(CC) /Fo$(OBJ_D)\bn_gcd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_gcd.c
+	$(CC) /Fo$(OBJ_D)\bn_gcd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_gcd.c
 
 $(OBJ_D)\bn_prime.obj: $(SRC_D)\crypto\bn\bn_prime.c
-	$(CC) /Fo$(OBJ_D)\bn_prime.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_prime.c
+	$(CC) /Fo$(OBJ_D)\bn_prime.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_prime.c
 
 $(OBJ_D)\bn_err.obj: $(SRC_D)\crypto\bn\bn_err.c
-	$(CC) /Fo$(OBJ_D)\bn_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_err.c
+	$(CC) /Fo$(OBJ_D)\bn_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_err.c
 
 $(OBJ_D)\bn_sqr.obj: $(SRC_D)\crypto\bn\bn_sqr.c
-	$(CC) /Fo$(OBJ_D)\bn_sqr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sqr.c
+	$(CC) /Fo$(OBJ_D)\bn_sqr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sqr.c
 
 $(OBJ_D)\bn_mulw.obj: $(SRC_D)\crypto\bn\bn_mulw.c
-	$(CC) /Fo$(OBJ_D)\bn_mulw.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mulw.c
+	$(CC) /Fo$(OBJ_D)\bn_mulw.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mulw.c
 
 $(OBJ_D)\bn_recp.obj: $(SRC_D)\crypto\bn\bn_recp.c
-	$(CC) /Fo$(OBJ_D)\bn_recp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_recp.c
+	$(CC) /Fo$(OBJ_D)\bn_recp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_recp.c
 
 $(OBJ_D)\bn_mont.obj: $(SRC_D)\crypto\bn\bn_mont.c
-	$(CC) /Fo$(OBJ_D)\bn_mont.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mont.c
+	$(CC) /Fo$(OBJ_D)\bn_mont.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mont.c
 
-$(OBJ_D)\rsa_enc.obj: $(SRC_D)\crypto\rsa\rsa_enc.c
-	$(CC) /Fo$(OBJ_D)\rsa_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_enc.c
+$(OBJ_D)\bn_mpi.obj: $(SRC_D)\crypto\bn\bn_mpi.c
+	$(CC) /Fo$(OBJ_D)\bn_mpi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mpi.c
+
+$(OBJ_D)\rsa_eay.obj: $(SRC_D)\crypto\rsa\rsa_eay.c
+	$(CC) /Fo$(OBJ_D)\rsa_eay.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_eay.c
 
 $(OBJ_D)\rsa_gen.obj: $(SRC_D)\crypto\rsa\rsa_gen.c
-	$(CC) /Fo$(OBJ_D)\rsa_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_gen.c
+	$(CC) /Fo$(OBJ_D)\rsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_gen.c
 
 $(OBJ_D)\rsa_lib.obj: $(SRC_D)\crypto\rsa\rsa_lib.c
-	$(CC) /Fo$(OBJ_D)\rsa_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_lib.c
+	$(CC) /Fo$(OBJ_D)\rsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_lib.c
 
 $(OBJ_D)\rsa_sign.obj: $(SRC_D)\crypto\rsa\rsa_sign.c
-	$(CC) /Fo$(OBJ_D)\rsa_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_sign.c
+	$(CC) /Fo$(OBJ_D)\rsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_sign.c
 
 $(OBJ_D)\rsa_saos.obj: $(SRC_D)\crypto\rsa\rsa_saos.c
-	$(CC) /Fo$(OBJ_D)\rsa_saos.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_saos.c
+	$(CC) /Fo$(OBJ_D)\rsa_saos.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_saos.c
 
 $(OBJ_D)\rsa_err.obj: $(SRC_D)\crypto\rsa\rsa_err.c
-	$(CC) /Fo$(OBJ_D)\rsa_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_err.c
+	$(CC) /Fo$(OBJ_D)\rsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_err.c
+
+$(OBJ_D)\rsa_pk1.obj: $(SRC_D)\crypto\rsa\rsa_pk1.c
+	$(CC) /Fo$(OBJ_D)\rsa_pk1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_pk1.c
+
+$(OBJ_D)\rsa_ssl.obj: $(SRC_D)\crypto\rsa\rsa_ssl.c
+	$(CC) /Fo$(OBJ_D)\rsa_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_ssl.c
+
+$(OBJ_D)\rsa_none.obj: $(SRC_D)\crypto\rsa\rsa_none.c
+	$(CC) /Fo$(OBJ_D)\rsa_none.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_none.c
 
 $(OBJ_D)\dsa_gen.obj: $(SRC_D)\crypto\dsa\dsa_gen.c
-	$(CC) /Fo$(OBJ_D)\dsa_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_gen.c
+	$(CC) /Fo$(OBJ_D)\dsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_gen.c
 
 $(OBJ_D)\dsa_key.obj: $(SRC_D)\crypto\dsa\dsa_key.c
-	$(CC) /Fo$(OBJ_D)\dsa_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_key.c
+	$(CC) /Fo$(OBJ_D)\dsa_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_key.c
 
 $(OBJ_D)\dsa_lib.obj: $(SRC_D)\crypto\dsa\dsa_lib.c
-	$(CC) /Fo$(OBJ_D)\dsa_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_lib.c
+	$(CC) /Fo$(OBJ_D)\dsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_lib.c
 
 $(OBJ_D)\dsa_vrf.obj: $(SRC_D)\crypto\dsa\dsa_vrf.c
-	$(CC) /Fo$(OBJ_D)\dsa_vrf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_vrf.c
+	$(CC) /Fo$(OBJ_D)\dsa_vrf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_vrf.c
 
 $(OBJ_D)\dsa_sign.obj: $(SRC_D)\crypto\dsa\dsa_sign.c
-	$(CC) /Fo$(OBJ_D)\dsa_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_sign.c
+	$(CC) /Fo$(OBJ_D)\dsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_sign.c
 
 $(OBJ_D)\dsa_err.obj: $(SRC_D)\crypto\dsa\dsa_err.c
-	$(CC) /Fo$(OBJ_D)\dsa_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_err.c
+	$(CC) /Fo$(OBJ_D)\dsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_err.c
 
 $(OBJ_D)\dh_gen.obj: $(SRC_D)\crypto\dh\dh_gen.c
-	$(CC) /Fo$(OBJ_D)\dh_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_gen.c
+	$(CC) /Fo$(OBJ_D)\dh_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_gen.c
 
 $(OBJ_D)\dh_key.obj: $(SRC_D)\crypto\dh\dh_key.c
-	$(CC) /Fo$(OBJ_D)\dh_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_key.c
+	$(CC) /Fo$(OBJ_D)\dh_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_key.c
 
 $(OBJ_D)\dh_lib.obj: $(SRC_D)\crypto\dh\dh_lib.c
-	$(CC) /Fo$(OBJ_D)\dh_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_lib.c
+	$(CC) /Fo$(OBJ_D)\dh_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_lib.c
 
 $(OBJ_D)\dh_check.obj: $(SRC_D)\crypto\dh\dh_check.c
-	$(CC) /Fo$(OBJ_D)\dh_check.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_check.c
+	$(CC) /Fo$(OBJ_D)\dh_check.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_check.c
 
 $(OBJ_D)\dh_err.obj: $(SRC_D)\crypto\dh\dh_err.c
-	$(CC) /Fo$(OBJ_D)\dh_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_err.c
+	$(CC) /Fo$(OBJ_D)\dh_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_err.c
 
 $(OBJ_D)\buffer.obj: $(SRC_D)\crypto\buffer\buffer.c
-	$(CC) /Fo$(OBJ_D)\buffer.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buffer.c
+	$(CC) /Fo$(OBJ_D)\buffer.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buffer.c
 
 $(OBJ_D)\buf_err.obj: $(SRC_D)\crypto\buffer\buf_err.c
-	$(CC) /Fo$(OBJ_D)\buf_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buf_err.c
+	$(CC) /Fo$(OBJ_D)\buf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buf_err.c
 
 $(OBJ_D)\bio_lib.obj: $(SRC_D)\crypto\bio\bio_lib.c
-	$(CC) /Fo$(OBJ_D)\bio_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_lib.c
+	$(CC) /Fo$(OBJ_D)\bio_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_lib.c
 
 $(OBJ_D)\bio_cb.obj: $(SRC_D)\crypto\bio\bio_cb.c
-	$(CC) /Fo$(OBJ_D)\bio_cb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_cb.c
+	$(CC) /Fo$(OBJ_D)\bio_cb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_cb.c
 
 $(OBJ_D)\bio_err.obj: $(SRC_D)\crypto\bio\bio_err.c
-	$(CC) /Fo$(OBJ_D)\bio_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_err.c
+	$(CC) /Fo$(OBJ_D)\bio_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_err.c
 
 $(OBJ_D)\bss_mem.obj: $(SRC_D)\crypto\bio\bss_mem.c
-	$(CC) /Fo$(OBJ_D)\bss_mem.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_mem.c
+	$(CC) /Fo$(OBJ_D)\bss_mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_mem.c
 
 $(OBJ_D)\bss_null.obj: $(SRC_D)\crypto\bio\bss_null.c
-	$(CC) /Fo$(OBJ_D)\bss_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_null.c
+	$(CC) /Fo$(OBJ_D)\bss_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_null.c
 
 $(OBJ_D)\bss_fd.obj: $(SRC_D)\crypto\bio\bss_fd.c
-	$(CC) /Fo$(OBJ_D)\bss_fd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_fd.c
+	$(CC) /Fo$(OBJ_D)\bss_fd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_fd.c
 
 $(OBJ_D)\bss_file.obj: $(SRC_D)\crypto\bio\bss_file.c
-	$(CC) /Fo$(OBJ_D)\bss_file.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_file.c
+	$(CC) /Fo$(OBJ_D)\bss_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_file.c
 
 $(OBJ_D)\bss_sock.obj: $(SRC_D)\crypto\bio\bss_sock.c
-	$(CC) /Fo$(OBJ_D)\bss_sock.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_sock.c
+	$(CC) /Fo$(OBJ_D)\bss_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_sock.c
 
 $(OBJ_D)\bss_conn.obj: $(SRC_D)\crypto\bio\bss_conn.c
-	$(CC) /Fo$(OBJ_D)\bss_conn.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_conn.c
+	$(CC) /Fo$(OBJ_D)\bss_conn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_conn.c
 
 $(OBJ_D)\bf_null.obj: $(SRC_D)\crypto\bio\bf_null.c
-	$(CC) /Fo$(OBJ_D)\bf_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_null.c
+	$(CC) /Fo$(OBJ_D)\bf_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_null.c
 
 $(OBJ_D)\bf_buff.obj: $(SRC_D)\crypto\bio\bf_buff.c
-	$(CC) /Fo$(OBJ_D)\bf_buff.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_buff.c
+	$(CC) /Fo$(OBJ_D)\bf_buff.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_buff.c
 
 $(OBJ_D)\b_print.obj: $(SRC_D)\crypto\bio\b_print.c
-	$(CC) /Fo$(OBJ_D)\b_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_print.c
+	$(CC) /Fo$(OBJ_D)\b_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_print.c
 
 $(OBJ_D)\b_dump.obj: $(SRC_D)\crypto\bio\b_dump.c
-	$(CC) /Fo$(OBJ_D)\b_dump.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_dump.c
+	$(CC) /Fo$(OBJ_D)\b_dump.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_dump.c
 
 $(OBJ_D)\b_sock.obj: $(SRC_D)\crypto\bio\b_sock.c
-	$(CC) /Fo$(OBJ_D)\b_sock.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_sock.c
+	$(CC) /Fo$(OBJ_D)\b_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_sock.c
 
 $(OBJ_D)\bss_acpt.obj: $(SRC_D)\crypto\bio\bss_acpt.c
-	$(CC) /Fo$(OBJ_D)\bss_acpt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_acpt.c
+	$(CC) /Fo$(OBJ_D)\bss_acpt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_acpt.c
 
 $(OBJ_D)\bf_nbio.obj: $(SRC_D)\crypto\bio\bf_nbio.c
-	$(CC) /Fo$(OBJ_D)\bf_nbio.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_nbio.c
+	$(CC) /Fo$(OBJ_D)\bf_nbio.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_nbio.c
 
 $(OBJ_D)\stack.obj: $(SRC_D)\crypto\stack\stack.c
-	$(CC) /Fo$(OBJ_D)\stack.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\stack\stack.c
+	$(CC) /Fo$(OBJ_D)\stack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\stack\stack.c
 
 $(OBJ_D)\lhash.obj: $(SRC_D)\crypto\lhash\lhash.c
-	$(CC) /Fo$(OBJ_D)\lhash.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lhash.c
+	$(CC) /Fo$(OBJ_D)\lhash.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lhash.c
 
 $(OBJ_D)\lh_stats.obj: $(SRC_D)\crypto\lhash\lh_stats.c
-	$(CC) /Fo$(OBJ_D)\lh_stats.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lh_stats.c
+	$(CC) /Fo$(OBJ_D)\lh_stats.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lh_stats.c
 
 $(OBJ_D)\md_rand.obj: $(SRC_D)\crypto\rand\md_rand.c
-	$(CC) /Fo$(OBJ_D)\md_rand.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rand\md_rand.c
+	$(CC) /Fo$(OBJ_D)\md_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\md_rand.c
 
 $(OBJ_D)\randfile.obj: $(SRC_D)\crypto\rand\randfile.c
-	$(CC) /Fo$(OBJ_D)\randfile.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rand\randfile.c
+	$(CC) /Fo$(OBJ_D)\randfile.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\randfile.c
 
 $(OBJ_D)\err.obj: $(SRC_D)\crypto\err\err.c
-	$(CC) /Fo$(OBJ_D)\err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err.c
+	$(CC) /Fo$(OBJ_D)\err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err.c
 
 $(OBJ_D)\err_all.obj: $(SRC_D)\crypto\err\err_all.c
-	$(CC) /Fo$(OBJ_D)\err_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err_all.c
+	$(CC) /Fo$(OBJ_D)\err_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_all.c
 
 $(OBJ_D)\err_prn.obj: $(SRC_D)\crypto\err\err_prn.c
-	$(CC) /Fo$(OBJ_D)\err_prn.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err_prn.c
+	$(CC) /Fo$(OBJ_D)\err_prn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_prn.c
 
 $(OBJ_D)\obj_dat.obj: $(SRC_D)\crypto\objects\obj_dat.c
-	$(CC) /Fo$(OBJ_D)\obj_dat.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_dat.c
+	$(CC) /Fo$(OBJ_D)\obj_dat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_dat.c
 
 $(OBJ_D)\obj_lib.obj: $(SRC_D)\crypto\objects\obj_lib.c
-	$(CC) /Fo$(OBJ_D)\obj_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_lib.c
+	$(CC) /Fo$(OBJ_D)\obj_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_lib.c
 
 $(OBJ_D)\obj_err.obj: $(SRC_D)\crypto\objects\obj_err.c
-	$(CC) /Fo$(OBJ_D)\obj_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_err.c
+	$(CC) /Fo$(OBJ_D)\obj_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_err.c
 
 $(OBJ_D)\encode.obj: $(SRC_D)\crypto\evp\encode.c
-	$(CC) /Fo$(OBJ_D)\encode.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\encode.c
+	$(CC) /Fo$(OBJ_D)\encode.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\encode.c
 
 $(OBJ_D)\digest.obj: $(SRC_D)\crypto\evp\digest.c
-	$(CC) /Fo$(OBJ_D)\digest.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\digest.c
+	$(CC) /Fo$(OBJ_D)\digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\digest.c
 
 $(OBJ_D)\evp_enc.obj: $(SRC_D)\crypto\evp\evp_enc.c
-	$(CC) /Fo$(OBJ_D)\evp_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_enc.c
+	$(CC) /Fo$(OBJ_D)\evp_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_enc.c
 
 $(OBJ_D)\evp_key.obj: $(SRC_D)\crypto\evp\evp_key.c
-	$(CC) /Fo$(OBJ_D)\evp_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_key.c
+	$(CC) /Fo$(OBJ_D)\evp_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_key.c
 
 $(OBJ_D)\e_ecb_d.obj: $(SRC_D)\crypto\evp\e_ecb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_d.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_d.c
 
 $(OBJ_D)\e_cbc_d.obj: $(SRC_D)\crypto\evp\e_cbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_d.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_d.c
 
 $(OBJ_D)\e_cfb_d.obj: $(SRC_D)\crypto\evp\e_cfb_d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_d.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_d.c
 
 $(OBJ_D)\e_ofb_d.obj: $(SRC_D)\crypto\evp\e_ofb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_d.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_d.c
 
 $(OBJ_D)\e_ecb_i.obj: $(SRC_D)\crypto\evp\e_ecb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_i.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_i.c
 
 $(OBJ_D)\e_cbc_i.obj: $(SRC_D)\crypto\evp\e_cbc_i.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_i.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_i.c
 
 $(OBJ_D)\e_cfb_i.obj: $(SRC_D)\crypto\evp\e_cfb_i.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_i.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_i.c
 
 $(OBJ_D)\e_ofb_i.obj: $(SRC_D)\crypto\evp\e_ofb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_i.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_i.c
 
 $(OBJ_D)\e_ecb_3d.obj: $(SRC_D)\crypto\evp\e_ecb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_3d.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_3d.c
 
 $(OBJ_D)\e_cbc_3d.obj: $(SRC_D)\crypto\evp\e_cbc_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_3d.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_3d.c
 
 $(OBJ_D)\e_rc4.obj: $(SRC_D)\crypto\evp\e_rc4.c
-	$(CC) /Fo$(OBJ_D)\e_rc4.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_rc4.c
+	$(CC) /Fo$(OBJ_D)\e_rc4.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_rc4.c
 
 $(OBJ_D)\names.obj: $(SRC_D)\crypto\evp\names.c
-	$(CC) /Fo$(OBJ_D)\names.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\names.c
+	$(CC) /Fo$(OBJ_D)\names.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\names.c
 
 $(OBJ_D)\e_cfb_3d.obj: $(SRC_D)\crypto\evp\e_cfb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_3d.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_3d.c
 
 $(OBJ_D)\e_ofb_3d.obj: $(SRC_D)\crypto\evp\e_ofb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_3d.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_3d.c
 
 $(OBJ_D)\e_xcbc_d.obj: $(SRC_D)\crypto\evp\e_xcbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_xcbc_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_xcbc_d.c
+	$(CC) /Fo$(OBJ_D)\e_xcbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_xcbc_d.c
 
 $(OBJ_D)\e_ecb_r2.obj: $(SRC_D)\crypto\evp\e_ecb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r2.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r2.c
 
 $(OBJ_D)\e_cbc_r2.obj: $(SRC_D)\crypto\evp\e_cbc_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r2.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r2.c
 
 $(OBJ_D)\e_cfb_r2.obj: $(SRC_D)\crypto\evp\e_cfb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r2.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r2.c
 
 $(OBJ_D)\e_ofb_r2.obj: $(SRC_D)\crypto\evp\e_ofb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r2.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r2.c
 
 $(OBJ_D)\e_ecb_bf.obj: $(SRC_D)\crypto\evp\e_ecb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_bf.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_bf.c
 
 $(OBJ_D)\e_cbc_bf.obj: $(SRC_D)\crypto\evp\e_cbc_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_bf.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_bf.c
 
 $(OBJ_D)\e_cfb_bf.obj: $(SRC_D)\crypto\evp\e_cfb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_bf.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_bf.c
 
 $(OBJ_D)\e_ofb_bf.obj: $(SRC_D)\crypto\evp\e_ofb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_bf.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_bf.c
+
+$(OBJ_D)\e_ecb_c.obj: $(SRC_D)\crypto\evp\e_ecb_c.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_c.c
+
+$(OBJ_D)\e_cbc_c.obj: $(SRC_D)\crypto\evp\e_cbc_c.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_c.c
+
+$(OBJ_D)\e_cfb_c.obj: $(SRC_D)\crypto\evp\e_cfb_c.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_c.c
+
+$(OBJ_D)\e_ofb_c.obj: $(SRC_D)\crypto\evp\e_ofb_c.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_c.c
+
+$(OBJ_D)\e_ecb_r5.obj: $(SRC_D)\crypto\evp\e_ecb_r5.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r5.c
+
+$(OBJ_D)\e_cbc_r5.obj: $(SRC_D)\crypto\evp\e_cbc_r5.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r5.c
+
+$(OBJ_D)\e_cfb_r5.obj: $(SRC_D)\crypto\evp\e_cfb_r5.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r5.c
+
+$(OBJ_D)\e_ofb_r5.obj: $(SRC_D)\crypto\evp\e_ofb_r5.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r5.c
 
 $(OBJ_D)\m_null.obj: $(SRC_D)\crypto\evp\m_null.c
-	$(CC) /Fo$(OBJ_D)\m_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_null.c
+	$(CC) /Fo$(OBJ_D)\m_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_null.c
 
 $(OBJ_D)\m_md2.obj: $(SRC_D)\crypto\evp\m_md2.c
-	$(CC) /Fo$(OBJ_D)\m_md2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md2.c
+	$(CC) /Fo$(OBJ_D)\m_md2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md2.c
 
 $(OBJ_D)\m_md5.obj: $(SRC_D)\crypto\evp\m_md5.c
-	$(CC) /Fo$(OBJ_D)\m_md5.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md5.c
+	$(CC) /Fo$(OBJ_D)\m_md5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md5.c
 
 $(OBJ_D)\m_sha.obj: $(SRC_D)\crypto\evp\m_sha.c
-	$(CC) /Fo$(OBJ_D)\m_sha.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha.c
+	$(CC) /Fo$(OBJ_D)\m_sha.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha.c
 
 $(OBJ_D)\m_sha1.obj: $(SRC_D)\crypto\evp\m_sha1.c
-	$(CC) /Fo$(OBJ_D)\m_sha1.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha1.c
+	$(CC) /Fo$(OBJ_D)\m_sha1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha1.c
 
 $(OBJ_D)\m_dss.obj: $(SRC_D)\crypto\evp\m_dss.c
-	$(CC) /Fo$(OBJ_D)\m_dss.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss.c
+	$(CC) /Fo$(OBJ_D)\m_dss.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss.c
 
 $(OBJ_D)\m_dss1.obj: $(SRC_D)\crypto\evp\m_dss1.c
-	$(CC) /Fo$(OBJ_D)\m_dss1.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss1.c
+	$(CC) /Fo$(OBJ_D)\m_dss1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss1.c
 
 $(OBJ_D)\m_mdc2.obj: $(SRC_D)\crypto\evp\m_mdc2.c
-	$(CC) /Fo$(OBJ_D)\m_mdc2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_mdc2.c
+	$(CC) /Fo$(OBJ_D)\m_mdc2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_mdc2.c
+
+$(OBJ_D)\m_ripemd.obj: $(SRC_D)\crypto\evp\m_ripemd.c
+	$(CC) /Fo$(OBJ_D)\m_ripemd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_ripemd.c
 
 $(OBJ_D)\p_open.obj: $(SRC_D)\crypto\evp\p_open.c
-	$(CC) /Fo$(OBJ_D)\p_open.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_open.c
+	$(CC) /Fo$(OBJ_D)\p_open.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_open.c
 
 $(OBJ_D)\p_seal.obj: $(SRC_D)\crypto\evp\p_seal.c
-	$(CC) /Fo$(OBJ_D)\p_seal.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_seal.c
+	$(CC) /Fo$(OBJ_D)\p_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_seal.c
 
 $(OBJ_D)\p_sign.obj: $(SRC_D)\crypto\evp\p_sign.c
-	$(CC) /Fo$(OBJ_D)\p_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_sign.c
+	$(CC) /Fo$(OBJ_D)\p_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_sign.c
 
 $(OBJ_D)\p_verify.obj: $(SRC_D)\crypto\evp\p_verify.c
-	$(CC) /Fo$(OBJ_D)\p_verify.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_verify.c
+	$(CC) /Fo$(OBJ_D)\p_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_verify.c
 
 $(OBJ_D)\p_lib.obj: $(SRC_D)\crypto\evp\p_lib.c
-	$(CC) /Fo$(OBJ_D)\p_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_lib.c
+	$(CC) /Fo$(OBJ_D)\p_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_lib.c
+
+$(OBJ_D)\p_enc.obj: $(SRC_D)\crypto\evp\p_enc.c
+	$(CC) /Fo$(OBJ_D)\p_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_enc.c
+
+$(OBJ_D)\p_dec.obj: $(SRC_D)\crypto\evp\p_dec.c
+	$(CC) /Fo$(OBJ_D)\p_dec.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_dec.c
 
 $(OBJ_D)\bio_md.obj: $(SRC_D)\crypto\evp\bio_md.c
-	$(CC) /Fo$(OBJ_D)\bio_md.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_md.c
+	$(CC) /Fo$(OBJ_D)\bio_md.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_md.c
 
 $(OBJ_D)\bio_b64.obj: $(SRC_D)\crypto\evp\bio_b64.c
-	$(CC) /Fo$(OBJ_D)\bio_b64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_b64.c
+	$(CC) /Fo$(OBJ_D)\bio_b64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_b64.c
 
 $(OBJ_D)\bio_enc.obj: $(SRC_D)\crypto\evp\bio_enc.c
-	$(CC) /Fo$(OBJ_D)\bio_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_enc.c
+	$(CC) /Fo$(OBJ_D)\bio_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_enc.c
 
 $(OBJ_D)\evp_err.obj: $(SRC_D)\crypto\evp\evp_err.c
-	$(CC) /Fo$(OBJ_D)\evp_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_err.c
+	$(CC) /Fo$(OBJ_D)\evp_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_err.c
 
 $(OBJ_D)\e_null.obj: $(SRC_D)\crypto\evp\e_null.c
-	$(CC) /Fo$(OBJ_D)\e_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_null.c
+	$(CC) /Fo$(OBJ_D)\e_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_null.c
 
 $(OBJ_D)\c_all.obj: $(SRC_D)\crypto\evp\c_all.c
-	$(CC) /Fo$(OBJ_D)\c_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\c_all.c
+	$(CC) /Fo$(OBJ_D)\c_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\c_all.c
+
+$(OBJ_D)\evp_lib.obj: $(SRC_D)\crypto\evp\evp_lib.c
+	$(CC) /Fo$(OBJ_D)\evp_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_lib.c
 
 $(OBJ_D)\pem_sign.obj: $(SRC_D)\crypto\pem\pem_sign.c
-	$(CC) /Fo$(OBJ_D)\pem_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_sign.c
+	$(CC) /Fo$(OBJ_D)\pem_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_sign.c
 
 $(OBJ_D)\pem_seal.obj: $(SRC_D)\crypto\pem\pem_seal.c
-	$(CC) /Fo$(OBJ_D)\pem_seal.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_seal.c
+	$(CC) /Fo$(OBJ_D)\pem_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_seal.c
 
 $(OBJ_D)\pem_info.obj: $(SRC_D)\crypto\pem\pem_info.c
-	$(CC) /Fo$(OBJ_D)\pem_info.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_info.c
+	$(CC) /Fo$(OBJ_D)\pem_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_info.c
 
 $(OBJ_D)\pem_lib.obj: $(SRC_D)\crypto\pem\pem_lib.c
-	$(CC) /Fo$(OBJ_D)\pem_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_lib.c
+	$(CC) /Fo$(OBJ_D)\pem_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_lib.c
 
 $(OBJ_D)\pem_all.obj: $(SRC_D)\crypto\pem\pem_all.c
-	$(CC) /Fo$(OBJ_D)\pem_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_all.c
+	$(CC) /Fo$(OBJ_D)\pem_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_all.c
 
 $(OBJ_D)\pem_err.obj: $(SRC_D)\crypto\pem\pem_err.c
-	$(CC) /Fo$(OBJ_D)\pem_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_err.c
+	$(CC) /Fo$(OBJ_D)\pem_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_err.c
 
 $(OBJ_D)\a_object.obj: $(SRC_D)\crypto\asn1\a_object.c
-	$(CC) /Fo$(OBJ_D)\a_object.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_object.c
+	$(CC) /Fo$(OBJ_D)\a_object.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_object.c
 
 $(OBJ_D)\a_bitstr.obj: $(SRC_D)\crypto\asn1\a_bitstr.c
-	$(CC) /Fo$(OBJ_D)\a_bitstr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bitstr.c
+	$(CC) /Fo$(OBJ_D)\a_bitstr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bitstr.c
 
 $(OBJ_D)\a_utctm.obj: $(SRC_D)\crypto\asn1\a_utctm.c
-	$(CC) /Fo$(OBJ_D)\a_utctm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_utctm.c
+	$(CC) /Fo$(OBJ_D)\a_utctm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_utctm.c
 
 $(OBJ_D)\a_int.obj: $(SRC_D)\crypto\asn1\a_int.c
-	$(CC) /Fo$(OBJ_D)\a_int.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_int.c
+	$(CC) /Fo$(OBJ_D)\a_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_int.c
 
 $(OBJ_D)\a_octet.obj: $(SRC_D)\crypto\asn1\a_octet.c
-	$(CC) /Fo$(OBJ_D)\a_octet.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_octet.c
+	$(CC) /Fo$(OBJ_D)\a_octet.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_octet.c
 
 $(OBJ_D)\a_print.obj: $(SRC_D)\crypto\asn1\a_print.c
-	$(CC) /Fo$(OBJ_D)\a_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_print.c
+	$(CC) /Fo$(OBJ_D)\a_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_print.c
 
 $(OBJ_D)\a_type.obj: $(SRC_D)\crypto\asn1\a_type.c
-	$(CC) /Fo$(OBJ_D)\a_type.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_type.c
+	$(CC) /Fo$(OBJ_D)\a_type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_type.c
 
 $(OBJ_D)\a_set.obj: $(SRC_D)\crypto\asn1\a_set.c
-	$(CC) /Fo$(OBJ_D)\a_set.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_set.c
+	$(CC) /Fo$(OBJ_D)\a_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_set.c
 
 $(OBJ_D)\a_dup.obj: $(SRC_D)\crypto\asn1\a_dup.c
-	$(CC) /Fo$(OBJ_D)\a_dup.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_dup.c
+	$(CC) /Fo$(OBJ_D)\a_dup.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_dup.c
 
 $(OBJ_D)\a_d2i_fp.obj: $(SRC_D)\crypto\asn1\a_d2i_fp.c
-	$(CC) /Fo$(OBJ_D)\a_d2i_fp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_d2i_fp.c
+	$(CC) /Fo$(OBJ_D)\a_d2i_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_d2i_fp.c
 
 $(OBJ_D)\a_i2d_fp.obj: $(SRC_D)\crypto\asn1\a_i2d_fp.c
-	$(CC) /Fo$(OBJ_D)\a_i2d_fp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_i2d_fp.c
+	$(CC) /Fo$(OBJ_D)\a_i2d_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_i2d_fp.c
 
 $(OBJ_D)\a_sign.obj: $(SRC_D)\crypto\asn1\a_sign.c
-	$(CC) /Fo$(OBJ_D)\a_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_sign.c
+	$(CC) /Fo$(OBJ_D)\a_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_sign.c
 
 $(OBJ_D)\a_digest.obj: $(SRC_D)\crypto\asn1\a_digest.c
-	$(CC) /Fo$(OBJ_D)\a_digest.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_digest.c
+	$(CC) /Fo$(OBJ_D)\a_digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_digest.c
 
 $(OBJ_D)\a_verify.obj: $(SRC_D)\crypto\asn1\a_verify.c
-	$(CC) /Fo$(OBJ_D)\a_verify.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_verify.c
+	$(CC) /Fo$(OBJ_D)\a_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_verify.c
 
 $(OBJ_D)\x_algor.obj: $(SRC_D)\crypto\asn1\x_algor.c
-	$(CC) /Fo$(OBJ_D)\x_algor.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_algor.c
+	$(CC) /Fo$(OBJ_D)\x_algor.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_algor.c
 
 $(OBJ_D)\x_val.obj: $(SRC_D)\crypto\asn1\x_val.c
-	$(CC) /Fo$(OBJ_D)\x_val.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_val.c
+	$(CC) /Fo$(OBJ_D)\x_val.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_val.c
 
 $(OBJ_D)\x_pubkey.obj: $(SRC_D)\crypto\asn1\x_pubkey.c
-	$(CC) /Fo$(OBJ_D)\x_pubkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pubkey.c
+	$(CC) /Fo$(OBJ_D)\x_pubkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pubkey.c
 
 $(OBJ_D)\x_sig.obj: $(SRC_D)\crypto\asn1\x_sig.c
-	$(CC) /Fo$(OBJ_D)\x_sig.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_sig.c
+	$(CC) /Fo$(OBJ_D)\x_sig.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_sig.c
 
 $(OBJ_D)\x_req.obj: $(SRC_D)\crypto\asn1\x_req.c
-	$(CC) /Fo$(OBJ_D)\x_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_req.c
+	$(CC) /Fo$(OBJ_D)\x_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_req.c
 
 $(OBJ_D)\x_attrib.obj: $(SRC_D)\crypto\asn1\x_attrib.c
-	$(CC) /Fo$(OBJ_D)\x_attrib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_attrib.c
+	$(CC) /Fo$(OBJ_D)\x_attrib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_attrib.c
 
 $(OBJ_D)\x_name.obj: $(SRC_D)\crypto\asn1\x_name.c
-	$(CC) /Fo$(OBJ_D)\x_name.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_name.c
+	$(CC) /Fo$(OBJ_D)\x_name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_name.c
 
 $(OBJ_D)\x_cinf.obj: $(SRC_D)\crypto\asn1\x_cinf.c
-	$(CC) /Fo$(OBJ_D)\x_cinf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_cinf.c
+	$(CC) /Fo$(OBJ_D)\x_cinf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_cinf.c
 
 $(OBJ_D)\x_x509.obj: $(SRC_D)\crypto\asn1\x_x509.c
-	$(CC) /Fo$(OBJ_D)\x_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_x509.c
+	$(CC) /Fo$(OBJ_D)\x_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_x509.c
 
 $(OBJ_D)\x_crl.obj: $(SRC_D)\crypto\asn1\x_crl.c
-	$(CC) /Fo$(OBJ_D)\x_crl.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_crl.c
+	$(CC) /Fo$(OBJ_D)\x_crl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_crl.c
 
 $(OBJ_D)\x_info.obj: $(SRC_D)\crypto\asn1\x_info.c
-	$(CC) /Fo$(OBJ_D)\x_info.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_info.c
+	$(CC) /Fo$(OBJ_D)\x_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_info.c
 
 $(OBJ_D)\x_spki.obj: $(SRC_D)\crypto\asn1\x_spki.c
-	$(CC) /Fo$(OBJ_D)\x_spki.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_spki.c
+	$(CC) /Fo$(OBJ_D)\x_spki.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_spki.c
 
 $(OBJ_D)\d2i_r_pr.obj: $(SRC_D)\crypto\asn1\d2i_r_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pr.c
+	$(CC) /Fo$(OBJ_D)\d2i_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pr.c
 
 $(OBJ_D)\i2d_r_pr.obj: $(SRC_D)\crypto\asn1\i2d_r_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pr.c
+	$(CC) /Fo$(OBJ_D)\i2d_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pr.c
 
 $(OBJ_D)\d2i_r_pu.obj: $(SRC_D)\crypto\asn1\d2i_r_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pu.c
+	$(CC) /Fo$(OBJ_D)\d2i_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pu.c
 
 $(OBJ_D)\i2d_r_pu.obj: $(SRC_D)\crypto\asn1\i2d_r_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pu.c
+	$(CC) /Fo$(OBJ_D)\i2d_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pu.c
 
 $(OBJ_D)\d2i_s_pr.obj: $(SRC_D)\crypto\asn1\d2i_s_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pr.c
+	$(CC) /Fo$(OBJ_D)\d2i_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pr.c
 
 $(OBJ_D)\i2d_s_pr.obj: $(SRC_D)\crypto\asn1\i2d_s_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pr.c
+	$(CC) /Fo$(OBJ_D)\i2d_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pr.c
 
 $(OBJ_D)\d2i_s_pu.obj: $(SRC_D)\crypto\asn1\d2i_s_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pu.c
+	$(CC) /Fo$(OBJ_D)\d2i_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pu.c
 
 $(OBJ_D)\i2d_s_pu.obj: $(SRC_D)\crypto\asn1\i2d_s_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pu.c
+	$(CC) /Fo$(OBJ_D)\i2d_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pu.c
 
 $(OBJ_D)\d2i_pu.obj: $(SRC_D)\crypto\asn1\d2i_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pu.c
+	$(CC) /Fo$(OBJ_D)\d2i_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pu.c
 
 $(OBJ_D)\d2i_pr.obj: $(SRC_D)\crypto\asn1\d2i_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pr.c
+	$(CC) /Fo$(OBJ_D)\d2i_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pr.c
 
 $(OBJ_D)\i2d_pu.obj: $(SRC_D)\crypto\asn1\i2d_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pu.c
+	$(CC) /Fo$(OBJ_D)\i2d_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pu.c
 
 $(OBJ_D)\i2d_pr.obj: $(SRC_D)\crypto\asn1\i2d_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pr.c
+	$(CC) /Fo$(OBJ_D)\i2d_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pr.c
 
 $(OBJ_D)\t_req.obj: $(SRC_D)\crypto\asn1\t_req.c
-	$(CC) /Fo$(OBJ_D)\t_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_req.c
+	$(CC) /Fo$(OBJ_D)\t_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_req.c
 
 $(OBJ_D)\t_x509.obj: $(SRC_D)\crypto\asn1\t_x509.c
-	$(CC) /Fo$(OBJ_D)\t_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_x509.c
+	$(CC) /Fo$(OBJ_D)\t_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_x509.c
 
 $(OBJ_D)\t_pkey.obj: $(SRC_D)\crypto\asn1\t_pkey.c
-	$(CC) /Fo$(OBJ_D)\t_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_pkey.c
+	$(CC) /Fo$(OBJ_D)\t_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_pkey.c
 
 $(OBJ_D)\p7_i_s.obj: $(SRC_D)\crypto\asn1\p7_i_s.c
-	$(CC) /Fo$(OBJ_D)\p7_i_s.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_i_s.c
+	$(CC) /Fo$(OBJ_D)\p7_i_s.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_i_s.c
 
 $(OBJ_D)\p7_signi.obj: $(SRC_D)\crypto\asn1\p7_signi.c
-	$(CC) /Fo$(OBJ_D)\p7_signi.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signi.c
+	$(CC) /Fo$(OBJ_D)\p7_signi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signi.c
 
 $(OBJ_D)\p7_signd.obj: $(SRC_D)\crypto\asn1\p7_signd.c
-	$(CC) /Fo$(OBJ_D)\p7_signd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signd.c
+	$(CC) /Fo$(OBJ_D)\p7_signd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signd.c
 
 $(OBJ_D)\p7_recip.obj: $(SRC_D)\crypto\asn1\p7_recip.c
-	$(CC) /Fo$(OBJ_D)\p7_recip.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_recip.c
+	$(CC) /Fo$(OBJ_D)\p7_recip.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_recip.c
 
 $(OBJ_D)\p7_enc_c.obj: $(SRC_D)\crypto\asn1\p7_enc_c.c
-	$(CC) /Fo$(OBJ_D)\p7_enc_c.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc_c.c
+	$(CC) /Fo$(OBJ_D)\p7_enc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc_c.c
 
 $(OBJ_D)\p7_evp.obj: $(SRC_D)\crypto\asn1\p7_evp.c
-	$(CC) /Fo$(OBJ_D)\p7_evp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_evp.c
+	$(CC) /Fo$(OBJ_D)\p7_evp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_evp.c
 
 $(OBJ_D)\p7_dgst.obj: $(SRC_D)\crypto\asn1\p7_dgst.c
-	$(CC) /Fo$(OBJ_D)\p7_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_dgst.c
+	$(CC) /Fo$(OBJ_D)\p7_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_dgst.c
 
 $(OBJ_D)\p7_s_e.obj: $(SRC_D)\crypto\asn1\p7_s_e.c
-	$(CC) /Fo$(OBJ_D)\p7_s_e.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_s_e.c
+	$(CC) /Fo$(OBJ_D)\p7_s_e.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_s_e.c
 
 $(OBJ_D)\p7_enc.obj: $(SRC_D)\crypto\asn1\p7_enc.c
-	$(CC) /Fo$(OBJ_D)\p7_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc.c
+	$(CC) /Fo$(OBJ_D)\p7_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc.c
 
 $(OBJ_D)\p7_lib.obj: $(SRC_D)\crypto\asn1\p7_lib.c
-	$(CC) /Fo$(OBJ_D)\p7_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_lib.c
+	$(CC) /Fo$(OBJ_D)\p7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_lib.c
 
 $(OBJ_D)\f_int.obj: $(SRC_D)\crypto\asn1\f_int.c
-	$(CC) /Fo$(OBJ_D)\f_int.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_int.c
+	$(CC) /Fo$(OBJ_D)\f_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_int.c
 
 $(OBJ_D)\f_string.obj: $(SRC_D)\crypto\asn1\f_string.c
-	$(CC) /Fo$(OBJ_D)\f_string.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_string.c
+	$(CC) /Fo$(OBJ_D)\f_string.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_string.c
 
 $(OBJ_D)\i2d_dhp.obj: $(SRC_D)\crypto\asn1\i2d_dhp.c
-	$(CC) /Fo$(OBJ_D)\i2d_dhp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dhp.c
+	$(CC) /Fo$(OBJ_D)\i2d_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dhp.c
 
 $(OBJ_D)\i2d_dsap.obj: $(SRC_D)\crypto\asn1\i2d_dsap.c
-	$(CC) /Fo$(OBJ_D)\i2d_dsap.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dsap.c
+	$(CC) /Fo$(OBJ_D)\i2d_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dsap.c
 
 $(OBJ_D)\d2i_dhp.obj: $(SRC_D)\crypto\asn1\d2i_dhp.c
-	$(CC) /Fo$(OBJ_D)\d2i_dhp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dhp.c
+	$(CC) /Fo$(OBJ_D)\d2i_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dhp.c
 
 $(OBJ_D)\d2i_dsap.obj: $(SRC_D)\crypto\asn1\d2i_dsap.c
-	$(CC) /Fo$(OBJ_D)\d2i_dsap.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dsap.c
+	$(CC) /Fo$(OBJ_D)\d2i_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dsap.c
 
 $(OBJ_D)\n_pkey.obj: $(SRC_D)\crypto\asn1\n_pkey.c
-	$(CC) /Fo$(OBJ_D)\n_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\n_pkey.c
+	$(CC) /Fo$(OBJ_D)\n_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\n_pkey.c
 
 $(OBJ_D)\a_hdr.obj: $(SRC_D)\crypto\asn1\a_hdr.c
-	$(CC) /Fo$(OBJ_D)\a_hdr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_hdr.c
+	$(CC) /Fo$(OBJ_D)\a_hdr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_hdr.c
 
 $(OBJ_D)\x_pkey.obj: $(SRC_D)\crypto\asn1\x_pkey.c
-	$(CC) /Fo$(OBJ_D)\x_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pkey.c
+	$(CC) /Fo$(OBJ_D)\x_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pkey.c
 
 $(OBJ_D)\a_bool.obj: $(SRC_D)\crypto\asn1\a_bool.c
-	$(CC) /Fo$(OBJ_D)\a_bool.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bool.c
+	$(CC) /Fo$(OBJ_D)\a_bool.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bool.c
 
 $(OBJ_D)\x_exten.obj: $(SRC_D)\crypto\asn1\x_exten.c
-	$(CC) /Fo$(OBJ_D)\x_exten.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_exten.c
+	$(CC) /Fo$(OBJ_D)\x_exten.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_exten.c
 
 $(OBJ_D)\asn1_par.obj: $(SRC_D)\crypto\asn1\asn1_par.c
-	$(CC) /Fo$(OBJ_D)\asn1_par.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_par.c
+	$(CC) /Fo$(OBJ_D)\asn1_par.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_par.c
 
 $(OBJ_D)\asn1_lib.obj: $(SRC_D)\crypto\asn1\asn1_lib.c
-	$(CC) /Fo$(OBJ_D)\asn1_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_lib.c
+	$(CC) /Fo$(OBJ_D)\asn1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_lib.c
 
 $(OBJ_D)\asn1_err.obj: $(SRC_D)\crypto\asn1\asn1_err.c
-	$(CC) /Fo$(OBJ_D)\asn1_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_err.c
+	$(CC) /Fo$(OBJ_D)\asn1_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_err.c
 
 $(OBJ_D)\a_meth.obj: $(SRC_D)\crypto\asn1\a_meth.c
-	$(CC) /Fo$(OBJ_D)\a_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_meth.c
+	$(CC) /Fo$(OBJ_D)\a_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_meth.c
 
 $(OBJ_D)\a_bytes.obj: $(SRC_D)\crypto\asn1\a_bytes.c
-	$(CC) /Fo$(OBJ_D)\a_bytes.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bytes.c
+	$(CC) /Fo$(OBJ_D)\a_bytes.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bytes.c
+
+$(OBJ_D)\evp_asn1.obj: $(SRC_D)\crypto\asn1\evp_asn1.c
+	$(CC) /Fo$(OBJ_D)\evp_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\evp_asn1.c
 
 $(OBJ_D)\x509_def.obj: $(SRC_D)\crypto\x509\x509_def.c
-	$(CC) /Fo$(OBJ_D)\x509_def.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_def.c
+	$(CC) /Fo$(OBJ_D)\x509_def.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_def.c
 
 $(OBJ_D)\x509_d2.obj: $(SRC_D)\crypto\x509\x509_d2.c
-	$(CC) /Fo$(OBJ_D)\x509_d2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_d2.c
+	$(CC) /Fo$(OBJ_D)\x509_d2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_d2.c
 
 $(OBJ_D)\x509_r2x.obj: $(SRC_D)\crypto\x509\x509_r2x.c
-	$(CC) /Fo$(OBJ_D)\x509_r2x.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_r2x.c
+	$(CC) /Fo$(OBJ_D)\x509_r2x.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_r2x.c
 
 $(OBJ_D)\x509_cmp.obj: $(SRC_D)\crypto\x509\x509_cmp.c
-	$(CC) /Fo$(OBJ_D)\x509_cmp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_cmp.c
+	$(CC) /Fo$(OBJ_D)\x509_cmp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_cmp.c
 
 $(OBJ_D)\x509_obj.obj: $(SRC_D)\crypto\x509\x509_obj.c
-	$(CC) /Fo$(OBJ_D)\x509_obj.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_obj.c
+	$(CC) /Fo$(OBJ_D)\x509_obj.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_obj.c
 
 $(OBJ_D)\x509_req.obj: $(SRC_D)\crypto\x509\x509_req.c
-	$(CC) /Fo$(OBJ_D)\x509_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_req.c
+	$(CC) /Fo$(OBJ_D)\x509_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_req.c
 
 $(OBJ_D)\x509_vfy.obj: $(SRC_D)\crypto\x509\x509_vfy.c
-	$(CC) /Fo$(OBJ_D)\x509_vfy.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_vfy.c
+	$(CC) /Fo$(OBJ_D)\x509_vfy.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_vfy.c
 
 $(OBJ_D)\x509_set.obj: $(SRC_D)\crypto\x509\x509_set.c
-	$(CC) /Fo$(OBJ_D)\x509_set.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_set.c
+	$(CC) /Fo$(OBJ_D)\x509_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_set.c
 
 $(OBJ_D)\x509rset.obj: $(SRC_D)\crypto\x509\x509rset.c
-	$(CC) /Fo$(OBJ_D)\x509rset.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509rset.c
+	$(CC) /Fo$(OBJ_D)\x509rset.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509rset.c
 
 $(OBJ_D)\x509_err.obj: $(SRC_D)\crypto\x509\x509_err.c
-	$(CC) /Fo$(OBJ_D)\x509_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_err.c
+	$(CC) /Fo$(OBJ_D)\x509_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_err.c
 
 $(OBJ_D)\x509name.obj: $(SRC_D)\crypto\x509\x509name.c
-	$(CC) /Fo$(OBJ_D)\x509name.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509name.c
+	$(CC) /Fo$(OBJ_D)\x509name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509name.c
 
 $(OBJ_D)\x509_v3.obj: $(SRC_D)\crypto\x509\x509_v3.c
-	$(CC) /Fo$(OBJ_D)\x509_v3.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_v3.c
+	$(CC) /Fo$(OBJ_D)\x509_v3.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_v3.c
 
 $(OBJ_D)\x509_ext.obj: $(SRC_D)\crypto\x509\x509_ext.c
-	$(CC) /Fo$(OBJ_D)\x509_ext.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_ext.c
+	$(CC) /Fo$(OBJ_D)\x509_ext.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_ext.c
 
 $(OBJ_D)\x509pack.obj: $(SRC_D)\crypto\x509\x509pack.c
-	$(CC) /Fo$(OBJ_D)\x509pack.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509pack.c
+	$(CC) /Fo$(OBJ_D)\x509pack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509pack.c
 
 $(OBJ_D)\x509type.obj: $(SRC_D)\crypto\x509\x509type.c
-	$(CC) /Fo$(OBJ_D)\x509type.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509type.c
+	$(CC) /Fo$(OBJ_D)\x509type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509type.c
 
 $(OBJ_D)\x509_lu.obj: $(SRC_D)\crypto\x509\x509_lu.c
-	$(CC) /Fo$(OBJ_D)\x509_lu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_lu.c
+	$(CC) /Fo$(OBJ_D)\x509_lu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_lu.c
 
 $(OBJ_D)\x_all.obj: $(SRC_D)\crypto\x509\x_all.c
-	$(CC) /Fo$(OBJ_D)\x_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x_all.c
+	$(CC) /Fo$(OBJ_D)\x_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x_all.c
 
 $(OBJ_D)\x509_txt.obj: $(SRC_D)\crypto\x509\x509_txt.c
-	$(CC) /Fo$(OBJ_D)\x509_txt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_txt.c
+	$(CC) /Fo$(OBJ_D)\x509_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_txt.c
 
 $(OBJ_D)\by_file.obj: $(SRC_D)\crypto\x509\by_file.c
-	$(CC) /Fo$(OBJ_D)\by_file.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_file.c
+	$(CC) /Fo$(OBJ_D)\by_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_file.c
 
 $(OBJ_D)\by_dir.obj: $(SRC_D)\crypto\x509\by_dir.c
-	$(CC) /Fo$(OBJ_D)\by_dir.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_dir.c
+	$(CC) /Fo$(OBJ_D)\by_dir.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_dir.c
 
 $(OBJ_D)\v3_net.obj: $(SRC_D)\crypto\x509\v3_net.c
-	$(CC) /Fo$(OBJ_D)\v3_net.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_net.c
+	$(CC) /Fo$(OBJ_D)\v3_net.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_net.c
 
 $(OBJ_D)\v3_x509.obj: $(SRC_D)\crypto\x509\v3_x509.c
-	$(CC) /Fo$(OBJ_D)\v3_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_x509.c
+	$(CC) /Fo$(OBJ_D)\v3_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_x509.c
 
 $(OBJ_D)\conf.obj: $(SRC_D)\crypto\conf\conf.c
-	$(CC) /Fo$(OBJ_D)\conf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf.c
+	$(CC) /Fo$(OBJ_D)\conf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf.c
 
 $(OBJ_D)\conf_err.obj: $(SRC_D)\crypto\conf\conf_err.c
-	$(CC) /Fo$(OBJ_D)\conf_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf_err.c
+	$(CC) /Fo$(OBJ_D)\conf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf_err.c
 
 $(OBJ_D)\txt_db.obj: $(SRC_D)\crypto\txt_db\txt_db.c
-	$(CC) /Fo$(OBJ_D)\txt_db.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\txt_db\txt_db.c
+	$(CC) /Fo$(OBJ_D)\txt_db.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\txt_db\txt_db.c
 
 $(OBJ_D)\pk7_lib.obj: $(SRC_D)\crypto\pkcs7\pk7_lib.c
-	$(CC) /Fo$(OBJ_D)\pk7_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_lib.c
+	$(CC) /Fo$(OBJ_D)\pk7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_lib.c
 
 $(OBJ_D)\pkcs7err.obj: $(SRC_D)\crypto\pkcs7\pkcs7err.c
-	$(CC) /Fo$(OBJ_D)\pkcs7err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pkcs7err.c
+	$(CC) /Fo$(OBJ_D)\pkcs7err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pkcs7err.c
 
 $(OBJ_D)\pk7_doit.obj: $(SRC_D)\crypto\pkcs7\pk7_doit.c
-	$(CC) /Fo$(OBJ_D)\pk7_doit.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_doit.c
+	$(CC) /Fo$(OBJ_D)\pk7_doit.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_doit.c
 
 $(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c
-	$(CC) /Fo$(OBJ_D)\s2_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c
+	$(CC) /Fo$(OBJ_D)\s2_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c
 
 $(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c
-	$(CC) /Fo$(OBJ_D)\s2_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c
+	$(CC) /Fo$(OBJ_D)\s2_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c
 
 $(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c
-	$(CC) /Fo$(OBJ_D)\s2_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c
+	$(CC) /Fo$(OBJ_D)\s2_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c
 
 $(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c
-	$(CC) /Fo$(OBJ_D)\s2_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c
-
-$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
-	$(CC) /Fo$(OBJ_D)\s2_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c
+	$(CC) /Fo$(OBJ_D)\s2_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c
 
 $(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c
-	$(CC) /Fo$(OBJ_D)\s2_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c
+	$(CC) /Fo$(OBJ_D)\s2_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c
+
+$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
+	$(CC) /Fo$(OBJ_D)\s2_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c
 
 $(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c
-	$(CC) /Fo$(OBJ_D)\s3_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c
+	$(CC) /Fo$(OBJ_D)\s3_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c
 
 $(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c
-	$(CC) /Fo$(OBJ_D)\s3_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c
+	$(CC) /Fo$(OBJ_D)\s3_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c
 
 $(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c
-	$(CC) /Fo$(OBJ_D)\s3_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c
+	$(CC) /Fo$(OBJ_D)\s3_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c
 
 $(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c
-	$(CC) /Fo$(OBJ_D)\s3_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c
-
-$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
-	$(CC) /Fo$(OBJ_D)\s3_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c
+	$(CC) /Fo$(OBJ_D)\s3_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c
 
 $(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c
-	$(CC) /Fo$(OBJ_D)\s3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c
+	$(CC) /Fo$(OBJ_D)\s3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c
+
+$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
+	$(CC) /Fo$(OBJ_D)\s3_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c
 
 $(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c
-	$(CC) /Fo$(OBJ_D)\s3_both.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c
+	$(CC) /Fo$(OBJ_D)\s3_both.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c
 
 $(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c
-	$(CC) /Fo$(OBJ_D)\s23_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c
+	$(CC) /Fo$(OBJ_D)\s23_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c
 
 $(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c
-	$(CC) /Fo$(OBJ_D)\s23_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c
+	$(CC) /Fo$(OBJ_D)\s23_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c
 
 $(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c
-	$(CC) /Fo$(OBJ_D)\s23_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c
+	$(CC) /Fo$(OBJ_D)\s23_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c
 
 $(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c
-	$(CC) /Fo$(OBJ_D)\s23_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c
+	$(CC) /Fo$(OBJ_D)\s23_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c
 
 $(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c
-	$(CC) /Fo$(OBJ_D)\s23_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c
+	$(CC) /Fo$(OBJ_D)\s23_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c
+
+$(OBJ_D)\t1_meth.obj: $(SRC_D)\ssl\t1_meth.c
+	$(CC) /Fo$(OBJ_D)\t1_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_meth.c
+
+$(OBJ_D)\t1_srvr.obj: $(SRC_D)\ssl\t1_srvr.c
+	$(CC) /Fo$(OBJ_D)\t1_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_srvr.c
+
+$(OBJ_D)\t1_clnt.obj: $(SRC_D)\ssl\t1_clnt.c
+	$(CC) /Fo$(OBJ_D)\t1_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_clnt.c
+
+$(OBJ_D)\t1_lib.obj: $(SRC_D)\ssl\t1_lib.c
+	$(CC) /Fo$(OBJ_D)\t1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_lib.c
+
+$(OBJ_D)\t1_enc.obj: $(SRC_D)\ssl\t1_enc.c
+	$(CC) /Fo$(OBJ_D)\t1_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_enc.c
 
 $(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c
-	$(CC) /Fo$(OBJ_D)\ssl_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c
+	$(CC) /Fo$(OBJ_D)\ssl_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c
 
 $(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c
-	$(CC) /Fo$(OBJ_D)\ssl_err2.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c
+	$(CC) /Fo$(OBJ_D)\ssl_err2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c
 
 $(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c
-	$(CC) /Fo$(OBJ_D)\ssl_cert.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c
+	$(CC) /Fo$(OBJ_D)\ssl_cert.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c
 
 $(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c
-	$(CC) /Fo$(OBJ_D)\ssl_sess.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c
+	$(CC) /Fo$(OBJ_D)\ssl_sess.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c
 
 $(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c
-	$(CC) /Fo$(OBJ_D)\ssl_ciph.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c
+	$(CC) /Fo$(OBJ_D)\ssl_ciph.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c
 
 $(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c
-	$(CC) /Fo$(OBJ_D)\ssl_stat.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c
+	$(CC) /Fo$(OBJ_D)\ssl_stat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c
 
 $(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c
-	$(CC) /Fo$(OBJ_D)\ssl_rsa.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c
+	$(CC) /Fo$(OBJ_D)\ssl_rsa.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c
 
 $(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c
-	$(CC) /Fo$(OBJ_D)\ssl_asn1.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c
+	$(CC) /Fo$(OBJ_D)\ssl_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c
 
 $(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c
-	$(CC) /Fo$(OBJ_D)\ssl_txt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c
+	$(CC) /Fo$(OBJ_D)\ssl_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c
 
 $(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c
-	$(CC) /Fo$(OBJ_D)\ssl_algs.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c
+	$(CC) /Fo$(OBJ_D)\ssl_algs.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c
 
 $(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c
-	$(CC) /Fo$(OBJ_D)\bio_ssl.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c
+	$(CC) /Fo$(OBJ_D)\bio_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c
 
 $(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c
-	$(CC) /Fo$(OBJ_D)\ssl_err.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c
+	$(CC) /Fo$(OBJ_D)\ssl_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c
 
 $(OBJ_D)\rsaref.obj: $(SRC_D)\rsaref\rsaref.c
-	$(CC) /Fo$(OBJ_D)\rsaref.obj $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsaref.c
+	$(CC) /Fo$(OBJ_D)\rsaref.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsaref.c
 
 $(OBJ_D)\rsar_err.obj: $(SRC_D)\rsaref\rsar_err.c
-	$(CC) /Fo$(OBJ_D)\rsar_err.obj $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsar_err.c
+	$(CC) /Fo$(OBJ_D)\rsar_err.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsar_err.c
 
 $(TEST_D)\md2test.exe: $(OBJ_D)\md2test.obj $(LIBS_DEP)
   $(LINK) $(LFLAGS) /out:$(TEST_D)\md2test.exe @<<
@@ -1544,19 +1756,34 @@ $(TEST_D)\mdc2test.exe: $(OBJ_D)\mdc2test.obj $(LIBS_DEP)
   $(APP_EX_OBJ) $(OBJ_D)\mdc2test.obj $(L_LIBS) $(EX_LIBS)
 <<
 
+$(TEST_D)\hmactest.exe: $(OBJ_D)\hmactest.obj $(LIBS_DEP)
+  $(LINK) $(LFLAGS) /out:$(TEST_D)\hmactest.exe @<<
+  $(APP_EX_OBJ) $(OBJ_D)\hmactest.obj $(L_LIBS) $(EX_LIBS)
+<<
+
+$(TEST_D)\rmdtest.exe: $(OBJ_D)\rmdtest.obj $(LIBS_DEP)
+  $(LINK) $(LFLAGS) /out:$(TEST_D)\rmdtest.exe @<<
+  $(APP_EX_OBJ) $(OBJ_D)\rmdtest.obj $(L_LIBS) $(EX_LIBS)
+<<
+
 $(TEST_D)\destest.exe: $(OBJ_D)\destest.obj $(LIBS_DEP)
   $(LINK) $(LFLAGS) /out:$(TEST_D)\destest.exe @<<
   $(APP_EX_OBJ) $(OBJ_D)\destest.obj $(L_LIBS) $(EX_LIBS)
 <<
 
+$(TEST_D)\rc2test.exe: $(OBJ_D)\rc2test.obj $(LIBS_DEP)
+  $(LINK) $(LFLAGS) /out:$(TEST_D)\rc2test.exe @<<
+  $(APP_EX_OBJ) $(OBJ_D)\rc2test.obj $(L_LIBS) $(EX_LIBS)
+<<
+
 $(TEST_D)\rc4test.exe: $(OBJ_D)\rc4test.obj $(LIBS_DEP)
   $(LINK) $(LFLAGS) /out:$(TEST_D)\rc4test.exe @<<
   $(APP_EX_OBJ) $(OBJ_D)\rc4test.obj $(L_LIBS) $(EX_LIBS)
 <<
 
-$(TEST_D)\rc2test.exe: $(OBJ_D)\rc2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\rc2test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc2test.obj $(L_LIBS) $(EX_LIBS)
+$(TEST_D)\rc5test.exe: $(OBJ_D)\rc5test.obj $(LIBS_DEP)
+  $(LINK) $(LFLAGS) /out:$(TEST_D)\rc5test.exe @<<
+  $(APP_EX_OBJ) $(OBJ_D)\rc5test.obj $(L_LIBS) $(EX_LIBS)
 <<
 
 $(TEST_D)\ideatest.exe: $(OBJ_D)\ideatest.obj $(LIBS_DEP)
@@ -1569,6 +1796,11 @@ $(TEST_D)\bftest.exe: $(OBJ_D)\bftest.obj $(LIBS_DEP)
   $(APP_EX_OBJ) $(OBJ_D)\bftest.obj $(L_LIBS) $(EX_LIBS)
 <<
 
+$(TEST_D)\casttest.exe: $(OBJ_D)\casttest.obj $(LIBS_DEP)
+  $(LINK) $(LFLAGS) /out:$(TEST_D)\casttest.exe @<<
+  $(APP_EX_OBJ) $(OBJ_D)\casttest.obj $(L_LIBS) $(EX_LIBS)
+<<
+
 $(TEST_D)\bntest.exe: $(OBJ_D)\bntest.obj $(LIBS_DEP)
   $(LINK) $(LFLAGS) /out:$(TEST_D)\bntest.exe @<<
   $(APP_EX_OBJ) $(OBJ_D)\bntest.obj $(L_LIBS) $(EX_LIBS)
diff --git a/ms/req2CA.ss b/ms/req2CA.ss
index de8862fe7..6a3dd4e2d 100644
--- a/ms/req2CA.ss
+++ b/ms/req2CA.ss
@@ -6,24 +6,24 @@ Certificate Request:
             Public Key Algorithm: rsaEncryption
             RSA Public Key: (512 bit)
                 Modulus (512 bit):
-                    00:dd:d5:38:92:02:bf:31:59:eb:ed:0d:e9:f8:d9:
-                    79:cb:54:d1:5c:f9:39:2f:d7:4d:38:9d:01:a0:28:
-                    ca:0b:6c:0b:5d:2c:f0:72:3e:5c:57:1d:97:e5:68:
-                    88:78:30:c7:d8:3b:7b:01:b0:ef:b4:68:41:2d:53:
-                    a2:ab:42:ee:bb
+                    00:c0:e2:84:c5:b7:5f:28:b7:a6:10:c1:8e:29:e0:
+                    60:a8:8d:da:6c:91:3d:cb:37:f7:5a:1a:cf:71:02:
+                    d1:03:23:3c:e5:83:f1:93:40:d0:61:6c:21:12:1f:
+                    62:d8:1c:46:59:80:19:ec:aa:ef:d4:4a:9d:b1:58:
+                    82:40:11:ae:05
                 Exponent: 65537 (0x10001)
         Attributes:
             a0:00
     Signature Algorithm: md5WithRSAEncryption
-        7f:77:9e:b5:10:13:39:99:e5:fd:e1:33:54:05:19:b0:89:b8:
-        2b:21:29:ea:f4:fd:ca:da:62:a7:8a:da:4b:33:91:27:9e:3e:
-        f4:95:46:77:57:8d:dd:fe:83:fe:24:b3:e8:27:65:94:65:d3:
-        c8:44:84:b0:ea:41:35:bb:e7:87
+        12:14:96:c0:0e:ea:5a:08:6f:13:fd:72:84:6a:26:33:29:f9:
+        52:39:4c:fc:ec:da:0d:83:39:2e:27:17:9b:f8:46:03:b5:dd:
+        52:a6:dd:3a:50:8e:73:4f:87:94:59:31:1d:5a:54:24:96:4d:
+        d4:57:95:4c:ca:4c:dc:0b:b8:5f
 -----BEGIN CERTIFICATE REQUEST-----
 MIHzMIGeAgEAMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5Eb2RneSBCcm90aGVy
-czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA3dU4
-kgK/MVnr7Q3p+Nl5y1TRXPk5L9dNOJ0BoCjKC2wLXSzwcj5cVx2X5WiIeDDH2Dt7
-AbDvtGhBLVOiq0LuuwIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQB/d561EBM5meX9
-4TNUBRmwibgrISnq9P3K2mKnitpLM5Ennj70lUZ3V43d/oP+JLPoJ2WUZdPIRISw
-6kE1u+eH
+czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwOKE
+xbdfKLemEMGOKeBgqI3abJE9yzf3WhrPcQLRAyM85YPxk0DQYWwhEh9i2BxGWYAZ
+7Krv1EqdsViCQBGuBQIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQASFJbADupaCG8T
+/XKEaiYzKflSOUz87NoNgzkuJxeb+EYDtd1Spt06UI5zT4eUWTEdWlQklk3UV5VM
+ykzcC7hf
 -----END CERTIFICATE REQUEST-----
diff --git a/ms/reqCA.ss b/ms/reqCA.ss
index fa16d45c5..be8ca974d 100644
--- a/ms/reqCA.ss
+++ b/ms/reqCA.ss
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIHzMIGeAgEAMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5Eb2RneSBCcm90aGVy
-czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA3dU4
-kgK/MVnr7Q3p+Nl5y1TRXPk5L9dNOJ0BoCjKC2wLXSzwcj5cVx2X5WiIeDDH2Dt7
-AbDvtGhBLVOiq0LuuwIDAQABoAAwDQYJKoZIhvcNAQEFBQADQQDBNQXXHTOE59tY
-Z6CLBB0MrNHsIypGdGAFXroIXM8AU9Ac3P7XD1ONpqX/Qa0nN033E8bU8xpre3RI
-4/9XgBs5
+czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwOKE
+xbdfKLemEMGOKeBgqI3abJE9yzf3WhrPcQLRAyM85YPxk0DQYWwhEh9i2BxGWYAZ
+7Krv1EqdsViCQBGuBQIDAQABoAAwDQYJKoZIhvcNAQEFBQADQQDAvyCzrfhnLH8V
+tldPhV9imEi8Dh8vjRYIIb4AlIq25ku8NJyTHi3zOwvH2iiTUx4oxOV9/++UbU+l
+dmT7y1IS
 -----END CERTIFICATE REQUEST-----
diff --git a/ms/reqU.ss b/ms/reqU.ss
index b63f2e444..922389719 100644
--- a/ms/reqU.ss
+++ b/ms/reqU.ss
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBCDCBswIBADBOMQswCQYDVQQGEwJBVTEXMBUGA1UEChMORG9kZ3kgQnJvdGhl
 cnMxEjAQBgNVBAMTCUJyb3RoZXIgMTESMBAGA1UEAxMJQnJvdGhlciAyMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBAMXMcxp35YXyIsrf4o3N1r1iimo2Tl58yg5iKPhD
-XN0NeqCS5KJtBXbGMlW2LPSxMh4QKbrq6y1B/6HT8noKnAECAwEAAaAAMA0GCSqG
-SIb3DQEBAgUAA0EApF6ZEr63DAKDwgrr4oh4fWOls9tf6k0tpQ31LyCpDv/3+08O
-l5Ds40cAsSJGuswVBExuvkrDJsxxSE14Z/e1Fg==
+KoZIhvcNAQEBBQADSwAwSAJBAMn4ERwmb5cqvcokIrFpnrZ6Ww2TIWQfh47sUMad
+4BKSOz/KuWebVyFOfjhQHyEZEXTBmv1CvjVYOwCelGMiEd8CAwEAAaAAMA0GCSqG
+SIb3DQEBAgUAA0EAbE4cboaJY3vKmskyPC1cS5Jn4WjFOjaUCNI5MjeTNTZ6AE4o
+h6Sx4PeQomjMA1gRGrHCz+5IyVBcgskY5IYLCw==
 -----END CERTIFICATE REQUEST-----
diff --git a/ms/ssleay16.def b/ms/ssleay16.def
index 74409f7ad..2c6164430 100644
--- a/ms/ssleay16.def
+++ b/ms/ssleay16.def
@@ -17,7 +17,9 @@ STACKSIZE	8192
 EXPORTS
     _SSLeay_add_ssl_algorithms          @109
     _BIO_f_ssl                          @121
+    _BIO_new_buffer_ssl_connect         @173
     _BIO_new_ssl                        @122
+    _BIO_new_ssl_connect                @174
     _BIO_ssl_copy_session_id            @124
     _BIO_ssl_shutdown                   @131
     _ERR_load_SSL_strings               @1
@@ -32,14 +34,21 @@ EXPORTS
     _SSL_CTX_flush_sessions             @7
     _SSL_CTX_free                       @8
     _SSL_CTX_get_client_CA_list         @9
+    _SSL_CTX_get_ex_data                @138
+    _SSL_CTX_get_ex_new_index           @167
+    _SSL_CTX_get_quiet_shutdown         @140
     _SSL_CTX_get_verify_callback        @10
     _SSL_CTX_get_verify_mode            @11
+    _SSL_CTX_load_verify_locations      @141
     _SSL_CTX_new                        @12
     _SSL_CTX_remove_session             @13
     _SSL_CTX_set_cert_verify_cb         @14
     _SSL_CTX_set_cipher_list            @15
     _SSL_CTX_set_client_CA_list         @16
     _SSL_CTX_set_default_passwd_cb      @17
+    _SSL_CTX_set_default_verify_paths   @142
+    _SSL_CTX_set_ex_data                @143
+    _SSL_CTX_set_quiet_shutdown         @145
     _SSL_CTX_set_ssl_version            @19
     _SSL_CTX_set_verify                 @21
     _SSL_CTX_use_PrivateKey             @22
@@ -51,9 +60,18 @@ EXPORTS
     _SSL_CTX_use_certificate            @28
     _SSL_CTX_use_certificate_ASN1       @29
     _SSL_CTX_use_certificate_file       @30
+    _SSL_SESSION_cmp                    @132
     _SSL_SESSION_free                   @31
+    _SSL_SESSION_get_ex_data            @146
+    _SSL_SESSION_get_ex_new_index       @168
+    _SSL_SESSION_get_time               @134
+    _SSL_SESSION_get_timeout            @136
+    _SSL_SESSION_hash                   @133
     _SSL_SESSION_new                    @32
     _SSL_SESSION_print                  @33
+    _SSL_SESSION_set_ex_data            @148
+    _SSL_SESSION_set_time               @135
+    _SSL_SESSION_set_timeout            @137
     _SSL_accept                         @35
     _SSL_add_client_CA                  @36
     _SSL_alert_desc_string              @37
@@ -69,6 +87,7 @@ EXPORTS
     _SSL_dup                            @46
     _SSL_dup_CA_list                    @47
     _SSL_free                           @48
+    _SSL_get_SSL_CTX                    @150
     _SSL_get_certificate                @49
     _SSL_get_cipher_list                @52
     _SSL_get_ciphers                    @55
@@ -76,17 +95,22 @@ EXPORTS
     _SSL_get_current_cipher             @127
     _SSL_get_default_timeout            @57
     _SSL_get_error                      @58
+    _SSL_get_ex_data                    @151
+    _SSL_get_ex_new_index               @169
     _SSL_get_fd                         @59
+    _SSL_get_info_callback              @165
     _SSL_get_peer_cert_chain            @60
     _SSL_get_peer_certificate           @61
     _SSL_get_privatekey                 @126
+    _SSL_get_quiet_shutdown             @153
     _SSL_get_rbio                       @63
     _SSL_get_read_ahead                 @64
+    _SSL_get_session                    @154
     _SSL_get_shared_ciphers             @65
+    _SSL_get_shutdown                   @155
     _SSL_get_ssl_method                 @66
-    _SSL_get_time                       @67
-    _SSL_get_timeout                    @68
     _SSL_get_verify_mode                @70
+    _SSL_get_verify_result              @157
     _SSL_get_version                    @71
     _SSL_get_wbio                       @72
     _SSL_load_client_CA_file            @73
@@ -103,16 +127,20 @@ EXPORTS
     _SSL_set_cipher_list                @84
     _SSL_set_client_CA_list             @85
     _SSL_set_connect_state              @86
+    _SSL_set_ex_data                    @158
     _SSL_set_fd                         @87
+    _SSL_set_info_callback              @160
+    _SSL_set_quiet_shutdown             @161
     _SSL_set_read_ahead                 @88
     _SSL_set_rfd                        @89
     _SSL_set_session                    @90
+    _SSL_set_shutdown                   @162
     _SSL_set_ssl_method                 @91
-    _SSL_set_time                       @92
-    _SSL_set_timeout                    @93
     _SSL_set_verify                     @94
+    _SSL_set_verify_result              @163
     _SSL_set_wfd                        @95
     _SSL_shutdown                       @96
+    _SSL_state                          @166
     _SSL_state_string                   @97
     _SSL_state_string_long              @98
     _SSL_use_PrivateKey                 @99
@@ -124,6 +152,7 @@ EXPORTS
     _SSL_use_certificate                @105
     _SSL_use_certificate_ASN1           @106
     _SSL_use_certificate_file           @107
+    _SSL_version                        @164
     _SSL_write                          @108
     _SSLv23_client_method               @110
     _SSLv23_method                      @111
@@ -134,6 +163,9 @@ EXPORTS
     _SSLv3_client_method                @116
     _SSLv3_method                       @117
     _SSLv3_server_method                @118
+    _TLSv1_client_method                @172
+    _TLSv1_method                       @170
+    _TLSv1_server_method                @171
     _d2i_SSL_SESSION                    @119
     _i2d_SSL_SESSION                    @120
 
diff --git a/ms/ssleay32.def b/ms/ssleay32.def
index 403d4ec58..aa823b806 100644
--- a/ms/ssleay32.def
+++ b/ms/ssleay32.def
@@ -9,7 +9,9 @@ DESCRIPTION     'SSLeay SSLEAY32 - eay@cryptsoft.com'
 EXPORTS
     SSLeay_add_ssl_algorithms          @109
     BIO_f_ssl                          @121
+    BIO_new_buffer_ssl_connect         @173
     BIO_new_ssl                        @122
+    BIO_new_ssl_connect                @174
     BIO_ssl_copy_session_id            @124
     BIO_ssl_shutdown                   @131
     ERR_load_SSL_strings               @1
@@ -24,14 +26,21 @@ EXPORTS
     SSL_CTX_flush_sessions             @7
     SSL_CTX_free                       @8
     SSL_CTX_get_client_CA_list         @9
+    SSL_CTX_get_ex_data                @138
+    SSL_CTX_get_ex_new_index           @167
+    SSL_CTX_get_quiet_shutdown         @140
     SSL_CTX_get_verify_callback        @10
     SSL_CTX_get_verify_mode            @11
+    SSL_CTX_load_verify_locations      @141
     SSL_CTX_new                        @12
     SSL_CTX_remove_session             @13
     SSL_CTX_set_cert_verify_cb         @14
     SSL_CTX_set_cipher_list            @15
     SSL_CTX_set_client_CA_list         @16
     SSL_CTX_set_default_passwd_cb      @17
+    SSL_CTX_set_default_verify_paths   @142
+    SSL_CTX_set_ex_data                @143
+    SSL_CTX_set_quiet_shutdown         @145
     SSL_CTX_set_ssl_version            @19
     SSL_CTX_set_verify                 @21
     SSL_CTX_use_PrivateKey             @22
@@ -43,10 +52,19 @@ EXPORTS
     SSL_CTX_use_certificate            @28
     SSL_CTX_use_certificate_ASN1       @29
     SSL_CTX_use_certificate_file       @30
+    SSL_SESSION_cmp                    @132
     SSL_SESSION_free                   @31
+    SSL_SESSION_get_ex_data            @146
+    SSL_SESSION_get_ex_new_index       @168
+    SSL_SESSION_get_time               @134
+    SSL_SESSION_get_timeout            @136
+    SSL_SESSION_hash                   @133
     SSL_SESSION_new                    @32
     SSL_SESSION_print                  @33
     SSL_SESSION_print_fp               @34
+    SSL_SESSION_set_ex_data            @148
+    SSL_SESSION_set_time               @135
+    SSL_SESSION_set_timeout            @137
     SSL_accept                         @35
     SSL_add_client_CA                  @36
     SSL_alert_desc_string              @37
@@ -62,6 +80,7 @@ EXPORTS
     SSL_dup                            @46
     SSL_dup_CA_list                    @47
     SSL_free                           @48
+    SSL_get_SSL_CTX                    @150
     SSL_get_certificate                @49
     SSL_get_cipher_list                @52
     SSL_get_ciphers                    @55
@@ -69,17 +88,22 @@ EXPORTS
     SSL_get_current_cipher             @127
     SSL_get_default_timeout            @57
     SSL_get_error                      @58
+    SSL_get_ex_data                    @151
+    SSL_get_ex_new_index               @169
     SSL_get_fd                         @59
+    SSL_get_info_callback              @165
     SSL_get_peer_cert_chain            @60
     SSL_get_peer_certificate           @61
     SSL_get_privatekey                 @126
+    SSL_get_quiet_shutdown             @153
     SSL_get_rbio                       @63
     SSL_get_read_ahead                 @64
+    SSL_get_session                    @154
     SSL_get_shared_ciphers             @65
+    SSL_get_shutdown                   @155
     SSL_get_ssl_method                 @66
-    SSL_get_time                       @67
-    SSL_get_timeout                    @68
     SSL_get_verify_mode                @70
+    SSL_get_verify_result              @157
     SSL_get_version                    @71
     SSL_get_wbio                       @72
     SSL_load_client_CA_file            @73
@@ -96,16 +120,20 @@ EXPORTS
     SSL_set_cipher_list                @84
     SSL_set_client_CA_list             @85
     SSL_set_connect_state              @86
+    SSL_set_ex_data                    @158
     SSL_set_fd                         @87
+    SSL_set_info_callback              @160
+    SSL_set_quiet_shutdown             @161
     SSL_set_read_ahead                 @88
     SSL_set_rfd                        @89
     SSL_set_session                    @90
+    SSL_set_shutdown                   @162
     SSL_set_ssl_method                 @91
-    SSL_set_time                       @92
-    SSL_set_timeout                    @93
     SSL_set_verify                     @94
+    SSL_set_verify_result              @163
     SSL_set_wfd                        @95
     SSL_shutdown                       @96
+    SSL_state                          @166
     SSL_state_string                   @97
     SSL_state_string_long              @98
     SSL_use_PrivateKey                 @99
@@ -117,6 +145,7 @@ EXPORTS
     SSL_use_certificate                @105
     SSL_use_certificate_ASN1           @106
     SSL_use_certificate_file           @107
+    SSL_version                        @164
     SSL_write                          @108
     SSLv23_client_method               @110
     SSLv23_method                      @111
@@ -127,6 +156,9 @@ EXPORTS
     SSLv3_client_method                @116
     SSLv3_method                       @117
     SSLv3_server_method                @118
+    TLSv1_client_method                @172
+    TLSv1_method                       @170
+    TLSv1_server_method                @171
     d2i_SSL_SESSION                    @119
     i2d_SSL_SESSION                    @120
 
diff --git a/ms/test.bat b/ms/test.bat
index e1862c519..cffaf4652 100755
--- a/ms/test.bat
+++ b/ms/test.bat
@@ -1,126 +1,127 @@
 @echo=off
 
-set bin=..\out
-set test=.
+set test=..\ms
+
+rem run this from inside the bin directory
 
 echo destest
-%bin%\destest
+destest
 if errorlevel 1 goto done
 
 echo ideatest
-%bin%\ideatest
+ideatest
 if errorlevel 1 goto done
 
 echo bftest
-%bin%\bftest
+bftest
 if errorlevel 1 goto done
 
 echo shatest
-%bin%\shatest
+shatest
 if errorlevel 1 goto done
 
 echo sha1test
-%bin%\sha1test
+sha1test
 if errorlevel 1 goto done
 
 echo md5test
-%bin%\md5test
+md5test
 if errorlevel 1 goto done
 
 echo md2test
-%bin%\md2test
+md2test
 if errorlevel 1 goto done
 
 echo mdc2test
-%bin%\mdc2test
+mdc2test
 if errorlevel 1 goto done
 
 echo rc2test
-%bin%\rc2test
+rc2test
 if errorlevel 1 goto done
 
 echo rc4test
-%bin%\rc4test
+rc4test
 if errorlevel 1 goto done
 
 echo randtest
-%bin%\randtest
+randtest
 if errorlevel 1 goto done
 
 echo dhtest
-%bin%\dhtest
+dhtest
 if errorlevel 1 goto done
 
 echo exptest
-%bin%\exptest
+exptest
 if errorlevel 1 goto done
 
 echo dsatest
-%bin%\dsatest
+dsatest
 if errorlevel 1 goto done
 
 echo testenc
-call %test%\testenc %bin%\ssleay
+call %test%\testenc ssleay
 if errorlevel 1 goto done
 
 echo testpem
-call %test%\testpem %bin%\ssleay
+call %test%\testpem ssleay
 if errorlevel 1 goto done
 
 echo verify
 copy ..\certs\*.pem cert.tmp >nul
-%bin%\ssleay verify -CAfile cert.tmp ..\certs\*.pem
+ssleay verify -CAfile cert.tmp ..\certs\*.pem
 
 echo testss
-call %test%\testss %bin%\ssleay
+call %test%\testss ssleay
 if errorlevel 1 goto done
 
 echo test sslv2
-%bin%\ssltest -ssl2
+ssltest -ssl2
 if errorlevel 1 goto done
 
 echo test sslv2 with server authentication
-%bin%\ssltest -ssl2 -server_auth -CAfile cert.tmp
+ssltest -ssl2 -server_auth -CAfile cert.tmp
 if errorlevel 1 goto done
 
 echo test sslv2 with client authentication 
-%bin%\ssltest -ssl2 -client_auth -CAfile cert.tmp
+ssltest -ssl2 -client_auth -CAfile cert.tmp
 if errorlevel 1 goto done
 
-echo test sslv2 with beoth client and server authentication
-%bin%\ssltest -ssl2 -server_auth -client_auth -CAfile cert.tmp
+echo test sslv2 with both client and server authentication
+ssltest -ssl2 -server_auth -client_auth -CAfile cert.tmp
 if errorlevel 1 goto done
 
 echo test sslv3
-%bin%\ssltest -ssl3
+ssltest -ssl3
 if errorlevel 1 goto done
 
 echo test sslv3 with server authentication
-%bin%\ssltest -ssl3 -server_auth -CAfile cert.tmp
+ssltest -ssl3 -server_auth -CAfile cert.tmp
 if errorlevel 1 goto done
 
 echo test sslv3 with client authentication 
-%bin%\ssltest -ssl3 -client_auth -CAfile cert.tmp
+ssltest -ssl3 -client_auth -CAfile cert.tmp
 if errorlevel 1 goto done
 
-echo test sslv3 with beoth client and server authentication
-%bin%\ssltest -ssl3 -server_auth -client_auth -CAfile cert.tmp
+echo test sslv3 with both client and server authentication
+ssltest -ssl3 -server_auth -client_auth -CAfile cert.tmp
 if errorlevel 1 goto done
 
 echo test sslv2/sslv3
-%bin%\ssltest
+ssltest
 if errorlevel 1 goto done
 
 echo test sslv2/sslv3 with server authentication
-%bin%\ssltest -server_auth -CAfile cert.tmp
+ssltest -server_auth -CAfile cert.tmp
 if errorlevel 1 goto done
 
 echo test sslv2/sslv3 with client authentication 
-%bin%\ssltest -client_auth -CAfile cert.tmp
+ssltest -client_auth -CAfile cert.tmp
 if errorlevel 1 goto done
 
-echo test sslv2/sslv3 with beoth client and server authentication
-%bin%\ssltest -server_auth -client_auth -CAfile cert.tmp
+echo test sslv2/sslv3 with both client and server authentication
+ssltest -server_auth -client_auth -CAfile cert.tmp
 if errorlevel 1 goto done
 
 
diff --git a/ms/testenc.bat b/ms/testenc.bat
index b46af4bd9..2c73bb7d1 100755
--- a/ms/testenc.bat
+++ b/ms/testenc.bat
@@ -1,10 +1,12 @@
 echo=off
 
+echo start testenc
+path=..\ms;%path%
 set ssleay=%1%
-set input=testenc.bat
-set tmp1=cipher.out
-set out1=clear.out
-set cmp=perl cmp.pl
+set input=..\ms\testenc.bat
+set tmp1=..\ms\cipher.out
+set out1=..\ms\clear.out
+set cmp=perl ..\ms\cmp.pl
 
 call tenc.bat enc
 if errorlevel 1 goto err
diff --git a/ms/testpem.bat b/ms/testpem.bat
index e1e1a0236..8f6cdd4d0 100755
--- a/ms/testpem.bat
+++ b/ms/testpem.bat
@@ -1,7 +1,7 @@
 echo=off
 set ssleay=%1%
 set tmp1=pem.out
-set cmp=perl cmp.pl
+set cmp=perl ..\ms\cmp.pl
 
 call tpem.bat crl ..\test\testcrl.pem
 if errorlevel 1 goto err
diff --git a/ms/testss.bat b/ms/testss.bat
index d9463bf92..9a3bf428c 100755
--- a/ms/testss.bat
+++ b/ms/testss.bat
@@ -1,6 +1,6 @@
 echo=off
 
-set ssleay=..\out\ssleay
+rem set ssleay=..\out\ssleay
 set ssleay=%1
 
 set reqcmd=%ssleay% req
diff --git a/ms/w31dll.mak b/ms/w31dll.mak
index a69570a12..6821d8260 100644
--- a/ms/w31dll.mak
+++ b/ms/w31dll.mak
@@ -15,9 +15,10 @@ INSTALLTOP=\usr\local\ssl
 
 # Set your compiler options
 CC=cl
-CFLAG=/ALw /Gx- /Gt256 /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16
+CFLAG=/ALw /Gx- /Gt256 /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWINDOWS -DWIN16
 APP_CFLAG=/Gw /FPi87
-LIB_CFLAG=/Gw
+LIB_CFLAG=/Gw -D_WINDLL -D_DLL
+SHLIB_CFLAG=
 APP_EX_OBJ=setargv.obj
 SHLIB_EX_OBJ=
 # add extra libraries to this define, for solaris -lsocket -lnsl would
@@ -28,7 +29,7 @@ EX_LIBS=oldnames llibcewq libw winsock
 SRC_D=.
 
 LINK=link
-LFLAGS= /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000 /PACKD:60000 /STACK:20000 /ALIGN:16
+LFLAGS= /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000 /PACKD:60000 /STACK:20000 /ALIGN:256
 
 BN_MULW_OBJ=crypto\bn\asm\x86w32.obj
 BN_MULW_SRC=crypto\bn\asm\x86w32.asm
@@ -38,11 +39,25 @@ DES_CRYPT_OBJ=
 DES_CRYPT_SRC=
 BF_ENC_OBJ=
 BF_ENC_SRC=
+CAST_ENC_OBJ=
+CAST_ENC_SRC=
+RC4_ENC_OBJ=
+RC4_ENC_SRC=
+RC5_ENC_OBJ=
+RC5_ENC_SRC=
+MD5_ASM_OBJ=
+MD5_ASM_SRC=
+SHA1_ASM_OBJ=
+SHA1_ASM_SRC=
+RMD160_ASM_OBJ=
+RMD160_ASM_SRC=
 
 # The output directory for everything intersting
-OUT_D=out
+OUT_D=out16dll
 # The output directory for all the temporary muck
-TMP_D=tmp
+TMP_D=tmp16dll
+# The output directory for the header files
+INC_D=inc16
 
 CP=copy
 RM=del
@@ -64,11 +79,9 @@ RSAGLUE=RSAglue
 # BIN_D  - Binary output directory
 # TEST_D - Binary test file output directory
 # LIB_D  - library output directory
-# INC_D  - include directory
 BIN_D=$(OUT_D)
 TEST_D=$(OUT_D)
 LIB_D=$(OUT_D)
-INC_D=$(OUT_D)
 
 # INCL_D - local library directory
 # OBJ_D  - temp object file directory
@@ -78,6 +91,8 @@ INCL_D=$(TMP_D)
 O_SSL=     $(LIB_D)\$(SSL).dll
 O_CRYPTO=  $(LIB_D)\$(CRYPTO).dll
 O_RSAGLUE= $(LIB_D)\$(RSAGLUE).lib
+SO_SSL=    $(SSL)
+SO_CRYPTO= $(CRYPTO)
 L_SSL=     $(LIB_D)\$(SSL).lib
 L_CRYPTO=  $(LIB_D)\$(CRYPTO).lib
 
@@ -88,137 +103,152 @@ L_LIBS= $(L_SSL) $(L_CRYPTO)
 # Don't touch anything below this point
 ######################################################
 
-INC=-DFLAT_INC -I$(INC_D) -I$(INCL_D)
+INC=-I$(INC_D) -I$(INCL_D)
 APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG)
 LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG)
+SHLIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) $(SHLIB_CFLAG)
 LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL)
 
 #############################################
-HEADER=$(INCL_D)\e_os.h \
-	$(INCL_D)\cryptlib.h $(INCL_D)\date.h $(INCL_D)\md5_locl.h \
-	$(INCL_D)\sha_locl.h $(INCL_D)\des_locl.h $(INCL_D)\rpc_des.h \
-	$(INCL_D)\podd.h $(INCL_D)\sk.h $(INCL_D)\spr.h \
-	$(INCL_D)\des_ver.h $(INCL_D)\rc2_locl.h $(INCL_D)\idea_lcl.h \
-	$(INCL_D)\bf_pi.h $(INCL_D)\bf_locl.h $(INCL_D)\bn_lcl.h \
-	$(INCL_D)\bn_prime.h $(INCL_D)\obj_dat.h $(INCL_D)\conf_lcl.h \
-	$(INCL_D)\ssl_locl.h $(INCL_D)\rsaref.h $(INCL_D)\apps.h \
-	$(INCL_D)\progs.h $(INCL_D)\s_apps.h $(INCL_D)\testdsa.h \
-	$(INCL_D)\testrsa.h
-
-EXHEADER=$(INC_D)\crypto.h \
-	$(INC_D)\cryptall.h $(INC_D)\md2.h $(INC_D)\md5.h \
-	$(INC_D)\sha.h $(INC_D)\mdc2.h $(INC_D)\des.h \
-	$(INC_D)\rc4.h $(INC_D)\rc2.h $(INC_D)\idea.h \
-	$(INC_D)\blowfish.h $(INC_D)\bn.h $(INC_D)\rsa.h \
-	$(INC_D)\dsa.h $(INC_D)\dh.h $(INC_D)\buffer.h \
-	$(INC_D)\bio.h $(INC_D)\stack.h $(INC_D)\lhash.h \
+HEADER=$(INCL_D)\cryptlib.h \
+	$(INCL_D)\date.h $(INCL_D)\md5_locl.h $(INCL_D)\sha_locl.h \
+	$(INCL_D)\rmd_locl.h $(INCL_D)\rmdconst.h $(INCL_D)\des_locl.h \
+	$(INCL_D)\rpc_des.h $(INCL_D)\podd.h $(INCL_D)\sk.h \
+	$(INCL_D)\spr.h $(INCL_D)\des_ver.h $(INCL_D)\rc2_locl.h \
+	$(INCL_D)\rc4_locl.h $(INCL_D)\rc5_locl.h $(INCL_D)\idea_lcl.h \
+	$(INCL_D)\bf_pi.h $(INCL_D)\bf_locl.h $(INCL_D)\cast_s.h \
+	$(INCL_D)\cast_lcl.h $(INCL_D)\bn_lcl.h $(INCL_D)\bn_prime.h \
+	$(INCL_D)\obj_dat.h $(INCL_D)\conf_lcl.h $(INCL_D)\ssl_locl.h \
+	$(INCL_D)\rsaref.h $(INCL_D)\apps.h $(INCL_D)\progs.h \
+	$(INCL_D)\s_apps.h $(INCL_D)\testdsa.h $(INCL_D)\testrsa.h
+
+EXHEADER=$(INC_D)\e_os.h \
+	$(INC_D)\crypto.h $(INC_D)\cryptall.h $(INC_D)\md2.h \
+	$(INC_D)\md5.h $(INC_D)\sha.h $(INC_D)\mdc2.h \
+	$(INC_D)\hmac.h $(INC_D)\ripemd.h $(INC_D)\des.h \
+	$(INC_D)\rc2.h $(INC_D)\rc4.h $(INC_D)\rc5.h \
+	$(INC_D)\idea.h $(INC_D)\blowfish.h $(INC_D)\cast.h \
+	$(INC_D)\bn.h $(INC_D)\rsa.h $(INC_D)\dsa.h \
+	$(INC_D)\dh.h $(INC_D)\buffer.h $(INC_D)\bio.h \
+	$(INC_D)\bss_file.c $(INC_D)\stack.h $(INC_D)\lhash.h \
 	$(INC_D)\rand.h $(INC_D)\err.h $(INC_D)\objects.h \
 	$(INC_D)\evp.h $(INC_D)\pem.h $(INC_D)\asn1.h \
 	$(INC_D)\asn1_mac.h $(INC_D)\x509.h $(INC_D)\x509_vfy.h \
 	$(INC_D)\conf.h $(INC_D)\txt_db.h $(INC_D)\pkcs7.h \
 	$(INC_D)\ssl.h $(INC_D)\ssl2.h $(INC_D)\ssl3.h \
-	$(INC_D)\ssl23.h
+	$(INC_D)\ssl23.h $(INC_D)\tls1.h
 
 T_OBJ=$(OBJ_D)\md2test.obj \
 	$(OBJ_D)\md5test.obj $(OBJ_D)\shatest.obj $(OBJ_D)\sha1test.obj \
-	$(OBJ_D)\mdc2test.obj $(OBJ_D)\destest.obj $(OBJ_D)\rc4test.obj \
-	$(OBJ_D)\rc2test.obj $(OBJ_D)\ideatest.obj $(OBJ_D)\bftest.obj \
-	$(OBJ_D)\bntest.obj $(OBJ_D)\exptest.obj $(OBJ_D)\dsatest.obj \
-	$(OBJ_D)\dhtest.obj $(OBJ_D)\randtest.obj $(OBJ_D)\ssltest.obj
+	$(OBJ_D)\mdc2test.obj $(OBJ_D)\hmactest.obj $(OBJ_D)\rmdtest.obj \
+	$(OBJ_D)\destest.obj $(OBJ_D)\rc2test.obj $(OBJ_D)\rc4test.obj \
+	$(OBJ_D)\rc5test.obj $(OBJ_D)\ideatest.obj $(OBJ_D)\bftest.obj \
+	$(OBJ_D)\casttest.obj $(OBJ_D)\bntest.obj $(OBJ_D)\exptest.obj \
+	$(OBJ_D)\dsatest.obj $(OBJ_D)\dhtest.obj $(OBJ_D)\randtest.obj \
+	$(OBJ_D)\ssltest.obj
 
 E_OBJ=$(OBJ_D)\verify.obj \
 	$(OBJ_D)\asn1pars.obj $(OBJ_D)\req.obj $(OBJ_D)\dgst.obj \
 	$(OBJ_D)\dh.obj $(OBJ_D)\enc.obj $(OBJ_D)\gendh.obj \
-	$(OBJ_D)\errstr.obj $(OBJ_D)\ca.obj $(OBJ_D)\gendsa.obj \
-	$(OBJ_D)\pkcs7.obj $(OBJ_D)\crl2p7.obj $(OBJ_D)\crl.obj \
-	$(OBJ_D)\rsa.obj $(OBJ_D)\dsa.obj $(OBJ_D)\dsaparam.obj \
-	$(OBJ_D)\x509.obj $(OBJ_D)\genrsa.obj $(OBJ_D)\s_server.obj \
-	$(OBJ_D)\s_client.obj $(OBJ_D)\speed.obj $(OBJ_D)\s_time.obj \
-	$(OBJ_D)\apps.obj $(OBJ_D)\s_cb.obj $(OBJ_D)\s_socket.obj \
-	$(OBJ_D)\version.obj $(OBJ_D)\sess_id.obj $(OBJ_D)\ciphers.obj \
-	$(OBJ_D)\ssleay.obj
+	$(OBJ_D)\errstr.obj $(OBJ_D)\ca.obj $(OBJ_D)\pkcs7.obj \
+	$(OBJ_D)\crl2p7.obj $(OBJ_D)\crl.obj $(OBJ_D)\rsa.obj \
+	$(OBJ_D)\dsa.obj $(OBJ_D)\dsaparam.obj $(OBJ_D)\x509.obj \
+	$(OBJ_D)\genrsa.obj $(OBJ_D)\s_server.obj $(OBJ_D)\s_client.obj \
+	$(OBJ_D)\speed.obj $(OBJ_D)\s_time.obj $(OBJ_D)\apps.obj \
+	$(OBJ_D)\s_cb.obj $(OBJ_D)\s_socket.obj $(OBJ_D)\version.obj \
+	$(OBJ_D)\sess_id.obj $(OBJ_D)\ciphers.obj $(OBJ_D)\ssleay.obj
 
 CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
-	$(OBJ_D)\mem.obj $(OBJ_D)\cversion.obj $(OBJ_D)\md2_dgst.obj \
-	$(OBJ_D)\md5_dgst.obj $(OBJ_D)\md2_one.obj $(OBJ_D)\md5_one.obj \
-	$(OBJ_D)\sha_dgst.obj $(OBJ_D)\sha1dgst.obj $(OBJ_D)\sha_one.obj \
-	$(OBJ_D)\sha1_one.obj $(OBJ_D)\mdc2dgst.obj $(OBJ_D)\mdc2_one.obj \
-	$(OBJ_D)\set_key.obj $(OBJ_D)\ecb_enc.obj $(OBJ_D)\ede_enc.obj \
-	$(OBJ_D)\cbc_enc.obj $(OBJ_D)\cbc3_enc.obj $(OBJ_D)\ecb3_enc.obj \
+	$(OBJ_D)\mem.obj $(OBJ_D)\cversion.obj $(OBJ_D)\ex_data.obj \
+	$(OBJ_D)\cpt_err.obj $(OBJ_D)\md2_dgst.obj $(OBJ_D)\md2_one.obj \
+	$(OBJ_D)\md5_dgst.obj $(OBJ_D)\md5_one.obj $(OBJ_D)\sha_dgst.obj \
+	$(OBJ_D)\sha1dgst.obj $(OBJ_D)\sha_one.obj $(OBJ_D)\sha1_one.obj \
+	$(OBJ_D)\mdc2dgst.obj $(OBJ_D)\mdc2_one.obj $(OBJ_D)\hmac.obj \
+	$(OBJ_D)\rmd_dgst.obj $(OBJ_D)\rmd_one.obj $(OBJ_D)\set_key.obj \
+	$(OBJ_D)\ecb_enc.obj $(OBJ_D)\cbc_enc.obj $(OBJ_D)\ecb3_enc.obj \
 	$(OBJ_D)\cfb64enc.obj $(OBJ_D)\cfb64ede.obj $(OBJ_D)\cfb_enc.obj \
 	$(OBJ_D)\ofb64ede.obj $(OBJ_D)\enc_read.obj $(OBJ_D)\enc_writ.obj \
-	$(OBJ_D)\ncbc_enc.obj $(OBJ_D)\ofb64enc.obj $(OBJ_D)\ofb_enc.obj \
-	$(OBJ_D)\str2key.obj $(OBJ_D)\pcbc_enc.obj $(OBJ_D)\qud_cksm.obj \
-	$(OBJ_D)\rand_key.obj $(OBJ_D)\des_enc.obj $(OBJ_D)\fcrypt_b.obj \
-	$(OBJ_D)\read2pwd.obj $(OBJ_D)\fcrypt.obj $(OBJ_D)\xcbc_enc.obj \
-	$(OBJ_D)\read_pwd.obj $(OBJ_D)\rpc_enc.obj $(OBJ_D)\cbc_cksm.obj \
-	$(OBJ_D)\supp.obj $(OBJ_D)\rc4_enc.obj $(OBJ_D)\rc2_ecb.obj \
-	$(OBJ_D)\rc2_skey.obj $(OBJ_D)\rc2_cbc.obj $(OBJ_D)\rc2cfb64.obj \
-	$(OBJ_D)\rc2ofb64.obj $(OBJ_D)\i_cbc.obj $(OBJ_D)\i_cfb64.obj \
-	$(OBJ_D)\i_ofb64.obj $(OBJ_D)\i_ecb.obj $(OBJ_D)\i_skey.obj \
-	$(OBJ_D)\bf_skey.obj $(OBJ_D)\bf_ecb.obj $(OBJ_D)\bf_enc.obj \
-	$(OBJ_D)\bf_cbc.obj $(OBJ_D)\bf_cfb64.obj $(OBJ_D)\bf_ofb64.obj \
+	$(OBJ_D)\ofb64enc.obj $(OBJ_D)\ofb_enc.obj $(OBJ_D)\str2key.obj \
+	$(OBJ_D)\pcbc_enc.obj $(OBJ_D)\qud_cksm.obj $(OBJ_D)\rand_key.obj \
+	$(OBJ_D)\des_enc.obj $(OBJ_D)\fcrypt_b.obj $(OBJ_D)\read2pwd.obj \
+	$(OBJ_D)\fcrypt.obj $(OBJ_D)\xcbc_enc.obj $(OBJ_D)\read_pwd.obj \
+	$(OBJ_D)\rpc_enc.obj $(OBJ_D)\cbc_cksm.obj $(OBJ_D)\supp.obj \
+	$(OBJ_D)\rc2_ecb.obj $(OBJ_D)\rc2_skey.obj $(OBJ_D)\rc2_cbc.obj \
+	$(OBJ_D)\rc2cfb64.obj $(OBJ_D)\rc2ofb64.obj $(OBJ_D)\rc4_skey.obj \
+	$(OBJ_D)\rc4_enc.obj $(OBJ_D)\rc5_skey.obj $(OBJ_D)\rc5_ecb.obj \
+	$(OBJ_D)\rc5_enc.obj $(OBJ_D)\rc5cfb64.obj $(OBJ_D)\rc5ofb64.obj \
+	$(OBJ_D)\i_cbc.obj $(OBJ_D)\i_cfb64.obj $(OBJ_D)\i_ofb64.obj \
+	$(OBJ_D)\i_ecb.obj $(OBJ_D)\i_skey.obj $(OBJ_D)\bf_skey.obj \
+	$(OBJ_D)\bf_ecb.obj $(OBJ_D)\bf_enc.obj $(OBJ_D)\bf_cfb64.obj \
+	$(OBJ_D)\bf_ofb64.obj $(OBJ_D)\c_skey.obj $(OBJ_D)\c_ecb.obj \
+	$(OBJ_D)\c_enc.obj $(OBJ_D)\c_cfb64.obj $(OBJ_D)\c_ofb64.obj \
 	$(OBJ_D)\bn_add.obj $(OBJ_D)\bn_div.obj $(OBJ_D)\bn_exp.obj \
 	$(OBJ_D)\bn_lib.obj $(OBJ_D)\bn_mod.obj $(OBJ_D)\bn_mul.obj \
 	$(OBJ_D)\bn_print.obj $(OBJ_D)\bn_rand.obj $(OBJ_D)\bn_shift.obj \
-	$(OBJ_D)\bn_sub.obj $(OBJ_D)\bn_word.obj $(OBJ_D)\bn_gcd.obj \
-	$(OBJ_D)\bn_prime.obj $(OBJ_D)\bn_err.obj $(OBJ_D)\bn_sqr.obj \
-	$(BN_MULW_OBJ) $(OBJ_D)\bn_recp.obj $(OBJ_D)\bn_mont.obj \
-	$(OBJ_D)\rsa_enc.obj $(OBJ_D)\rsa_gen.obj $(OBJ_D)\rsa_lib.obj \
-	$(OBJ_D)\rsa_sign.obj $(OBJ_D)\rsa_saos.obj $(OBJ_D)\rsa_err.obj \
-	$(OBJ_D)\dsa_gen.obj $(OBJ_D)\dsa_key.obj $(OBJ_D)\dsa_lib.obj \
-	$(OBJ_D)\dsa_vrf.obj $(OBJ_D)\dsa_sign.obj $(OBJ_D)\dsa_err.obj \
-	$(OBJ_D)\dh_gen.obj $(OBJ_D)\dh_key.obj $(OBJ_D)\dh_lib.obj \
-	$(OBJ_D)\dh_check.obj $(OBJ_D)\dh_err.obj $(OBJ_D)\buffer.obj \
-	$(OBJ_D)\buf_err.obj $(OBJ_D)\bio_lib.obj $(OBJ_D)\bio_cb.obj \
-	$(OBJ_D)\bio_err.obj $(OBJ_D)\bss_mem.obj $(OBJ_D)\bss_null.obj \
-	$(OBJ_D)\bss_fd.obj $(OBJ_D)\bss_file.obj $(OBJ_D)\bss_sock.obj \
-	$(OBJ_D)\bss_conn.obj $(OBJ_D)\bf_null.obj $(OBJ_D)\bf_buff.obj \
-	$(OBJ_D)\b_print.obj $(OBJ_D)\b_dump.obj $(OBJ_D)\b_sock.obj \
-	$(OBJ_D)\bss_acpt.obj $(OBJ_D)\bf_nbio.obj $(OBJ_D)\stack.obj \
-	$(OBJ_D)\lhash.obj $(OBJ_D)\lh_stats.obj $(OBJ_D)\md_rand.obj \
-	$(OBJ_D)\randfile.obj $(OBJ_D)\err.obj $(OBJ_D)\err_all.obj \
-	$(OBJ_D)\err_prn.obj $(OBJ_D)\obj_dat.obj $(OBJ_D)\obj_lib.obj \
-	$(OBJ_D)\obj_err.obj $(OBJ_D)\encode.obj $(OBJ_D)\digest.obj \
-	$(OBJ_D)\evp_enc.obj $(OBJ_D)\evp_key.obj $(OBJ_D)\e_ecb_d.obj \
-	$(OBJ_D)\e_cbc_d.obj $(OBJ_D)\e_cfb_d.obj $(OBJ_D)\e_ofb_d.obj \
-	$(OBJ_D)\e_ecb_i.obj $(OBJ_D)\e_cbc_i.obj $(OBJ_D)\e_cfb_i.obj \
-	$(OBJ_D)\e_ofb_i.obj $(OBJ_D)\e_ecb_3d.obj $(OBJ_D)\e_cbc_3d.obj \
-	$(OBJ_D)\e_rc4.obj $(OBJ_D)\names.obj $(OBJ_D)\e_cfb_3d.obj \
-	$(OBJ_D)\e_ofb_3d.obj $(OBJ_D)\e_xcbc_d.obj $(OBJ_D)\e_ecb_r2.obj \
-	$(OBJ_D)\e_cbc_r2.obj $(OBJ_D)\e_cfb_r2.obj $(OBJ_D)\e_ofb_r2.obj \
-	$(OBJ_D)\e_ecb_bf.obj $(OBJ_D)\e_cbc_bf.obj $(OBJ_D)\e_cfb_bf.obj \
-	$(OBJ_D)\e_ofb_bf.obj $(OBJ_D)\m_null.obj $(OBJ_D)\m_md2.obj \
-	$(OBJ_D)\m_md5.obj $(OBJ_D)\m_sha.obj $(OBJ_D)\m_sha1.obj \
-	$(OBJ_D)\m_dss.obj $(OBJ_D)\m_dss1.obj $(OBJ_D)\m_mdc2.obj \
-	$(OBJ_D)\p_open.obj $(OBJ_D)\p_seal.obj $(OBJ_D)\p_sign.obj \
-	$(OBJ_D)\p_verify.obj $(OBJ_D)\p_lib.obj $(OBJ_D)\bio_md.obj \
-	$(OBJ_D)\bio_b64.obj $(OBJ_D)\bio_enc.obj $(OBJ_D)\evp_err.obj \
-	$(OBJ_D)\e_null.obj $(OBJ_D)\c_all.obj $(OBJ_D)\pem_sign.obj \
-	$(OBJ_D)\pem_seal.obj $(OBJ_D)\pem_info.obj $(OBJ_D)\pem_lib.obj \
-	$(OBJ_D)\pem_all.obj $(OBJ_D)\pem_err.obj $(OBJ_D)\a_object.obj \
-	$(OBJ_D)\a_bitstr.obj $(OBJ_D)\a_utctm.obj $(OBJ_D)\a_int.obj \
-	$(OBJ_D)\a_octet.obj $(OBJ_D)\a_print.obj $(OBJ_D)\a_type.obj \
-	$(OBJ_D)\a_set.obj $(OBJ_D)\a_dup.obj $(OBJ_D)\a_d2i_fp.obj \
-	$(OBJ_D)\a_i2d_fp.obj $(OBJ_D)\a_sign.obj $(OBJ_D)\a_digest.obj \
-	$(OBJ_D)\a_verify.obj $(OBJ_D)\x_algor.obj $(OBJ_D)\x_val.obj \
-	$(OBJ_D)\x_pubkey.obj $(OBJ_D)\x_sig.obj $(OBJ_D)\x_req.obj \
-	$(OBJ_D)\x_attrib.obj $(OBJ_D)\x_name.obj $(OBJ_D)\x_cinf.obj \
-	$(OBJ_D)\x_x509.obj $(OBJ_D)\x_crl.obj $(OBJ_D)\x_info.obj \
-	$(OBJ_D)\x_spki.obj $(OBJ_D)\d2i_r_pr.obj $(OBJ_D)\i2d_r_pr.obj \
-	$(OBJ_D)\d2i_r_pu.obj $(OBJ_D)\i2d_r_pu.obj $(OBJ_D)\d2i_s_pr.obj \
-	$(OBJ_D)\i2d_s_pr.obj $(OBJ_D)\d2i_s_pu.obj $(OBJ_D)\i2d_s_pu.obj \
-	$(OBJ_D)\d2i_pu.obj $(OBJ_D)\d2i_pr.obj $(OBJ_D)\i2d_pu.obj \
-	$(OBJ_D)\i2d_pr.obj $(OBJ_D)\t_req.obj $(OBJ_D)\t_x509.obj \
-	$(OBJ_D)\t_pkey.obj $(OBJ_D)\p7_i_s.obj $(OBJ_D)\p7_signi.obj \
-	$(OBJ_D)\p7_signd.obj $(OBJ_D)\p7_recip.obj $(OBJ_D)\p7_enc_c.obj \
-	$(OBJ_D)\p7_evp.obj $(OBJ_D)\p7_dgst.obj $(OBJ_D)\p7_s_e.obj \
-	$(OBJ_D)\p7_enc.obj $(OBJ_D)\p7_lib.obj $(OBJ_D)\f_int.obj \
-	$(OBJ_D)\f_string.obj $(OBJ_D)\i2d_dhp.obj $(OBJ_D)\i2d_dsap.obj \
-	$(OBJ_D)\d2i_dhp.obj $(OBJ_D)\d2i_dsap.obj $(OBJ_D)\n_pkey.obj \
-	$(OBJ_D)\a_hdr.obj $(OBJ_D)\x_pkey.obj $(OBJ_D)\a_bool.obj \
-	$(OBJ_D)\x_exten.obj $(OBJ_D)\asn1_par.obj $(OBJ_D)\asn1_lib.obj \
-	$(OBJ_D)\asn1_err.obj $(OBJ_D)\a_meth.obj $(OBJ_D)\a_bytes.obj \
+	$(OBJ_D)\bn_sub.obj $(OBJ_D)\bn_word.obj $(OBJ_D)\bn_blind.obj \
+	$(OBJ_D)\bn_gcd.obj $(OBJ_D)\bn_prime.obj $(OBJ_D)\bn_err.obj \
+	$(OBJ_D)\bn_sqr.obj $(BN_MULW_OBJ) $(OBJ_D)\bn_recp.obj \
+	$(OBJ_D)\bn_mont.obj $(OBJ_D)\bn_mpi.obj $(OBJ_D)\rsa_eay.obj \
+	$(OBJ_D)\rsa_gen.obj $(OBJ_D)\rsa_lib.obj $(OBJ_D)\rsa_sign.obj \
+	$(OBJ_D)\rsa_saos.obj $(OBJ_D)\rsa_err.obj $(OBJ_D)\rsa_pk1.obj \
+	$(OBJ_D)\rsa_ssl.obj $(OBJ_D)\rsa_none.obj $(OBJ_D)\dsa_gen.obj \
+	$(OBJ_D)\dsa_key.obj $(OBJ_D)\dsa_lib.obj $(OBJ_D)\dsa_vrf.obj \
+	$(OBJ_D)\dsa_sign.obj $(OBJ_D)\dsa_err.obj $(OBJ_D)\dh_gen.obj \
+	$(OBJ_D)\dh_key.obj $(OBJ_D)\dh_lib.obj $(OBJ_D)\dh_check.obj \
+	$(OBJ_D)\dh_err.obj $(OBJ_D)\buffer.obj $(OBJ_D)\buf_err.obj \
+	$(OBJ_D)\bio_lib.obj $(OBJ_D)\bio_cb.obj $(OBJ_D)\bio_err.obj \
+	$(OBJ_D)\bss_mem.obj $(OBJ_D)\bss_null.obj $(OBJ_D)\bss_fd.obj \
+	$(OBJ_D)\bss_file.obj $(OBJ_D)\bss_sock.obj $(OBJ_D)\bss_conn.obj \
+	$(OBJ_D)\bf_null.obj $(OBJ_D)\bf_buff.obj $(OBJ_D)\b_print.obj \
+	$(OBJ_D)\b_dump.obj $(OBJ_D)\b_sock.obj $(OBJ_D)\bss_acpt.obj \
+	$(OBJ_D)\bf_nbio.obj $(OBJ_D)\stack.obj $(OBJ_D)\lhash.obj \
+	$(OBJ_D)\lh_stats.obj $(OBJ_D)\md_rand.obj $(OBJ_D)\randfile.obj \
+	$(OBJ_D)\err.obj $(OBJ_D)\err_all.obj $(OBJ_D)\err_prn.obj \
+	$(OBJ_D)\obj_dat.obj $(OBJ_D)\obj_lib.obj $(OBJ_D)\obj_err.obj \
+	$(OBJ_D)\encode.obj $(OBJ_D)\digest.obj $(OBJ_D)\evp_enc.obj \
+	$(OBJ_D)\evp_key.obj $(OBJ_D)\e_ecb_d.obj $(OBJ_D)\e_cbc_d.obj \
+	$(OBJ_D)\e_cfb_d.obj $(OBJ_D)\e_ofb_d.obj $(OBJ_D)\e_ecb_i.obj \
+	$(OBJ_D)\e_cbc_i.obj $(OBJ_D)\e_cfb_i.obj $(OBJ_D)\e_ofb_i.obj \
+	$(OBJ_D)\e_ecb_3d.obj $(OBJ_D)\e_cbc_3d.obj $(OBJ_D)\e_rc4.obj \
+	$(OBJ_D)\names.obj $(OBJ_D)\e_cfb_3d.obj $(OBJ_D)\e_ofb_3d.obj \
+	$(OBJ_D)\e_xcbc_d.obj $(OBJ_D)\e_ecb_r2.obj $(OBJ_D)\e_cbc_r2.obj \
+	$(OBJ_D)\e_cfb_r2.obj $(OBJ_D)\e_ofb_r2.obj $(OBJ_D)\e_ecb_bf.obj \
+	$(OBJ_D)\e_cbc_bf.obj $(OBJ_D)\e_cfb_bf.obj $(OBJ_D)\e_ofb_bf.obj \
+	$(OBJ_D)\e_ecb_c.obj $(OBJ_D)\e_cbc_c.obj $(OBJ_D)\e_cfb_c.obj \
+	$(OBJ_D)\e_ofb_c.obj $(OBJ_D)\e_ecb_r5.obj $(OBJ_D)\e_cbc_r5.obj \
+	$(OBJ_D)\e_cfb_r5.obj $(OBJ_D)\e_ofb_r5.obj $(OBJ_D)\m_null.obj \
+	$(OBJ_D)\m_md2.obj $(OBJ_D)\m_md5.obj $(OBJ_D)\m_sha.obj \
+	$(OBJ_D)\m_sha1.obj $(OBJ_D)\m_dss.obj $(OBJ_D)\m_dss1.obj \
+	$(OBJ_D)\m_mdc2.obj $(OBJ_D)\m_ripemd.obj $(OBJ_D)\p_open.obj \
+	$(OBJ_D)\p_seal.obj $(OBJ_D)\p_sign.obj $(OBJ_D)\p_verify.obj \
+	$(OBJ_D)\p_lib.obj $(OBJ_D)\p_enc.obj $(OBJ_D)\p_dec.obj \
+	$(OBJ_D)\bio_md.obj $(OBJ_D)\bio_b64.obj $(OBJ_D)\bio_enc.obj \
+	$(OBJ_D)\evp_err.obj $(OBJ_D)\e_null.obj $(OBJ_D)\c_all.obj \
+	$(OBJ_D)\evp_lib.obj $(OBJ_D)\pem_sign.obj $(OBJ_D)\pem_seal.obj \
+	$(OBJ_D)\pem_info.obj $(OBJ_D)\pem_lib.obj $(OBJ_D)\pem_all.obj \
+	$(OBJ_D)\pem_err.obj $(OBJ_D)\a_object.obj $(OBJ_D)\a_bitstr.obj \
+	$(OBJ_D)\a_utctm.obj $(OBJ_D)\a_int.obj $(OBJ_D)\a_octet.obj \
+	$(OBJ_D)\a_print.obj $(OBJ_D)\a_type.obj $(OBJ_D)\a_set.obj \
+	$(OBJ_D)\a_dup.obj $(OBJ_D)\a_d2i_fp.obj $(OBJ_D)\a_i2d_fp.obj \
+	$(OBJ_D)\a_sign.obj $(OBJ_D)\a_digest.obj $(OBJ_D)\a_verify.obj \
+	$(OBJ_D)\x_algor.obj $(OBJ_D)\x_val.obj $(OBJ_D)\x_pubkey.obj \
+	$(OBJ_D)\x_sig.obj $(OBJ_D)\x_req.obj $(OBJ_D)\x_attrib.obj \
+	$(OBJ_D)\x_name.obj $(OBJ_D)\x_cinf.obj $(OBJ_D)\x_x509.obj \
+	$(OBJ_D)\x_crl.obj $(OBJ_D)\x_info.obj $(OBJ_D)\x_spki.obj \
+	$(OBJ_D)\d2i_r_pr.obj $(OBJ_D)\i2d_r_pr.obj $(OBJ_D)\d2i_r_pu.obj \
+	$(OBJ_D)\i2d_r_pu.obj $(OBJ_D)\d2i_s_pr.obj $(OBJ_D)\i2d_s_pr.obj \
+	$(OBJ_D)\d2i_s_pu.obj $(OBJ_D)\i2d_s_pu.obj $(OBJ_D)\d2i_pu.obj \
+	$(OBJ_D)\d2i_pr.obj $(OBJ_D)\i2d_pu.obj $(OBJ_D)\i2d_pr.obj \
+	$(OBJ_D)\t_req.obj $(OBJ_D)\t_x509.obj $(OBJ_D)\t_pkey.obj \
+	$(OBJ_D)\p7_i_s.obj $(OBJ_D)\p7_signi.obj $(OBJ_D)\p7_signd.obj \
+	$(OBJ_D)\p7_recip.obj $(OBJ_D)\p7_enc_c.obj $(OBJ_D)\p7_evp.obj \
+	$(OBJ_D)\p7_dgst.obj $(OBJ_D)\p7_s_e.obj $(OBJ_D)\p7_enc.obj \
+	$(OBJ_D)\p7_lib.obj $(OBJ_D)\f_int.obj $(OBJ_D)\f_string.obj \
+	$(OBJ_D)\i2d_dhp.obj $(OBJ_D)\i2d_dsap.obj $(OBJ_D)\d2i_dhp.obj \
+	$(OBJ_D)\d2i_dsap.obj $(OBJ_D)\n_pkey.obj $(OBJ_D)\a_hdr.obj \
+	$(OBJ_D)\x_pkey.obj $(OBJ_D)\a_bool.obj $(OBJ_D)\x_exten.obj \
+	$(OBJ_D)\asn1_par.obj $(OBJ_D)\asn1_lib.obj $(OBJ_D)\asn1_err.obj \
+	$(OBJ_D)\a_meth.obj $(OBJ_D)\a_bytes.obj $(OBJ_D)\evp_asn1.obj \
 	$(OBJ_D)\x509_def.obj $(OBJ_D)\x509_d2.obj $(OBJ_D)\x509_r2x.obj \
 	$(OBJ_D)\x509_cmp.obj $(OBJ_D)\x509_obj.obj $(OBJ_D)\x509_req.obj \
 	$(OBJ_D)\x509_vfy.obj $(OBJ_D)\x509_set.obj $(OBJ_D)\x509rset.obj \
@@ -232,42 +262,55 @@ CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
 
 SSLOBJ=$(OBJ_D)\s2_meth.obj \
 	$(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \
-	$(OBJ_D)\s2_pkt.obj $(OBJ_D)\s2_enc.obj $(OBJ_D)\s3_meth.obj \
+	$(OBJ_D)\s2_enc.obj $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s3_meth.obj \
 	$(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \
-	$(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_both.obj \
+	$(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_both.obj \
 	$(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj $(OBJ_D)\s23_clnt.obj \
-	$(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj $(OBJ_D)\ssl_lib.obj \
-	$(OBJ_D)\ssl_err2.obj $(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj \
-	$(OBJ_D)\ssl_ciph.obj $(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj \
-	$(OBJ_D)\ssl_asn1.obj $(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj \
-	$(OBJ_D)\bio_ssl.obj $(OBJ_D)\ssl_err.obj
+	$(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj $(OBJ_D)\t1_meth.obj \
+	$(OBJ_D)\t1_srvr.obj $(OBJ_D)\t1_clnt.obj $(OBJ_D)\t1_lib.obj \
+	$(OBJ_D)\t1_enc.obj $(OBJ_D)\ssl_lib.obj $(OBJ_D)\ssl_err2.obj \
+	$(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj $(OBJ_D)\ssl_ciph.obj \
+	$(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj $(OBJ_D)\ssl_asn1.obj \
+	$(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj $(OBJ_D)\bio_ssl.obj \
+	$(OBJ_D)\ssl_err.obj
 
 RSAGLUEOBJ=$(OBJ_D)\rsaref.obj \
 	$(OBJ_D)\rsar_err.obj
 
 T_EXE=$(TEST_D)\md2test.exe \
 	$(TEST_D)\md5test.exe $(TEST_D)\shatest.exe $(TEST_D)\sha1test.exe \
-	$(TEST_D)\mdc2test.exe $(TEST_D)\destest.exe $(TEST_D)\rc4test.exe \
-	$(TEST_D)\rc2test.exe $(TEST_D)\ideatest.exe $(TEST_D)\bftest.exe \
-	$(TEST_D)\bntest.exe $(TEST_D)\exptest.exe $(TEST_D)\dsatest.exe \
-	$(TEST_D)\dhtest.exe $(TEST_D)\randtest.exe $(TEST_D)\ssltest.exe
+	$(TEST_D)\mdc2test.exe $(TEST_D)\hmactest.exe $(TEST_D)\rmdtest.exe \
+	$(TEST_D)\destest.exe $(TEST_D)\rc2test.exe $(TEST_D)\rc4test.exe \
+	$(TEST_D)\rc5test.exe $(TEST_D)\ideatest.exe $(TEST_D)\bftest.exe \
+	$(TEST_D)\casttest.exe $(TEST_D)\bntest.exe $(TEST_D)\exptest.exe \
+	$(TEST_D)\dsatest.exe $(TEST_D)\dhtest.exe $(TEST_D)\randtest.exe \
+	$(TEST_D)\ssltest.exe
 
 ###################################################################
-all: banner $(OUT_D) $(TMP_D) headers lib exe
+all: banner $(TMP_D) $(BIN_D) $(TEST_D) $(LIB_D) $(INC_D) headers lib exe
 
 banner:
-	@echo Make sure you have run 'perl Configure VC-W31-32' in the
+	@echo Make sure you have run 'perl Configure VC-WIN16' in the
 	@echo top level directory, if you don't have perl, you will
 	@echo need to probably edit crypto/bn/bn.h, check the
 	@echo documentation for details.
 
 
-$(OUT_D):
-	$(MKDIR) $(OUT_D)
-
 $(TMP_D):
 	$(MKDIR) $(TMP_D)
 
+$(BIN_D):
+	$(MKDIR) $(BIN_D)
+
+$(TEST_D):
+	$(MKDIR) $(TEST_D)
+
+$(LIB_D):
+	$(MKDIR) $(LIB_D)
+
+$(INC_D):
+	$(MKDIR) $(INC_D)
+
 headers: $(HEADER) $(EXHEADER)
 
 lib: $(LIBS_DEP)
@@ -279,10 +322,10 @@ install:
 	$(MKDIR) $(INSTALLTOP)\bin
 	$(MKDIR) $(INSTALLTOP)\include
 	$(MKDIR) $(INSTALLTOP)\lib
-	$(CP) $(INC_D)\*.h $(INSTALLTOP)\include
+	$(CP) $(INC_D)\*.[ch] $(INSTALLTOP)\include
 	$(CP) $(BIN_D)\$(E_EXE).exe $(INSTALLTOP)\bin
-	$(CP) $(LIB_D)\$(O_SSL) $(INSTALLTOP)\lib
-	$(CP) $(LIB_D)\$(O_CRYPTO) $(INSTALLTOP)\lib
+	$(CP) $(O_SSL) $(INSTALLTOP)\lib
+	$(CP) $(O_CRYPTO) $(INSTALLTOP)\lib
 
 clean:
 	$(RM) $(TMP_D)\*.*
@@ -291,21 +334,24 @@ vclean:
 	$(RM) $(TMP_D)\*.*
 	$(RM) $(OUT_D)\*.*
 
-$(INCL_D)\e_os.h: $(SRC_D)\.\e_os.h
-	$(CP) $(SRC_D)\.\e_os.h $(INCL_D)\e_os.h
-
 $(INCL_D)\cryptlib.h: $(SRC_D)\crypto\cryptlib.h
 	$(CP) $(SRC_D)\crypto\cryptlib.h $(INCL_D)\cryptlib.h
 
 $(INCL_D)\date.h: $(SRC_D)\crypto\date.h
 	$(CP) $(SRC_D)\crypto\date.h $(INCL_D)\date.h
 
-$(INCL_D)\md5_locl.h: $(SRC_D)\crypto\md\md5_locl.h
-	$(CP) $(SRC_D)\crypto\md\md5_locl.h $(INCL_D)\md5_locl.h
+$(INCL_D)\md5_locl.h: $(SRC_D)\crypto\md5\md5_locl.h
+	$(CP) $(SRC_D)\crypto\md5\md5_locl.h $(INCL_D)\md5_locl.h
 
 $(INCL_D)\sha_locl.h: $(SRC_D)\crypto\sha\sha_locl.h
 	$(CP) $(SRC_D)\crypto\sha\sha_locl.h $(INCL_D)\sha_locl.h
 
+$(INCL_D)\rmd_locl.h: $(SRC_D)\crypto\ripemd\rmd_locl.h
+	$(CP) $(SRC_D)\crypto\ripemd\rmd_locl.h $(INCL_D)\rmd_locl.h
+
+$(INCL_D)\rmdconst.h: $(SRC_D)\crypto\ripemd\rmdconst.h
+	$(CP) $(SRC_D)\crypto\ripemd\rmdconst.h $(INCL_D)\rmdconst.h
+
 $(INCL_D)\des_locl.h: $(SRC_D)\crypto\des\des_locl.h
 	$(CP) $(SRC_D)\crypto\des\des_locl.h $(INCL_D)\des_locl.h
 
@@ -327,6 +373,12 @@ $(INCL_D)\des_ver.h: $(SRC_D)\crypto\des\des_ver.h
 $(INCL_D)\rc2_locl.h: $(SRC_D)\crypto\rc2\rc2_locl.h
 	$(CP) $(SRC_D)\crypto\rc2\rc2_locl.h $(INCL_D)\rc2_locl.h
 
+$(INCL_D)\rc4_locl.h: $(SRC_D)\crypto\rc4\rc4_locl.h
+	$(CP) $(SRC_D)\crypto\rc4\rc4_locl.h $(INCL_D)\rc4_locl.h
+
+$(INCL_D)\rc5_locl.h: $(SRC_D)\crypto\rc5\rc5_locl.h
+	$(CP) $(SRC_D)\crypto\rc5\rc5_locl.h $(INCL_D)\rc5_locl.h
+
 $(INCL_D)\idea_lcl.h: $(SRC_D)\crypto\idea\idea_lcl.h
 	$(CP) $(SRC_D)\crypto\idea\idea_lcl.h $(INCL_D)\idea_lcl.h
 
@@ -336,6 +388,12 @@ $(INCL_D)\bf_pi.h: $(SRC_D)\crypto\bf\bf_pi.h
 $(INCL_D)\bf_locl.h: $(SRC_D)\crypto\bf\bf_locl.h
 	$(CP) $(SRC_D)\crypto\bf\bf_locl.h $(INCL_D)\bf_locl.h
 
+$(INCL_D)\cast_s.h: $(SRC_D)\crypto\cast\cast_s.h
+	$(CP) $(SRC_D)\crypto\cast\cast_s.h $(INCL_D)\cast_s.h
+
+$(INCL_D)\cast_lcl.h: $(SRC_D)\crypto\cast\cast_lcl.h
+	$(CP) $(SRC_D)\crypto\cast\cast_lcl.h $(INCL_D)\cast_lcl.h
+
 $(INCL_D)\bn_lcl.h: $(SRC_D)\crypto\bn\bn_lcl.h
 	$(CP) $(SRC_D)\crypto\bn\bn_lcl.h $(INCL_D)\bn_lcl.h
 
@@ -369,17 +427,20 @@ $(INCL_D)\testdsa.h: $(SRC_D)\apps\testdsa.h
 $(INCL_D)\testrsa.h: $(SRC_D)\apps\testrsa.h
 	$(CP) $(SRC_D)\apps\testrsa.h $(INCL_D)\testrsa.h
 
+$(INC_D)\e_os.h: $(SRC_D)\.\e_os.h
+	$(CP) $(SRC_D)\.\e_os.h $(INC_D)\e_os.h
+
 $(INC_D)\crypto.h: $(SRC_D)\crypto\crypto.h
 	$(CP) $(SRC_D)\crypto\crypto.h $(INC_D)\crypto.h
 
 $(INC_D)\cryptall.h: $(SRC_D)\crypto\cryptall.h
 	$(CP) $(SRC_D)\crypto\cryptall.h $(INC_D)\cryptall.h
 
-$(INC_D)\md2.h: $(SRC_D)\crypto\md\md2.h
-	$(CP) $(SRC_D)\crypto\md\md2.h $(INC_D)\md2.h
+$(INC_D)\md2.h: $(SRC_D)\crypto\md2\md2.h
+	$(CP) $(SRC_D)\crypto\md2\md2.h $(INC_D)\md2.h
 
-$(INC_D)\md5.h: $(SRC_D)\crypto\md\md5.h
-	$(CP) $(SRC_D)\crypto\md\md5.h $(INC_D)\md5.h
+$(INC_D)\md5.h: $(SRC_D)\crypto\md5\md5.h
+	$(CP) $(SRC_D)\crypto\md5\md5.h $(INC_D)\md5.h
 
 $(INC_D)\sha.h: $(SRC_D)\crypto\sha\sha.h
 	$(CP) $(SRC_D)\crypto\sha\sha.h $(INC_D)\sha.h
@@ -387,14 +448,23 @@ $(INC_D)\sha.h: $(SRC_D)\crypto\sha\sha.h
 $(INC_D)\mdc2.h: $(SRC_D)\crypto\mdc2\mdc2.h
 	$(CP) $(SRC_D)\crypto\mdc2\mdc2.h $(INC_D)\mdc2.h
 
+$(INC_D)\hmac.h: $(SRC_D)\crypto\hmac\hmac.h
+	$(CP) $(SRC_D)\crypto\hmac\hmac.h $(INC_D)\hmac.h
+
+$(INC_D)\ripemd.h: $(SRC_D)\crypto\ripemd\ripemd.h
+	$(CP) $(SRC_D)\crypto\ripemd\ripemd.h $(INC_D)\ripemd.h
+
 $(INC_D)\des.h: $(SRC_D)\crypto\des\des.h
 	$(CP) $(SRC_D)\crypto\des\des.h $(INC_D)\des.h
 
+$(INC_D)\rc2.h: $(SRC_D)\crypto\rc2\rc2.h
+	$(CP) $(SRC_D)\crypto\rc2\rc2.h $(INC_D)\rc2.h
+
 $(INC_D)\rc4.h: $(SRC_D)\crypto\rc4\rc4.h
 	$(CP) $(SRC_D)\crypto\rc4\rc4.h $(INC_D)\rc4.h
 
-$(INC_D)\rc2.h: $(SRC_D)\crypto\rc2\rc2.h
-	$(CP) $(SRC_D)\crypto\rc2\rc2.h $(INC_D)\rc2.h
+$(INC_D)\rc5.h: $(SRC_D)\crypto\rc5\rc5.h
+	$(CP) $(SRC_D)\crypto\rc5\rc5.h $(INC_D)\rc5.h
 
 $(INC_D)\idea.h: $(SRC_D)\crypto\idea\idea.h
 	$(CP) $(SRC_D)\crypto\idea\idea.h $(INC_D)\idea.h
@@ -402,6 +472,9 @@ $(INC_D)\idea.h: $(SRC_D)\crypto\idea\idea.h
 $(INC_D)\blowfish.h: $(SRC_D)\crypto\bf\blowfish.h
 	$(CP) $(SRC_D)\crypto\bf\blowfish.h $(INC_D)\blowfish.h
 
+$(INC_D)\cast.h: $(SRC_D)\crypto\cast\cast.h
+	$(CP) $(SRC_D)\crypto\cast\cast.h $(INC_D)\cast.h
+
 $(INC_D)\bn.h: $(SRC_D)\crypto\bn\bn.h
 	$(CP) $(SRC_D)\crypto\bn\bn.h $(INC_D)\bn.h
 
@@ -420,6 +493,9 @@ $(INC_D)\buffer.h: $(SRC_D)\crypto\buffer\buffer.h
 $(INC_D)\bio.h: $(SRC_D)\crypto\bio\bio.h
 	$(CP) $(SRC_D)\crypto\bio\bio.h $(INC_D)\bio.h
 
+$(INC_D)\bss_file.c: $(SRC_D)\crypto\bio\bss_file.c
+	$(CP) $(SRC_D)\crypto\bio\bss_file.c $(INC_D)\bss_file.c
+
 $(INC_D)\stack.h: $(SRC_D)\crypto\stack\stack.h
 	$(CP) $(SRC_D)\crypto\stack\stack.h $(INC_D)\stack.h
 
@@ -474,11 +550,14 @@ $(INC_D)\ssl3.h: $(SRC_D)\ssl\ssl3.h
 $(INC_D)\ssl23.h: $(SRC_D)\ssl\ssl23.h
 	$(CP) $(SRC_D)\ssl\ssl23.h $(INC_D)\ssl23.h
 
-$(OBJ_D)\md2test.obj: $(SRC_D)\crypto\md\md2test.c
-	$(CC) /Fo$(OBJ_D)\md2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md\md2test.c
+$(INC_D)\tls1.h: $(SRC_D)\ssl\tls1.h
+	$(CP) $(SRC_D)\ssl\tls1.h $(INC_D)\tls1.h
+
+$(OBJ_D)\md2test.obj: $(SRC_D)\crypto\md2\md2test.c
+	$(CC) /Fo$(OBJ_D)\md2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md2\md2test.c
 
-$(OBJ_D)\md5test.obj: $(SRC_D)\crypto\md\md5test.c
-	$(CC) /Fo$(OBJ_D)\md5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md\md5test.c
+$(OBJ_D)\md5test.obj: $(SRC_D)\crypto\md5\md5test.c
+	$(CC) /Fo$(OBJ_D)\md5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md5\md5test.c
 
 $(OBJ_D)\shatest.obj: $(SRC_D)\crypto\sha\shatest.c
 	$(CC) /Fo$(OBJ_D)\shatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\shatest.c
@@ -489,14 +568,23 @@ $(OBJ_D)\sha1test.obj: $(SRC_D)\crypto\sha\sha1test.c
 $(OBJ_D)\mdc2test.obj: $(SRC_D)\crypto\mdc2\mdc2test.c
 	$(CC) /Fo$(OBJ_D)\mdc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2test.c
 
+$(OBJ_D)\hmactest.obj: $(SRC_D)\crypto\hmac\hmactest.c
+	$(CC) /Fo$(OBJ_D)\hmactest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\hmac\hmactest.c
+
+$(OBJ_D)\rmdtest.obj: $(SRC_D)\crypto\ripemd\rmdtest.c
+	$(CC) /Fo$(OBJ_D)\rmdtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmdtest.c
+
 $(OBJ_D)\destest.obj: $(SRC_D)\crypto\des\destest.c
 	$(CC) /Fo$(OBJ_D)\destest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\des\destest.c
 
+$(OBJ_D)\rc2test.obj: $(SRC_D)\crypto\rc2\rc2test.c
+	$(CC) /Fo$(OBJ_D)\rc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2test.c
+
 $(OBJ_D)\rc4test.obj: $(SRC_D)\crypto\rc4\rc4test.c
 	$(CC) /Fo$(OBJ_D)\rc4test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4test.c
 
-$(OBJ_D)\rc2test.obj: $(SRC_D)\crypto\rc2\rc2test.c
-	$(CC) /Fo$(OBJ_D)\rc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2test.c
+$(OBJ_D)\rc5test.obj: $(SRC_D)\crypto\rc5\rc5test.c
+	$(CC) /Fo$(OBJ_D)\rc5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5test.c
 
 $(OBJ_D)\ideatest.obj: $(SRC_D)\crypto\idea\ideatest.c
 	$(CC) /Fo$(OBJ_D)\ideatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\idea\ideatest.c
@@ -504,6 +592,9 @@ $(OBJ_D)\ideatest.obj: $(SRC_D)\crypto\idea\ideatest.c
 $(OBJ_D)\bftest.obj: $(SRC_D)\crypto\bf\bftest.c
 	$(CC) /Fo$(OBJ_D)\bftest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bf\bftest.c
 
+$(OBJ_D)\casttest.obj: $(SRC_D)\crypto\cast\casttest.c
+	$(CC) /Fo$(OBJ_D)\casttest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\cast\casttest.c
+
 $(OBJ_D)\bntest.obj: $(SRC_D)\crypto\bn\bntest.c
 	$(CC) /Fo$(OBJ_D)\bntest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\bntest.c
 
@@ -549,9 +640,6 @@ $(OBJ_D)\errstr.obj: $(SRC_D)\apps\errstr.c
 $(OBJ_D)\ca.obj: $(SRC_D)\apps\ca.c
 	$(CC) /Fo$(OBJ_D)\ca.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ca.c
 
-$(OBJ_D)\gendsa.obj: $(SRC_D)\apps\gendsa.c
-	$(CC) /Fo$(OBJ_D)\gendsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\gendsa.c
-
 $(OBJ_D)\pkcs7.obj: $(SRC_D)\apps\pkcs7.c
 	$(CC) /Fo$(OBJ_D)\pkcs7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\pkcs7.c
 
@@ -613,907 +701,1012 @@ crypto\bn\asm\x86w32.obj: crypto\bn\asm\x86w32.asm
 	$(ASM) /Focrypto\bn\asm\x86w32.obj $(SRC_D)\crypto\bn\asm\x86w32.asm
 
 $(OBJ_D)\cryptlib.obj: $(SRC_D)\crypto\cryptlib.c
-	$(CC) /Fo$(OBJ_D)\cryptlib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\cryptlib.c
+	$(CC) /Fo$(OBJ_D)\cryptlib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cryptlib.c
 
 $(OBJ_D)\mem.obj: $(SRC_D)\crypto\mem.c
-	$(CC) /Fo$(OBJ_D)\mem.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mem.c
+	$(CC) /Fo$(OBJ_D)\mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mem.c
 
 $(OBJ_D)\cversion.obj: $(SRC_D)\crypto\cversion.c
-	$(CC) /Fo$(OBJ_D)\cversion.obj $(LIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)\crypto\cversion.c
+	$(CC) /Fo$(OBJ_D)\cversion.obj  $(SHLIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)\crypto\cversion.c
+
+$(OBJ_D)\ex_data.obj: $(SRC_D)\crypto\ex_data.c
+	$(CC) /Fo$(OBJ_D)\ex_data.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ex_data.c
+
+$(OBJ_D)\cpt_err.obj: $(SRC_D)\crypto\cpt_err.c
+	$(CC) /Fo$(OBJ_D)\cpt_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cpt_err.c
 
-$(OBJ_D)\md2_dgst.obj: $(SRC_D)\crypto\md\md2_dgst.c
-	$(CC) /Fo$(OBJ_D)\md2_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md2_dgst.c
+$(OBJ_D)\md2_dgst.obj: $(SRC_D)\crypto\md2\md2_dgst.c
+	$(CC) /Fo$(OBJ_D)\md2_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_dgst.c
 
-$(OBJ_D)\md5_dgst.obj: $(SRC_D)\crypto\md\md5_dgst.c
-	$(CC) /Fo$(OBJ_D)\md5_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md5_dgst.c
+$(OBJ_D)\md2_one.obj: $(SRC_D)\crypto\md2\md2_one.c
+	$(CC) /Fo$(OBJ_D)\md2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_one.c
 
-$(OBJ_D)\md2_one.obj: $(SRC_D)\crypto\md\md2_one.c
-	$(CC) /Fo$(OBJ_D)\md2_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md2_one.c
+$(OBJ_D)\md5_dgst.obj: $(SRC_D)\crypto\md5\md5_dgst.c
+	$(CC) /Fo$(OBJ_D)\md5_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_dgst.c
 
-$(OBJ_D)\md5_one.obj: $(SRC_D)\crypto\md\md5_one.c
-	$(CC) /Fo$(OBJ_D)\md5_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md5_one.c
+$(OBJ_D)\md5_one.obj: $(SRC_D)\crypto\md5\md5_one.c
+	$(CC) /Fo$(OBJ_D)\md5_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_one.c
 
 $(OBJ_D)\sha_dgst.obj: $(SRC_D)\crypto\sha\sha_dgst.c
-	$(CC) /Fo$(OBJ_D)\sha_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_dgst.c
+	$(CC) /Fo$(OBJ_D)\sha_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_dgst.c
 
 $(OBJ_D)\sha1dgst.obj: $(SRC_D)\crypto\sha\sha1dgst.c
-	$(CC) /Fo$(OBJ_D)\sha1dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1dgst.c
+	$(CC) /Fo$(OBJ_D)\sha1dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1dgst.c
 
 $(OBJ_D)\sha_one.obj: $(SRC_D)\crypto\sha\sha_one.c
-	$(CC) /Fo$(OBJ_D)\sha_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_one.c
+	$(CC) /Fo$(OBJ_D)\sha_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_one.c
 
 $(OBJ_D)\sha1_one.obj: $(SRC_D)\crypto\sha\sha1_one.c
-	$(CC) /Fo$(OBJ_D)\sha1_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1_one.c
+	$(CC) /Fo$(OBJ_D)\sha1_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1_one.c
 
 $(OBJ_D)\mdc2dgst.obj: $(SRC_D)\crypto\mdc2\mdc2dgst.c
-	$(CC) /Fo$(OBJ_D)\mdc2dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2dgst.c
+	$(CC) /Fo$(OBJ_D)\mdc2dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2dgst.c
 
 $(OBJ_D)\mdc2_one.obj: $(SRC_D)\crypto\mdc2\mdc2_one.c
-	$(CC) /Fo$(OBJ_D)\mdc2_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2_one.c
+	$(CC) /Fo$(OBJ_D)\mdc2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2_one.c
+
+$(OBJ_D)\hmac.obj: $(SRC_D)\crypto\hmac\hmac.c
+	$(CC) /Fo$(OBJ_D)\hmac.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\hmac\hmac.c
+
+$(OBJ_D)\rmd_dgst.obj: $(SRC_D)\crypto\ripemd\rmd_dgst.c
+	$(CC) /Fo$(OBJ_D)\rmd_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_dgst.c
+
+$(OBJ_D)\rmd_one.obj: $(SRC_D)\crypto\ripemd\rmd_one.c
+	$(CC) /Fo$(OBJ_D)\rmd_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_one.c
 
 $(OBJ_D)\set_key.obj: $(SRC_D)\crypto\des\set_key.c
-	$(CC) /Fo$(OBJ_D)\set_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\set_key.c
+	$(CC) /Fo$(OBJ_D)\set_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\set_key.c
 
 $(OBJ_D)\ecb_enc.obj: $(SRC_D)\crypto\des\ecb_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb_enc.c
-
-$(OBJ_D)\ede_enc.obj: $(SRC_D)\crypto\des\ede_enc.c
-	$(CC) /Fo$(OBJ_D)\ede_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ede_enc.c
+	$(CC) /Fo$(OBJ_D)\ecb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb_enc.c
 
 $(OBJ_D)\cbc_enc.obj: $(SRC_D)\crypto\des\cbc_enc.c
-	$(CC) /Fo$(OBJ_D)\cbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_enc.c
-
-$(OBJ_D)\cbc3_enc.obj: $(SRC_D)\crypto\des\cbc3_enc.c
-	$(CC) /Fo$(OBJ_D)\cbc3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc3_enc.c
+	$(CC) /Fo$(OBJ_D)\cbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_enc.c
 
 $(OBJ_D)\ecb3_enc.obj: $(SRC_D)\crypto\des\ecb3_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb3_enc.c
+	$(CC) /Fo$(OBJ_D)\ecb3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb3_enc.c
 
 $(OBJ_D)\cfb64enc.obj: $(SRC_D)\crypto\des\cfb64enc.c
-	$(CC) /Fo$(OBJ_D)\cfb64enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64enc.c
+	$(CC) /Fo$(OBJ_D)\cfb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64enc.c
 
 $(OBJ_D)\cfb64ede.obj: $(SRC_D)\crypto\des\cfb64ede.c
-	$(CC) /Fo$(OBJ_D)\cfb64ede.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64ede.c
+	$(CC) /Fo$(OBJ_D)\cfb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64ede.c
 
 $(OBJ_D)\cfb_enc.obj: $(SRC_D)\crypto\des\cfb_enc.c
-	$(CC) /Fo$(OBJ_D)\cfb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb_enc.c
+	$(CC) /Fo$(OBJ_D)\cfb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb_enc.c
 
 $(OBJ_D)\ofb64ede.obj: $(SRC_D)\crypto\des\ofb64ede.c
-	$(CC) /Fo$(OBJ_D)\ofb64ede.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64ede.c
+	$(CC) /Fo$(OBJ_D)\ofb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64ede.c
 
 $(OBJ_D)\enc_read.obj: $(SRC_D)\crypto\des\enc_read.c
-	$(CC) /Fo$(OBJ_D)\enc_read.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_read.c
+	$(CC) /Fo$(OBJ_D)\enc_read.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_read.c
 
 $(OBJ_D)\enc_writ.obj: $(SRC_D)\crypto\des\enc_writ.c
-	$(CC) /Fo$(OBJ_D)\enc_writ.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_writ.c
-
-$(OBJ_D)\ncbc_enc.obj: $(SRC_D)\crypto\des\ncbc_enc.c
-	$(CC) /Fo$(OBJ_D)\ncbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ncbc_enc.c
+	$(CC) /Fo$(OBJ_D)\enc_writ.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_writ.c
 
 $(OBJ_D)\ofb64enc.obj: $(SRC_D)\crypto\des\ofb64enc.c
-	$(CC) /Fo$(OBJ_D)\ofb64enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64enc.c
+	$(CC) /Fo$(OBJ_D)\ofb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64enc.c
 
 $(OBJ_D)\ofb_enc.obj: $(SRC_D)\crypto\des\ofb_enc.c
-	$(CC) /Fo$(OBJ_D)\ofb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb_enc.c
+	$(CC) /Fo$(OBJ_D)\ofb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb_enc.c
 
 $(OBJ_D)\str2key.obj: $(SRC_D)\crypto\des\str2key.c
-	$(CC) /Fo$(OBJ_D)\str2key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\str2key.c
+	$(CC) /Fo$(OBJ_D)\str2key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\str2key.c
 
 $(OBJ_D)\pcbc_enc.obj: $(SRC_D)\crypto\des\pcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\pcbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\pcbc_enc.c
+	$(CC) /Fo$(OBJ_D)\pcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\pcbc_enc.c
 
 $(OBJ_D)\qud_cksm.obj: $(SRC_D)\crypto\des\qud_cksm.c
-	$(CC) /Fo$(OBJ_D)\qud_cksm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\qud_cksm.c
+	$(CC) /Fo$(OBJ_D)\qud_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\qud_cksm.c
 
 $(OBJ_D)\rand_key.obj: $(SRC_D)\crypto\des\rand_key.c
-	$(CC) /Fo$(OBJ_D)\rand_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\rand_key.c
+	$(CC) /Fo$(OBJ_D)\rand_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rand_key.c
 
 $(OBJ_D)\des_enc.obj: $(SRC_D)\crypto\des\des_enc.c
-	$(CC) /Fo$(OBJ_D)\des_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\des_enc.c
+	$(CC) /Fo$(OBJ_D)\des_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\des_enc.c
 
 $(OBJ_D)\fcrypt_b.obj: $(SRC_D)\crypto\des\fcrypt_b.c
-	$(CC) /Fo$(OBJ_D)\fcrypt_b.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt_b.c
+	$(CC) /Fo$(OBJ_D)\fcrypt_b.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt_b.c
 
 $(OBJ_D)\read2pwd.obj: $(SRC_D)\crypto\des\read2pwd.c
-	$(CC) /Fo$(OBJ_D)\read2pwd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\read2pwd.c
+	$(CC) /Fo$(OBJ_D)\read2pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read2pwd.c
 
 $(OBJ_D)\fcrypt.obj: $(SRC_D)\crypto\des\fcrypt.c
-	$(CC) /Fo$(OBJ_D)\fcrypt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt.c
+	$(CC) /Fo$(OBJ_D)\fcrypt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt.c
 
 $(OBJ_D)\xcbc_enc.obj: $(SRC_D)\crypto\des\xcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\xcbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\xcbc_enc.c
+	$(CC) /Fo$(OBJ_D)\xcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\xcbc_enc.c
 
 $(OBJ_D)\read_pwd.obj: $(SRC_D)\crypto\des\read_pwd.c
-	$(CC) /Fo$(OBJ_D)\read_pwd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\read_pwd.c
+	$(CC) /Fo$(OBJ_D)\read_pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read_pwd.c
 
 $(OBJ_D)\rpc_enc.obj: $(SRC_D)\crypto\des\rpc_enc.c
-	$(CC) /Fo$(OBJ_D)\rpc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\rpc_enc.c
+	$(CC) /Fo$(OBJ_D)\rpc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rpc_enc.c
 
 $(OBJ_D)\cbc_cksm.obj: $(SRC_D)\crypto\des\cbc_cksm.c
-	$(CC) /Fo$(OBJ_D)\cbc_cksm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_cksm.c
+	$(CC) /Fo$(OBJ_D)\cbc_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_cksm.c
 
 $(OBJ_D)\supp.obj: $(SRC_D)\crypto\des\supp.c
-	$(CC) /Fo$(OBJ_D)\supp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\supp.c
-
-$(OBJ_D)\rc4_enc.obj: $(SRC_D)\crypto\rc4\rc4_enc.c
-	$(CC) /Fo$(OBJ_D)\rc4_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_enc.c
+	$(CC) /Fo$(OBJ_D)\supp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\supp.c
 
 $(OBJ_D)\rc2_ecb.obj: $(SRC_D)\crypto\rc2\rc2_ecb.c
-	$(CC) /Fo$(OBJ_D)\rc2_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_ecb.c
+	$(CC) /Fo$(OBJ_D)\rc2_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_ecb.c
 
 $(OBJ_D)\rc2_skey.obj: $(SRC_D)\crypto\rc2\rc2_skey.c
-	$(CC) /Fo$(OBJ_D)\rc2_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_skey.c
+	$(CC) /Fo$(OBJ_D)\rc2_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_skey.c
 
 $(OBJ_D)\rc2_cbc.obj: $(SRC_D)\crypto\rc2\rc2_cbc.c
-	$(CC) /Fo$(OBJ_D)\rc2_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_cbc.c
+	$(CC) /Fo$(OBJ_D)\rc2_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_cbc.c
 
 $(OBJ_D)\rc2cfb64.obj: $(SRC_D)\crypto\rc2\rc2cfb64.c
-	$(CC) /Fo$(OBJ_D)\rc2cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2cfb64.c
+	$(CC) /Fo$(OBJ_D)\rc2cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2cfb64.c
 
 $(OBJ_D)\rc2ofb64.obj: $(SRC_D)\crypto\rc2\rc2ofb64.c
-	$(CC) /Fo$(OBJ_D)\rc2ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2ofb64.c
+	$(CC) /Fo$(OBJ_D)\rc2ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2ofb64.c
+
+$(OBJ_D)\rc4_skey.obj: $(SRC_D)\crypto\rc4\rc4_skey.c
+	$(CC) /Fo$(OBJ_D)\rc4_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_skey.c
+
+$(OBJ_D)\rc4_enc.obj: $(SRC_D)\crypto\rc4\rc4_enc.c
+	$(CC) /Fo$(OBJ_D)\rc4_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_enc.c
+
+$(OBJ_D)\rc5_skey.obj: $(SRC_D)\crypto\rc5\rc5_skey.c
+	$(CC) /Fo$(OBJ_D)\rc5_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_skey.c
+
+$(OBJ_D)\rc5_ecb.obj: $(SRC_D)\crypto\rc5\rc5_ecb.c
+	$(CC) /Fo$(OBJ_D)\rc5_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_ecb.c
+
+$(OBJ_D)\rc5_enc.obj: $(SRC_D)\crypto\rc5\rc5_enc.c
+	$(CC) /Fo$(OBJ_D)\rc5_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_enc.c
+
+$(OBJ_D)\rc5cfb64.obj: $(SRC_D)\crypto\rc5\rc5cfb64.c
+	$(CC) /Fo$(OBJ_D)\rc5cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5cfb64.c
+
+$(OBJ_D)\rc5ofb64.obj: $(SRC_D)\crypto\rc5\rc5ofb64.c
+	$(CC) /Fo$(OBJ_D)\rc5ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5ofb64.c
 
 $(OBJ_D)\i_cbc.obj: $(SRC_D)\crypto\idea\i_cbc.c
-	$(CC) /Fo$(OBJ_D)\i_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cbc.c
+	$(CC) /Fo$(OBJ_D)\i_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cbc.c
 
 $(OBJ_D)\i_cfb64.obj: $(SRC_D)\crypto\idea\i_cfb64.c
-	$(CC) /Fo$(OBJ_D)\i_cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cfb64.c
+	$(CC) /Fo$(OBJ_D)\i_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cfb64.c
 
 $(OBJ_D)\i_ofb64.obj: $(SRC_D)\crypto\idea\i_ofb64.c
-	$(CC) /Fo$(OBJ_D)\i_ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ofb64.c
+	$(CC) /Fo$(OBJ_D)\i_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ofb64.c
 
 $(OBJ_D)\i_ecb.obj: $(SRC_D)\crypto\idea\i_ecb.c
-	$(CC) /Fo$(OBJ_D)\i_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ecb.c
+	$(CC) /Fo$(OBJ_D)\i_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ecb.c
 
 $(OBJ_D)\i_skey.obj: $(SRC_D)\crypto\idea\i_skey.c
-	$(CC) /Fo$(OBJ_D)\i_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_skey.c
+	$(CC) /Fo$(OBJ_D)\i_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_skey.c
 
 $(OBJ_D)\bf_skey.obj: $(SRC_D)\crypto\bf\bf_skey.c
-	$(CC) /Fo$(OBJ_D)\bf_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_skey.c
+	$(CC) /Fo$(OBJ_D)\bf_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_skey.c
 
 $(OBJ_D)\bf_ecb.obj: $(SRC_D)\crypto\bf\bf_ecb.c
-	$(CC) /Fo$(OBJ_D)\bf_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ecb.c
+	$(CC) /Fo$(OBJ_D)\bf_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ecb.c
 
 $(OBJ_D)\bf_enc.obj: $(SRC_D)\crypto\bf\bf_enc.c
-	$(CC) /Fo$(OBJ_D)\bf_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_enc.c
-
-$(OBJ_D)\bf_cbc.obj: $(SRC_D)\crypto\bf\bf_cbc.c
-	$(CC) /Fo$(OBJ_D)\bf_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cbc.c
+	$(CC) /Fo$(OBJ_D)\bf_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_enc.c
 
 $(OBJ_D)\bf_cfb64.obj: $(SRC_D)\crypto\bf\bf_cfb64.c
-	$(CC) /Fo$(OBJ_D)\bf_cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cfb64.c
+	$(CC) /Fo$(OBJ_D)\bf_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cfb64.c
 
 $(OBJ_D)\bf_ofb64.obj: $(SRC_D)\crypto\bf\bf_ofb64.c
-	$(CC) /Fo$(OBJ_D)\bf_ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ofb64.c
+	$(CC) /Fo$(OBJ_D)\bf_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ofb64.c
+
+$(OBJ_D)\c_skey.obj: $(SRC_D)\crypto\cast\c_skey.c
+	$(CC) /Fo$(OBJ_D)\c_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_skey.c
+
+$(OBJ_D)\c_ecb.obj: $(SRC_D)\crypto\cast\c_ecb.c
+	$(CC) /Fo$(OBJ_D)\c_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ecb.c
+
+$(OBJ_D)\c_enc.obj: $(SRC_D)\crypto\cast\c_enc.c
+	$(CC) /Fo$(OBJ_D)\c_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_enc.c
+
+$(OBJ_D)\c_cfb64.obj: $(SRC_D)\crypto\cast\c_cfb64.c
+	$(CC) /Fo$(OBJ_D)\c_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_cfb64.c
+
+$(OBJ_D)\c_ofb64.obj: $(SRC_D)\crypto\cast\c_ofb64.c
+	$(CC) /Fo$(OBJ_D)\c_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ofb64.c
 
 $(OBJ_D)\bn_add.obj: $(SRC_D)\crypto\bn\bn_add.c
-	$(CC) /Fo$(OBJ_D)\bn_add.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_add.c
+	$(CC) /Fo$(OBJ_D)\bn_add.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_add.c
 
 $(OBJ_D)\bn_div.obj: $(SRC_D)\crypto\bn\bn_div.c
-	$(CC) /Fo$(OBJ_D)\bn_div.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_div.c
+	$(CC) /Fo$(OBJ_D)\bn_div.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_div.c
 
 $(OBJ_D)\bn_exp.obj: $(SRC_D)\crypto\bn\bn_exp.c
-	$(CC) /Fo$(OBJ_D)\bn_exp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp.c
+	$(CC) /Fo$(OBJ_D)\bn_exp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp.c
 
 $(OBJ_D)\bn_lib.obj: $(SRC_D)\crypto\bn\bn_lib.c
-	$(CC) /Fo$(OBJ_D)\bn_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_lib.c
+	$(CC) /Fo$(OBJ_D)\bn_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_lib.c
 
 $(OBJ_D)\bn_mod.obj: $(SRC_D)\crypto\bn\bn_mod.c
-	$(CC) /Fo$(OBJ_D)\bn_mod.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mod.c
+	$(CC) /Fo$(OBJ_D)\bn_mod.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mod.c
 
 $(OBJ_D)\bn_mul.obj: $(SRC_D)\crypto\bn\bn_mul.c
-	$(CC) /Fo$(OBJ_D)\bn_mul.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mul.c
+	$(CC) /Fo$(OBJ_D)\bn_mul.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mul.c
 
 $(OBJ_D)\bn_print.obj: $(SRC_D)\crypto\bn\bn_print.c
-	$(CC) /Fo$(OBJ_D)\bn_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_print.c
+	$(CC) /Fo$(OBJ_D)\bn_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_print.c
 
 $(OBJ_D)\bn_rand.obj: $(SRC_D)\crypto\bn\bn_rand.c
-	$(CC) /Fo$(OBJ_D)\bn_rand.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_rand.c
+	$(CC) /Fo$(OBJ_D)\bn_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_rand.c
 
 $(OBJ_D)\bn_shift.obj: $(SRC_D)\crypto\bn\bn_shift.c
-	$(CC) /Fo$(OBJ_D)\bn_shift.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_shift.c
+	$(CC) /Fo$(OBJ_D)\bn_shift.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_shift.c
 
 $(OBJ_D)\bn_sub.obj: $(SRC_D)\crypto\bn\bn_sub.c
-	$(CC) /Fo$(OBJ_D)\bn_sub.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sub.c
+	$(CC) /Fo$(OBJ_D)\bn_sub.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sub.c
 
 $(OBJ_D)\bn_word.obj: $(SRC_D)\crypto\bn\bn_word.c
-	$(CC) /Fo$(OBJ_D)\bn_word.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_word.c
+	$(CC) /Fo$(OBJ_D)\bn_word.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_word.c
+
+$(OBJ_D)\bn_blind.obj: $(SRC_D)\crypto\bn\bn_blind.c
+	$(CC) /Fo$(OBJ_D)\bn_blind.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_blind.c
 
 $(OBJ_D)\bn_gcd.obj: $(SRC_D)\crypto\bn\bn_gcd.c
-	$(CC) /Fo$(OBJ_D)\bn_gcd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_gcd.c
+	$(CC) /Fo$(OBJ_D)\bn_gcd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_gcd.c
 
 $(OBJ_D)\bn_prime.obj: $(SRC_D)\crypto\bn\bn_prime.c
-	$(CC) /Fo$(OBJ_D)\bn_prime.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_prime.c
+	$(CC) /Fo$(OBJ_D)\bn_prime.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_prime.c
 
 $(OBJ_D)\bn_err.obj: $(SRC_D)\crypto\bn\bn_err.c
-	$(CC) /Fo$(OBJ_D)\bn_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_err.c
+	$(CC) /Fo$(OBJ_D)\bn_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_err.c
 
 $(OBJ_D)\bn_sqr.obj: $(SRC_D)\crypto\bn\bn_sqr.c
-	$(CC) /Fo$(OBJ_D)\bn_sqr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sqr.c
+	$(CC) /Fo$(OBJ_D)\bn_sqr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sqr.c
 
 $(OBJ_D)\bn_mulw.obj: $(SRC_D)\crypto\bn\bn_mulw.c
-	$(CC) /Fo$(OBJ_D)\bn_mulw.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mulw.c
+	$(CC) /Fo$(OBJ_D)\bn_mulw.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mulw.c
 
 $(OBJ_D)\bn_recp.obj: $(SRC_D)\crypto\bn\bn_recp.c
-	$(CC) /Fo$(OBJ_D)\bn_recp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_recp.c
+	$(CC) /Fo$(OBJ_D)\bn_recp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_recp.c
 
 $(OBJ_D)\bn_mont.obj: $(SRC_D)\crypto\bn\bn_mont.c
-	$(CC) /Fo$(OBJ_D)\bn_mont.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mont.c
+	$(CC) /Fo$(OBJ_D)\bn_mont.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mont.c
+
+$(OBJ_D)\bn_mpi.obj: $(SRC_D)\crypto\bn\bn_mpi.c
+	$(CC) /Fo$(OBJ_D)\bn_mpi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mpi.c
 
-$(OBJ_D)\rsa_enc.obj: $(SRC_D)\crypto\rsa\rsa_enc.c
-	$(CC) /Fo$(OBJ_D)\rsa_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_enc.c
+$(OBJ_D)\rsa_eay.obj: $(SRC_D)\crypto\rsa\rsa_eay.c
+	$(CC) /Fo$(OBJ_D)\rsa_eay.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_eay.c
 
 $(OBJ_D)\rsa_gen.obj: $(SRC_D)\crypto\rsa\rsa_gen.c
-	$(CC) /Fo$(OBJ_D)\rsa_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_gen.c
+	$(CC) /Fo$(OBJ_D)\rsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_gen.c
 
 $(OBJ_D)\rsa_lib.obj: $(SRC_D)\crypto\rsa\rsa_lib.c
-	$(CC) /Fo$(OBJ_D)\rsa_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_lib.c
+	$(CC) /Fo$(OBJ_D)\rsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_lib.c
 
 $(OBJ_D)\rsa_sign.obj: $(SRC_D)\crypto\rsa\rsa_sign.c
-	$(CC) /Fo$(OBJ_D)\rsa_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_sign.c
+	$(CC) /Fo$(OBJ_D)\rsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_sign.c
 
 $(OBJ_D)\rsa_saos.obj: $(SRC_D)\crypto\rsa\rsa_saos.c
-	$(CC) /Fo$(OBJ_D)\rsa_saos.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_saos.c
+	$(CC) /Fo$(OBJ_D)\rsa_saos.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_saos.c
 
 $(OBJ_D)\rsa_err.obj: $(SRC_D)\crypto\rsa\rsa_err.c
-	$(CC) /Fo$(OBJ_D)\rsa_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_err.c
+	$(CC) /Fo$(OBJ_D)\rsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_err.c
+
+$(OBJ_D)\rsa_pk1.obj: $(SRC_D)\crypto\rsa\rsa_pk1.c
+	$(CC) /Fo$(OBJ_D)\rsa_pk1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_pk1.c
+
+$(OBJ_D)\rsa_ssl.obj: $(SRC_D)\crypto\rsa\rsa_ssl.c
+	$(CC) /Fo$(OBJ_D)\rsa_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_ssl.c
+
+$(OBJ_D)\rsa_none.obj: $(SRC_D)\crypto\rsa\rsa_none.c
+	$(CC) /Fo$(OBJ_D)\rsa_none.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_none.c
 
 $(OBJ_D)\dsa_gen.obj: $(SRC_D)\crypto\dsa\dsa_gen.c
-	$(CC) /Fo$(OBJ_D)\dsa_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_gen.c
+	$(CC) /Fo$(OBJ_D)\dsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_gen.c
 
 $(OBJ_D)\dsa_key.obj: $(SRC_D)\crypto\dsa\dsa_key.c
-	$(CC) /Fo$(OBJ_D)\dsa_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_key.c
+	$(CC) /Fo$(OBJ_D)\dsa_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_key.c
 
 $(OBJ_D)\dsa_lib.obj: $(SRC_D)\crypto\dsa\dsa_lib.c
-	$(CC) /Fo$(OBJ_D)\dsa_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_lib.c
+	$(CC) /Fo$(OBJ_D)\dsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_lib.c
 
 $(OBJ_D)\dsa_vrf.obj: $(SRC_D)\crypto\dsa\dsa_vrf.c
-	$(CC) /Fo$(OBJ_D)\dsa_vrf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_vrf.c
+	$(CC) /Fo$(OBJ_D)\dsa_vrf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_vrf.c
 
 $(OBJ_D)\dsa_sign.obj: $(SRC_D)\crypto\dsa\dsa_sign.c
-	$(CC) /Fo$(OBJ_D)\dsa_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_sign.c
+	$(CC) /Fo$(OBJ_D)\dsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_sign.c
 
 $(OBJ_D)\dsa_err.obj: $(SRC_D)\crypto\dsa\dsa_err.c
-	$(CC) /Fo$(OBJ_D)\dsa_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_err.c
+	$(CC) /Fo$(OBJ_D)\dsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_err.c
 
 $(OBJ_D)\dh_gen.obj: $(SRC_D)\crypto\dh\dh_gen.c
-	$(CC) /Fo$(OBJ_D)\dh_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_gen.c
+	$(CC) /Fo$(OBJ_D)\dh_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_gen.c
 
 $(OBJ_D)\dh_key.obj: $(SRC_D)\crypto\dh\dh_key.c
-	$(CC) /Fo$(OBJ_D)\dh_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_key.c
+	$(CC) /Fo$(OBJ_D)\dh_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_key.c
 
 $(OBJ_D)\dh_lib.obj: $(SRC_D)\crypto\dh\dh_lib.c
-	$(CC) /Fo$(OBJ_D)\dh_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_lib.c
+	$(CC) /Fo$(OBJ_D)\dh_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_lib.c
 
 $(OBJ_D)\dh_check.obj: $(SRC_D)\crypto\dh\dh_check.c
-	$(CC) /Fo$(OBJ_D)\dh_check.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_check.c
+	$(CC) /Fo$(OBJ_D)\dh_check.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_check.c
 
 $(OBJ_D)\dh_err.obj: $(SRC_D)\crypto\dh\dh_err.c
-	$(CC) /Fo$(OBJ_D)\dh_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_err.c
+	$(CC) /Fo$(OBJ_D)\dh_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_err.c
 
 $(OBJ_D)\buffer.obj: $(SRC_D)\crypto\buffer\buffer.c
-	$(CC) /Fo$(OBJ_D)\buffer.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buffer.c
+	$(CC) /Fo$(OBJ_D)\buffer.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buffer.c
 
 $(OBJ_D)\buf_err.obj: $(SRC_D)\crypto\buffer\buf_err.c
-	$(CC) /Fo$(OBJ_D)\buf_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buf_err.c
+	$(CC) /Fo$(OBJ_D)\buf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buf_err.c
 
 $(OBJ_D)\bio_lib.obj: $(SRC_D)\crypto\bio\bio_lib.c
-	$(CC) /Fo$(OBJ_D)\bio_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_lib.c
+	$(CC) /Fo$(OBJ_D)\bio_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_lib.c
 
 $(OBJ_D)\bio_cb.obj: $(SRC_D)\crypto\bio\bio_cb.c
-	$(CC) /Fo$(OBJ_D)\bio_cb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_cb.c
+	$(CC) /Fo$(OBJ_D)\bio_cb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_cb.c
 
 $(OBJ_D)\bio_err.obj: $(SRC_D)\crypto\bio\bio_err.c
-	$(CC) /Fo$(OBJ_D)\bio_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_err.c
+	$(CC) /Fo$(OBJ_D)\bio_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_err.c
 
 $(OBJ_D)\bss_mem.obj: $(SRC_D)\crypto\bio\bss_mem.c
-	$(CC) /Fo$(OBJ_D)\bss_mem.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_mem.c
+	$(CC) /Fo$(OBJ_D)\bss_mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_mem.c
 
 $(OBJ_D)\bss_null.obj: $(SRC_D)\crypto\bio\bss_null.c
-	$(CC) /Fo$(OBJ_D)\bss_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_null.c
+	$(CC) /Fo$(OBJ_D)\bss_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_null.c
 
 $(OBJ_D)\bss_fd.obj: $(SRC_D)\crypto\bio\bss_fd.c
-	$(CC) /Fo$(OBJ_D)\bss_fd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_fd.c
+	$(CC) /Fo$(OBJ_D)\bss_fd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_fd.c
 
 $(OBJ_D)\bss_file.obj: $(SRC_D)\crypto\bio\bss_file.c
-	$(CC) /Fo$(OBJ_D)\bss_file.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_file.c
+	$(CC) /Fo$(OBJ_D)\bss_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_file.c
 
 $(OBJ_D)\bss_sock.obj: $(SRC_D)\crypto\bio\bss_sock.c
-	$(CC) /Fo$(OBJ_D)\bss_sock.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_sock.c
+	$(CC) /Fo$(OBJ_D)\bss_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_sock.c
 
 $(OBJ_D)\bss_conn.obj: $(SRC_D)\crypto\bio\bss_conn.c
-	$(CC) /Fo$(OBJ_D)\bss_conn.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_conn.c
+	$(CC) /Fo$(OBJ_D)\bss_conn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_conn.c
 
 $(OBJ_D)\bf_null.obj: $(SRC_D)\crypto\bio\bf_null.c
-	$(CC) /Fo$(OBJ_D)\bf_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_null.c
+	$(CC) /Fo$(OBJ_D)\bf_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_null.c
 
 $(OBJ_D)\bf_buff.obj: $(SRC_D)\crypto\bio\bf_buff.c
-	$(CC) /Fo$(OBJ_D)\bf_buff.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_buff.c
+	$(CC) /Fo$(OBJ_D)\bf_buff.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_buff.c
 
 $(OBJ_D)\b_print.obj: $(SRC_D)\crypto\bio\b_print.c
-	$(CC) /Fo$(OBJ_D)\b_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_print.c
+	$(CC) /Fo$(OBJ_D)\b_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_print.c
 
 $(OBJ_D)\b_dump.obj: $(SRC_D)\crypto\bio\b_dump.c
-	$(CC) /Fo$(OBJ_D)\b_dump.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_dump.c
+	$(CC) /Fo$(OBJ_D)\b_dump.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_dump.c
 
 $(OBJ_D)\b_sock.obj: $(SRC_D)\crypto\bio\b_sock.c
-	$(CC) /Fo$(OBJ_D)\b_sock.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_sock.c
+	$(CC) /Fo$(OBJ_D)\b_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_sock.c
 
 $(OBJ_D)\bss_acpt.obj: $(SRC_D)\crypto\bio\bss_acpt.c
-	$(CC) /Fo$(OBJ_D)\bss_acpt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_acpt.c
+	$(CC) /Fo$(OBJ_D)\bss_acpt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_acpt.c
 
 $(OBJ_D)\bf_nbio.obj: $(SRC_D)\crypto\bio\bf_nbio.c
-	$(CC) /Fo$(OBJ_D)\bf_nbio.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_nbio.c
+	$(CC) /Fo$(OBJ_D)\bf_nbio.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_nbio.c
 
 $(OBJ_D)\stack.obj: $(SRC_D)\crypto\stack\stack.c
-	$(CC) /Fo$(OBJ_D)\stack.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\stack\stack.c
+	$(CC) /Fo$(OBJ_D)\stack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\stack\stack.c
 
 $(OBJ_D)\lhash.obj: $(SRC_D)\crypto\lhash\lhash.c
-	$(CC) /Fo$(OBJ_D)\lhash.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lhash.c
+	$(CC) /Fo$(OBJ_D)\lhash.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lhash.c
 
 $(OBJ_D)\lh_stats.obj: $(SRC_D)\crypto\lhash\lh_stats.c
-	$(CC) /Fo$(OBJ_D)\lh_stats.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lh_stats.c
+	$(CC) /Fo$(OBJ_D)\lh_stats.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lh_stats.c
 
 $(OBJ_D)\md_rand.obj: $(SRC_D)\crypto\rand\md_rand.c
-	$(CC) /Fo$(OBJ_D)\md_rand.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rand\md_rand.c
+	$(CC) /Fo$(OBJ_D)\md_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\md_rand.c
 
 $(OBJ_D)\randfile.obj: $(SRC_D)\crypto\rand\randfile.c
-	$(CC) /Fo$(OBJ_D)\randfile.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rand\randfile.c
+	$(CC) /Fo$(OBJ_D)\randfile.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\randfile.c
 
 $(OBJ_D)\err.obj: $(SRC_D)\crypto\err\err.c
-	$(CC) /Fo$(OBJ_D)\err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err.c
+	$(CC) /Fo$(OBJ_D)\err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err.c
 
 $(OBJ_D)\err_all.obj: $(SRC_D)\crypto\err\err_all.c
-	$(CC) /Fo$(OBJ_D)\err_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err_all.c
+	$(CC) /Fo$(OBJ_D)\err_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_all.c
 
 $(OBJ_D)\err_prn.obj: $(SRC_D)\crypto\err\err_prn.c
-	$(CC) /Fo$(OBJ_D)\err_prn.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err_prn.c
+	$(CC) /Fo$(OBJ_D)\err_prn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_prn.c
 
 $(OBJ_D)\obj_dat.obj: $(SRC_D)\crypto\objects\obj_dat.c
-	$(CC) /Fo$(OBJ_D)\obj_dat.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_dat.c
+	$(CC) /Fo$(OBJ_D)\obj_dat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_dat.c
 
 $(OBJ_D)\obj_lib.obj: $(SRC_D)\crypto\objects\obj_lib.c
-	$(CC) /Fo$(OBJ_D)\obj_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_lib.c
+	$(CC) /Fo$(OBJ_D)\obj_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_lib.c
 
 $(OBJ_D)\obj_err.obj: $(SRC_D)\crypto\objects\obj_err.c
-	$(CC) /Fo$(OBJ_D)\obj_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_err.c
+	$(CC) /Fo$(OBJ_D)\obj_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_err.c
 
 $(OBJ_D)\encode.obj: $(SRC_D)\crypto\evp\encode.c
-	$(CC) /Fo$(OBJ_D)\encode.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\encode.c
+	$(CC) /Fo$(OBJ_D)\encode.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\encode.c
 
 $(OBJ_D)\digest.obj: $(SRC_D)\crypto\evp\digest.c
-	$(CC) /Fo$(OBJ_D)\digest.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\digest.c
+	$(CC) /Fo$(OBJ_D)\digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\digest.c
 
 $(OBJ_D)\evp_enc.obj: $(SRC_D)\crypto\evp\evp_enc.c
-	$(CC) /Fo$(OBJ_D)\evp_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_enc.c
+	$(CC) /Fo$(OBJ_D)\evp_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_enc.c
 
 $(OBJ_D)\evp_key.obj: $(SRC_D)\crypto\evp\evp_key.c
-	$(CC) /Fo$(OBJ_D)\evp_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_key.c
+	$(CC) /Fo$(OBJ_D)\evp_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_key.c
 
 $(OBJ_D)\e_ecb_d.obj: $(SRC_D)\crypto\evp\e_ecb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_d.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_d.c
 
 $(OBJ_D)\e_cbc_d.obj: $(SRC_D)\crypto\evp\e_cbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_d.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_d.c
 
 $(OBJ_D)\e_cfb_d.obj: $(SRC_D)\crypto\evp\e_cfb_d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_d.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_d.c
 
 $(OBJ_D)\e_ofb_d.obj: $(SRC_D)\crypto\evp\e_ofb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_d.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_d.c
 
 $(OBJ_D)\e_ecb_i.obj: $(SRC_D)\crypto\evp\e_ecb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_i.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_i.c
 
 $(OBJ_D)\e_cbc_i.obj: $(SRC_D)\crypto\evp\e_cbc_i.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_i.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_i.c
 
 $(OBJ_D)\e_cfb_i.obj: $(SRC_D)\crypto\evp\e_cfb_i.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_i.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_i.c
 
 $(OBJ_D)\e_ofb_i.obj: $(SRC_D)\crypto\evp\e_ofb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_i.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_i.c
 
 $(OBJ_D)\e_ecb_3d.obj: $(SRC_D)\crypto\evp\e_ecb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_3d.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_3d.c
 
 $(OBJ_D)\e_cbc_3d.obj: $(SRC_D)\crypto\evp\e_cbc_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_3d.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_3d.c
 
 $(OBJ_D)\e_rc4.obj: $(SRC_D)\crypto\evp\e_rc4.c
-	$(CC) /Fo$(OBJ_D)\e_rc4.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_rc4.c
+	$(CC) /Fo$(OBJ_D)\e_rc4.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_rc4.c
 
 $(OBJ_D)\names.obj: $(SRC_D)\crypto\evp\names.c
-	$(CC) /Fo$(OBJ_D)\names.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\names.c
+	$(CC) /Fo$(OBJ_D)\names.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\names.c
 
 $(OBJ_D)\e_cfb_3d.obj: $(SRC_D)\crypto\evp\e_cfb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_3d.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_3d.c
 
 $(OBJ_D)\e_ofb_3d.obj: $(SRC_D)\crypto\evp\e_ofb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_3d.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_3d.c
 
 $(OBJ_D)\e_xcbc_d.obj: $(SRC_D)\crypto\evp\e_xcbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_xcbc_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_xcbc_d.c
+	$(CC) /Fo$(OBJ_D)\e_xcbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_xcbc_d.c
 
 $(OBJ_D)\e_ecb_r2.obj: $(SRC_D)\crypto\evp\e_ecb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r2.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r2.c
 
 $(OBJ_D)\e_cbc_r2.obj: $(SRC_D)\crypto\evp\e_cbc_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r2.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r2.c
 
 $(OBJ_D)\e_cfb_r2.obj: $(SRC_D)\crypto\evp\e_cfb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r2.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r2.c
 
 $(OBJ_D)\e_ofb_r2.obj: $(SRC_D)\crypto\evp\e_ofb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r2.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r2.c
 
 $(OBJ_D)\e_ecb_bf.obj: $(SRC_D)\crypto\evp\e_ecb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_bf.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_bf.c
 
 $(OBJ_D)\e_cbc_bf.obj: $(SRC_D)\crypto\evp\e_cbc_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_bf.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_bf.c
 
 $(OBJ_D)\e_cfb_bf.obj: $(SRC_D)\crypto\evp\e_cfb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_bf.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_bf.c
 
 $(OBJ_D)\e_ofb_bf.obj: $(SRC_D)\crypto\evp\e_ofb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_bf.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_bf.c
+
+$(OBJ_D)\e_ecb_c.obj: $(SRC_D)\crypto\evp\e_ecb_c.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_c.c
+
+$(OBJ_D)\e_cbc_c.obj: $(SRC_D)\crypto\evp\e_cbc_c.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_c.c
+
+$(OBJ_D)\e_cfb_c.obj: $(SRC_D)\crypto\evp\e_cfb_c.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_c.c
+
+$(OBJ_D)\e_ofb_c.obj: $(SRC_D)\crypto\evp\e_ofb_c.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_c.c
+
+$(OBJ_D)\e_ecb_r5.obj: $(SRC_D)\crypto\evp\e_ecb_r5.c
+	$(CC) /Fo$(OBJ_D)\e_ecb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r5.c
+
+$(OBJ_D)\e_cbc_r5.obj: $(SRC_D)\crypto\evp\e_cbc_r5.c
+	$(CC) /Fo$(OBJ_D)\e_cbc_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r5.c
+
+$(OBJ_D)\e_cfb_r5.obj: $(SRC_D)\crypto\evp\e_cfb_r5.c
+	$(CC) /Fo$(OBJ_D)\e_cfb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r5.c
+
+$(OBJ_D)\e_ofb_r5.obj: $(SRC_D)\crypto\evp\e_ofb_r5.c
+	$(CC) /Fo$(OBJ_D)\e_ofb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r5.c
 
 $(OBJ_D)\m_null.obj: $(SRC_D)\crypto\evp\m_null.c
-	$(CC) /Fo$(OBJ_D)\m_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_null.c
+	$(CC) /Fo$(OBJ_D)\m_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_null.c
 
 $(OBJ_D)\m_md2.obj: $(SRC_D)\crypto\evp\m_md2.c
-	$(CC) /Fo$(OBJ_D)\m_md2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md2.c
+	$(CC) /Fo$(OBJ_D)\m_md2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md2.c
 
 $(OBJ_D)\m_md5.obj: $(SRC_D)\crypto\evp\m_md5.c
-	$(CC) /Fo$(OBJ_D)\m_md5.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md5.c
+	$(CC) /Fo$(OBJ_D)\m_md5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md5.c
 
 $(OBJ_D)\m_sha.obj: $(SRC_D)\crypto\evp\m_sha.c
-	$(CC) /Fo$(OBJ_D)\m_sha.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha.c
+	$(CC) /Fo$(OBJ_D)\m_sha.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha.c
 
 $(OBJ_D)\m_sha1.obj: $(SRC_D)\crypto\evp\m_sha1.c
-	$(CC) /Fo$(OBJ_D)\m_sha1.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha1.c
+	$(CC) /Fo$(OBJ_D)\m_sha1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha1.c
 
 $(OBJ_D)\m_dss.obj: $(SRC_D)\crypto\evp\m_dss.c
-	$(CC) /Fo$(OBJ_D)\m_dss.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss.c
+	$(CC) /Fo$(OBJ_D)\m_dss.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss.c
 
 $(OBJ_D)\m_dss1.obj: $(SRC_D)\crypto\evp\m_dss1.c
-	$(CC) /Fo$(OBJ_D)\m_dss1.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss1.c
+	$(CC) /Fo$(OBJ_D)\m_dss1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss1.c
 
 $(OBJ_D)\m_mdc2.obj: $(SRC_D)\crypto\evp\m_mdc2.c
-	$(CC) /Fo$(OBJ_D)\m_mdc2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_mdc2.c
+	$(CC) /Fo$(OBJ_D)\m_mdc2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_mdc2.c
+
+$(OBJ_D)\m_ripemd.obj: $(SRC_D)\crypto\evp\m_ripemd.c
+	$(CC) /Fo$(OBJ_D)\m_ripemd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_ripemd.c
 
 $(OBJ_D)\p_open.obj: $(SRC_D)\crypto\evp\p_open.c
-	$(CC) /Fo$(OBJ_D)\p_open.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_open.c
+	$(CC) /Fo$(OBJ_D)\p_open.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_open.c
 
 $(OBJ_D)\p_seal.obj: $(SRC_D)\crypto\evp\p_seal.c
-	$(CC) /Fo$(OBJ_D)\p_seal.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_seal.c
+	$(CC) /Fo$(OBJ_D)\p_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_seal.c
 
 $(OBJ_D)\p_sign.obj: $(SRC_D)\crypto\evp\p_sign.c
-	$(CC) /Fo$(OBJ_D)\p_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_sign.c
+	$(CC) /Fo$(OBJ_D)\p_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_sign.c
 
 $(OBJ_D)\p_verify.obj: $(SRC_D)\crypto\evp\p_verify.c
-	$(CC) /Fo$(OBJ_D)\p_verify.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_verify.c
+	$(CC) /Fo$(OBJ_D)\p_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_verify.c
 
 $(OBJ_D)\p_lib.obj: $(SRC_D)\crypto\evp\p_lib.c
-	$(CC) /Fo$(OBJ_D)\p_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_lib.c
+	$(CC) /Fo$(OBJ_D)\p_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_lib.c
+
+$(OBJ_D)\p_enc.obj: $(SRC_D)\crypto\evp\p_enc.c
+	$(CC) /Fo$(OBJ_D)\p_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_enc.c
+
+$(OBJ_D)\p_dec.obj: $(SRC_D)\crypto\evp\p_dec.c
+	$(CC) /Fo$(OBJ_D)\p_dec.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_dec.c
 
 $(OBJ_D)\bio_md.obj: $(SRC_D)\crypto\evp\bio_md.c
-	$(CC) /Fo$(OBJ_D)\bio_md.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_md.c
+	$(CC) /Fo$(OBJ_D)\bio_md.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_md.c
 
 $(OBJ_D)\bio_b64.obj: $(SRC_D)\crypto\evp\bio_b64.c
-	$(CC) /Fo$(OBJ_D)\bio_b64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_b64.c
+	$(CC) /Fo$(OBJ_D)\bio_b64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_b64.c
 
 $(OBJ_D)\bio_enc.obj: $(SRC_D)\crypto\evp\bio_enc.c
-	$(CC) /Fo$(OBJ_D)\bio_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_enc.c
+	$(CC) /Fo$(OBJ_D)\bio_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_enc.c
 
 $(OBJ_D)\evp_err.obj: $(SRC_D)\crypto\evp\evp_err.c
-	$(CC) /Fo$(OBJ_D)\evp_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_err.c
+	$(CC) /Fo$(OBJ_D)\evp_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_err.c
 
 $(OBJ_D)\e_null.obj: $(SRC_D)\crypto\evp\e_null.c
-	$(CC) /Fo$(OBJ_D)\e_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_null.c
+	$(CC) /Fo$(OBJ_D)\e_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_null.c
 
 $(OBJ_D)\c_all.obj: $(SRC_D)\crypto\evp\c_all.c
-	$(CC) /Fo$(OBJ_D)\c_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\c_all.c
+	$(CC) /Fo$(OBJ_D)\c_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\c_all.c
+
+$(OBJ_D)\evp_lib.obj: $(SRC_D)\crypto\evp\evp_lib.c
+	$(CC) /Fo$(OBJ_D)\evp_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_lib.c
 
 $(OBJ_D)\pem_sign.obj: $(SRC_D)\crypto\pem\pem_sign.c
-	$(CC) /Fo$(OBJ_D)\pem_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_sign.c
+	$(CC) /Fo$(OBJ_D)\pem_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_sign.c
 
 $(OBJ_D)\pem_seal.obj: $(SRC_D)\crypto\pem\pem_seal.c
-	$(CC) /Fo$(OBJ_D)\pem_seal.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_seal.c
+	$(CC) /Fo$(OBJ_D)\pem_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_seal.c
 
 $(OBJ_D)\pem_info.obj: $(SRC_D)\crypto\pem\pem_info.c
-	$(CC) /Fo$(OBJ_D)\pem_info.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_info.c
+	$(CC) /Fo$(OBJ_D)\pem_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_info.c
 
 $(OBJ_D)\pem_lib.obj: $(SRC_D)\crypto\pem\pem_lib.c
-	$(CC) /Fo$(OBJ_D)\pem_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_lib.c
+	$(CC) /Fo$(OBJ_D)\pem_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_lib.c
 
 $(OBJ_D)\pem_all.obj: $(SRC_D)\crypto\pem\pem_all.c
-	$(CC) /Fo$(OBJ_D)\pem_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_all.c
+	$(CC) /Fo$(OBJ_D)\pem_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_all.c
 
 $(OBJ_D)\pem_err.obj: $(SRC_D)\crypto\pem\pem_err.c
-	$(CC) /Fo$(OBJ_D)\pem_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_err.c
+	$(CC) /Fo$(OBJ_D)\pem_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_err.c
 
 $(OBJ_D)\a_object.obj: $(SRC_D)\crypto\asn1\a_object.c
-	$(CC) /Fo$(OBJ_D)\a_object.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_object.c
+	$(CC) /Fo$(OBJ_D)\a_object.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_object.c
 
 $(OBJ_D)\a_bitstr.obj: $(SRC_D)\crypto\asn1\a_bitstr.c
-	$(CC) /Fo$(OBJ_D)\a_bitstr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bitstr.c
+	$(CC) /Fo$(OBJ_D)\a_bitstr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bitstr.c
 
 $(OBJ_D)\a_utctm.obj: $(SRC_D)\crypto\asn1\a_utctm.c
-	$(CC) /Fo$(OBJ_D)\a_utctm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_utctm.c
+	$(CC) /Fo$(OBJ_D)\a_utctm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_utctm.c
 
 $(OBJ_D)\a_int.obj: $(SRC_D)\crypto\asn1\a_int.c
-	$(CC) /Fo$(OBJ_D)\a_int.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_int.c
+	$(CC) /Fo$(OBJ_D)\a_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_int.c
 
 $(OBJ_D)\a_octet.obj: $(SRC_D)\crypto\asn1\a_octet.c
-	$(CC) /Fo$(OBJ_D)\a_octet.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_octet.c
+	$(CC) /Fo$(OBJ_D)\a_octet.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_octet.c
 
 $(OBJ_D)\a_print.obj: $(SRC_D)\crypto\asn1\a_print.c
-	$(CC) /Fo$(OBJ_D)\a_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_print.c
+	$(CC) /Fo$(OBJ_D)\a_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_print.c
 
 $(OBJ_D)\a_type.obj: $(SRC_D)\crypto\asn1\a_type.c
-	$(CC) /Fo$(OBJ_D)\a_type.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_type.c
+	$(CC) /Fo$(OBJ_D)\a_type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_type.c
 
 $(OBJ_D)\a_set.obj: $(SRC_D)\crypto\asn1\a_set.c
-	$(CC) /Fo$(OBJ_D)\a_set.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_set.c
+	$(CC) /Fo$(OBJ_D)\a_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_set.c
 
 $(OBJ_D)\a_dup.obj: $(SRC_D)\crypto\asn1\a_dup.c
-	$(CC) /Fo$(OBJ_D)\a_dup.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_dup.c
+	$(CC) /Fo$(OBJ_D)\a_dup.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_dup.c
 
 $(OBJ_D)\a_d2i_fp.obj: $(SRC_D)\crypto\asn1\a_d2i_fp.c
-	$(CC) /Fo$(OBJ_D)\a_d2i_fp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_d2i_fp.c
+	$(CC) /Fo$(OBJ_D)\a_d2i_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_d2i_fp.c
 
 $(OBJ_D)\a_i2d_fp.obj: $(SRC_D)\crypto\asn1\a_i2d_fp.c
-	$(CC) /Fo$(OBJ_D)\a_i2d_fp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_i2d_fp.c
+	$(CC) /Fo$(OBJ_D)\a_i2d_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_i2d_fp.c
 
 $(OBJ_D)\a_sign.obj: $(SRC_D)\crypto\asn1\a_sign.c
-	$(CC) /Fo$(OBJ_D)\a_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_sign.c
+	$(CC) /Fo$(OBJ_D)\a_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_sign.c
 
 $(OBJ_D)\a_digest.obj: $(SRC_D)\crypto\asn1\a_digest.c
-	$(CC) /Fo$(OBJ_D)\a_digest.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_digest.c
+	$(CC) /Fo$(OBJ_D)\a_digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_digest.c
 
 $(OBJ_D)\a_verify.obj: $(SRC_D)\crypto\asn1\a_verify.c
-	$(CC) /Fo$(OBJ_D)\a_verify.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_verify.c
+	$(CC) /Fo$(OBJ_D)\a_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_verify.c
 
 $(OBJ_D)\x_algor.obj: $(SRC_D)\crypto\asn1\x_algor.c
-	$(CC) /Fo$(OBJ_D)\x_algor.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_algor.c
+	$(CC) /Fo$(OBJ_D)\x_algor.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_algor.c
 
 $(OBJ_D)\x_val.obj: $(SRC_D)\crypto\asn1\x_val.c
-	$(CC) /Fo$(OBJ_D)\x_val.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_val.c
+	$(CC) /Fo$(OBJ_D)\x_val.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_val.c
 
 $(OBJ_D)\x_pubkey.obj: $(SRC_D)\crypto\asn1\x_pubkey.c
-	$(CC) /Fo$(OBJ_D)\x_pubkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pubkey.c
+	$(CC) /Fo$(OBJ_D)\x_pubkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pubkey.c
 
 $(OBJ_D)\x_sig.obj: $(SRC_D)\crypto\asn1\x_sig.c
-	$(CC) /Fo$(OBJ_D)\x_sig.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_sig.c
+	$(CC) /Fo$(OBJ_D)\x_sig.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_sig.c
 
 $(OBJ_D)\x_req.obj: $(SRC_D)\crypto\asn1\x_req.c
-	$(CC) /Fo$(OBJ_D)\x_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_req.c
+	$(CC) /Fo$(OBJ_D)\x_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_req.c
 
 $(OBJ_D)\x_attrib.obj: $(SRC_D)\crypto\asn1\x_attrib.c
-	$(CC) /Fo$(OBJ_D)\x_attrib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_attrib.c
+	$(CC) /Fo$(OBJ_D)\x_attrib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_attrib.c
 
 $(OBJ_D)\x_name.obj: $(SRC_D)\crypto\asn1\x_name.c
-	$(CC) /Fo$(OBJ_D)\x_name.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_name.c
+	$(CC) /Fo$(OBJ_D)\x_name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_name.c
 
 $(OBJ_D)\x_cinf.obj: $(SRC_D)\crypto\asn1\x_cinf.c
-	$(CC) /Fo$(OBJ_D)\x_cinf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_cinf.c
+	$(CC) /Fo$(OBJ_D)\x_cinf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_cinf.c
 
 $(OBJ_D)\x_x509.obj: $(SRC_D)\crypto\asn1\x_x509.c
-	$(CC) /Fo$(OBJ_D)\x_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_x509.c
+	$(CC) /Fo$(OBJ_D)\x_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_x509.c
 
 $(OBJ_D)\x_crl.obj: $(SRC_D)\crypto\asn1\x_crl.c
-	$(CC) /Fo$(OBJ_D)\x_crl.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_crl.c
+	$(CC) /Fo$(OBJ_D)\x_crl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_crl.c
 
 $(OBJ_D)\x_info.obj: $(SRC_D)\crypto\asn1\x_info.c
-	$(CC) /Fo$(OBJ_D)\x_info.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_info.c
+	$(CC) /Fo$(OBJ_D)\x_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_info.c
 
 $(OBJ_D)\x_spki.obj: $(SRC_D)\crypto\asn1\x_spki.c
-	$(CC) /Fo$(OBJ_D)\x_spki.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_spki.c
+	$(CC) /Fo$(OBJ_D)\x_spki.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_spki.c
 
 $(OBJ_D)\d2i_r_pr.obj: $(SRC_D)\crypto\asn1\d2i_r_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pr.c
+	$(CC) /Fo$(OBJ_D)\d2i_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pr.c
 
 $(OBJ_D)\i2d_r_pr.obj: $(SRC_D)\crypto\asn1\i2d_r_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pr.c
+	$(CC) /Fo$(OBJ_D)\i2d_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pr.c
 
 $(OBJ_D)\d2i_r_pu.obj: $(SRC_D)\crypto\asn1\d2i_r_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pu.c
+	$(CC) /Fo$(OBJ_D)\d2i_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pu.c
 
 $(OBJ_D)\i2d_r_pu.obj: $(SRC_D)\crypto\asn1\i2d_r_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pu.c
+	$(CC) /Fo$(OBJ_D)\i2d_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pu.c
 
 $(OBJ_D)\d2i_s_pr.obj: $(SRC_D)\crypto\asn1\d2i_s_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pr.c
+	$(CC) /Fo$(OBJ_D)\d2i_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pr.c
 
 $(OBJ_D)\i2d_s_pr.obj: $(SRC_D)\crypto\asn1\i2d_s_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pr.c
+	$(CC) /Fo$(OBJ_D)\i2d_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pr.c
 
 $(OBJ_D)\d2i_s_pu.obj: $(SRC_D)\crypto\asn1\d2i_s_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pu.c
+	$(CC) /Fo$(OBJ_D)\d2i_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pu.c
 
 $(OBJ_D)\i2d_s_pu.obj: $(SRC_D)\crypto\asn1\i2d_s_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pu.c
+	$(CC) /Fo$(OBJ_D)\i2d_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pu.c
 
 $(OBJ_D)\d2i_pu.obj: $(SRC_D)\crypto\asn1\d2i_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pu.c
+	$(CC) /Fo$(OBJ_D)\d2i_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pu.c
 
 $(OBJ_D)\d2i_pr.obj: $(SRC_D)\crypto\asn1\d2i_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pr.c
+	$(CC) /Fo$(OBJ_D)\d2i_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pr.c
 
 $(OBJ_D)\i2d_pu.obj: $(SRC_D)\crypto\asn1\i2d_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pu.c
+	$(CC) /Fo$(OBJ_D)\i2d_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pu.c
 
 $(OBJ_D)\i2d_pr.obj: $(SRC_D)\crypto\asn1\i2d_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pr.c
+	$(CC) /Fo$(OBJ_D)\i2d_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pr.c
 
 $(OBJ_D)\t_req.obj: $(SRC_D)\crypto\asn1\t_req.c
-	$(CC) /Fo$(OBJ_D)\t_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_req.c
+	$(CC) /Fo$(OBJ_D)\t_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_req.c
 
 $(OBJ_D)\t_x509.obj: $(SRC_D)\crypto\asn1\t_x509.c
-	$(CC) /Fo$(OBJ_D)\t_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_x509.c
+	$(CC) /Fo$(OBJ_D)\t_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_x509.c
 
 $(OBJ_D)\t_pkey.obj: $(SRC_D)\crypto\asn1\t_pkey.c
-	$(CC) /Fo$(OBJ_D)\t_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_pkey.c
+	$(CC) /Fo$(OBJ_D)\t_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_pkey.c
 
 $(OBJ_D)\p7_i_s.obj: $(SRC_D)\crypto\asn1\p7_i_s.c
-	$(CC) /Fo$(OBJ_D)\p7_i_s.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_i_s.c
+	$(CC) /Fo$(OBJ_D)\p7_i_s.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_i_s.c
 
 $(OBJ_D)\p7_signi.obj: $(SRC_D)\crypto\asn1\p7_signi.c
-	$(CC) /Fo$(OBJ_D)\p7_signi.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signi.c
+	$(CC) /Fo$(OBJ_D)\p7_signi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signi.c
 
 $(OBJ_D)\p7_signd.obj: $(SRC_D)\crypto\asn1\p7_signd.c
-	$(CC) /Fo$(OBJ_D)\p7_signd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signd.c
+	$(CC) /Fo$(OBJ_D)\p7_signd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signd.c
 
 $(OBJ_D)\p7_recip.obj: $(SRC_D)\crypto\asn1\p7_recip.c
-	$(CC) /Fo$(OBJ_D)\p7_recip.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_recip.c
+	$(CC) /Fo$(OBJ_D)\p7_recip.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_recip.c
 
 $(OBJ_D)\p7_enc_c.obj: $(SRC_D)\crypto\asn1\p7_enc_c.c
-	$(CC) /Fo$(OBJ_D)\p7_enc_c.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc_c.c
+	$(CC) /Fo$(OBJ_D)\p7_enc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc_c.c
 
 $(OBJ_D)\p7_evp.obj: $(SRC_D)\crypto\asn1\p7_evp.c
-	$(CC) /Fo$(OBJ_D)\p7_evp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_evp.c
+	$(CC) /Fo$(OBJ_D)\p7_evp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_evp.c
 
 $(OBJ_D)\p7_dgst.obj: $(SRC_D)\crypto\asn1\p7_dgst.c
-	$(CC) /Fo$(OBJ_D)\p7_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_dgst.c
+	$(CC) /Fo$(OBJ_D)\p7_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_dgst.c
 
 $(OBJ_D)\p7_s_e.obj: $(SRC_D)\crypto\asn1\p7_s_e.c
-	$(CC) /Fo$(OBJ_D)\p7_s_e.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_s_e.c
+	$(CC) /Fo$(OBJ_D)\p7_s_e.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_s_e.c
 
 $(OBJ_D)\p7_enc.obj: $(SRC_D)\crypto\asn1\p7_enc.c
-	$(CC) /Fo$(OBJ_D)\p7_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc.c
+	$(CC) /Fo$(OBJ_D)\p7_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc.c
 
 $(OBJ_D)\p7_lib.obj: $(SRC_D)\crypto\asn1\p7_lib.c
-	$(CC) /Fo$(OBJ_D)\p7_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_lib.c
+	$(CC) /Fo$(OBJ_D)\p7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_lib.c
 
 $(OBJ_D)\f_int.obj: $(SRC_D)\crypto\asn1\f_int.c
-	$(CC) /Fo$(OBJ_D)\f_int.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_int.c
+	$(CC) /Fo$(OBJ_D)\f_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_int.c
 
 $(OBJ_D)\f_string.obj: $(SRC_D)\crypto\asn1\f_string.c
-	$(CC) /Fo$(OBJ_D)\f_string.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_string.c
+	$(CC) /Fo$(OBJ_D)\f_string.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_string.c
 
 $(OBJ_D)\i2d_dhp.obj: $(SRC_D)\crypto\asn1\i2d_dhp.c
-	$(CC) /Fo$(OBJ_D)\i2d_dhp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dhp.c
+	$(CC) /Fo$(OBJ_D)\i2d_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dhp.c
 
 $(OBJ_D)\i2d_dsap.obj: $(SRC_D)\crypto\asn1\i2d_dsap.c
-	$(CC) /Fo$(OBJ_D)\i2d_dsap.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dsap.c
+	$(CC) /Fo$(OBJ_D)\i2d_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dsap.c
 
 $(OBJ_D)\d2i_dhp.obj: $(SRC_D)\crypto\asn1\d2i_dhp.c
-	$(CC) /Fo$(OBJ_D)\d2i_dhp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dhp.c
+	$(CC) /Fo$(OBJ_D)\d2i_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dhp.c
 
 $(OBJ_D)\d2i_dsap.obj: $(SRC_D)\crypto\asn1\d2i_dsap.c
-	$(CC) /Fo$(OBJ_D)\d2i_dsap.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dsap.c
+	$(CC) /Fo$(OBJ_D)\d2i_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dsap.c
 
 $(OBJ_D)\n_pkey.obj: $(SRC_D)\crypto\asn1\n_pkey.c
-	$(CC) /Fo$(OBJ_D)\n_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\n_pkey.c
+	$(CC) /Fo$(OBJ_D)\n_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\n_pkey.c
 
 $(OBJ_D)\a_hdr.obj: $(SRC_D)\crypto\asn1\a_hdr.c
-	$(CC) /Fo$(OBJ_D)\a_hdr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_hdr.c
+	$(CC) /Fo$(OBJ_D)\a_hdr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_hdr.c
 
 $(OBJ_D)\x_pkey.obj: $(SRC_D)\crypto\asn1\x_pkey.c
-	$(CC) /Fo$(OBJ_D)\x_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pkey.c
+	$(CC) /Fo$(OBJ_D)\x_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pkey.c
 
 $(OBJ_D)\a_bool.obj: $(SRC_D)\crypto\asn1\a_bool.c
-	$(CC) /Fo$(OBJ_D)\a_bool.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bool.c
+	$(CC) /Fo$(OBJ_D)\a_bool.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bool.c
 
 $(OBJ_D)\x_exten.obj: $(SRC_D)\crypto\asn1\x_exten.c
-	$(CC) /Fo$(OBJ_D)\x_exten.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_exten.c
+	$(CC) /Fo$(OBJ_D)\x_exten.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_exten.c
 
 $(OBJ_D)\asn1_par.obj: $(SRC_D)\crypto\asn1\asn1_par.c
-	$(CC) /Fo$(OBJ_D)\asn1_par.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_par.c
+	$(CC) /Fo$(OBJ_D)\asn1_par.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_par.c
 
 $(OBJ_D)\asn1_lib.obj: $(SRC_D)\crypto\asn1\asn1_lib.c
-	$(CC) /Fo$(OBJ_D)\asn1_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_lib.c
+	$(CC) /Fo$(OBJ_D)\asn1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_lib.c
 
 $(OBJ_D)\asn1_err.obj: $(SRC_D)\crypto\asn1\asn1_err.c
-	$(CC) /Fo$(OBJ_D)\asn1_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_err.c
+	$(CC) /Fo$(OBJ_D)\asn1_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_err.c
 
 $(OBJ_D)\a_meth.obj: $(SRC_D)\crypto\asn1\a_meth.c
-	$(CC) /Fo$(OBJ_D)\a_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_meth.c
+	$(CC) /Fo$(OBJ_D)\a_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_meth.c
 
 $(OBJ_D)\a_bytes.obj: $(SRC_D)\crypto\asn1\a_bytes.c
-	$(CC) /Fo$(OBJ_D)\a_bytes.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bytes.c
+	$(CC) /Fo$(OBJ_D)\a_bytes.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bytes.c
+
+$(OBJ_D)\evp_asn1.obj: $(SRC_D)\crypto\asn1\evp_asn1.c
+	$(CC) /Fo$(OBJ_D)\evp_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\evp_asn1.c
 
 $(OBJ_D)\x509_def.obj: $(SRC_D)\crypto\x509\x509_def.c
-	$(CC) /Fo$(OBJ_D)\x509_def.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_def.c
+	$(CC) /Fo$(OBJ_D)\x509_def.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_def.c
 
 $(OBJ_D)\x509_d2.obj: $(SRC_D)\crypto\x509\x509_d2.c
-	$(CC) /Fo$(OBJ_D)\x509_d2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_d2.c
+	$(CC) /Fo$(OBJ_D)\x509_d2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_d2.c
 
 $(OBJ_D)\x509_r2x.obj: $(SRC_D)\crypto\x509\x509_r2x.c
-	$(CC) /Fo$(OBJ_D)\x509_r2x.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_r2x.c
+	$(CC) /Fo$(OBJ_D)\x509_r2x.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_r2x.c
 
 $(OBJ_D)\x509_cmp.obj: $(SRC_D)\crypto\x509\x509_cmp.c
-	$(CC) /Fo$(OBJ_D)\x509_cmp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_cmp.c
+	$(CC) /Fo$(OBJ_D)\x509_cmp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_cmp.c
 
 $(OBJ_D)\x509_obj.obj: $(SRC_D)\crypto\x509\x509_obj.c
-	$(CC) /Fo$(OBJ_D)\x509_obj.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_obj.c
+	$(CC) /Fo$(OBJ_D)\x509_obj.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_obj.c
 
 $(OBJ_D)\x509_req.obj: $(SRC_D)\crypto\x509\x509_req.c
-	$(CC) /Fo$(OBJ_D)\x509_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_req.c
+	$(CC) /Fo$(OBJ_D)\x509_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_req.c
 
 $(OBJ_D)\x509_vfy.obj: $(SRC_D)\crypto\x509\x509_vfy.c
-	$(CC) /Fo$(OBJ_D)\x509_vfy.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_vfy.c
+	$(CC) /Fo$(OBJ_D)\x509_vfy.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_vfy.c
 
 $(OBJ_D)\x509_set.obj: $(SRC_D)\crypto\x509\x509_set.c
-	$(CC) /Fo$(OBJ_D)\x509_set.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_set.c
+	$(CC) /Fo$(OBJ_D)\x509_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_set.c
 
 $(OBJ_D)\x509rset.obj: $(SRC_D)\crypto\x509\x509rset.c
-	$(CC) /Fo$(OBJ_D)\x509rset.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509rset.c
+	$(CC) /Fo$(OBJ_D)\x509rset.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509rset.c
 
 $(OBJ_D)\x509_err.obj: $(SRC_D)\crypto\x509\x509_err.c
-	$(CC) /Fo$(OBJ_D)\x509_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_err.c
+	$(CC) /Fo$(OBJ_D)\x509_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_err.c
 
 $(OBJ_D)\x509name.obj: $(SRC_D)\crypto\x509\x509name.c
-	$(CC) /Fo$(OBJ_D)\x509name.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509name.c
+	$(CC) /Fo$(OBJ_D)\x509name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509name.c
 
 $(OBJ_D)\x509_v3.obj: $(SRC_D)\crypto\x509\x509_v3.c
-	$(CC) /Fo$(OBJ_D)\x509_v3.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_v3.c
+	$(CC) /Fo$(OBJ_D)\x509_v3.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_v3.c
 
 $(OBJ_D)\x509_ext.obj: $(SRC_D)\crypto\x509\x509_ext.c
-	$(CC) /Fo$(OBJ_D)\x509_ext.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_ext.c
+	$(CC) /Fo$(OBJ_D)\x509_ext.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_ext.c
 
 $(OBJ_D)\x509pack.obj: $(SRC_D)\crypto\x509\x509pack.c
-	$(CC) /Fo$(OBJ_D)\x509pack.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509pack.c
+	$(CC) /Fo$(OBJ_D)\x509pack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509pack.c
 
 $(OBJ_D)\x509type.obj: $(SRC_D)\crypto\x509\x509type.c
-	$(CC) /Fo$(OBJ_D)\x509type.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509type.c
+	$(CC) /Fo$(OBJ_D)\x509type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509type.c
 
 $(OBJ_D)\x509_lu.obj: $(SRC_D)\crypto\x509\x509_lu.c
-	$(CC) /Fo$(OBJ_D)\x509_lu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_lu.c
+	$(CC) /Fo$(OBJ_D)\x509_lu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_lu.c
 
 $(OBJ_D)\x_all.obj: $(SRC_D)\crypto\x509\x_all.c
-	$(CC) /Fo$(OBJ_D)\x_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x_all.c
+	$(CC) /Fo$(OBJ_D)\x_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x_all.c
 
 $(OBJ_D)\x509_txt.obj: $(SRC_D)\crypto\x509\x509_txt.c
-	$(CC) /Fo$(OBJ_D)\x509_txt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_txt.c
+	$(CC) /Fo$(OBJ_D)\x509_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_txt.c
 
 $(OBJ_D)\by_file.obj: $(SRC_D)\crypto\x509\by_file.c
-	$(CC) /Fo$(OBJ_D)\by_file.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_file.c
+	$(CC) /Fo$(OBJ_D)\by_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_file.c
 
 $(OBJ_D)\by_dir.obj: $(SRC_D)\crypto\x509\by_dir.c
-	$(CC) /Fo$(OBJ_D)\by_dir.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_dir.c
+	$(CC) /Fo$(OBJ_D)\by_dir.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_dir.c
 
 $(OBJ_D)\v3_net.obj: $(SRC_D)\crypto\x509\v3_net.c
-	$(CC) /Fo$(OBJ_D)\v3_net.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_net.c
+	$(CC) /Fo$(OBJ_D)\v3_net.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_net.c
 
 $(OBJ_D)\v3_x509.obj: $(SRC_D)\crypto\x509\v3_x509.c
-	$(CC) /Fo$(OBJ_D)\v3_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_x509.c
+	$(CC) /Fo$(OBJ_D)\v3_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_x509.c
 
 $(OBJ_D)\conf.obj: $(SRC_D)\crypto\conf\conf.c
-	$(CC) /Fo$(OBJ_D)\conf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf.c
+	$(CC) /Fo$(OBJ_D)\conf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf.c
 
 $(OBJ_D)\conf_err.obj: $(SRC_D)\crypto\conf\conf_err.c
-	$(CC) /Fo$(OBJ_D)\conf_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf_err.c
+	$(CC) /Fo$(OBJ_D)\conf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf_err.c
 
 $(OBJ_D)\txt_db.obj: $(SRC_D)\crypto\txt_db\txt_db.c
-	$(CC) /Fo$(OBJ_D)\txt_db.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\txt_db\txt_db.c
+	$(CC) /Fo$(OBJ_D)\txt_db.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\txt_db\txt_db.c
 
 $(OBJ_D)\pk7_lib.obj: $(SRC_D)\crypto\pkcs7\pk7_lib.c
-	$(CC) /Fo$(OBJ_D)\pk7_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_lib.c
+	$(CC) /Fo$(OBJ_D)\pk7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_lib.c
 
 $(OBJ_D)\pkcs7err.obj: $(SRC_D)\crypto\pkcs7\pkcs7err.c
-	$(CC) /Fo$(OBJ_D)\pkcs7err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pkcs7err.c
+	$(CC) /Fo$(OBJ_D)\pkcs7err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pkcs7err.c
 
 $(OBJ_D)\pk7_doit.obj: $(SRC_D)\crypto\pkcs7\pk7_doit.c
-	$(CC) /Fo$(OBJ_D)\pk7_doit.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_doit.c
+	$(CC) /Fo$(OBJ_D)\pk7_doit.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_doit.c
 
 $(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c
-	$(CC) /Fo$(OBJ_D)\s2_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c
+	$(CC) /Fo$(OBJ_D)\s2_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c
 
 $(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c
-	$(CC) /Fo$(OBJ_D)\s2_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c
+	$(CC) /Fo$(OBJ_D)\s2_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c
 
 $(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c
-	$(CC) /Fo$(OBJ_D)\s2_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c
+	$(CC) /Fo$(OBJ_D)\s2_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c
 
 $(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c
-	$(CC) /Fo$(OBJ_D)\s2_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c
-
-$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
-	$(CC) /Fo$(OBJ_D)\s2_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c
+	$(CC) /Fo$(OBJ_D)\s2_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c
 
 $(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c
-	$(CC) /Fo$(OBJ_D)\s2_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c
+	$(CC) /Fo$(OBJ_D)\s2_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c
+
+$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
+	$(CC) /Fo$(OBJ_D)\s2_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c
 
 $(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c
-	$(CC) /Fo$(OBJ_D)\s3_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c
+	$(CC) /Fo$(OBJ_D)\s3_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c
 
 $(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c
-	$(CC) /Fo$(OBJ_D)\s3_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c
+	$(CC) /Fo$(OBJ_D)\s3_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c
 
 $(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c
-	$(CC) /Fo$(OBJ_D)\s3_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c
+	$(CC) /Fo$(OBJ_D)\s3_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c
 
 $(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c
-	$(CC) /Fo$(OBJ_D)\s3_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c
-
-$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
-	$(CC) /Fo$(OBJ_D)\s3_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c
+	$(CC) /Fo$(OBJ_D)\s3_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c
 
 $(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c
-	$(CC) /Fo$(OBJ_D)\s3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c
+	$(CC) /Fo$(OBJ_D)\s3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c
+
+$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
+	$(CC) /Fo$(OBJ_D)\s3_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c
 
 $(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c
-	$(CC) /Fo$(OBJ_D)\s3_both.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c
+	$(CC) /Fo$(OBJ_D)\s3_both.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c
 
 $(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c
-	$(CC) /Fo$(OBJ_D)\s23_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c
+	$(CC) /Fo$(OBJ_D)\s23_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c
 
 $(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c
-	$(CC) /Fo$(OBJ_D)\s23_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c
+	$(CC) /Fo$(OBJ_D)\s23_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c
 
 $(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c
-	$(CC) /Fo$(OBJ_D)\s23_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c
+	$(CC) /Fo$(OBJ_D)\s23_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c
 
 $(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c
-	$(CC) /Fo$(OBJ_D)\s23_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c
+	$(CC) /Fo$(OBJ_D)\s23_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c
 
 $(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c
-	$(CC) /Fo$(OBJ_D)\s23_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c
+	$(CC) /Fo$(OBJ_D)\s23_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c
+
+$(OBJ_D)\t1_meth.obj: $(SRC_D)\ssl\t1_meth.c
+	$(CC) /Fo$(OBJ_D)\t1_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_meth.c
+
+$(OBJ_D)\t1_srvr.obj: $(SRC_D)\ssl\t1_srvr.c
+	$(CC) /Fo$(OBJ_D)\t1_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_srvr.c
+
+$(OBJ_D)\t1_clnt.obj: $(SRC_D)\ssl\t1_clnt.c
+	$(CC) /Fo$(OBJ_D)\t1_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_clnt.c
+
+$(OBJ_D)\t1_lib.obj: $(SRC_D)\ssl\t1_lib.c
+	$(CC) /Fo$(OBJ_D)\t1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_lib.c
+
+$(OBJ_D)\t1_enc.obj: $(SRC_D)\ssl\t1_enc.c
+	$(CC) /Fo$(OBJ_D)\t1_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_enc.c
 
 $(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c
-	$(CC) /Fo$(OBJ_D)\ssl_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c
+	$(CC) /Fo$(OBJ_D)\ssl_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c
 
 $(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c
-	$(CC) /Fo$(OBJ_D)\ssl_err2.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c
+	$(CC) /Fo$(OBJ_D)\ssl_err2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c
 
 $(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c
-	$(CC) /Fo$(OBJ_D)\ssl_cert.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c
+	$(CC) /Fo$(OBJ_D)\ssl_cert.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c
 
 $(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c
-	$(CC) /Fo$(OBJ_D)\ssl_sess.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c
+	$(CC) /Fo$(OBJ_D)\ssl_sess.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c
 
 $(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c
-	$(CC) /Fo$(OBJ_D)\ssl_ciph.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c
+	$(CC) /Fo$(OBJ_D)\ssl_ciph.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c
 
 $(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c
-	$(CC) /Fo$(OBJ_D)\ssl_stat.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c
+	$(CC) /Fo$(OBJ_D)\ssl_stat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c
 
 $(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c
-	$(CC) /Fo$(OBJ_D)\ssl_rsa.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c
+	$(CC) /Fo$(OBJ_D)\ssl_rsa.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c
 
 $(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c
-	$(CC) /Fo$(OBJ_D)\ssl_asn1.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c
+	$(CC) /Fo$(OBJ_D)\ssl_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c
 
 $(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c
-	$(CC) /Fo$(OBJ_D)\ssl_txt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c
+	$(CC) /Fo$(OBJ_D)\ssl_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c
 
 $(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c
-	$(CC) /Fo$(OBJ_D)\ssl_algs.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c
+	$(CC) /Fo$(OBJ_D)\ssl_algs.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c
 
 $(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c
-	$(CC) /Fo$(OBJ_D)\bio_ssl.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c
+	$(CC) /Fo$(OBJ_D)\bio_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c
 
 $(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c
-	$(CC) /Fo$(OBJ_D)\ssl_err.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c
+	$(CC) /Fo$(OBJ_D)\ssl_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c
 
 $(OBJ_D)\rsaref.obj: $(SRC_D)\rsaref\rsaref.c
-	$(CC) /Fo$(OBJ_D)\rsaref.obj $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsaref.c
+	$(CC) /Fo$(OBJ_D)\rsaref.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsaref.c
 
 $(OBJ_D)\rsar_err.obj: $(SRC_D)\rsaref\rsar_err.c
-	$(CC) /Fo$(OBJ_D)\rsar_err.obj $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsar_err.c
+	$(CC) /Fo$(OBJ_D)\rsar_err.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsar_err.c
 
 $(TEST_D)\md2test.exe: $(OBJ_D)\md2test.obj $(LIBS_DEP)
   $(LINK) $(LFLAGS) @<<
@@ -1560,6 +1753,24 @@ $(TEST_D)\mdc2test.exe: $(OBJ_D)\mdc2test.obj $(LIBS_DEP)
 
 <<
 
+$(TEST_D)\hmactest.exe: $(OBJ_D)\hmactest.obj $(LIBS_DEP)
+  $(LINK) $(LFLAGS) @<<
+  $(APP_EX_OBJ) $(OBJ_D)\hmactest.obj
+  $(TEST_D)\hmactest.exe
+
+  $(L_LIBS) $(EX_LIBS)
+
+<<
+
+$(TEST_D)\rmdtest.exe: $(OBJ_D)\rmdtest.obj $(LIBS_DEP)
+  $(LINK) $(LFLAGS) @<<
+  $(APP_EX_OBJ) $(OBJ_D)\rmdtest.obj
+  $(TEST_D)\rmdtest.exe
+
+  $(L_LIBS) $(EX_LIBS)
+
+<<
+
 $(TEST_D)\destest.exe: $(OBJ_D)\destest.obj $(LIBS_DEP)
   $(LINK) $(LFLAGS) @<<
   $(APP_EX_OBJ) $(OBJ_D)\destest.obj
@@ -1569,6 +1780,15 @@ $(TEST_D)\destest.exe: $(OBJ_D)\destest.obj $(LIBS_DEP)
 
 <<
 
+$(TEST_D)\rc2test.exe: $(OBJ_D)\rc2test.obj $(LIBS_DEP)
+  $(LINK) $(LFLAGS) @<<
+  $(APP_EX_OBJ) $(OBJ_D)\rc2test.obj
+  $(TEST_D)\rc2test.exe
+
+  $(L_LIBS) $(EX_LIBS)
+
+<<
+
 $(TEST_D)\rc4test.exe: $(OBJ_D)\rc4test.obj $(LIBS_DEP)
   $(LINK) $(LFLAGS) @<<
   $(APP_EX_OBJ) $(OBJ_D)\rc4test.obj
@@ -1578,10 +1798,10 @@ $(TEST_D)\rc4test.exe: $(OBJ_D)\rc4test.obj $(LIBS_DEP)
 
 <<
 
-$(TEST_D)\rc2test.exe: $(OBJ_D)\rc2test.obj $(LIBS_DEP)
+$(TEST_D)\rc5test.exe: $(OBJ_D)\rc5test.obj $(LIBS_DEP)
   $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc2test.obj
-  $(TEST_D)\rc2test.exe
+  $(APP_EX_OBJ) $(OBJ_D)\rc5test.obj
+  $(TEST_D)\rc5test.exe
 
   $(L_LIBS) $(EX_LIBS)
 
@@ -1605,6 +1825,15 @@ $(TEST_D)\bftest.exe: $(OBJ_D)\bftest.obj $(LIBS_DEP)
 
 <<
 
+$(TEST_D)\casttest.exe: $(OBJ_D)\casttest.obj $(LIBS_DEP)
+  $(LINK) $(LFLAGS) @<<
+  $(APP_EX_OBJ) $(OBJ_D)\casttest.obj
+  $(TEST_D)\casttest.exe
+
+  $(L_LIBS) $(EX_LIBS)
+
+<<
+
 $(TEST_D)\bntest.exe: $(OBJ_D)\bntest.obj $(LIBS_DEP)
   $(LINK) $(LFLAGS) @<<
   $(APP_EX_OBJ) $(OBJ_D)\bntest.obj
@@ -1692,6 +1921,11 @@ $(O_SSL): $(SSLOBJ)
   $(OBJ_D)\ssl_sess.obj +
   $(OBJ_D)\ssl_stat.obj +
   $(OBJ_D)\ssl_txt.obj +
+  $(OBJ_D)\t1_clnt.obj +
+  $(OBJ_D)\t1_enc.obj +
+  $(OBJ_D)\t1_lib.obj +
+  $(OBJ_D)\t1_meth.obj +
+  $(OBJ_D)\t1_srvr.obj +
 
   $(O_SSL)
 
@@ -1740,7 +1974,6 @@ $(O_CRYPTO): $(CRYPTOOBJ)
   $(OBJ_D)\b_print.obj +
   $(OBJ_D)\b_sock.obj +
   $(OBJ_D)\bf_buff.obj +
-  $(OBJ_D)\bf_cbc.obj +
   $(OBJ_D)\bf_cfb64.obj +
   $(OBJ_D)\bf_ecb.obj +
   $(OBJ_D)\bf_enc.obj +
@@ -1755,6 +1988,7 @@ $(O_CRYPTO): $(CRYPTOOBJ)
   $(OBJ_D)\bio_lib.obj +
   $(OBJ_D)\bio_md.obj +
   $(OBJ_D)\bn_add.obj +
+  $(OBJ_D)\bn_blind.obj +
   $(OBJ_D)\bn_div.obj +
   $(OBJ_D)\bn_err.obj +
   $(OBJ_D)\bn_exp.obj +
@@ -1762,6 +1996,7 @@ $(O_CRYPTO): $(CRYPTOOBJ)
   $(OBJ_D)\bn_lib.obj +
   $(OBJ_D)\bn_mod.obj +
   $(OBJ_D)\bn_mont.obj +
+  $(OBJ_D)\bn_mpi.obj +
   $(OBJ_D)\bn_mul.obj +
   $(OBJ_D)\bn_prime.obj +
   $(OBJ_D)\bn_print.obj +
@@ -1783,7 +2018,11 @@ $(O_CRYPTO): $(CRYPTOOBJ)
   $(OBJ_D)\by_dir.obj +
   $(OBJ_D)\by_file.obj +
   $(OBJ_D)\c_all.obj +
-  $(OBJ_D)\cbc3_enc.obj +
+  $(OBJ_D)\c_cfb64.obj +
+  $(OBJ_D)\c_ecb.obj +
+  $(OBJ_D)\c_enc.obj +
+  $(OBJ_D)\c_ofb64.obj +
+  $(OBJ_D)\c_skey.obj +
   $(OBJ_D)\cbc_cksm.obj +
   $(OBJ_D)\cbc_enc.obj +
   $(OBJ_D)\cfb64ede.obj +
@@ -1791,6 +2030,7 @@ $(O_CRYPTO): $(CRYPTOOBJ)
   $(OBJ_D)\cfb_enc.obj +
   $(OBJ_D)\conf.obj +
   $(OBJ_D)\conf_err.obj +
+  $(OBJ_D)\cpt_err.obj +
   $(OBJ_D)\cryptlib.obj +
   $(OBJ_D)\cversion.obj +
   $(OBJ_D)\d2i_dhp.obj +
@@ -1816,43 +2056,54 @@ $(O_CRYPTO): $(CRYPTOOBJ)
   $(OBJ_D)\dsa_vrf.obj +
   $(OBJ_D)\e_cbc_3d.obj +
   $(OBJ_D)\e_cbc_bf.obj +
+  $(OBJ_D)\e_cbc_c.obj +
   $(OBJ_D)\e_cbc_d.obj +
   $(OBJ_D)\e_cbc_i.obj +
   $(OBJ_D)\e_cbc_r2.obj +
+  $(OBJ_D)\e_cbc_r5.obj +
   $(OBJ_D)\e_cfb_3d.obj +
   $(OBJ_D)\e_cfb_bf.obj +
+  $(OBJ_D)\e_cfb_c.obj +
   $(OBJ_D)\e_cfb_d.obj +
   $(OBJ_D)\e_cfb_i.obj +
   $(OBJ_D)\e_cfb_r2.obj +
+  $(OBJ_D)\e_cfb_r5.obj +
   $(OBJ_D)\e_ecb_3d.obj +
   $(OBJ_D)\e_ecb_bf.obj +
+  $(OBJ_D)\e_ecb_c.obj +
   $(OBJ_D)\e_ecb_d.obj +
   $(OBJ_D)\e_ecb_i.obj +
   $(OBJ_D)\e_ecb_r2.obj +
+  $(OBJ_D)\e_ecb_r5.obj +
   $(OBJ_D)\e_null.obj +
   $(OBJ_D)\e_ofb_3d.obj +
   $(OBJ_D)\e_ofb_bf.obj +
+  $(OBJ_D)\e_ofb_c.obj +
   $(OBJ_D)\e_ofb_d.obj +
   $(OBJ_D)\e_ofb_i.obj +
   $(OBJ_D)\e_ofb_r2.obj +
+  $(OBJ_D)\e_ofb_r5.obj +
   $(OBJ_D)\e_rc4.obj +
   $(OBJ_D)\e_xcbc_d.obj +
   $(OBJ_D)\ecb3_enc.obj +
   $(OBJ_D)\ecb_enc.obj +
-  $(OBJ_D)\ede_enc.obj +
   $(OBJ_D)\enc_read.obj +
   $(OBJ_D)\enc_writ.obj +
   $(OBJ_D)\encode.obj +
   $(OBJ_D)\err.obj +
   $(OBJ_D)\err_all.obj +
   $(OBJ_D)\err_prn.obj +
+  $(OBJ_D)\evp_asn1.obj +
   $(OBJ_D)\evp_enc.obj +
   $(OBJ_D)\evp_err.obj +
   $(OBJ_D)\evp_key.obj +
+  $(OBJ_D)\evp_lib.obj +
+  $(OBJ_D)\ex_data.obj +
   $(OBJ_D)\f_int.obj +
   $(OBJ_D)\f_string.obj +
   $(OBJ_D)\fcrypt.obj +
   $(OBJ_D)\fcrypt_b.obj +
+  $(OBJ_D)\hmac.obj +
   $(OBJ_D)\i2d_dhp.obj +
   $(OBJ_D)\i2d_dsap.obj +
   $(OBJ_D)\i2d_pr.obj +
@@ -1874,6 +2125,7 @@ $(O_CRYPTO): $(CRYPTOOBJ)
   $(OBJ_D)\m_md5.obj +
   $(OBJ_D)\m_mdc2.obj +
   $(OBJ_D)\m_null.obj +
+  $(OBJ_D)\m_ripemd.obj +
   $(OBJ_D)\m_sha.obj +
   $(OBJ_D)\m_sha1.obj +
   $(OBJ_D)\md2_dgst.obj +
@@ -1886,7 +2138,6 @@ $(O_CRYPTO): $(CRYPTOOBJ)
   $(OBJ_D)\mem.obj +
   $(OBJ_D)\n_pkey.obj +
   $(OBJ_D)\names.obj +
-  $(OBJ_D)\ncbc_enc.obj +
   $(OBJ_D)\obj_dat.obj +
   $(OBJ_D)\obj_err.obj +
   $(OBJ_D)\obj_lib.obj +
@@ -1903,6 +2154,8 @@ $(O_CRYPTO): $(CRYPTOOBJ)
   $(OBJ_D)\p7_s_e.obj +
   $(OBJ_D)\p7_signd.obj +
   $(OBJ_D)\p7_signi.obj +
+  $(OBJ_D)\p_dec.obj +
+  $(OBJ_D)\p_enc.obj +
   $(OBJ_D)\p_lib.obj +
   $(OBJ_D)\p_open.obj +
   $(OBJ_D)\p_seal.obj +
@@ -1927,15 +2180,26 @@ $(O_CRYPTO): $(CRYPTOOBJ)
   $(OBJ_D)\rc2cfb64.obj +
   $(OBJ_D)\rc2ofb64.obj +
   $(OBJ_D)\rc4_enc.obj +
+  $(OBJ_D)\rc4_skey.obj +
+  $(OBJ_D)\rc5_ecb.obj +
+  $(OBJ_D)\rc5_enc.obj +
+  $(OBJ_D)\rc5_skey.obj +
+  $(OBJ_D)\rc5cfb64.obj +
+  $(OBJ_D)\rc5ofb64.obj +
   $(OBJ_D)\read2pwd.obj +
   $(OBJ_D)\read_pwd.obj +
+  $(OBJ_D)\rmd_dgst.obj +
+  $(OBJ_D)\rmd_one.obj +
   $(OBJ_D)\rpc_enc.obj +
-  $(OBJ_D)\rsa_enc.obj +
+  $(OBJ_D)\rsa_eay.obj +
   $(OBJ_D)\rsa_err.obj +
   $(OBJ_D)\rsa_gen.obj +
   $(OBJ_D)\rsa_lib.obj +
+  $(OBJ_D)\rsa_none.obj +
+  $(OBJ_D)\rsa_pk1.obj +
   $(OBJ_D)\rsa_saos.obj +
   $(OBJ_D)\rsa_sign.obj +
+  $(OBJ_D)\rsa_ssl.obj +
   $(OBJ_D)\set_key.obj +
   $(OBJ_D)\sha1_one.obj +
   $(OBJ_D)\sha1dgst.obj +
@@ -2007,7 +2271,6 @@ $(BIN_D)\$(E_EXE).exe: $(E_OBJ) $(LIBS_DEP)
   $(OBJ_D)\enc.obj +
   $(OBJ_D)\errstr.obj +
   $(OBJ_D)\gendh.obj +
-  $(OBJ_D)\gendsa.obj +
   $(OBJ_D)\genrsa.obj +
   $(OBJ_D)\pkcs7.obj +
   $(OBJ_D)\req.obj +
diff --git a/mt/README b/mt/README
index fc933c31c..df6b26e14 100644
--- a/mt/README
+++ b/mt/README
@@ -3,8 +3,12 @@ Mutithreading testing area.
 Since this stuff is very very platorm specific, this is not part of the
 normal build.  Have a read of doc/threads.doc.
 
-mttest will do some testing and will currently build under Windows NT/95
-and solaris.  The IRIX stuff is not finished.
+mttest will do some testing and will currently build under Windows NT/95,
+Solaris and Linux.  The IRIX stuff is not finished.
 
 I have tested this program on a 12 CPU ultra sparc box (solaris 2.5.1)
 and things seem to work ok.
+
+The Linux pthreads package can be retrieved from 
+http://www.mit.edu:8001/people/proven/pthreads.html
+
diff --git a/mt/mttest.c b/mt/mttest.c
index 3a927a293..8651a1131 100644
--- a/mt/mttest.c
+++ b/mt/mttest.c
@@ -1,5 +1,5 @@
 /* mt/mttest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -82,7 +82,7 @@
 #include "ssl.h"
 #include "err.h"
 
-#ifdef WIN16
+#ifdef NO_FP_API
 #define APPS_WIN16
 #include "../crypto/buffer/bss_file.c"
 #endif
@@ -98,25 +98,31 @@ int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
 void thread_setup(void);
 void thread_cleanup(void);
 void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
+
 void irix_locking_callback(int mode,int type,char *file,int line);
 void solaris_locking_callback(int mode,int type,char *file,int line);
 void win32_locking_callback(int mode,int type,char *file,int line);
-void linux_locking_callback(int mode,int type,char *file,int line);
+void pthreads_locking_callback(int mode,int type,char *file,int line);
+
 unsigned long irix_thread_id(void );
 unsigned long solaris_thread_id(void );
-unsigned long linix_thread_id(void );
+unsigned long pthreads_thread_id(void );
+
 #else
 int MS_CALLBACK verify_callback();
 void thread_setup();
 void thread_cleanup();
 void do_threads();
+
 void irix_locking_callback();
 void solaris_locking_callback();
 void win32_locking_callback();
-void linux_locking_callback();
+void pthreads_locking_callback();
+
 unsigned long irix_thread_id();
 unsigned long solaris_thread_id();
-unsigned long linix_thread_id();
+unsigned long pthreads_thread_id();
+
 #endif
 
 BIO *bio_err=NULL;
@@ -700,7 +706,7 @@ char *arg;
 
 #ifdef WIN32
 
-static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
+static PRLOCK lock_cs[CRYPTO_NUM_LOCKS];
 
 void thread_setup()
 	{
@@ -792,7 +798,7 @@ SSL_CTX *s_ctx,*c_ctx;
 	printf("win32 threads done - %.3f seconds\n",ret);
 	}
 
-#endif
+#endif /* WIN32 */
 
 #ifdef SOLARIS
 
@@ -903,7 +909,7 @@ unsigned long solaris_thread_id()
 	ret=(unsigned long)thr_self();
 	return(ret);
 	}
-#endif
+#endif /* SOLARIS */
 
 #ifdef IRIX
 
@@ -1001,5 +1007,109 @@ unsigned long irix_thread_id()
 	ret=(unsigned long)getpid();
 	return(ret);
 	}
+#endif /* IRIX */
+
+#ifdef PTHREADS
+
+static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+static long lock_count[CRYPTO_NUM_LOCKS];
+
+void thread_setup()
+	{
+	int i;
+
+	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+		{
+		lock_count[i]=0;
+		pthread_mutex_init(&(lock_cs[i]),NULL);
+		}
+
+	CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+	}
+
+void thread_cleanup()
+	{
+	int i;
+
+	CRYPTO_set_locking_callback(NULL);
+	fprintf(stderr,"cleanup\n");
+	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+		{
+		pthread_mutex_destroy(&(lock_cs[i]));
+		fprintf(stderr,"%8ld:%s\n",lock_count[i],
+			CRYPTO_get_lock_name(i));
+		}
+	fprintf(stderr,"done cleanup\n");
+	}
+
+void pthreads_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+      {
+#ifdef undef
+	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+		CRYPTO_thread_id(),
+		(mode&CRYPTO_LOCK)?"l":"u",
+		(type&CRYPTO_READ)?"r":"w",file,line);
 #endif
+/*
+	if (CRYPTO_LOCK_SSL_CERT == type)
+		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+		CRYPTO_thread_id(),
+		mode,file,line);
+*/
+	if (mode & CRYPTO_LOCK)
+		{
+		pthread_mutex_lock(&(lock_cs[type]));
+		lock_count[type]++;
+		}
+	else
+		{
+		pthread_mutex_unlock(&(lock_cs[type]));
+		}
+	}
+
+void do_threads(s_ctx,c_ctx)
+SSL_CTX *s_ctx,*c_ctx;
+	{
+	SSL_CTX *ssl_ctx[2];
+	pthread_t thread_ctx[MAX_THREAD_NUMBER];
+	int i;
+
+	ssl_ctx[0]=s_ctx;
+	ssl_ctx[1]=c_ctx;
+
+	/*
+	thr_setconcurrency(thread_number);
+	*/
+	for (i=0; i<thread_number; i++)
+		{
+		pthread_create(&(thread_ctx[i]), NULL,
+			(void *(*)())ndoit, (void *)ssl_ctx);
+		}
+
+	printf("reaping\n");
+	for (i=0; i<thread_number; i++)
+		{
+		pthread_join(thread_ctx[i],NULL);
+		}
+
+	printf("pthreads threads done (%d,%d)\n",
+	s_ctx->references,c_ctx->references);
+	}
+
+unsigned long pthreads_thread_id()
+	{
+	unsigned long ret;
+
+	ret=(unsigned long)pthread_self();
+	return(ret);
+	}
+
+#endif /* PTHREADS */
+
+
 
diff --git a/rsaref/Makefile.ssl b/rsaref/Makefile.ssl
index e0e4fb735..b816b89f6 100644
--- a/rsaref/Makefile.ssl
+++ b/rsaref/Makefile.ssl
@@ -80,6 +80,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../crypto/err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../crypto/err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/rsaref/rsar_err.c b/rsaref/rsar_err.c
index b77f3e7c1..34840e99f 100644
--- a/rsaref/rsar_err.c
+++ b/rsaref/rsar_err.c
@@ -60,6 +60,7 @@
 #include "rsaref.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA RSAREF_str_functs[]=
 	{
 {ERR_PACK(0,RSAREF_F_BN_REF_MOD_EXP,0),	"BN_REF_MOD_EXP"},
@@ -111,14 +112,19 @@ static ERR_STRING_DATA RSAREF_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_RSAREF_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_RSAREF,RSAREF_str_functs);
 		ERR_load_strings(ERR_LIB_RSAREF,RSAREF_str_reasons);
+#endif
+
 		}
 	}
diff --git a/rsaref/rsaref.c b/rsaref/rsaref.c
index ac4fe0193..324460327 100644
--- a/rsaref/rsaref.c
+++ b/rsaref/rsaref.c
@@ -1,5 +1,5 @@
 /* rsaref/rsaref.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -126,6 +126,8 @@ static RSA_METHOD rsa_pkcs1_ref_meth={
 	BN_ref_mod_exp,
 	NULL,
 	NULL,
+	0,
+	NULL,
 	};
 
 RSA_METHOD *RSA_PKCS1_RSAref()
diff --git a/rsaref/rsaref.err b/rsaref/rsaref.err
index 89f83b822..ee02cdae7 100644
--- a/rsaref/rsaref.err
+++ b/rsaref/rsaref.err
@@ -16,17 +16,17 @@
 #define RSAREF_F_RSA_REF_PUBLIC_ENCRYPT			 112
 
 /* Reason codes. */
-#define RSAREF_R_CONTENT_ENCODING			 1024
-#define RSAREF_R_DATA					 1025
-#define RSAREF_R_DIGEST_ALGORITHM			 1026
-#define RSAREF_R_ENCODING				 1027
-#define RSAREF_R_ENCRYPTION_ALGORITHM			 1037
-#define RSAREF_R_KEY					 1028
-#define RSAREF_R_KEY_ENCODING				 1029
-#define RSAREF_R_LEN					 1030
-#define RSAREF_R_MODULUS_LEN				 1031
-#define RSAREF_R_NEED_RANDOM				 1032
-#define RSAREF_R_PRIVATE_KEY				 1033
-#define RSAREF_R_PUBLIC_KEY				 1034
-#define RSAREF_R_SIGNATURE				 1035
-#define RSAREF_R_SIGNATURE_ENCODING			 1036
+#define RSAREF_R_CONTENT_ENCODING			 0x0400
+#define RSAREF_R_DATA					 0x0401
+#define RSAREF_R_DIGEST_ALGORITHM			 0x0402
+#define RSAREF_R_ENCODING				 0x0403
+#define RSAREF_R_ENCRYPTION_ALGORITHM			 0x040d
+#define RSAREF_R_KEY					 0x0404
+#define RSAREF_R_KEY_ENCODING				 0x0405
+#define RSAREF_R_LEN					 0x0406
+#define RSAREF_R_MODULUS_LEN				 0x0407
+#define RSAREF_R_NEED_RANDOM				 0x0408
+#define RSAREF_R_PRIVATE_KEY				 0x0409
+#define RSAREF_R_PUBLIC_KEY				 0x040a
+#define RSAREF_R_SIGNATURE				 0x040b
+#define RSAREF_R_SIGNATURE_ENCODING			 0x040c
diff --git a/rsaref/rsaref.h b/rsaref/rsaref.h
index 52fc469da..c264e288c 100644
--- a/rsaref/rsaref.h
+++ b/rsaref/rsaref.h
@@ -1,5 +1,5 @@
 /* rsaref/rsaref.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -164,20 +164,20 @@ RSA_METHOD *RSA_PKCS1_RSAref();
 #define RSAREF_F_RSA_REF_PUBLIC_ENCRYPT			 112
 
 /* Reason codes. */
-#define RSAREF_R_CONTENT_ENCODING			 1024
-#define RSAREF_R_DATA					 1025
-#define RSAREF_R_DIGEST_ALGORITHM			 1026
-#define RSAREF_R_ENCODING				 1027
-#define RSAREF_R_ENCRYPTION_ALGORITHM			 1037
-#define RSAREF_R_KEY					 1028
-#define RSAREF_R_KEY_ENCODING				 1029
-#define RSAREF_R_LEN					 1030
-#define RSAREF_R_MODULUS_LEN				 1031
-#define RSAREF_R_NEED_RANDOM				 1032
-#define RSAREF_R_PRIVATE_KEY				 1033
-#define RSAREF_R_PUBLIC_KEY				 1034
-#define RSAREF_R_SIGNATURE				 1035
-#define RSAREF_R_SIGNATURE_ENCODING			 1036
+#define RSAREF_R_CONTENT_ENCODING			 0x0400
+#define RSAREF_R_DATA					 0x0401
+#define RSAREF_R_DIGEST_ALGORITHM			 0x0402
+#define RSAREF_R_ENCODING				 0x0403
+#define RSAREF_R_ENCRYPTION_ALGORITHM			 0x040d
+#define RSAREF_R_KEY					 0x0404
+#define RSAREF_R_KEY_ENCODING				 0x0405
+#define RSAREF_R_LEN					 0x0406
+#define RSAREF_R_MODULUS_LEN				 0x0407
+#define RSAREF_R_NEED_RANDOM				 0x0408
+#define RSAREF_R_PRIVATE_KEY				 0x0409
+#define RSAREF_R_PUBLIC_KEY				 0x040a
+#define RSAREF_R_SIGNATURE				 0x040b
+#define RSAREF_R_SIGNATURE_ENCODING			 0x040c
  
 #ifdef  __cplusplus
 }
diff --git a/shlib/linux.sh b/shlib/linux.sh
index 4d2b98d2c..f80292d90 100644
--- a/shlib/linux.sh
+++ b/shlib/linux.sh
@@ -3,13 +3,13 @@
 echo "#define DATE      \"`date`\"" >crypto/date.h
 
 major="0"
-minor="8.0"
+minor="8.2"
 slib=libssl
 clib=libcrypto
 CC=gcc
 CPP='gcc -E'
 AS=as
-FLAGS='-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -m486 -Wall'
+FLAGS='-DX86_ASM -DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -m486 -Wall'
 #FLAGS='-DTERMIO -g2 -ggdb -DL_ENDIAN -m486 -Wall -DREF_CHECK -DCRYPTO_MDEBUG'
 INCLUDE='-Iinclude -Icrypto -Issl'
 SHFLAGS='-DPIC -fpic'
@@ -18,13 +18,13 @@ CFLAGS="$FLAGS $INCLUDE $SHFLAGS"
 ASM_OBJ="";
 
 echo compiling bignum assember
-$AS -o bn_asm.o crypto/bn/asm/x86-lnx.s
-CFLAGS="$CFLAGS -DBN_ASM"
+$CPP -DELF crypto/bn/asm/bn86unix.cpp | $AS -o bn_asm.o
+CFLAGS="$CFLAGS -DBN_ASM -DX86_ASM"
 ASM_OBJ="$ASM_OBJ bn_asm.o"
 
 echo compiling des assember
 $CPP -DELF crypto/des/asm/dx86unix.cpp | $AS -o des_enc.o
-$CPP -DELF crypto/des/asm/cx86unix.cpp | $AS -o fcrypt-b.o
+$CPP -DELF crypto/des/asm/yx86unix.cpp | $AS -o fcrypt-b.o
 CFLAGS="$CFLAGS -DDES_ASM"
 ASM_OBJ="$ASM_OBJ des_enc.o fcrypt-b.o"
 
@@ -33,12 +33,32 @@ $CPP -DELF crypto/bf/asm/bx86unix.cpp | $AS -o bf_enc.o
 CFLAGS="$CFLAGS -DBF_ASM"
 ASM_OBJ="$ASM_OBJ bf_enc.o"
 
+echo compiling cast assember
+$CPP -DELF crypto/cast/asm/cx86unix.cpp | $AS -o cast_enc.o
+CFLAGS="$CFLAGS -DCAST_ASM"
+ASM_OBJ="$ASM_OBJ cast_enc.o"
+
+echo compiling rc4 assember
+$CPP -DELF crypto/rc4/asm/rx86unix.cpp | $AS -o rc4_enc.o
+CFLAGS="$CFLAGS -DRC4_ASM"
+ASM_OBJ="$ASM_OBJ rc4_enc.o"
+
+echo compiling md5 assember
+$CPP -DELF crypto/md5/asm/mx86unix.cpp | $AS -o md5_enc.o
+CFLAGS="$CFLAGS -DMD5_ASM"
+ASM_OBJ="$ASM_OBJ md5_enc.o"
+
+echo compiling sha1 assember
+$CPP -DELF crypto/sha/asm/sx86unix.cpp | $AS -o sha1_enc.o
+CFLAGS="$CFLAGS -DSHA1_ASM"
+ASM_OBJ="$ASM_OBJ sha1_enc.o"
+
 echo compiling $clib
 $CC -c $CFLAGS -DCFLAGS="\"$FLAGS\"" -o crypto.o crypto/crypto.c
 
 echo linking $clib.so
 gcc $CFLAGS -shared -Wl,-soname,$clib.so.$major -o $clib.so.$major.$minor crypto.o $ASM_OBJ
-/bin/rm -f $clib.so $clib.$major
+/bin/rm -f $clib.so $clib.so.$major
 ln -s $clib.so.$major.$minor $clib.so
 ln -s $clib.so.$major.$minor $clib.so.$major
 
@@ -47,7 +67,7 @@ $CC -c $CFLAGS -o ssl.o ssl/ssl.c
 
 echo building $slib.so
 gcc $CFLAGS -shared -Wl,-soname,$slib.so.$major -o $slib.so.$major.$minor ssl.o
-/bin/rm -f $slib.so $slib.$mahor
+/bin/rm -f $slib.so $slib.so.$major
 ln -s $slib.so.$major.$minor $slib.so
 ln -s $slib.so.$major.$minor $slib.so.$major
 
diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl
index f6f40e44f..f4b13bf83 100644
--- a/ssl/Makefile.ssl
+++ b/ssl/Makefile.ssl
@@ -23,17 +23,19 @@ APPS=
 
 LIB=$(TOP)/libssl.a
 LIBSRC=	\
-	s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_pkt.c s2_enc.c \
-	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_pkt.c s3_enc.c s3_both.c \
-	s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \
+	s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
+	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
+	s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
+	t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
 	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
 	ssl_asn1.c ssl_txt.c ssl_algs.c \
 	bio_ssl.c $(ERRC).c
 LIBOBJ= \
-	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_pkt.o s2_enc.o \
-	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_pkt.o s3_enc.o s3_both.o \
-	s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \
+	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
+	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
+	s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
+	t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
 	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
 	ssl_ciph.o ssl_stat.o ssl_rsa.o \
 	ssl_asn1.o ssl_txt.o ssl_algs.o \
@@ -41,7 +43,7 @@ LIBOBJ= \
 
 SRC= $(LIBSRC)
 
-EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h
+EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h
 HEADER=	$(EXHEADER) ssl_locl.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -93,6 +95,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../crypto/err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../crypto/err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 6c0babaf3..58a6d69b9 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -1,5 +1,5 @@
 /* ssl/bio_ssl.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,8 +57,10 @@
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <errno.h>
+#include "crypto.h"
 #include "bio.h"
 #include "err.h"
 #include "ssl.h"
@@ -79,6 +81,17 @@ static int ssl_new();
 static int ssl_free();
 #endif
 
+typedef struct bio_ssl_st
+	{
+	SSL *ssl; /* The ssl handle :-) */
+	/* re-negotiate every time the total number of bytes is this size */
+	int num_renegotiates;
+	unsigned long renegotiate_count;
+	unsigned long byte_count;
+	unsigned long renegotiate_timeout;
+	unsigned long last_time;
+	} BIO_SSL;
+
 static BIO_METHOD methods_sslp=
 	{
 	BIO_TYPE_SSL,"ssl",
@@ -99,8 +112,17 @@ BIO_METHOD *BIO_f_ssl()
 static int ssl_new(bi)
 BIO *bi;
 	{
+	BIO_SSL *bs;
+
+	bs=(BIO_SSL *)Malloc(sizeof(BIO_SSL));
+	if (bs == NULL)
+		{
+		BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	memset(bs,0,sizeof(BIO_SSL));
 	bi->init=0;
-	bi->ptr=NULL;	/* The SSL structure */
+	bi->ptr=(char *)bs;
 	bi->flags=0;
 	return(1);
 	}
@@ -108,15 +130,20 @@ BIO *bi;
 static int ssl_free(a)
 BIO *a;
 	{
+	BIO_SSL *bs;
+
 	if (a == NULL) return(0);
-	if (a->ptr != NULL) SSL_shutdown((SSL *)a->ptr);
+	bs=(BIO_SSL *)a->ptr;
+	if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
 	if (a->shutdown)
 		{
-		if (a->init) SSL_free((SSL *)a->ptr);
+		if (a->init && (bs->ssl != NULL))
+			SSL_free(bs->ssl);
 		a->init=0;
 		a->flags=0;
-		a->ptr=NULL;
 		}
+	if (a->ptr != NULL)
+		Free(a->ptr);
 	return(1);
 	}
 	
@@ -126,49 +153,74 @@ char *out;
 int outl;
 	{
 	int ret=1;
-	int inflags,outflags;
+	BIO_SSL *sb;
 	SSL *ssl;
 	int retry_reason=0;
+	int r=0;
 
 	if (out == NULL) return(0);
-	ssl=(SSL *)b->ptr;
+	sb=(BIO_SSL *)b->ptr;
+	ssl=sb->ssl;
 
-	inflags=outflags=b->flags;
-
-	outflags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY);
+	BIO_clear_retry_flags(b);
 
+#if 0
 	if (!SSL_is_init_finished(ssl))
 		{
-		ret=SSL_do_handshake(ssl);
-#if 0
+/*		ret=SSL_do_handshake(ssl); */
 		if (ret > 0)
 			{
+
 			outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
 			ret= -1;
 			goto end;
 			}
-#endif
 		}
-	if (ret > 0)
-		ret=SSL_read(ssl,out,outl);
+#endif
+/*	if (ret > 0) */
+	ret=SSL_read(ssl,out,outl);
 
 	switch (SSL_get_error(ssl,ret))
 		{
 	case SSL_ERROR_NONE:
 		if (ret <= 0) break;
+		if (sb->renegotiate_count > 0)
+			{
+			sb->byte_count+=ret;
+			if (sb->byte_count > sb->renegotiate_count)
+				{
+				sb->byte_count=0;
+				sb->num_renegotiates++;
+				SSL_renegotiate(ssl);
+				r=1;
+				}
+			}
+		if ((sb->renegotiate_timeout > 0) && (!r))
+			{
+			unsigned long tm;
+
+			tm=(unsigned long)time(NULL);
+			if (tm > sb->last_time+sb->renegotiate_timeout)
+				{
+				sb->last_time=tm;
+				sb->num_renegotiates++;
+				SSL_renegotiate(ssl);
+				}
+			}
+
 		break;
 	case SSL_ERROR_WANT_READ:
-		outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
+		BIO_set_retry_read(b);
 		break;
 	case SSL_ERROR_WANT_WRITE:
-		outflags=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
+		BIO_set_retry_write(b);
 		break;
 	case SSL_ERROR_WANT_X509_LOOKUP:
-		outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
+		BIO_set_retry_special(b);
 		retry_reason=BIO_RR_SSL_X509_LOOKUP;
 		break;
 	case SSL_ERROR_WANT_CONNECT:
-		outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
+		BIO_set_retry_special(b);
 		retry_reason=BIO_RR_CONNECT;
 		break;
 	case SSL_ERROR_SYSCALL:
@@ -179,7 +231,6 @@ int outl;
 		}
 
 	b->retry_reason=retry_reason;
-	b->flags=outflags;
 	return(ret);
 	}
 
@@ -188,38 +239,61 @@ BIO *b;
 char *out;
 int outl;
 	{
-	int ret;
-	int inflags,outflags,retry_reason=0;
+	int ret,r=0;
+	int retry_reason=0;
 	SSL *ssl;
+	BIO_SSL *bs;
 
 	if (out == NULL) return(0);
-	ssl=(SSL *)b->ptr;
-
-	inflags=outflags=b->flags;
+	bs=(BIO_SSL *)b->ptr;
+	ssl=bs->ssl;
 
-	outflags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY);
+	BIO_clear_retry_flags(b);
 
-	ret=SSL_do_handshake(ssl);
-	if (ret > 0)
-		ret=SSL_write(ssl,out,outl);
+/*	ret=SSL_do_handshake(ssl);
+	if (ret > 0) */
+	ret=SSL_write(ssl,out,outl);
 
 	switch (SSL_get_error(ssl,ret))
 		{
 	case SSL_ERROR_NONE:
 		if (ret <= 0) break;
+		if (bs->renegotiate_count > 0)
+			{
+			bs->byte_count+=ret;
+			if (bs->byte_count > bs->renegotiate_count)
+				{
+				bs->byte_count=0;
+				bs->num_renegotiates++;
+				SSL_renegotiate(ssl);
+				r=1;
+				}
+			}
+		if ((bs->renegotiate_timeout > 0) && (!r))
+			{
+			unsigned long tm;
+
+			tm=(unsigned long)time(NULL);
+			if (tm > bs->last_time+bs->renegotiate_timeout)
+				{
+				bs->last_time=tm;
+				bs->num_renegotiates++;
+				SSL_renegotiate(ssl);
+				}
+			}
 		break;
 	case SSL_ERROR_WANT_WRITE:
-		outflags=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
+		BIO_set_retry_write(b);
 		break;
 	case SSL_ERROR_WANT_READ:
-		outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
+		BIO_set_retry_read(b);
 		break;
 	case SSL_ERROR_WANT_X509_LOOKUP:
-		outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
+		BIO_set_retry_special(b);
 		retry_reason=BIO_RR_SSL_X509_LOOKUP;
 		break;
 	case SSL_ERROR_WANT_CONNECT:
-		outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
+		BIO_set_retry_special(b);
 		retry_reason=BIO_RR_CONNECT;
 	case SSL_ERROR_SYSCALL:
 	case SSL_ERROR_SSL:
@@ -228,7 +302,6 @@ int outl;
 		}
 
 	b->retry_reason=retry_reason;
-	b->flags=outflags;
 	return(ret);
 	}
 
@@ -239,10 +312,14 @@ long num;
 char *ptr;
 	{
 	SSL **sslp,*ssl;
+	BIO_SSL *bs;
 	BIO *dbio,*bio;
 	long ret=1;
 
-	ssl=(SSL *)b->ptr;
+	bs=(BIO_SSL *)b->ptr;
+	ssl=bs->ssl;
+	if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))
+		return(0);
 	switch (cmd)
 		{
 	case BIO_CTRL_RESET:
@@ -262,7 +339,6 @@ char *ptr;
 		else
 			ret=1;
 		break;
-	case BIO_CTRL_EOF:
 	case BIO_CTRL_INFO:
 		ret=0;
 		break;
@@ -272,17 +348,33 @@ char *ptr;
 		else
 			SSL_set_accept_state(ssl);
 		break;
+	case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
+		ret=bs->renegotiate_timeout;
+		if (num < 60) num=5;
+		bs->renegotiate_timeout=(unsigned long)num;
+		bs->last_time=(unsigned long)time(NULL);
+		break;
+	case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
+		ret=bs->renegotiate_count;
+		if ((long)num >=512)
+			bs->renegotiate_count=(unsigned long)num;
+		break;
+	case BIO_C_GET_SSL_NUM_RENEGOTIATES:
+		ret=bs->num_renegotiates;
+		break;
 	case BIO_C_SET_SSL:
-		ssl_free(b);
+		if (ssl != NULL)
+			ssl_free(b);
 		b->shutdown=(int)num;
-		b->ptr=ptr;
 		ssl=(SSL *)ptr;
+		((BIO_SSL *)b->ptr)->ssl=ssl;
 		bio=SSL_get_rbio(ssl);
 		if (bio != NULL)
 			{
 			if (b->next_bio != NULL)
 				BIO_push(bio,b->next_bio);
 			b->next_bio=bio;
+			CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
 			}
 		b->init=1;
 		break;
@@ -292,6 +384,8 @@ char *ptr;
 			sslp=(SSL **)ptr;
 			*sslp=ssl;
 			}
+		else
+			ret=0;
 		break;
 	case BIO_CTRL_GET_CLOSE:
 		ret=b->shutdown;
@@ -313,10 +407,10 @@ char *ptr;
 		BIO_copy_next_retry(b);
 		break;
 	case BIO_CTRL_PUSH:
-		if (b->next_bio != NULL)
+		if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
 			{
 			SSL_set_bio(ssl,b->next_bio,b->next_bio);
-			b->next_bio->references++;
+			CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
 			}
 		break;
 	case BIO_CTRL_POP:
@@ -355,13 +449,35 @@ char *ptr;
 		break;
 	case BIO_CTRL_DUP:
 		dbio=(BIO *)ptr;
-		if (dbio->ptr != NULL)
-			SSL_free((SSL *)dbio->ptr);
-		dbio->ptr=(char *)SSL_dup(ssl);
-		ret=(dbio->ptr != NULL);
+		if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
+			SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
+		((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
+		((BIO_SSL *)dbio->ptr)->renegotiate_count=
+			((BIO_SSL *)b->ptr)->renegotiate_count;
+		((BIO_SSL *)dbio->ptr)->byte_count=
+			((BIO_SSL *)b->ptr)->byte_count;
+		((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
+			((BIO_SSL *)b->ptr)->renegotiate_timeout;
+		((BIO_SSL *)dbio->ptr)->last_time=
+			((BIO_SSL *)b->ptr)->last_time;
+		ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
+		break;
+	case BIO_C_GET_FD:
+		ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_SET_CALLBACK:
+		SSL_set_info_callback(ssl,(void (*)())ptr);
+		break;
+	case BIO_CTRL_GET_CALLBACK:
+		{
+		void (**fptr)();
+
+		fptr=(void (**)())ptr;
+		*fptr=SSL_get_info_callback(ssl);
+		}
 		break;
 	default:
-		return(0);
+		ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
 		break;
 		}
 	return(ret);
@@ -378,6 +494,42 @@ char *str;
 	return(ret);
 	}
 
+BIO *BIO_new_buffer_ssl_connect(ctx)
+SSL_CTX *ctx;
+	{
+	BIO *ret=NULL,*buf=NULL,*ssl=NULL;
+
+	if ((buf=BIO_new(BIO_f_buffer())) == NULL)
+		return(NULL);
+	if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
+		goto err;
+	if ((ret=BIO_push(buf,ssl)) == NULL)
+		goto err;
+	return(ret);
+err:
+	if (buf != NULL) BIO_free(buf);
+	if (ssl != NULL) BIO_free(ssl);
+	return(NULL);
+	}
+
+BIO *BIO_new_ssl_connect(ctx)
+SSL_CTX *ctx;
+	{
+	BIO *ret=NULL,*con=NULL,*ssl=NULL;
+
+	if ((con=BIO_new(BIO_s_connect())) == NULL)
+		return(NULL);
+	if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
+		goto err;
+	if ((ret=BIO_push(ssl,con)) == NULL)
+		goto err;
+	return(ret);
+err:
+	if (con != NULL) BIO_free(con);
+	if (ret != NULL) BIO_free(ret);
+	return(NULL);
+	}
+
 BIO *BIO_new_ssl(ctx,client)
 SSL_CTX *ctx;
 int client;
@@ -408,9 +560,10 @@ BIO *t,*f;
 	f=BIO_find_type(f,BIO_TYPE_SSL);
 	if ((t == NULL) || (f == NULL))
 		return(0);
-	if ((t->ptr == NULL) || (f->ptr == NULL))
+	if (	(((BIO_SSL *)t->ptr)->ssl == NULL) || 
+		(((BIO_SSL *)f->ptr)->ssl == NULL))
 		return(0);
-	SSL_copy_session_id((SSL *)t->ptr,(SSL *)f->ptr);
+	SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
 	return(1);
 	}
 
@@ -423,7 +576,7 @@ BIO *b;
 		{
 		if (b->method->type == BIO_TYPE_SSL)
 			{
-			s=(SSL *)b->ptr;
+			s=((BIO_SSL *)b->ptr)->ssl;
 			SSL_shutdown(s);
 			break;
 			}
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 57d3623f3..a4661ebb6 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -1,5 +1,5 @@
 /* ssl/s23_clnt.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -76,10 +76,12 @@ static int ssl23_get_server_hello();
 static SSL_METHOD *ssl23_get_client_method(ver)
 int ver;
 	{
-	if (ver == 2)
+	if (ver == SSL2_VERSION)
 		return(SSLv2_client_method());
-	else if (ver == 3)
+	else if (ver == SSL3_VERSION)
 		return(SSLv3_client_method());
+	else if (ver == TLS1_VERSION)
+		return(TLSv1_client_method());
 	else
 		return(NULL);
 	}
@@ -111,7 +113,7 @@ SSL *s;
 
 	RAND_seed((unsigned char *)&Time,sizeof(Time));
 	ERR_clear_error();
-	errno=0;
+	clear_sys_error();
 
 	if (s->info_callback != NULL)
 		cb=s->info_callback;
@@ -134,7 +136,7 @@ SSL *s;
 
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
-			s->version=3;
+			/* s->version=TLS1_VERSION; */
 			s->type=SSL_ST_CONNECT;
 
 			if (s->init_buf == NULL)
@@ -230,8 +232,26 @@ SSL *s;
 		p=d+9;
 
 		*(d++)=SSL2_MT_CLIENT_HELLO;
-		*(d++)=SSL3_VERSION_MAJOR;
-		*(d++)=SSL3_VERSION_MINOR;
+		if (!(s->options & SSL_OP_NO_TLSv1))
+			{
+			*(d++)=TLS1_VERSION_MAJOR;
+			*(d++)=TLS1_VERSION_MINOR;
+			}
+		else if (!(s->options & SSL_OP_NO_SSLv3))
+			{
+			*(d++)=SSL3_VERSION_MAJOR;
+			*(d++)=SSL3_VERSION_MINOR;
+			}
+		else if (!(s->options & SSL_OP_NO_SSLv2))
+			{
+			*(d++)=SSL2_VERSION_MAJOR;
+			*(d++)=SSL2_VERSION_MINOR;
+			}
+		else
+			{
+			SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
+			return(-1);
+			}
 
 		/* Ciphers supported */
 		i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p);
@@ -251,7 +271,7 @@ SSL *s;
 #endif
 		s2n(0,d);
 
-		if (s->ctx->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+		if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
 			ch_len=SSL2_CHALLENGE_LENGTH;
 		else
 			ch_len=SSL2_MAX_CHALLENGE_LENGTH;
@@ -290,7 +310,6 @@ SSL *s;
 	unsigned char *p;
 	int i,ch_len;
 	int n;
-	BIO *bbio;
 
 	n=ssl23_read_bytes(s,7);
 
@@ -306,6 +325,11 @@ SSL *s;
 		/* we need to clean up the SSLv3 setup and put in the
 		 * sslv2 stuff. */
 
+		if (s->options & SSL_OP_NO_SSLv2)
+			{
+			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+			goto err;
+			}
 		if (s->s2 == NULL)
 			{
 			if (!ssl2_new(s))
@@ -314,7 +338,7 @@ SSL *s;
 		else
 			ssl2_clear(s);
 
-		if (s->ctx->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+		if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
 			ch_len=SSL2_CHALLENGE_LENGTH;
 		else
 			ch_len=SSL2_MAX_CHALLENGE_LENGTH;
@@ -355,33 +379,13 @@ SSL *s;
 		}
 	else if ((p[0] == SSL3_RT_HANDSHAKE) &&
 		 (p[1] == SSL3_VERSION_MAJOR) &&
-		 (p[2] == SSL3_VERSION_MINOR) &&
+		 ((p[2] == SSL3_VERSION_MINOR) ||
+		  (p[2] == TLS1_VERSION_MINOR)) &&
 		 (p[5] == SSL3_MT_SERVER_HELLO))
 		{
-		/* we have sslv3 */
+		/* we have sslv3 or tls1 */
 
-		if (s->bbio == NULL)
-			{
-			bbio=BIO_new(BIO_f_buffer());
-			if (bbio == NULL)
-				{
-				SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
-				goto err;
-				}
-			s->bbio=bbio;
-			}
-		else
-			bbio=s->bbio;
-
-		BIO_reset(bbio);
-		if (!BIO_set_write_buffer_size(bbio,16*1024))
-			{
-			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
-			goto err;
-			}
-
-		/* start the buffering */
-		s->wbio=BIO_push(s->bbio,s->wbio);
+		if (!ssl_init_wbio_buffer(s,1)) goto err;
 
 		/* we are in this state */
 		s->state=SSL3_ST_CR_SRVR_HELLO_A;
@@ -395,12 +399,30 @@ SSL *s;
 		s->s3->rbuf.left=n;
 		s->s3->rbuf.offset=0;
 
-		s->method=SSLv3_client_method();
+		if ((p[2] == SSL3_VERSION_MINOR) &&
+			!(s->options & SSL_OP_NO_SSLv3))
+			{
+			s->version=SSL3_VERSION;
+			s->method=SSLv3_client_method();
+			}
+		else if ((p[2] == TLS1_VERSION_MINOR) &&
+			!(s->options & SSL_OP_NO_TLSv1))
+			{
+			s->version=TLS1_VERSION;
+			s->method=TLSv1_client_method();
+			}
+		else
+			{
+			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+			goto err;
+			}
+			
 		s->handshake_func=s->method->ssl_connect;
 		}
 	else if ((p[0] == SSL3_RT_ALERT) &&
 		 (p[1] == SSL3_VERSION_MAJOR) &&
-		 (p[2] == SSL3_VERSION_MINOR) &&
+		 ((p[2] == SSL3_VERSION_MINOR) ||
+		  (p[2] == TLS1_VERSION_MINOR)) &&
 		 (p[3] == 0) &&
 		 (p[4] == 2))
 		{
@@ -421,7 +443,7 @@ SSL *s;
 			}
 
 		s->rwstate=SSL_NOTHING;
-		SSLerr(SSL_F_SSL3_READ_BYTES,1000+p[6]);
+		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,1000+p[6]);
 		goto err;
 		}
 	else
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c
index ff19adc11..e16f64110 100644
--- a/ssl/s23_lib.c
+++ b/ssl/s23_lib.c
@@ -1,5 +1,5 @@
 /* ssl/s23_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -81,10 +81,10 @@ static SSL_CIPHER *ssl23_get_cipher_by_char();
 char *SSL23_version_str="SSLv2/3 compatablity part of SSLeay 0.7.0 30-Jan-1997";
 
 static SSL_METHOD SSLv23_data= {
-	3,
-	ssl3_new,
-	ssl3_clear,
-	ssl3_free,
+	TLS1_VERSION,
+	tls1_new,
+	tls1_clear,
+	tls1_free,
 	ssl_undefined_function,
 	ssl_undefined_function,
 	ssl23_read,
@@ -101,6 +101,7 @@ static SSL_METHOD SSLv23_data= {
 	ssl23_get_cipher,
 	ssl_bad_method,
 	ssl23_default_timeout,
+	&ssl3_undef_enc_method,
 	};
 
 static long ssl23_default_timeout()
@@ -179,7 +180,7 @@ int len;
 		return(0);
 		}
 #endif
-	errno=0;
+	clear_sys_error();
 	if (SSL_in_init(s) && (!s->in_handshake))
 		{
 		n=s->handshake_func(s);
@@ -212,7 +213,7 @@ int len;
 		return(0);
 		}
 #endif
-	errno=0;
+	clear_sys_error();
 	if (SSL_in_init(s) && (!s->in_handshake))
 		{
 		n=s->handshake_func(s);
diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c
index dbe282bfd..1eed7a54b 100644
--- a/ssl/s23_meth.c
+++ b/ssl/s23_meth.c
@@ -1,5 +1,5 @@
 /* ssl/s23_meth.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,10 +63,12 @@
 static SSL_METHOD *ssl23_get_method(ver)
 int ver;
 	{
-	if (ver == 2)
+	if (ver == SSL2_VERSION)
 		return(SSLv23_method());
-	else if (ver == 3)
+	else if (ver == SSL3_VERSION)
 		return(SSLv3_method());
+	else if (ver == TLS1_VERSION)
+		return(TLSv1_method());
 	else
 		return(NULL);
 	}
diff --git a/ssl/s23_pkt.c b/ssl/s23_pkt.c
index e9b2add0b..c25c31277 100644
--- a/ssl/s23_pkt.c
+++ b/ssl/s23_pkt.c
@@ -1,5 +1,5 @@
 /* ssl/s23_pkt.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 398f00582..c7b9ecbcf 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -1,5 +1,5 @@
 /* ssl/s23_srvr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -74,10 +74,12 @@ int ssl23_get_client_hello();
 static SSL_METHOD *ssl23_get_server_method(ver)
 int ver;
 	{
-	if (ver == 2)
+	if (ver == SSL2_VERSION)
 		return(SSLv2_server_method());
-	else if (ver == 3)
+	else if (ver == SSL3_VERSION)
 		return(SSLv3_server_method());
+	else if (ver == TLS1_VERSION)
+		return(TLSv1_server_method());
 	else
 		return(NULL);
 	}
@@ -109,7 +111,7 @@ SSL *s;
 
 	RAND_seed((unsigned char *)&Time,sizeof(Time));
 	ERR_clear_error();
-	errno=0;
+	clear_sys_error();
 
 	if (s->info_callback != NULL)
 		cb=s->info_callback;
@@ -132,7 +134,7 @@ SSL *s;
 
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
-			s->version=3;
+			/* s->version=SSL3_VERSION; */
 			s->type=SSL_ST_ACCEPT;
 
 			if (s->init_buf == NULL)
@@ -197,8 +199,7 @@ SSL *s;
 	unsigned char *p,*d,*dd;
 	unsigned int i;
 	unsigned int csl,sil,cl;
-	int n=0,j;
-	BIO *bbio;
+	int n=0,j,tls1=0;
 	int type=0,use_sslv2_strong=0;
 
 	/* read the initial header */
@@ -219,11 +220,28 @@ SSL *s;
 			if ((p[3] == 0x00) && (p[4] == 0x02))
 				{
 				/* SSLv2 */
-				type=1;
+				if (!(s->options & SSL_OP_NO_SSLv2))
+					type=1;
 				}
 			else if (p[3] == SSL3_VERSION_MAJOR)
 				{
-				if (s->ctx->options & SSL_OP_NON_EXPORT_FIRST)
+				/* SSLv3/TLSv1 */
+				if (p[4] >= TLS1_VERSION_MINOR)
+					{
+					if (!(s->options & SSL_OP_NO_TLSv1))
+						{
+						tls1=1;
+						s->state=SSL23_ST_SR_CLNT_HELLO_B;
+						}
+					else if (!(s->options & SSL_OP_NO_SSLv3))
+						{
+						s->state=SSL23_ST_SR_CLNT_HELLO_B;
+						}
+					}
+				else if (!(s->options & SSL_OP_NO_SSLv3))
+					s->state=SSL23_ST_SR_CLNT_HELLO_B;
+
+				if (s->options & SSL_OP_NON_EXPORT_FIRST)
 					{
 					STACK *sk;
 					SSL_CIPHER *c;
@@ -275,30 +293,37 @@ SSL *s;
 							}
 						}
 					}
-				/* SSLv3 */
-				s->state=SSL23_ST_SR_CLNT_HELLO_B;
 				}
 			}
 		else if ((p[0] == SSL3_RT_HANDSHAKE) &&
 			 (p[1] == SSL3_VERSION_MAJOR) &&
 			 (p[5] == SSL3_MT_CLIENT_HELLO))
 			{
-			/* true SSLv3 */
-			type=3;
+			/* true SSLv3 or tls1 */
+			if (p[2] >= TLS1_VERSION_MINOR)
+				{
+				if (!(s->options & SSL_OP_NO_TLSv1))
+					{
+					type=3;
+					tls1=1;
+					}
+				else if (!(s->options & SSL_OP_NO_SSLv3))
+					type=3;
+				}
+			else if (!(s->options & SSL_OP_NO_SSLv3))
+				type=3;
 			}
-		/* I will not introduce error codes since that will probably
-		 * disrupt the error codes alread allocated and could play
-		 * havoc with dynamic allocation.  Upgrade to 0.9.x :-)
-		 */
-		else if ((strncmp("GET ", (char *)p,4) == 0) ||
-			 (strncmp("POST ",(char *)p,5) == 0) ||
-			 (strncmp("HEAD ",(char *)p,5) == 0) ||
-			 (strncmp("PUT ", (char *)p,4) == 0))
+		else if ((strncmp("GET ", p,4) == 0) ||
+			 (strncmp("POST ",p,5) == 0) ||
+			 (strncmp("HEAD ",p,5) == 0) ||
+			 (strncmp("PUT ", p,4) == 0))
 			{
+			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
 			goto err;
 			}
-		else if (strncmp("CONNECT",(char *)p,7) == 0)
+		else if (strncmp("CONNECT",p,7) == 0)
 			{
+			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
 			goto err;
 			}
 		}
@@ -306,7 +331,7 @@ SSL *s;
 next_bit:
 	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
 		{
-		/* we have a SSLv3 in a SSLv2 header */
+		/* we have a SSLv3/TLSv1 in a SSLv2 header */
 		type=2;
 		p=s->packet;
 		n=((p[0]&0x7f)<<8)|p[1];
@@ -334,7 +359,10 @@ next_bit:
 			}
 
 		*(d++)=SSL3_VERSION_MAJOR;
-		*(d++)=SSL3_VERSION_MINOR;
+		if (tls1)
+			*(d++)=TLS1_VERSION_MINOR;
+		else
+			*(d++)=SSL3_VERSION_MINOR;
 
 		/* lets populate the random area */
 		/* get the chalenge_length */
@@ -374,7 +402,7 @@ next_bit:
 	if (type == 1)
 		{
 		/* we are talking sslv2 */
-		/* we need to clean up the SSLv3 setup and put in the
+		/* we need to clean up the SSLv3/TLSv1 setup and put in the
 		 * sslv2 stuff. */
 
 		if (s->s2 == NULL)
@@ -394,7 +422,7 @@ next_bit:
 			}
 
 		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-		if ((s->ctx->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
+		if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
 			use_sslv2_strong)
 			s->s2->ssl2_rollback=0;
 		else
@@ -415,21 +443,9 @@ next_bit:
 
 	if ((type == 2) || (type == 3))
 		{
-		/* we have sslv3 */
+		/* we have SSLv3/TLSv1 */
 
-		if (s->bbio == NULL)
-			{
-			bbio=BIO_new(BIO_f_buffer());
-			if (bbio == NULL)
-				goto err;
-			s->bbio=bbio;
-			}
-		else
-			bbio=s->bbio;
-		BIO_reset(bbio);
-		if (!BIO_set_write_buffer_size(bbio,16*1024))
-			goto err;
-		s->wbio=BIO_push(bbio,s->wbio);
+		if (!ssl_init_wbio_buffer(s,1)) goto err;
 
 		/* we are in this state */
 		s->state=SSL3_ST_SR_CLNT_HELLO_A;
@@ -452,7 +468,16 @@ next_bit:
 			s->s3->rbuf.offset=0;
 			}
 
-		s->method=SSLv3_server_method();
+		if (tls1)
+			{
+			s->version=TLS1_VERSION;
+			s->method=TLSv1_server_method();
+			}
+		else
+			{
+			s->version=SSL3_VERSION;
+			s->method=SSLv3_server_method();
+			}
 		s->handshake_func=s->method->ssl_accept;
 		}
 	
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 67578a45a..16df9ec56 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -1,5 +1,5 @@
 /* ssl/s2_clnt.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,9 +57,6 @@
  */
 
 #include <stdio.h>
-#ifndef NO_MD5
-#include "md5.h"
-#endif
 #include "rand.h"
 #include "buffer.h"
 #include "objects.h"
@@ -92,7 +89,7 @@ static int ssl_rsa_public_encrypt();
 static SSL_METHOD *ssl2_get_client_method(ver)
 int ver;
 	{
-	if (ver == 2)
+	if (ver == SSL2_VERSION)
 		return(SSLv2_client_method());
 	else
 		return(NULL);
@@ -125,7 +122,7 @@ SSL *s;
 
 	RAND_seed((unsigned char *)&l,sizeof(l));
 	ERR_clear_error();
-	errno=0;
+	clear_sys_error();
 
 	if (s->info_callback != NULL)
 		cb=s->info_callback;
@@ -149,7 +146,7 @@ SSL *s;
 
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
-			s->version=2;
+			s->version=SSL2_VERSION;
 			s->type=SSL_ST_CONNECT;
 
 			buf=s->init_buf;
@@ -262,6 +259,7 @@ SSL *s;
 			 */
 
 			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
+			if (s->hit) s->ctx->sess_hit++;
 
 			ret=1;
 			/* s->server=0; */
@@ -298,7 +296,7 @@ SSL *s;
 	unsigned char *buf;
 	unsigned char *p;
 	int i,j;
-	STACK *sk,*cl;
+	STACK *sk=NULL,*cl;
 
 	buf=(unsigned char *)s->init_buf->data;
 	p=buf;
@@ -350,7 +348,7 @@ SSL *s;
 			}
 		if (s->s2->tmp.cert_type != 0)
 			{
-			if (!(s->ctx->options &
+			if (!(s->options &
 				SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
 				{
 				SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
@@ -448,7 +446,7 @@ SSL *s;
 	 * cert, Free's it before we increment the reference count. */
 	CRYPTO_w_lock(CRYPTO_LOCK_X509);
 	s->session->peer=s->session->cert->key->x509;
-	s->session->peer->references++;
+	CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);
 	CRYPTO_w_unlock(CRYPTO_LOCK_X509);
 
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
@@ -736,7 +734,7 @@ SSL *s;
 		/* ok, now we calculate the checksum
 		 * do it first so we can reuse buf :-) */
 		p=buf;
-		EVP_SignInit(&ctx,EVP_md5());
+		EVP_SignInit(&ctx,s->ctx->rsa_md5);
 		EVP_SignUpdate(&ctx,s->s2->key_material,
 			(unsigned int)s->s2->key_material_length);
 		EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
@@ -856,12 +854,15 @@ SSL *s;
 	if (!s->hit) /* new session */
 		{
 		/* new session-id */
+		/* Make sure we were not trying to re-use an old SSL_SESSION
+		 * or bad things can happen */
+		/* ZZZZZZZZZZZZZ */
 		s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
 		memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
 		}
 	else
 		{
-		if (!(s->ctx->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
 			{
 			if (memcmp(buf,s->session->session_id,
 				(unsigned int)s->session->session_id_length) != 0)
diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index b915f099e..b43056fa1 100644
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -1,5 +1,5 @@
 /* ssl/s2_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,9 +59,6 @@
 #include <stdio.h>
 #include "ssl_locl.h"
 
-#define RS	0
-#define WS	1
-
 int ssl2_enc_init(s, client)
 SSL *s;
 int client;
@@ -94,6 +91,9 @@ int client;
 	rs= s->enc_read_ctx;
 	ws= s->enc_write_ctx;
 
+	EVP_CIPHER_CTX_init(rs);
+	EVP_CIPHER_CTX_init(ws);
+
 	num=c->key_len;
 	s->s2->key_material_length=num*2;
 
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index fb9158221..275eb52f1 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -1,5 +1,5 @@
 /* ssl/s2_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -69,7 +69,7 @@ static int ssl2_ok();
 static long ssl2_default_timeout();
 #endif
 
-char *ssl2_version_str="SSLv2 part of SSLeay 0.8.1b 29-Jun-1998";
+char *ssl2_version_str="SSLv2 part of SSLeay 0.9.0b 29-Jun-1998";
 
 #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
 
@@ -139,17 +139,6 @@ SSL_CIPHER ssl2_ciphers[]={
 	0,
 	SSL_ALL_CIPHERS,
 	},
-/* DES_64_CBC_WITH_SHA */
-#if 0
-	{
-	1,
-	SSL2_TXT_DES_64_CBC_WITH_SHA,
-	SSL2_CK_DES_64_CBC_WITH_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA0|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
-	0,
-	SSL_ALL_CIPHERS,
-	},
-#endif
 /* DES_192_EDE3_CBC_WITH_MD5 */
 	{
 	1,
@@ -159,17 +148,6 @@ SSL_CIPHER ssl2_ciphers[]={
 	0,
 	SSL_ALL_CIPHERS,
 	},
-/* DES_192_EDE3_CBC_WITH_SHA */
-#if 0
-	{
-	1,
-	SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA,
-	SSL2_CK_DES_192_EDE3_CBC_WITH_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA0|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
-	0,
-	SSL_ALL_CIPHERS,
-	},
-#endif
 /* RC4_64_WITH_MD5 */
 #if 1
 	{
@@ -196,7 +174,7 @@ SSL_CIPHER ssl2_ciphers[]={
 	};
 
 static SSL_METHOD SSLv2_data= {
-	2,
+	SSL2_VERSION,
 	ssl2_new,	/* local */
 	ssl2_clear,	/* local */
 	ssl2_free,	/* local */
@@ -216,6 +194,7 @@ static SSL_METHOD SSLv2_data= {
 	ssl2_get_cipher,
 	ssl_bad_method,
 	ssl2_default_timeout,
+	&ssl3_undef_enc_method,
 	};
 
 static long ssl2_default_timeout()
@@ -254,6 +233,7 @@ SSL *s;
 	SSL2_CTX *s2;
 
 	if ((s2=(SSL2_CTX *)Malloc(sizeof(SSL2_CTX))) == NULL) goto err;
+	memset(s2,0,sizeof(SSL2_CTX));
 
 	if ((s2->rbuf=(unsigned char *)Malloc(
 		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
@@ -302,9 +282,8 @@ SSL *s;
 	s2->rbuf=rbuf;
 	s2->wbuf=wbuf;
 	s2->clear_text=1;
-	s2->first_packet=0;
 	s->packet=s2->rbuf;
-	s->version=2;
+	s->version=SSL2_VERSION;
 	s->packet_length=0;
 	}
 
@@ -314,7 +293,17 @@ int cmd;
 long larg;
 char *parg;
 	{
-	return(0);
+	int ret=0;
+
+	switch(cmd)
+		{
+	case SSL_CTRL_GET_SESSION_REUSED:
+		ret=s->hit;
+		break;
+	default:
+		break;
+		}
+	return(ret);
 	}
 
 long ssl2_ctx_ctrl(ctx,cmd,larg,parg)
diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c
index 0b8c2acb4..cfc8828cc 100644
--- a/ssl/s2_meth.c
+++ b/ssl/s2_meth.c
@@ -1,5 +1,5 @@
 /* ssl/s2_meth.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,7 +63,7 @@
 static SSL_METHOD *ssl2_get_method(ver)
 int ver;
 	{
-	if (ver == 2)
+	if (ver == SSL2_VERSION)
 		return(SSLv2_method());
 	else
 		return(NULL);
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c
index 84bea33e2..e4167b53a 100644
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c
@@ -1,5 +1,5 @@
 /* ssl/s2_pkt.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -70,8 +70,8 @@
 
 #ifndef NOPROTO
 static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
-static int do_ssl_write(SSL *s, const char *buf, unsigned int len);
-static int write_pending(SSL *s, const char *buf, unsigned int len);
+static int do_ssl_write(SSL *s, char *buf, unsigned int len);
+static int write_pending(SSL *s, char *buf, unsigned int len);
 static int ssl_mt_error(int n);
 #else
 static int read_n();
@@ -121,7 +121,7 @@ int len;
 			}
 		}
 
-	errno=0;
+	clear_sys_error();
 	s->rwstate=SSL_NOTHING;
 	if (len <= 0) return(len);
 
@@ -231,7 +231,7 @@ int len;
 				(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
 				{
 				SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE);
-				return(SSL_RWERR_BAD_MAC_DECODE);
+				return(-1);
 				}
 			}
 		INC32(s->s2->read_sequence); /* expect next number */
@@ -248,7 +248,7 @@ int len;
 	else
 		{
 		SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE);
-			return(SSL_RWERR_INTERNAL_ERROR);
+			return(-1);
 		}
 	}
 
@@ -312,7 +312,7 @@ unsigned int extend;
 	s->packet=s->s2->rbuf;
 	while (newb < (int)n)
 		{
-		errno=0;
+		clear_sys_error();
 		if (s->rbio != NULL)
 			{
 			s->rwstate=SSL_READING;
@@ -356,7 +356,7 @@ unsigned int extend;
 
 int ssl2_write(s, buf, len)
 SSL *s;
-const char *buf;
+char *buf;
 int len;
 	{
 	unsigned int n,tot;
@@ -380,7 +380,7 @@ int len;
 			return(-1);
 		}
 
-	errno=0;
+	clear_sys_error();
 	s->rwstate=SSL_NOTHING;
 	if (len <= 0) return(len);
 
@@ -405,7 +405,7 @@ int len;
 
 static int write_pending(s,buf,len)
 SSL *s;
-const char *buf;
+char *buf;
 unsigned int len;
 	{
 	int i;
@@ -414,15 +414,15 @@ unsigned int len;
 
 	/* check that they have given us the same buffer to
 	 * write */
-	if ((s->s2->wpend_tot != (int)len) || (s->s2->wpend_buf != buf))
+	if ((s->s2->wpend_tot > (int)len) || (s->s2->wpend_buf != buf))
 		{
 		SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
-		return(SSL_RWERR_BAD_WRITE_RETRY);
+		return(-1);
 		}
 
 	for (;;)
 		{
-		errno=0;
+		clear_sys_error();
 		if (s->wbio != NULL)
 			{
 			s->rwstate=SSL_WRITING;
@@ -453,7 +453,7 @@ unsigned int len;
 
 static int do_ssl_write(s, buf, len)
 SSL *s;
-const char *buf;
+char *buf;
 unsigned int len;
 	{
 	unsigned int j,k,olen,p,mac_size,bs;
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 0112397e5..c6c8ea32f 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -1,5 +1,5 @@
 /* ssl/s2_srvr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,9 +57,6 @@
  */
 
 #include <stdio.h>
-#ifdef NO_MD5
-#include "md5.h"
-#endif
 #include "bio.h"
 #include "rand.h"
 #include "objects.h"
@@ -92,7 +89,7 @@ static int ssl_rsa_private_decrypt();
 static SSL_METHOD *ssl2_get_server_method(ver)
 int ver;
 	{
-	if (ver == 2)
+	if (ver == SSL2_VERSION)
 		return(SSLv2_server_method());
 	else
 		return(NULL);
@@ -126,7 +123,7 @@ SSL *s;
 
 	RAND_seed((unsigned char *)&l,sizeof(l));
 	ERR_clear_error();
-	errno=0;
+	clear_sys_error();
 
 	if (s->info_callback != NULL)
 		cb=s->info_callback;
@@ -144,7 +141,7 @@ SSL *s;
 		return(-1);
 		}
 
-	errno=0;
+	clear_sys_error();
 	for (;;)
 		{
 		state=s->state;
@@ -158,7 +155,7 @@ SSL *s;
 
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
-			s->version=2;
+			s->version=SSL2_VERSION;
 			s->type=SSL_ST_ACCEPT;
 
 			buf=s->init_buf;
@@ -309,13 +306,13 @@ SSL *s;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
 
 			goto end;
-			BREAK;
+			/* BREAK; */
 
 		default:
 			SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE);
 			ret= -1;
 			goto end;
-			BREAK;
+			/* BREAK; */
 			}
 		
 		if ((cb != NULL) && (s->state != state))
@@ -336,7 +333,7 @@ end:
 static int get_client_master_key(s)
 SSL *s;
 	{
-	int export,i,n,keya,ek;
+	int export,i,n,keya,error=0,ek;
 	unsigned char *p;
 	SSL_CIPHER *cp;
 	EVP_CIPHER *c;
@@ -390,7 +387,7 @@ SSL *s;
 	memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
 		(unsigned int)keya);
 
-	if (s->session->cert->key->privatekey == NULL)
+	if (s->session->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
@@ -537,8 +534,8 @@ SSL *s;
 		}
 	else
 		{
-		i=ssl_get_prev_session(s,s->s2->tmp.session_id_length,
-			&(p[s->s2->tmp.cipher_spec_length]));
+		i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]),
+			s->s2->tmp.session_id_length);
 		if (i == 1)
 			{ /* previous session */
 			s->hit=1;
@@ -656,9 +653,9 @@ SSL *s;
 			/* put certificate type */
 			*(p++)=SSL2_CT_X509_CERTIFICATE;
 			s2n(s->version,p);	/* version */
-			n=i2d_X509(s->cert->key->x509,NULL);
+			n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
 			s2n(n,p);		/* certificate length */
-			i2d_X509(s->cert->key->x509,&d);
+			i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d);
 			n=0;
 			
 			/* lets send out the ciphers we like in the
@@ -687,23 +684,7 @@ SSL *s;
  	 */
  	if (s->hit)
  		{
- 		BIO *buf;
- 
- 		if (s->bbio == NULL)
- 			{
- 			buf=BIO_new(BIO_f_buffer());
- 			if (buf == NULL)
- 				{
- 				SSLerr(SSL_F_SERVER_HELLO,ERR_LIB_BUF);
- 				return(-1);
- 				}
- 			s->bbio=buf;
- 			}
- 		else
- 			buf=s->bbio;
- 		
- 		BIO_reset(buf);
- 		s->wbio=BIO_push(buf,s->wbio);
+		if (!ssl_init_wbio_buffer(s,1)) return(-1);
  		}
  
 	return(ssl2_do_write(s));
@@ -904,12 +885,12 @@ SSL *s;
 		EVP_MD_CTX ctx;
 		EVP_PKEY *pkey=NULL;
 
-		EVP_VerifyInit(&ctx,EVP_md5());
+		EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
 		EVP_VerifyUpdate(&ctx,s->s2->key_material,
 			(unsigned int)s->s2->key_material_length);
 		EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
-		i=i2d_X509(s->session->cert->key->x509,NULL);
+		i=i2d_X509(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
 		buf2=(unsigned char *)Malloc((unsigned int)i);
 		if (buf2 == NULL)
 			{
@@ -917,7 +898,7 @@ SSL *s;
 			goto msg_end;
 			}
 		p2=buf2;
-		i=i2d_X509(s->session->cert->key->x509,&p2);
+		i=i2d_X509(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
 		EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
 		Free(buf2);
 
@@ -962,17 +943,17 @@ int padding;
 	RSA *rsa;
 	int i;
 
-	if ((c == NULL) || (c->key->privatekey == NULL))
+	if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL))
 		{
 		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY);
 		return(-1);
 		}
-	if (c->key->privatekey->type != EVP_PKEY_RSA)
+	if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA)
 		{
 		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
 		return(-1);
 		}
-	rsa=c->key->privatekey->pkey.rsa;
+	rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
 
 	/* we have the public key */
 	i=RSA_private_decrypt(len,from,to,rsa,padding);
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 1d710eef2..6de62e159 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -1,5 +1,5 @@
 /* ssl/s3_both.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -69,16 +69,12 @@
 /* SSL3err(SSL_F_SSL3_GET_FINISHED,SSL_R_EXCESSIVE_MESSAGE_SIZE);
  */
 
-unsigned char ssl3_server_finished_const[4]=
-	{SSL3_MD_SERVER_FINISHED_CONST};
-unsigned char ssl3_client_finished_const[4]=
-	{SSL3_MD_CLIENT_FINISHED_CONST};
-
-int ssl3_send_finished(s,a,b,sender)
+int ssl3_send_finished(s,a,b,sender,slen)
 SSL *s;
 int a;
 int b;
 unsigned char *sender;
+int slen;
 	{
 	unsigned char *p,*d;
 	int i;
@@ -89,11 +85,12 @@ unsigned char *sender;
 		d=(unsigned char *)s->init_buf->data;
 		p= &(d[4]);
 
-		i=ssl3_final_finish_mac(s,&(s->s3->finish_dgst1),sender,p);
+		i=s->method->ssl3_enc->final_finish_mac(s,
+			&(s->s3->finish_dgst1),
+			&(s->s3->finish_dgst2),
+			sender,slen,p);
 		p+=i;
 		l=i;
-		i=ssl3_final_finish_mac(s,&(s->s3->finish_dgst2),sender,p);
-		l+=i;
 
 		*(d++)=SSL3_MT_FINISHED;
 		l2n3(l,d);
@@ -107,13 +104,12 @@ unsigned char *sender;
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
-int ssl3_get_finished(s,a,b,sender)
+int ssl3_get_finished(s,a,b)
 SSL *s;
 int a;
 int b;
-unsigned char *sender;
 	{
-	int al,i,j,ok;
+	int al,i,ok;
 	long n;
 	unsigned char *p;
 
@@ -133,7 +129,7 @@ unsigned char *sender;
 	/* If this occurs if we has missed a message */
 	if (!s->s3->change_cipher_spec)
 		{
-		al=SSL3_AD_UNEXPECTED_MESSAGE;
+		al=SSL_AD_UNEXPECTED_MESSAGE;
 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
 		goto f_err;
 		}
@@ -141,20 +137,18 @@ unsigned char *sender;
 
 	p=(unsigned char *)s->init_buf->data;
 
-	i=EVP_MD_CTX_size(&(s->s3->finish_dgst1));
-	j=EVP_MD_CTX_size(&(s->s3->finish_dgst2));
+	i=s->method->ssl3_enc->finish_mac_length;
 
-	if ((i+j) != n)
+	if (i != n)
 		{
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_DECODE_ERROR;
 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
 		goto f_err;
 		}
 
-	if (	(memcmp(  p,    &(s->s3->tmp.finish_md1[0]),i) != 0) ||
-		(memcmp(&(p[i]),&(s->s3->tmp.finish_md2[0]),j) != 0))
+	if (memcmp(  p,    (char *)&(s->s3->tmp.finish_md[0]),i) != 0)
 		{
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_DECRYPT_ERROR;
 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
 		goto f_err;
 		}
@@ -204,34 +198,43 @@ X509 *x;
 	X509_STORE_CTX xs_ctx;
 	X509_OBJECT obj;
 
-	X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
-
+	/* TLSv1 sends a chain with nothing in it, instead of an alert */
 	buf=s->init_buf;
-	for (;;)
+	if (!BUF_MEM_grow(buf,(int)(10)))
 		{
-		n=i2d_X509(x,NULL);
-		if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+		SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+		return(0);
+		}
+	if (x != NULL)
+		{
+		X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
+
+		for (;;)
 			{
-			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
-			return(0);
+			n=i2d_X509(x,NULL);
+			if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+				{
+				SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+				return(0);
+				}
+			p=(unsigned char *)&(buf->data[l]);
+			l2n3(n,p);
+			i2d_X509(x,&p);
+			l+=n+3;
+			if (X509_NAME_cmp(X509_get_subject_name(x),
+				X509_get_issuer_name(x)) == 0) break;
+
+			i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
+				X509_get_issuer_name(x),&obj);
+			if (i <= 0) break;
+			x=obj.data.x509;
+			/* Count is one too high since the X509_STORE_get uped the
+			 * ref count */
+			X509_free(x);
 			}
-		p=(unsigned char *)&(buf->data[l]);
-		l2n3(n,p);
-		i2d_X509(x,&p);
-		l+=n+3;
-		if (X509_NAME_cmp(X509_get_subject_name(x),
-			X509_get_issuer_name(x)) == 0) break;
-
-		i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
-			X509_get_issuer_name(x),&obj);
-		if (i <= 0) break;
-		x=obj.data.x509;
-		/* Count is one too high since the X509_STORE_get uped the
-		 * ref count */
-		X509_free(x);
-		}
 
-	X509_STORE_CTX_cleanup(&xs_ctx);
+		X509_STORE_CTX_cleanup(&xs_ctx);
+		}
 
 	l-=7;
 	p=(unsigned char *)&(buf->data[4]);
@@ -260,7 +263,7 @@ int *ok;
 		s->s3->tmp.reuse_message=0;
 		if ((mt >= 0) && (s->s3->tmp.message_type != mt))
 			{
-			al=SSL3_AD_UNEXPECTED_MESSAGE;
+			al=SSL_AD_UNEXPECTED_MESSAGE;
 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
 			goto f_err;
 			}
@@ -283,7 +286,7 @@ int *ok;
 
 		if ((mt >= 0) && (*p != mt))
 			{
-			al=SSL3_AD_UNEXPECTED_MESSAGE;
+			al=SSL_AD_UNEXPECTED_MESSAGE;
 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
 			goto f_err;
 			}
@@ -292,7 +295,7 @@ int *ok;
 		n2l3(p,l);
 		if (l > (unsigned long)max)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_ILLEGAL_PARAMETER;
 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
 			goto f_err;
 			}
@@ -381,31 +384,53 @@ err:
 	}
 
 int ssl_verify_alarm_type(type)
-int type;
+long type;
 	{
 	int al;
 
 	switch(type)
 		{
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-
+	case X509_V_ERR_UNABLE_TO_GET_CRL:
+		al=SSL_AD_UNKNOWN_CA;
+		break;
 	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
 	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-	case X509_V_ERR_CERT_NOT_YET_VALID:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+	case X509_V_ERR_CERT_NOT_YET_VALID:
+	case X509_V_ERR_CRL_NOT_YET_VALID:
+		al=SSL_AD_BAD_CERTIFICATE;
+		break;
+	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+	case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+		al=SSL_AD_DECRYPT_ERROR;
+		break;
+	case X509_V_ERR_CERT_HAS_EXPIRED:
+	case X509_V_ERR_CRL_HAS_EXPIRED:
+		al=SSL_AD_CERTIFICATE_EXPIRED;
+		break;
+	case X509_V_ERR_CERT_REVOKED:
+		al=SSL_AD_CERTIFICATE_REVOKED;
+		break;
+	case X509_V_ERR_OUT_OF_MEM:
+		al=SSL_AD_INTERNAL_ERROR;
+		break;
 	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
 	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
 	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-		al=SSL3_AD_BAD_CERTIFICATE;
+	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+		al=SSL_AD_UNKNOWN_CA;
 		break;
-	case X509_V_ERR_CERT_HAS_EXPIRED:
-		al=SSL3_AD_CERTIFICATE_EXPIRED;
+	case X509_V_ERR_APPLICATION_VERIFICATION:
+		al=SSL_AD_HANDSHAKE_FAILURE;
 		break;
 	default:
-		al=SSL3_AD_CERTIFICATE_UNKNOWN;
+		al=SSL_AD_CERTIFICATE_UNKNOWN;
 		break;
 		}
 	return(al);
@@ -419,7 +444,7 @@ SSL *s;
 
 	if (s->s3->rbuf.buf == NULL)
 		{
-		if (s->ctx->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+		if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
 			extra=SSL3_RT_MAX_EXTRA;
 		else
 			extra=0;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 4f551d20e..940c6a458 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1,5 +1,5 @@
 /* ssl/s3_clnt.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -102,7 +102,7 @@ static int ssl3_check_cert_and_algorithm();
 static SSL_METHOD *ssl3_get_client_method(ver)
 int ver;
 	{
-	if (ver == 3)
+	if (ver == SSL3_VERSION)
 		return(SSLv3_client_method());
 	else
 		return(NULL);
@@ -132,12 +132,12 @@ SSL *s;
 	long num1;
 	void (*cb)()=NULL;
 	int ret= -1;
-	BIO *bbio,*under;
+	BIO *under;
 	int new_state,state,skip=0;;
 
 	RAND_seed((unsigned char *)&Time,sizeof(Time));
 	ERR_clear_error();
-	errno=0;
+	clear_sys_error();
 
 	if (s->info_callback != NULL)
 		cb=s->info_callback;
@@ -156,6 +156,7 @@ SSL *s;
 		case SSL_ST_RENEGOTIATE:
 			s->new_session=1;
 			s->state=SSL_ST_CONNECT;
+			s->ctx->sess_connect_renegotiate++;
 			/* break */
 		case SSL_ST_BEFORE:
 		case SSL_ST_CONNECT:
@@ -164,7 +165,9 @@ SSL *s;
 
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
-			s->version=3;
+			if ((s->version & 0xff00 ) != 0x0300)
+				abort();
+			/* s->version=SSL3_VERSION; */
 			s->type=SSL_ST_CONNECT;
 
 			if (s->init_buf == NULL)
@@ -185,27 +188,7 @@ SSL *s;
 			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
 
 			/* setup buffing BIO */
-			if (s->bbio == NULL)
-				{
-				bbio=BIO_new(BIO_f_buffer());
-				if (bbio == NULL)
-					{
-					SSLerr(SSL_F_SSL3_CONNECT,ERR_LIB_BUF);
-					ret= -1;
-					goto end;
-					}
-				s->bbio=bbio;
-				}
-			else
-				bbio=s->bbio;
-
-			BIO_reset(bbio);
-			if (!BIO_set_write_buffer_size(bbio,16*1024))
-				{
-				SSLerr(SSL_F_SSL3_CONNECT,ERR_LIB_BUF);
-				ret= -1;
-				goto end;
-				}
+			if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
 
 			/* don't push the buffering BIO quite yet */
 
@@ -226,7 +209,8 @@ SSL *s;
 			s->init_num=0;
 
 			/* turn on buffering for the next lot of output */
-			s->wbio=BIO_push(s->bbio,s->wbio);
+			if (s->bbio != s->wbio)
+				s->wbio=BIO_push(s->bbio,s->wbio);
 
 			break;
 
@@ -307,7 +291,9 @@ SSL *s;
 			l=s->s3->tmp.new_cipher->algorithms;
 			/* EAY EAY EAY need to check for DH fix cert
 			 * sent back */
-			if ((s->s3->tmp.cert_req) && 1)
+			/* For TLS, cert_req is set to 2, so a cert chain
+			 * of nothing is sent, but no verify packet is sent */
+			if (s->s3->tmp.cert_req == 1)
 				{
 				s->state=SSL3_ST_CW_CERT_VRFY_A;
 				}
@@ -338,13 +324,13 @@ SSL *s;
 			s->init_num=0;
 
 			s->session->cipher=s->s3->tmp.new_cipher;
-			if (!ssl3_setup_key_block(s))
+			if (!s->method->ssl3_enc->setup_key_block(s))
 				{
 				ret= -1;
 				goto end;
 				}
 
-			if (!ssl3_change_cipher_state(s,
+			if (!s->method->ssl3_enc->change_cipher_state(s,
 				SSL3_CHANGE_CIPHER_CLIENT_WRITE))
 				{
 				ret= -1;
@@ -357,7 +343,8 @@ SSL *s;
 		case SSL3_ST_CW_FINISHED_B:
 			ret=ssl3_send_finished(s,
 				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
-				&(ssl3_client_finished_const[0]));
+				s->method->ssl3_enc->client_finished,
+				s->method->ssl3_enc->client_finished_len);
 			if (ret <= 0) goto end;
 			s->state=SSL3_ST_CW_FLUSH;
 
@@ -384,8 +371,7 @@ SSL *s;
 		case SSL3_ST_CR_FINISHED_B:
 
 			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
-				SSL3_ST_CR_FINISHED_B,
-				&(ssl3_server_finished_const[0]));
+				SSL3_ST_CR_FINISHED_B);
 			if (ret <= 0) goto end;
 
 			if (s->hit)
@@ -434,6 +420,7 @@ SSL *s;
 			s->new_session=0;
 
 			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
+			if (s->hit) s->ctx->sess_hit++;
 
 			ret=1;
 			/* s->server=0; */
@@ -455,7 +442,11 @@ SSL *s;
 		/* did we do anything */
 		if (!s->s3->tmp.reuse_message && !skip)
 			{
-			if (s->debug) BIO_flush(s->wbio);
+			if (s->debug)
+				{
+				if ((ret=BIO_flush(s->wbio)) <= 0)
+					goto end;
+				}
 
 			if ((cb != NULL) && (s->state != state))
 				{
@@ -502,8 +493,8 @@ SSL *s;
 		/* Do the message type and length last */
 		d=p= &(buf[4]);
 
-		*(p++)=SSL3_VERSION_MAJOR;
-		*(p++)=SSL3_VERSION_MINOR;
+		*(p++)=s->version>>8;
+		*(p++)=s->version&0xff;
 
 		/* Random stuff */
 		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
@@ -572,10 +563,12 @@ SSL *s;
 	if (!ok) return((int)n);
 	d=p=(unsigned char *)s->init_buf->data;
 
-	if ((p[0] != SSL3_VERSION_MAJOR) && (p[1] != SSL3_VERSION_MINOR))
+	if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
 		{
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
-		goto err;
+		s->version=(s->version&0xff00)|p[1];
+		al=SSL_AD_PROTOCOL_VERSION;
+		goto f_err;
 		}
 	p+=2;
 
@@ -592,32 +585,36 @@ SSL *s;
 		/* SSLref returns 16 :-( */
 		if (j < SSL2_SSL_SESSION_ID_LENGTH)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_ILLEGAL_PARAMETER;
 			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
 			goto f_err;
 			}
 		}
-	if (j == 0)
-		{
-		s->hit=0;
-		memset(s->session->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
-		s->session->session_id_length=0;
-		}
-	else if ((j == s->session->session_id_length) &&
+	if ((j != 0) && (j == s->session->session_id_length) &&
 		(memcmp(p,s->session->session_id,j) == 0))
 		s->hit=1;
-	else
+	else	/* a miss or crap from the other end */
 		{
-		memcpy(s->session->session_id,p,j);
-		s->session->session_id_length=j;
+		/* If we were trying for session-id reuse, make a new
+		 * SSL_SESSION so we don't stuff up other people */
 		s->hit=0;
+		if (s->session->session_id_length > 0)
+			{
+			if (!ssl_get_new_session(s,0))
+				{
+				al=SSL_AD_INTERNAL_ERROR;
+				goto f_err;
+				}
+			}
+		s->session->session_id_length=j;
+		memcpy(s->session->session_id,p,j); /* j could be 0 */
 		}
 	p+=j;
 	c=ssl_get_cipher_by_char(s,p);
 	if (c == NULL)
 		{
 		/* unknown cipher */
-		al=SSL3_AD_HANDSHAKE_FAILURE;
+		al=SSL_AD_ILLEGAL_PARAMETER;
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
 		goto f_err;
 		}
@@ -628,17 +625,17 @@ SSL *s;
 	if (i < 0)
 		{
 		/* we did not say we would use this cipher */
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_ILLEGAL_PARAMETER;
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
 		goto f_err;
 		}
 
 	if (s->hit && (s->session->cipher != c))
 		{
-		if (!(s->ctx->options &
+		if (!(s->options &
 			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_ILLEGAL_PARAMETER;
 			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
 			goto f_err;
 			}
@@ -649,7 +646,7 @@ SSL *s;
 	j= *(p++);
 	if (j != 0)
 		{
-		al=SSL3_AD_HANDSHAKE_FAILURE;
+		al=SSL_AD_ILLEGAL_PARAMETER;
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 		goto f_err;
 		}
@@ -657,7 +654,7 @@ SSL *s;
 	if (p != (d+n))
 		{
 		/* wrong packet length */
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_DECODE_ERROR;
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
 		goto err;
 		}
@@ -701,7 +698,7 @@ SSL *s;
 
 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
 		{
-		al=SSL3_AD_UNEXPECTED_MESSAGE;
+		al=SSL_AD_UNEXPECTED_MESSAGE;
 		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
 		goto f_err;
 		}
@@ -716,7 +713,7 @@ SSL *s;
 	n2l3(p,llen);
 	if (llen+3 != n)
 		{
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_DECODE_ERROR;
 		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
 		goto f_err;
 		}
@@ -725,7 +722,7 @@ SSL *s;
 		n2l3(p,l);
 		if ((l+nc+3) > llen)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 			}
@@ -734,13 +731,13 @@ SSL *s;
 		x=d2i_X509(NULL,&q,l);
 		if (x == NULL)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_BAD_CERTIFICATE;
 			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
 			goto f_err;
 			}
 		if (q != (p+l))
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 			}
@@ -792,7 +789,7 @@ SSL *s;
 		}
 
 	c->cert_type=i;
-	x->references++;
+	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
 	if (c->pkeys[i].x509 != NULL)
 		X509_free(c->pkeys[i].x509);
 	c->pkeys[i].x509=x;
@@ -800,7 +797,7 @@ SSL *s;
 
 	if ((s->session != NULL) && (s->session->peer != NULL)) 
 		X509_free(s->session->peer);
-	x->references++;
+	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
 	s->session->peer=x;
 
 	x=NULL;
@@ -829,7 +826,9 @@ SSL *s;
 	long n,alg;
 	EVP_PKEY *pkey=NULL;
 	RSA *rsa=NULL;
+#ifndef NO_DH
 	DH *dh=NULL;
+#endif
 
 	n=ssl3_get_message(s,
 		SSL3_ST_CR_KEY_EXCH_A,
@@ -885,7 +884,7 @@ SSL *s;
 		param_len=i+2;
 		if (param_len > n)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
 			goto f_err;
 			}
@@ -900,7 +899,7 @@ SSL *s;
 		param_len+=i+2;
 		if (param_len > n)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
 			goto f_err;
 			}
@@ -937,7 +936,7 @@ SSL *s;
 		param_len=i+2;
 		if (param_len > n)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
 			goto f_err;
 			}
@@ -952,7 +951,7 @@ SSL *s;
 		param_len+=i+2;
 		if (param_len > n)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
 			goto f_err;
 			}
@@ -967,7 +966,7 @@ SSL *s;
 		param_len+=i+2;
 		if (param_len > n)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
 			goto f_err;
 			}
@@ -994,7 +993,7 @@ SSL *s;
 		}
 	else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
 		{
-		al=SSL3_AD_HANDSHAKE_FAILURE;
+		al=SSL_AD_ILLEGAL_PARAMETER;
 		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
 		goto f_err;
 		}
@@ -1013,7 +1012,7 @@ SSL *s;
 		if ((i != n) || (n > j) || (n <= 0))
 			{
 			/* wrong packet length */
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
 			goto err;
 			}
@@ -1027,7 +1026,8 @@ SSL *s;
 			q=md_buf;
 			for (num=2; num > 0; num--)
 				{
-				EVP_DigestInit(&md_ctx,(num == 2)?EVP_md5():EVP_sha1());
+				EVP_DigestInit(&md_ctx,(num == 2)
+					?s->ctx->md5:s->ctx->sha1);
 				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,param,param_len);
@@ -1039,14 +1039,14 @@ SSL *s;
 				RSA_PKCS1_PADDING);
 			if (i <= 0)
 				{
-				al=SSL3_AD_ILLEGAL_PARAMETER;
+				al=SSL_AD_DECRYPT_ERROR;
 				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
 				goto f_err;
 				}
 			if ((j != i) || (memcmp(p,md_buf,i) != 0))
 				{
 				/* bad signature */
-				al=SSL3_AD_ILLEGAL_PARAMETER;
+				al=SSL_AD_DECRYPT_ERROR;
 				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
 				goto f_err;
 				}
@@ -1064,7 +1064,7 @@ SSL *s;
 			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
 				{
 				/* bad signature */
-				al=SSL3_AD_ILLEGAL_PARAMETER;
+				al=SSL_AD_DECRYPT_ERROR;
 				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
 				goto f_err;
 				}
@@ -1086,7 +1086,7 @@ SSL *s;
 			}
 		if (n != 0)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
 			goto f_err;
 			}
@@ -1103,8 +1103,8 @@ static int ssl3_get_certificate_request(s)
 SSL *s;
 	{
 	int ok,ret=0;
-	unsigned long n,nc;
-	unsigned int llen,l,ctype_num,i;
+	unsigned long n,nc,l;
+	unsigned int llen,ctype_num,i;
 	X509_NAME *xn=NULL;
 	unsigned char *p,*d,*q;
 	STACK *ca_sk=NULL;
@@ -1132,11 +1132,23 @@ SSL *s;
 
 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
 		{
-		ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_UNEXPECTED_MESSAGE);
+		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
 		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
 		goto err;
 		}
 
+	/* TLS does not like anon-DH with client cert */
+	if (s->version > SSL3_VERSION)
+		{
+		l=s->s3->tmp.new_cipher->algorithms;
+		if (l & SSL_aNULL)
+			{
+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
+			goto err;
+			}
+		}
+
 	d=p=(unsigned char *)s->init_buf->data;
 
 	if ((ca_sk=sk_new(ca_dn_cmp)) == NULL)
@@ -1157,7 +1169,7 @@ SSL *s;
 	n2s(p,llen);
 	if ((llen+ctype_num+2+1) != n)
 		{
-		ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER);
+		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
 		goto err;
 		}
@@ -1167,9 +1179,9 @@ SSL *s;
 		n2s(p,l);
 		if ((l+nc+2) > llen)
 			{
-			if ((s->ctx->options & SSL_OP_NETSCAPE_CA_DN_BUG))
+			if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
 				goto cont; /* netscape bugs */
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER);
+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
 			goto err;
 			}
@@ -1179,11 +1191,11 @@ SSL *s;
 		if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
 			{
 			/* If netscape tollerance is on, ignore errors */
-			if (s->ctx->options & SSL_OP_NETSCAPE_CA_DN_BUG)
+			if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
 				goto cont;
 			else
 				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 				SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
 				goto err;
 				}
@@ -1191,7 +1203,7 @@ SSL *s;
 
 		if (q != (p+l))
 			{
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER);
+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
 			goto err;
 			}
@@ -1248,7 +1260,7 @@ SSL *s;
 	if (n > 0)
 		{
 		/* should contain no data */
-		ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER);
+		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 		SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
 		}
 	ret=1;
@@ -1258,7 +1270,7 @@ SSL *s;
 static int ssl3_send_client_key_exchange(s)
 SSL *s;
 	{
-	unsigned char *p,*d;
+	unsigned char *p,*q,*d;
 	int n;
 	unsigned long l;
 	EVP_PKEY *pkey=NULL;
@@ -1291,22 +1303,33 @@ SSL *s;
 				rsa=pkey->pkey.rsa;
 				}
 				
-			tmp_buf[0]=SSL3_VERSION_MAJOR;
-			tmp_buf[1]=SSL3_VERSION_MINOR;
+			tmp_buf[0]=s->version>>8;
+			tmp_buf[1]=s->version&0xff;
 			RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
 
 			s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
 
-			n=RSA_public_encrypt(48,tmp_buf,p,rsa,
-				RSA_PKCS1_PADDING);
+			q=p;
+			/* Fix buf for TLS and beyond */
+			if (s->version > SSL3_VERSION)
+				p+=2;
+			n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH,
+				tmp_buf,p,rsa,RSA_PKCS1_PADDING);
 			if (n <= 0)
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
 				goto err;
 				}
 
+			/* Fix buf for TLS and beyond */
+			if (s->version > SSL3_VERSION)
+				{
+				s2n(n,q);
+				n+=2;
+				}
+
 			s->session->master_key_length=
-				ssl3_generate_master_secret(s,
+				s->method->ssl3_enc->generate_master_secret(s,
 					s->session->master_key,
 					tmp_buf,48);
 			memset(tmp_buf,0,48);
@@ -1323,7 +1346,7 @@ SSL *s;
 			else
 				{
 				/* we get them from the cert */
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_HANDSHAKE_FAILURE);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
 				goto err;
 				}
@@ -1342,7 +1365,9 @@ SSL *s;
 
 			/* use the 'p' output buffer for the DH key, but
 			 * make sure to clear it out afterwards */
+
 			n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
+
 			if (n <= 0)
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
@@ -1351,7 +1376,7 @@ SSL *s;
 
 			/* generate master key from the result */
 			s->session->master_key_length=
-				ssl3_generate_master_secret(s,
+				s->method->ssl3_enc->generate_master_secret(s,
 					s->session->master_key,p,n);
 			/* clean up */
 			memset(p,0,n);
@@ -1369,7 +1394,7 @@ SSL *s;
 		else
 #endif
 			{
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_HANDSHAKE_FAILURE);
+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
 			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
 			goto err;
 			}
@@ -1395,8 +1420,11 @@ SSL *s;
 	unsigned char *p,*d;
 	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
 	EVP_PKEY *pkey;
-	int i=0,j;
+	int i=0;
 	unsigned long n;
+#ifndef NO_DSA
+	int j;
+#endif
 
 	if (s->state == SSL3_ST_CW_CERT_VRFY_A)
 		{
@@ -1404,14 +1432,14 @@ SSL *s;
 		p= &(d[4]);
 		pkey=s->cert->key->privatekey;
 
-		ssl3_final_finish_mac(s,&(s->s3->finish_dgst2),
-			NULL,&(data[MD5_DIGEST_LENGTH]));
+		s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
+			&(data[MD5_DIGEST_LENGTH]));
 
 #ifndef NO_RSA
 		if (pkey->type == EVP_PKEY_RSA)
 			{
-			ssl3_final_finish_mac(s,&(s->s3->finish_dgst1),
-				NULL,&(data[0]));
+			s->method->ssl3_enc->cert_verify_mac(s,
+				&(s->s3->finish_dgst1),&(data[0]));
 			i=RSA_private_encrypt(
 				MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
 				data,&(p[2]),pkey->pkey.rsa,
@@ -1507,9 +1535,16 @@ SSL *s;
 		if (pkey != NULL) EVP_PKEY_free(pkey);
 		if (i == 0)
 			{
-			s->s3->tmp.cert_req=0;
-			ssl3_send_alert(s,SSL3_AL_WARNING,SSL3_AD_NO_CERTIFICATE);
-			return(1);
+			if (s->version == SSL3_VERSION)
+				{
+				s->s3->tmp.cert_req=0;
+				ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
+				return(1);
+				}
+			else
+				{
+				s->s3->tmp.cert_req=2;
+				}
 			}
 
 		/* Ok, we have a cert */
@@ -1519,7 +1554,8 @@ SSL *s;
 	if (s->state == SSL3_ST_CW_CERT_C)
 		{
 		s->state=SSL3_ST_CW_CERT_D;
-		l=ssl3_output_cert_chain(s,s->cert->key->x509);
+		l=ssl3_output_cert_chain(s,
+			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
 		s->init_num=(int)l;
 		s->init_off=0;
 		}
@@ -1635,7 +1671,7 @@ SSL *s;
 		}
 	return(1);
 f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_HANDSHAKE_FAILURE);
+	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
 err:
 	return(0);
 	}
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index f1cd25e3d..bbd9b637c 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -1,5 +1,5 @@
 /* ssl/s3_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -76,6 +76,56 @@ static unsigned char ssl3_pad_2[48]={
 	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
 	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
 
+#ifndef NO_PROTO
+static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
+	unsigned char *sender, int len, unsigned char *p);
+#else
+static int ssl3_handshake_mac();
+#endif
+
+static void ssl3_generate_key_block(s,km,num)
+SSL *s;
+unsigned char *km;
+int num;
+	{
+	MD5_CTX m5;
+	SHA_CTX s1;
+	unsigned char buf[8],smd[SHA_DIGEST_LENGTH];
+	unsigned char c='A';
+	int i,j,k;
+
+	k=0;
+	for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
+		{
+		k++;
+		for (j=0; j<k; j++)
+			buf[j]=c;
+		c++;
+		SHA1_Init(  &s1);
+		SHA1_Update(&s1,buf,k);
+		SHA1_Update(&s1,s->session->master_key,
+			s->session->master_key_length);
+		SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
+		SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
+		SHA1_Final( smd,&s1);
+
+		MD5_Init(  &m5);
+		MD5_Update(&m5,s->session->master_key,
+			s->session->master_key_length);
+		MD5_Update(&m5,smd,SHA_DIGEST_LENGTH);
+		if ((i+MD5_DIGEST_LENGTH) > num)
+			{
+			MD5_Final(smd,&m5);
+			memcpy(km,smd,(num-i));
+			}
+		else
+			MD5_Final(km,&m5);
+
+		km+=MD5_DIGEST_LENGTH;
+		}
+	memset(smd,0,SHA_DIGEST_LENGTH);
+	}
+
 int ssl3_change_cipher_state(s,which)
 SSL *s;
 int which;
@@ -122,6 +172,8 @@ int which;
 		mac_secret= &(s->s3->write_mac_secret[0]);
 		}
 
+	EVP_CIPHER_CTX_init(dd);
+
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
 	j=(exp)?5:EVP_CIPHER_key_length(c);
@@ -164,18 +216,20 @@ int which;
 		MD5_Final(&(exp_key[0]),&md);
 		key= &(exp_key[0]);
 
-		MD5_Init(&md);
-		MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
-		MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
-		MD5_Final(&(exp_iv[0]),&md);
-		iv= &(exp_iv[0]);
+		if (k > 0)
+			{
+			MD5_Init(&md);
+			MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
+			MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
+			MD5_Final(&(exp_iv[0]),&md);
+			iv= &(exp_iv[0]);
+			}
 		}
 
-	s->session->key_arg_length=k;
-	if (k > 0)
-		memcpy(&(s->session->key_arg[0]),iv,k);
+	s->session->key_arg_length=0;
 
 	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+
 	memset(&(exp_key[0]),0,sizeof(exp_key));
 	memset(&(exp_iv[0]),0,sizeof(exp_iv));
 	return(1);
@@ -305,7 +359,7 @@ int send;
 			if (i > bs)
 				{
 				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_BAD_RECORD_MAC);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
 				return(0);
 				}
 			rec->length-=i;
@@ -317,8 +371,8 @@ int send;
 void ssl3_init_finished_mac(s)
 SSL *s;
 	{
-	EVP_DigestInit(&(s->s3->finish_dgst1),EVP_md5());
-	EVP_DigestInit(&(s->s3->finish_dgst2),EVP_sha1());
+	EVP_DigestInit(&(s->s3->finish_dgst1),s->ctx->md5);
+	EVP_DigestInit(&(s->s3->finish_dgst2),s->ctx->sha1);
 	}
 
 void ssl3_finish_mac(s,buf,len)
@@ -330,10 +384,34 @@ int len;
 	EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);
 	}
 
-int ssl3_final_finish_mac(s,in_ctx,sender,p)
+int ssl3_cert_verify_mac(s,ctx,p)
+SSL *s;
+EVP_MD_CTX *ctx;
+unsigned char *p;
+	{
+	return(ssl3_handshake_mac(s,ctx,NULL,0,p));
+	}
+
+int ssl3_final_finish_mac(s,ctx1,ctx2,sender,len,p)
+SSL *s;
+EVP_MD_CTX *ctx1,*ctx2;
+unsigned char *sender;
+int len;
+unsigned char *p;
+	{
+	int ret;
+
+	ret=ssl3_handshake_mac(s,ctx1,sender,len,p);
+	p+=ret;
+	ret+=ssl3_handshake_mac(s,ctx2,sender,len,p);
+	return(ret);
+	}
+
+static int ssl3_handshake_mac(s,in_ctx,sender,len,p)
 SSL *s;
 EVP_MD_CTX *in_ctx;
 unsigned char *sender;
+int len;
 unsigned char *p;
 	{
 	unsigned int ret;
@@ -348,7 +426,7 @@ unsigned char *p;
 	npad=(48/n)*n;
 
 	if (sender != NULL)
-		EVP_DigestUpdate(&ctx,sender,4);
+		EVP_DigestUpdate(&ctx,sender,len);
 	EVP_DigestUpdate(&ctx,s->session->master_key,
 		s->session->master_key_length);
 	EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
@@ -397,19 +475,6 @@ int send;
 	md_size=EVP_MD_size(hash);
 	npad=(48/md_size)*md_size;
 
-#ifdef MAC_DEBUG
-printf("npad=%d md_size=%d",npad,md_size);
-printf("\nmsec=");
-for (i=0; i<md_size; i++) printf("%02X ",mac_sec[i]);
-printf("\npad1=");
-for (i=0; i<npad; i++) printf("%02X ",ssl3_pad_1[i]);
-printf("\nseq =");
-for (i=0; i<8; i++) printf("%02X ",seq[i]);
-printf("\nreqt=%02X len=%04X\n",rec->type,rec->length);
-for (i=0; i<rec->length; i++) printf("%02X",rec->input[i]);
-printf("\n");
-#endif
-
 	/* Chop the digest off the end :-) */
 
 	EVP_DigestInit(  &md_ctx,hash);
@@ -433,12 +498,6 @@ printf("\n");
 	for (i=7; i>=0; i--)
 		if (++seq[i]) break; 
 
-#ifdef MAC_DEBUG
-printf("md=");
-for (i=0; i<md_size; i++) printf("%02X ",md[i]);
-printf("\n");
-#endif
-
 	return(md_size);
 	}
 
@@ -460,7 +519,7 @@ int len;
 
 	for (i=0; i<3; i++)
 		{
-		EVP_DigestInit(&ctx,EVP_sha1());
+		EVP_DigestInit(&ctx,s->ctx->sha1);
 		EVP_DigestUpdate(&ctx,salt[i],strlen((char *)salt[i]));
 		EVP_DigestUpdate(&ctx,p,len);
 		EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
@@ -469,7 +528,7 @@ int len;
 			SSL3_RANDOM_SIZE);
 		EVP_DigestFinal(&ctx,buf,&n);
 
-		EVP_DigestInit(&ctx,EVP_md5());
+		EVP_DigestInit(&ctx,s->ctx->md5);
 		EVP_DigestUpdate(&ctx,p,len);
 		EVP_DigestUpdate(&ctx,buf,n);
 		EVP_DigestFinal(&ctx,out,&n);
@@ -479,3 +538,36 @@ int len;
 	return(ret);
 	}
 
+int ssl3_alert_code(code)
+int code;
+	{
+	switch (code)
+		{
+	case SSL_AD_CLOSE_NOTIFY:	return(SSL3_AD_CLOSE_NOTIFY);
+	case SSL_AD_UNEXPECTED_MESSAGE:	return(SSL3_AD_UNEXPECTED_MESSAGE);
+	case SSL_AD_BAD_RECORD_MAC:	return(SSL3_AD_BAD_RECORD_MAC);
+	case SSL_AD_DECRYPTION_FAILED:	return(SSL3_AD_BAD_RECORD_MAC);
+	case SSL_AD_RECORD_OVERFLOW:	return(SSL3_AD_BAD_RECORD_MAC);
+	case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
+	case SSL_AD_HANDSHAKE_FAILURE:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_NO_CERTIFICATE:	return(SSL3_AD_NO_CERTIFICATE);
+	case SSL_AD_BAD_CERTIFICATE:	return(SSL3_AD_BAD_CERTIFICATE);
+	case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
+	case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
+	case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
+	case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
+	case SSL_AD_ILLEGAL_PARAMETER:	return(SSL3_AD_ILLEGAL_PARAMETER);
+	case SSL_AD_UNKNOWN_CA:		return(SSL3_AD_BAD_CERTIFICATE);
+	case SSL_AD_ACCESS_DENIED:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_DECODE_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_DECRYPT_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_EXPORT_RESTRICION:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_PROTOCOL_VERSION:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_INTERNAL_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_USER_CANCLED:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_NO_RENEGOTIATION:	return(-1); /* Don't send it :-) */
+	default:			return(-1);
+		}
+	}
+
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index b7bac8e10..0fd945025 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1,5 +1,5 @@
 /* ssl/s3_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,7 +60,7 @@
 #include "objects.h"
 #include "ssl_locl.h"
 
-char *ssl3_version_str="SSLv3 part of SSLeay 0.8.1b 29-Jun-1998";
+char *ssl3_version_str="SSLv3 part of SSLeay 0.9.0b 29-Jun-1998";
 
 #define SSL3_NUM_CIPHERS	(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
 
@@ -131,8 +131,8 @@ SSL_CIPHER ssl3_ciphers[]={
 /* Cipher 1B */
 	{
 	1,
-	SSL3_TXT_ADH_DES_196_CBC_SHA,
-	SSL3_CK_ADH_DES_196_CBC_SHA,
+	SSL3_TXT_ADH_DES_192_CBC_SHA,
+	SSL3_CK_ADH_DES_192_CBC_SHA,
 	SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
@@ -358,8 +358,22 @@ SSL_CIPHER ssl3_ciphers[]={
 /* end of list */
 	};
 
+static SSL3_ENC_METHOD SSLv3_enc_data={
+	ssl3_enc,
+	ssl3_mac,
+	ssl3_setup_key_block,
+	ssl3_generate_master_secret,
+	ssl3_change_cipher_state,
+	ssl3_final_finish_mac,
+	MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
+	ssl3_cert_verify_mac,
+	SSL3_MD_CLIENT_FINISHED_CONST,4,
+	SSL3_MD_SERVER_FINISHED_CONST,4,
+	ssl3_alert_code,
+	};
+
 static SSL_METHOD SSLv3_data= {
-	3,
+	SSL3_VERSION,
 	ssl3_new,
 	ssl3_clear,
 	ssl3_free,
@@ -379,6 +393,7 @@ static SSL_METHOD SSLv3_data= {
 	ssl3_get_cipher,
 	ssl_bad_method,
 	ssl3_default_timeout,
+	&SSLv3_enc_data,
 	};
 
 static long ssl3_default_timeout()
@@ -420,14 +435,18 @@ SSL *s;
 	SSL3_CTX *s3;
 
 	if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err;
+	memset(s3,0,sizeof(SSL3_CTX));
 
 	s->s3=s3;
+	/*
 	s->s3->tmp.ca_names=NULL;
 	s->s3->tmp.key_block=NULL;
+	s->s3->tmp.key_block_length=0;
 	s->s3->rbuf.buf=NULL;
 	s->s3->wbuf.buf=NULL;
+	*/
 
-	ssl3_clear(s);
+	s->method->ssl_clear(s);
 	return(1);
 err:
 	return(0);
@@ -465,16 +484,14 @@ SSL *s;
 	wp=s->s3->wbuf.buf;
 
 	memset(s->s3,0,sizeof(SSL3_CTX));
-	if (rp != NULL)
-		{
-		s->packet= &(s->s3->rbuf.buf[0]);
-		s->s3->rbuf.buf=rp;
-		s->s3->wbuf.buf=wp;
-		}
-	else
-		s->packet=NULL;
+	if (rp != NULL) s->s3->rbuf.buf=rp;
+	if (wp != NULL) s->s3->wbuf.buf=wp;
 	s->packet_length=0;
-	s->version=3;
+	s->s3->renegotiate=0;
+	s->s3->total_renegotiations=0;
+	s->s3->num_renegotiations=0;
+	s->s3->in_read_app_data=0;
+	s->version=SSL3_VERSION;
 	}
 
 long ssl3_ctrl(s,cmd,larg,parg)
@@ -483,7 +500,29 @@ int cmd;
 long larg;
 char *parg;
 	{
-	return(0);
+	int ret=0;
+
+	switch (cmd)
+		{
+	case SSL_CTRL_GET_SESSION_REUSED:
+		ret=s->hit;
+		break;
+	case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
+		break;
+	case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
+		ret=s->s3->num_renegotiations;
+		break;
+	case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
+		ret=s->s3->num_renegotiations;
+		s->s3->num_renegotiations=0;
+		break;
+	case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
+		ret=s->s3->total_renegotiations;
+		break;
+	default:
+		break;
+		}
+	return(ret);
 	}
 
 long ssl3_ctx_ctrl(ctx,cmd,larg,parg)
@@ -623,49 +662,6 @@ unsigned char *p;
 	return(2);
 	}
 
-void ssl3_generate_key_block(s,km,num)
-SSL *s;
-unsigned char *km;
-int num;
-	{
-	MD5_CTX m5;
-	SHA_CTX s1;
-	unsigned char buf[8],smd[SHA_DIGEST_LENGTH];
-	unsigned char c='A';
-	int i,j,k;
-
-	k=0;
-	for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
-		{
-		k++;
-		for (j=0; j<k; j++)
-			buf[j]=c;
-		c++;
-		SHA1_Init(  &s1);
-		SHA1_Update(&s1,buf,k);
-		SHA1_Update(&s1,s->session->master_key,
-			s->session->master_key_length);
-		SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
-		SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
-		SHA1_Final( smd,&s1);
-
-		MD5_Init(  &m5);
-		MD5_Update(&m5,s->session->master_key,
-			s->session->master_key_length);
-		MD5_Update(&m5,smd,SHA_DIGEST_LENGTH);
-		if ((i+MD5_DIGEST_LENGTH) > num)
-			{
-			MD5_Final(smd,&m5);
-			memcpy(km,smd,(num-i));
-			}
-		else
-			MD5_Final(km,&m5);
-
-		km+=MD5_DIGEST_LENGTH;
-		}
-	memset(smd,0,SHA_DIGEST_LENGTH);
-	}
-
 int ssl3_part_read(s,i)
 SSL *s;
 int i;
@@ -754,7 +750,8 @@ unsigned char *p;
 		p[ret++]=SSL3_CT_DSS_FIXED_DH;
 #endif
 		}
-	if (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))
+	if ((s->version == SSL3_VERSION) &&
+		(alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
 		{
 #ifndef NO_RSA
 		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
@@ -767,7 +764,7 @@ unsigned char *p;
 #ifndef NO_RSA
 	p[ret++]=SSL3_CT_RSA_SIGN;
 #endif
-/*	p[ret++]=SSL3_CT_DSS_SIGN; */
+	p[ret++]=SSL3_CT_DSS_SIGN;
 	return(ret);
 	}
 
@@ -787,7 +784,7 @@ SSL *s;
 		{
 		s->shutdown|=SSL_SENT_SHUTDOWN;
 #if 1
-		ssl3_send_alert(s,SSL3_AL_WARNING,SSL3_AD_CLOSE_NOTIFY);
+		ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
 #endif
 		/* our shutdown alert has been sent now, and if it still needs
 	 	 * to be written, s->s3->alert_dispatch will be true */
@@ -814,7 +811,7 @@ SSL *s;
 
 int ssl3_write(s,buf,len)
 SSL *s;
-const char *buf;
+char *buf;
 int len;
 	{
 	int ret,n;
@@ -827,7 +824,8 @@ int len;
 		return(0);
 		}
 #endif
-	errno=0;
+	clear_sys_error();
+	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
 
 	/* This is an experimental flag that sends the
 	 * last handshake message in the same packet as the first
@@ -867,6 +865,7 @@ int len;
 			(char *)buf,len);
 		if (ret <= 0) return(ret);
 		}
+
 	return(ret);
 	}
 
@@ -875,8 +874,24 @@ SSL *s;
 char *buf;
 int len;
 	{
-	errno=0;
-	return(ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len));
+	int ret;
+	
+	clear_sys_error();
+	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+	s->s3->in_read_app_data=1;
+	ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
+	if ((ret == -1) && (s->s3->in_read_app_data == 0))
+		{
+		ERR_get_error(); /* clear the error */
+		s->s3->in_read_app_data=0;
+		s->in_handshake++;
+		ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
+		s->in_handshake--;
+		}
+	else
+		s->s3->in_read_app_data=0;
+
+	return(ret);
 	}
 
 int ssl3_peek(s,buf,len)
@@ -889,7 +904,12 @@ int len;
 
 	rr= &(s->s3->rrec);
 	if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
-		return(0);
+		{
+		n=ssl3_read(s,buf,1);
+		if (n <= 0) return(n);
+		rr->length++;
+		rr->off--;
+		}
 
 	if ((unsigned int)len > rr->length)
 		n=rr->length;
@@ -908,8 +928,34 @@ SSL *s;
 	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
 		return(0);
 
-	if (!SSL_in_init(s))
-		s->state=SSL_ST_RENEGOTIATE;
+	s->s3->renegotiate=1;
 	return(1);
 	}
 
+int ssl3_renegotiate_check(s)
+SSL *s;
+	{
+	int ret=0;
+
+	if (s->s3->renegotiate)
+		{
+		if (	(s->s3->rbuf.left == 0) &&
+			(s->s3->wbuf.left == 0) &&
+			!SSL_in_init(s))
+			{
+/*
+if we are the server, and we have sent a 'RENEGOTIATE' message, we
+need to go to SSL_ST_ACCEPT.
+*/
+			/* SSL_ST_ACCEPT */
+			s->state=SSL_ST_RENEGOTIATE;
+			s->s3->renegotiate=0;
+			s->s3->num_renegotiations++;
+			s->s3->total_renegotiations++;
+			ret=1;
+			}
+		}
+	return(ret);
+	}
+
+
diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c
index 4762b2144..3d66b4643 100644
--- a/ssl/s3_meth.c
+++ b/ssl/s3_meth.c
@@ -1,5 +1,5 @@
 /* ssl/s3_meth.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,9 +63,9 @@
 static SSL_METHOD *ssl3_get_method(ver)
 int ver;
 	{
-	if (ver == 3)
+	if (ver == SSL3_VERSION)
 		return(SSLv3_method());
-	else
+	else 
 		return(NULL);
 	}
 
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 3be69ef13..238508034 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1,5 +1,5 @@
 /* ssl/s3_pkt.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -87,12 +87,14 @@ static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len);
 static int ssl3_get_record(SSL *s);
 static int do_compress(SSL *ssl);
 static int do_uncompress(SSL *ssl);
+static int do_change_cipher_spec(SSL *ssl);
 #else
 static int do_ssl3_write();
 static int ssl3_write_pending();
 static int ssl3_get_record();
 static int do_compress();
 static int do_uncompress();
+static int do_change_cipher_spec();
 #endif
 
 static int ssl3_read_n(s,n,max,extend)
@@ -159,7 +161,7 @@ int extend;
 
 	while (newb < n)
 		{
-		errno=0;
+		clear_sys_error();
 		if (s->rbio != NULL)
 			{
 			s->rwstate=SSL_READING;
@@ -211,6 +213,7 @@ int extend;
 static int ssl3_get_record(s)
 SSL *s;
 	{
+	char tmp_buf[512];
 	int ssl_major,ssl_minor,al;
 	int n,i,ret= -1;
 	SSL3_BUFFER *rb;
@@ -226,7 +229,7 @@ SSL *s;
 	rb= &(s->s3->rbuf);
 	sess=s->session;
 
-	if (s->ctx->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+	if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
 		extra=SSL3_RT_MAX_EXTRA;
 	else
 		extra=0;
@@ -257,25 +260,27 @@ again:
 			}
 		else
 			{
-		if (	(ssl_major != SSL3_VERSION_MAJOR) ||
-			(ssl_minor != SSL3_VERSION_MINOR))
-			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-			goto f_err;
-			}
+			if (version != s->version)
+				{
+				SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+				/* Send back error using their
+				 * version number :-) */
+				s->version=version;
+				al=SSL_AD_PROTOCOL_VERSION;
+				goto f_err;
+				}
 			}
 
-		if (s->version != SSL3_VERSION_MAJOR)
+		if ((version>>8) != SSL3_VERSION_MAJOR)
 			{
-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
 			goto err;
 			}
 
 		if (rr->length > 
 			(unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_RECORD_OVERFLOW;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
 			goto f_err;
 			}
@@ -319,20 +324,25 @@ again:
 	/* check is not needed I belive */
 	if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
 		{
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_RECORD_OVERFLOW;
 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
 		goto f_err;
 		}
 
 	/* decrypt in place in 'rr->input' */
 	rr->data=rr->input;
+	memcpy(tmp_buf,rr->input,(rr->length > 512)?512:rr->length);
 
-	if (!ssl3_enc(s,0))
+	if (!s->method->ssl3_enc->enc(s,0))
 		{
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_DECRYPT_ERROR;
 		goto f_err;
 		}
-
+#ifdef TLS_DEBUG
+printf("dec %d\n",rr->length);
+{ int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+printf("\n");
+#endif
 	/* r->length is now the compressed data plus mac */
 	if (	(sess == NULL) ||
 		(s->enc_read_ctx == NULL) ||
@@ -345,24 +355,24 @@ again:
 
 		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_RECORD_OVERFLOW;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
 			goto f_err;
 			}
 		/* check MAC for rr->input' */
 		if (rr->length < mac_size)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
 			goto f_err;
 			}
 		rr->length-=mac_size;
-		i=ssl3_mac(s,md,0);
+		i=s->method->ssl3_enc->mac(s,md,0);
 		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
 			{
-			al=SSL3_AD_BAD_RECORD_MAC;
+			al=SSL_AD_BAD_RECORD_MAC;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE);
-			ret=SSL_RWERR_BAD_MAC_DECODE;
+			ret= -1;
 			goto f_err;
 			}
 		}
@@ -373,13 +383,13 @@ again:
 		if (rr->length > 
 			(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_RECORD_OVERFLOW;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
 			goto f_err;
 			}
 		if (!do_uncompress(s))
 			{
-			al=SSL3_AD_DECOMPRESSION_FAILURE;
+			al=SSL_AD_DECOMPRESSION_FAILURE;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
 			goto f_err;
 			}
@@ -387,7 +397,7 @@ again:
 
 	if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra)
 		{
-		al=SSL3_AD_DECOMPRESSION_FAILURE;
+		al=SSL_AD_RECORD_OVERFLOW;
 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
 		goto f_err;
 		}
@@ -426,7 +436,7 @@ SSL *ssl;
 	return(1);
 	}
 
-/* Call this write a data
+/* Call this to write data
  * It will return <= 0 if not all data has been sent or non-blocking IO.
  */
 int ssl3_write_bytes(s,type,buf,len)
@@ -460,7 +470,7 @@ int len;
 			nw=SSL3_RT_MAX_PLAIN_LENGTH;
 		else
 			nw=n;
-
+			
 		i=do_ssl3_write(s,type,&(buf[tot]),nw);
 		if (i <= 0)
 			{
@@ -526,8 +536,8 @@ unsigned int len;
 	*(p++)=type&0xff;
 	wr->type=type;
 
-	*(p++)=SSL3_VERSION_MAJOR;
-	*(p++)=SSL3_VERSION_MINOR;
+	*(p++)=(s->version>>8);
+	*(p++)=s->version&0xff;
 	
 	/* record where we are to write out packet length */
 	plen=p; 
@@ -562,14 +572,14 @@ unsigned int len;
 
 	if (mac_size != 0)
 		{
-		ssl3_mac(s,&(p[wr->length]),1);
+		s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
 		wr->length+=mac_size;
 		wr->input=p;
 		wr->data=p;
 		}
 
 	/* ssl3_enc can only have an error on read */
-	ssl3_enc(s,1);
+	s->method->ssl3_enc->enc(s,1);
 
 	/* record length after mac and block padding */
 	s2n(wr->length,plen);
@@ -604,16 +614,17 @@ unsigned int len;
 	{
 	int i;
 
-	if ((s->s3->wpend_tot != (int)len) || (s->s3->wpend_buf != buf)
+/* XXXX */
+	if ((s->s3->wpend_tot > (int)len) || (s->s3->wpend_buf != buf)
 		|| (s->s3->wpend_type != type))
 		{
 		SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
-		return(SSL_RWERR_BAD_WRITE_RETRY);
+		return(-1);
 		}
 
 	for (;;)
 		{
-		errno=0;
+		clear_sys_error();
 		if (s->wbio != NULL)
 			{
 			s->rwstate=SSL_WRITING;
@@ -647,14 +658,14 @@ int len;
 	{
 	int al,i,j,n,ret;
 	SSL3_RECORD *rr;
-	unsigned char *sender;
 	void (*cb)()=NULL;
+	BIO *bio;
 
 	if (s->s3->rbuf.buf == NULL) /* Not initalised yet */
 		if (!ssl3_setup_buffers(s))
 			return(-1);
 
-	if (!s->in_handshake && SSL_in_before(s))
+	if (!s->in_handshake && SSL_in_init(s))
 		{
 		i=s->handshake_func(s);
 		if (i < 0) return(i);
@@ -684,7 +695,7 @@ start:
 
 	if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE))
 		{
-		al=SSL3_AD_UNEXPECTED_MESSAGE;
+		al=SSL_AD_UNEXPECTED_MESSAGE;
 		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
 		goto err;
 		}
@@ -705,21 +716,25 @@ start:
 		if ((rr->data[1] != 0) || (rr->data[2] != 0) ||
 			(rr->data[3] != 0))
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST);
 			goto err;
 			}
 
 		if (SSL_is_init_finished(s) &&
-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+			!s->s3->renegotiate)
 			{
 			ssl3_renegotiate(s);
-			n=s->handshake_func(s);
-			if (n < 0) return(n);
-			if (n == 0)
+			if (ssl3_renegotiate_check(s))
 				{
-				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-				return(-1);
+				n=s->handshake_func(s);
+				if (n < 0) return(n);
+				if (n == 0)
+					{
+					SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+					return(-1);
+					}
 				}
 			}
 		rr->length=0;
@@ -734,7 +749,7 @@ start:
 			{
 			if ((rr->length != 2) || (rr->off != 0))
 				{
-				al=SSL3_AD_ILLEGAL_PARAMETER;
+				al=SSL_AD_DECODE_ERROR;
 				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD);
 				goto f_err;
 				}
@@ -759,7 +774,7 @@ start:
 			if (i == 1)
 				{
 				s->s3->warn_alert=n;
-				if (n == SSL3_AD_CLOSE_NOTIFY)
+				if (n == SSL_AD_CLOSE_NOTIFY)
 					{
 					s->shutdown|=SSL_RECEIVED_SHUTDOWN;
 					return(0);
@@ -767,16 +782,20 @@ start:
 				}
 			else if (i == 2)
 				{
+				char tmp[16];
+
 				s->rwstate=SSL_NOTHING;
 				s->s3->fatal_alert=n;
 				SSLerr(SSL_F_SSL3_READ_BYTES,1000+n);
+				sprintf(tmp,"%d",n);
+				ERR_add_error_data(2,"SSL alert number ",tmp);
 				s->shutdown|=SSL_RECEIVED_SHUTDOWN;
 				SSL_CTX_remove_session(s->ctx,s->session);
 				return(0);
 				}
 			else
 				{
-				al=SSL3_AD_ILLEGAL_PARAMETER;
+				al=SSL_AD_ILLEGAL_PARAMETER;
 				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
 				goto f_err;
 				}
@@ -797,43 +816,17 @@ start:
 			if (	(rr->length != 1) || (rr->off != 0) ||
 				(rr->data[0] != SSL3_MT_CCS))
 				{
-				i=SSL3_AD_ILLEGAL_PARAMETER;
+				i=SSL_AD_ILLEGAL_PARAMETER;
 				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
 				goto err;
 				}
 
 			rr->length=0;
-
 			s->s3->change_cipher_spec=1;
-
-			if (s->state & SSL_ST_ACCEPT)
-				i=SSL3_CHANGE_CIPHER_SERVER_READ;
-			else
-				i=SSL3_CHANGE_CIPHER_CLIENT_READ;
-
-			if (s->s3->tmp.key_block == NULL)
-				{
-				s->session->cipher=s->s3->tmp.new_cipher;
-				if (!ssl3_setup_key_block(s))
-					goto err;
-				}
-
-			if (!ssl3_change_cipher_state(s,i))
+			if (!do_change_cipher_spec(s))
 				goto err;
-
-			/* we have to record the message digest at
-			 * this point so we can get it before we read
-			 * the finished message */
-			sender=(s->state & SSL_ST_CONNECT)
-				?&(ssl3_server_finished_const[0])
-				:&(ssl3_client_finished_const[0]);
-
-			ssl3_final_finish_mac(s,&(s->s3->finish_dgst1),
-				sender,&(s->s3->tmp.finish_md1[0]));
-			ssl3_final_finish_mac(s,&(s->s3->finish_dgst2),
-				sender,&(s->s3->tmp.finish_md2[0]));
-
-			goto start;
+			else
+				goto start;
 			}
 
 		/* else we have a handshake */
@@ -853,12 +846,68 @@ start:
 				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
 				return(-1);
 				}
-			goto start;
+
+			/* In the case where we try to read application data
+			 * the first time, but we trigger an SSL handshake, we
+			 * return -1 with the retry option set.  I do this
+			 * otherwise renegotiation can cause nasty problems 
+			 * in the non-blocking world */
+
+			s->rwstate=SSL_READING;
+			bio=SSL_get_rbio(s);
+			BIO_clear_retry_flags(bio);
+			BIO_set_retry_read(bio);
+			return(-1);
 			}
 
-		al=SSL3_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
-		goto f_err;
+		switch (rr->type)
+			{
+		default:
+#ifndef NO_TLS
+			/* TLS just ignores unknown message types */
+			if (s->version == TLS1_VERSION)
+				{
+				goto start;
+				}
+#endif
+		case SSL3_RT_CHANGE_CIPHER_SPEC:
+		case SSL3_RT_ALERT:
+		case SSL3_RT_HANDSHAKE:
+			al=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+			goto f_err;
+		case SSL3_RT_APPLICATION_DATA:
+			/* At this point, we were expecting something else,
+			 * but have application data.  What we do is set the
+			 * error, and return -1.  On the way out, if the
+			 * library was running inside ssl3_read() and it makes
+			 * sense to read application data at this point, we
+			 * will indulge it.  This will mostly happen during
+			 * session renegotiation.
+			 */
+			if (s->s3->in_read_app_data &&
+				(s->s3->total_renegotiations != 0) &&
+				((
+				  (s->state & SSL_ST_CONNECT) &&
+				  (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+				  (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
+				 ) || (
+				  (s->state & SSL_ST_ACCEPT) &&
+				  (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
+				  (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
+				 )
+				))
+				{
+				s->s3->in_read_app_data=0;
+				return(-1);
+				}
+			else
+				{
+				al=SSL_AD_UNEXPECTED_MESSAGE;
+				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+				goto f_err;
+				}
+			}
 		}
 
 	/* make sure that we are not getting application data when we
@@ -866,7 +915,7 @@ start:
 	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
 		(s->enc_read_ctx == NULL))
 		{
-		al=SSL3_AD_UNEXPECTED_MESSAGE;
+		al=SSL_AD_UNEXPECTED_MESSAGE;
 		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
 		goto f_err;
 		}
@@ -882,7 +931,10 @@ start:
 	rr->length-=n;
 	rr->off+=n;
 	if (rr->length <= 0)
+		{
 		s->rstate=SSL_ST_READ_HEADER;
+		rr->off=0;
+		}
 
 	if (type == SSL3_RT_HANDSHAKE)
 		ssl3_finish_mac(s,(unsigned char *)buf,n);
@@ -893,6 +945,49 @@ err:
 	return(-1);
 	}
 
+static int do_change_cipher_spec(s)
+SSL *s;
+	{
+	int i;
+	unsigned char *sender;
+	int slen;
+
+	if (s->state & SSL_ST_ACCEPT)
+		i=SSL3_CHANGE_CIPHER_SERVER_READ;
+	else
+		i=SSL3_CHANGE_CIPHER_CLIENT_READ;
+
+	if (s->s3->tmp.key_block == NULL)
+		{
+		s->session->cipher=s->s3->tmp.new_cipher;
+		if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
+		}
+
+	if (!s->method->ssl3_enc->change_cipher_state(s,i))
+		return(0);
+
+	/* we have to record the message digest at
+	 * this point so we can get it before we read
+	 * the finished message */
+	if (s->state & SSL_ST_CONNECT)
+		{
+		sender=s->method->ssl3_enc->server_finished;
+		slen=s->method->ssl3_enc->server_finished_len;
+		}
+	else
+		{
+		sender=s->method->ssl3_enc->client_finished;
+		slen=s->method->ssl3_enc->client_finished_len;
+		}
+
+	s->method->ssl3_enc->final_finish_mac(s,
+		&(s->s3->finish_dgst1),
+		&(s->s3->finish_dgst2),
+		sender,slen,&(s->s3->tmp.finish_md[0]));
+
+	return(1);
+	}
+
 int ssl3_do_write(s,type)
 SSL *s;
 int type;
@@ -914,6 +1009,9 @@ SSL *s;
 int level;
 int desc;
 	{
+	/* Map tls/ssl alert value to correct one */
+	desc=s->method->ssl3_enc->alert_value(desc);
+	if (desc < 0) return;
 	/* If a fatal one, remove from cache */
 	if ((level == 2) && (s->session != NULL))
 		SSL_CTX_remove_session(s->ctx,s->session);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ebff57506..64903af15 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1,5 +1,5 @@
 /* ssl/s3_srvr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -96,14 +96,13 @@ static int ssl3_get_cert_verify();
 static int ssl3_get_client_key_exchange();
 static int ssl3_get_client_certificate();
 static int ssl3_send_hello_request();
-static SSL_METHOD *ssl3_get_server_method();
 
 #endif
 
 static SSL_METHOD *ssl3_get_server_method(ver)
 int ver;
 	{
-	if (ver == 3)
+	if (ver == SSL3_VERSION)
 		return(SSLv3_server_method());
 	else
 		return(NULL);
@@ -134,12 +133,12 @@ SSL *s;
 	long num1;
 	int ret= -1;
 	CERT *ct;
-	BIO *bbio,*under;
+	BIO *under;
 	int new_state,state,skip=0;
 
 	RAND_seed((unsigned char *)&Time,sizeof(Time));
 	ERR_clear_error();
-	errno=0;
+	clear_sys_error();
 
 	if (s->info_callback != NULL)
 		cb=s->info_callback;
@@ -179,7 +178,9 @@ SSL *s;
 
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
-			s->version=3;
+			if ((s->version>>8) != 3)
+				abort();
+			/* s->version=SSL3_VERSION; */
 			s->type=SSL_ST_ACCEPT;
 
 			if (s->init_buf == NULL)
@@ -206,39 +207,19 @@ SSL *s;
 			/* Ok, we now need to push on a buffering BIO so that
 			 * the output is sent in a way that TCP likes :-)
 			 */
-			if (s->bbio == NULL)
-				{
-				bbio=BIO_new(BIO_f_buffer());
-				if (bbio == NULL)
-					{
-					SSLerr(SSL_F_SSL3_ACCEPT,ERR_LIB_BUF);
-					ret= -1;
-					goto end;
-					}
-				s->bbio=bbio;
-				}
-			else
-				bbio=s->bbio;
-			BIO_reset(bbio);
-			if (!BIO_set_write_buffer_size(bbio,16*1024))
-				{
-				SSLerr(SSL_F_SSL3_ACCEPT,ERR_LIB_BUF);
-				ret= -1;
-				goto end;
-				}
+			if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
 
-			s->wbio=BIO_push(bbio,s->wbio);
-
-			s->ctx->sess_accept++;
 			s->init_num=0;
 
 			if (s->state != SSL_ST_RENEGOTIATE)
 				{
 				s->state=SSL3_ST_SR_CLNT_HELLO_A;
 				ssl3_init_finished_mac(s);
+				s->ctx->sess_accept++;
 				}
 			else
 				{
+				s->ctx->sess_accept_renegotiate++;
 				s->state=SSL3_ST_SW_HELLO_REQ_A;
 				}
 			break;
@@ -269,7 +250,7 @@ SSL *s;
 			s->state=SSL_ST_OK;
 			ret=1;
 			goto end;
-			break;
+			/* break; */
 
 		case SSL3_ST_SR_CLNT_HELLO_A:
 		case SSL3_ST_SR_CLNT_HELLO_B:
@@ -328,7 +309,7 @@ SSL *s;
 
 			/* clear this, it may get reset by
 			 * send_server_key_exchange */
-			if (s->ctx->options & SSL_OP_EPHEMERAL_RSA)
+			if (s->options & SSL_OP_EPHEMERAL_RSA)
 				s->s3->tmp.use_rsa_tmp=1;
 			else
 				s->s3->tmp.use_rsa_tmp=0;
@@ -364,10 +345,12 @@ SSL *s;
 				{
 				/* no cert request */
 				skip=1;
+				s->s3->tmp.cert_request=0;
 				s->state=SSL3_ST_SW_SRVR_DONE_A;
 				}
 			else
 				{
+				s->s3->tmp.cert_request=1;
 				ret=ssl3_send_certificate_request(s);
 				if (ret <= 0) goto end;
 				s->state=SSL3_ST_SW_SRVR_DONE_A;
@@ -417,10 +400,12 @@ SSL *s;
 
 			/* We need to get hashes here so if there is
 			 * a client cert, it can be verified */ 
-			ssl3_final_finish_mac(s,&(s->s3->finish_dgst1),
-				NULL,&(s->s3->tmp.finish_md1[0]));
-			ssl3_final_finish_mac(s,&(s->s3->finish_dgst2),
-				NULL,&(s->s3->tmp.finish_md2[0]));
+			s->method->ssl3_enc->cert_verify_mac(s,
+				&(s->s3->finish_dgst1),
+				&(s->s3->tmp.finish_md[0]));
+			s->method->ssl3_enc->cert_verify_mac(s,
+				&(s->s3->finish_dgst2),
+				&(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]));
 
 			break;
 
@@ -438,8 +423,7 @@ SSL *s;
 		case SSL3_ST_SR_FINISHED_A:
 		case SSL3_ST_SR_FINISHED_B:
 			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
-				SSL3_ST_SR_FINISHED_B,
-				&(ssl3_client_finished_const[0]));
+				SSL3_ST_SR_FINISHED_B);
 			if (ret <= 0) goto end;
 			if (s->hit)
 				s->state=SSL_ST_OK;
@@ -452,7 +436,8 @@ SSL *s;
 		case SSL3_ST_SW_CHANGE_B:
 
 			s->session->cipher=s->s3->tmp.new_cipher;
-			if (!ssl3_setup_key_block(s)) { ret= -1; goto end; }
+			if (!s->method->ssl3_enc->setup_key_block(s))
+				{ ret= -1; goto end; }
 
 			ret=ssl3_send_change_cipher_spec(s,
 				SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
@@ -461,7 +446,7 @@ SSL *s;
 			s->state=SSL3_ST_SW_FINISHED_A;
 			s->init_num=0;
 
-			if (!ssl3_change_cipher_state(s,
+			if (!s->method->ssl3_enc->change_cipher_state(s,
 				SSL3_CHANGE_CIPHER_SERVER_WRITE))
 				{
 				ret= -1;
@@ -474,7 +459,8 @@ SSL *s;
 		case SSL3_ST_SW_FINISHED_B:
 			ret=ssl3_send_finished(s,
 				SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
-				&(ssl3_server_finished_const[0]));
+				s->method->ssl3_enc->server_finished,
+				s->method->ssl3_enc->server_finished_len);
 			if (ret <= 0) goto end;
 			s->state=SSL3_ST_SW_FLUSH;
 			if (s->hit)
@@ -513,18 +499,23 @@ SSL *s;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
 
 			goto end;
-			break;
+			/* break; */
 
 		default:
 			SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
 			ret= -1;
 			goto end;
-			break;
+			/* break; */
 			}
 		
 		if (!s->s3->tmp.reuse_message && !skip)
 			{
-			if (s->debug) BIO_flush(s->wbio);
+			if (s->debug)
+				{
+				if ((ret=BIO_flush(s->wbio)) <= 0)
+					goto end;
+				}
+
 
 			if ((cb != NULL) && (s->state != state))
 				{
@@ -578,6 +569,12 @@ SSL *s;
 	SSL_CIPHER *c;
 	STACK *ciphers=NULL;
 
+	/* We do this so that we will respond with our native type.
+	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
+	 * This down switching should be handled by a different method.
+	 * If we are SSLv3, we will respond with SSLv3, even if prompted with
+	 * TLSv1.
+	 */
 	if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
 		{
 		s->first_packet=1;
@@ -593,11 +590,9 @@ SSL *s;
 	if (!ok) return((int)n);
 	d=p=(unsigned char *)s->init_buf->data;
 
-	if (p[0] != SSL3_VERSION_MAJOR)
-		{
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_WRONG_SSL_VERSION);
-		goto err;
-		}
+	/* The version number has already been checked in ssl3_get_message.
+	 * I a native TLSv1/SSLv3 method, the match must be correct except
+	 * perhaps for the first message */
 	p+=2;
 
 	/* load the client random */
@@ -615,7 +610,7 @@ SSL *s;
 		}
 	else
 		{
-		i=ssl_get_prev_session(s,j,p);
+		i=ssl_get_prev_session(s,p,j);
 		if (i == 1)
 			{ /* previous session */
 			s->hit=1;
@@ -632,14 +627,14 @@ SSL *s;
 	if ((i == 0) && (j != 0))
 		{
 		/* we need a cipher if we are not resuming a session */
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_ILLEGAL_PARAMETER;
 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
 		goto f_err;
 		}
 	if ((i+p) > (d+n))
 		{
 		/* not enough data */
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_DECODE_ERROR;
 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
 		goto f_err;
 		}
@@ -667,7 +662,7 @@ SSL *s;
 			}
 		if (j == 0)
 			{
-			if ((s->ctx->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_num(ciphers) == 1))
+			if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_num(ciphers) == 1))
 				{
 				/* Very bad for multi-threading.... */
 				s->session->cipher=
@@ -677,7 +672,7 @@ SSL *s;
 				{
 				/* we need to have the cipher in the cipher
 				 * list if we are asked to reuse it */
-				al=SSL3_AD_ILLEGAL_PARAMETER;
+				al=SSL_AD_ILLEGAL_PARAMETER;
 				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
 				goto f_err;
 				}
@@ -693,18 +688,22 @@ SSL *s;
 	if (j >= i)
 		{
 		/* no compress */
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_DECODE_ERROR;
 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
 		goto f_err;
 		}
 
-	if (p > (d+n))
+	/* TLS does not mind if there is extra stuff */
+	if (s->version == SSL3_VERSION)
 		{
-		/* wrong number of bytes,
-		 * there could be more to follow */
-		al=SSL3_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
-		goto f_err;
+		if (p > (d+n))
+			{
+			/* wrong number of bytes,
+			 * there could be more to follow */
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+			goto f_err;
+			}
 		}
 
 	/* do nothing with compression */
@@ -719,7 +718,7 @@ SSL *s;
 		s->session->ciphers=ciphers;
 		if (ciphers == NULL)
 			{
-			al=SSL3_AD_HANDSHAKE_FAILURE;
+			al=SSL_AD_ILLEGAL_PARAMETER;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
 			goto f_err;
 			}
@@ -729,7 +728,7 @@ SSL *s;
 
 		if (c == NULL)
 			{
-			al=SSL3_AD_HANDSHAKE_FAILURE;
+			al=SSL_AD_HANDSHAKE_FAILURE;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
 			goto f_err;
 			}
@@ -743,7 +742,7 @@ SSL *s;
 		SSL_CIPHER *nc=NULL;
 		SSL_CIPHER *ec=NULL;
 
-		if (s->ctx->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
+		if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
 			{
 			sk=s->session->ciphers;
 			for (i=0; i<sk_num(sk); i++)
@@ -806,8 +805,8 @@ SSL *s;
 		/* Do the message type and length last */
 		d=p= &(buf[4]);
 
-		*(p++)=SSL3_VERSION_MAJOR;
-		*(p++)=SSL3_VERSION_MINOR;
+		*(p++)=s->version>>8;
+		*(p++)=s->version&0xff;
 
 		/* Random stuff */
 		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
@@ -819,7 +818,10 @@ SSL *s;
 		 * back the new session-id or we send back a 0 length
 		 * session-id if we want it to be single use.
 		 * Currently I will not implement the '0' length session-id
+		 * 12-Jan-98 - I'll now support the '0' length stuff.
 		 */
+		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+			s->session->session_id_length=0;
 
 		sl=s->session->session_id_length;
 		*(p++)=sl;
@@ -920,7 +922,7 @@ SSL *s;
 				}
 			if (rsa == NULL)
 				{
-				al=SSL3_AD_HANDSHAKE_FAILURE;
+				al=SSL_AD_HANDSHAKE_FAILURE;
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
 				goto f_err;
 				}
@@ -940,7 +942,7 @@ SSL *s;
 					SSL_NOT_EXP)?0:1);
 			if (dhp == NULL)
 				{
-				al=SSL3_AD_HANDSHAKE_FAILURE;
+				al=SSL_AD_HANDSHAKE_FAILURE;
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
 				goto f_err;
 				}
@@ -953,7 +955,7 @@ SSL *s;
 			s->s3->tmp.dh=dh;
 			if (((dhp->pub_key == NULL) ||
 			     (dhp->priv_key == NULL) ||
-			     (s->ctx->options & SSL_OP_SINGLE_DH_USE)) &&
+			     (s->options & SSL_OP_SINGLE_DH_USE)) &&
 			    (!DH_generate_key(dh)))
 				{
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
@@ -977,7 +979,7 @@ SSL *s;
 		else 
 #endif
 			{
-			al=SSL3_AD_HANDSHAKE_FAILURE;
+			al=SSL_AD_HANDSHAKE_FAILURE;
 			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
 			goto f_err;
 			}
@@ -992,7 +994,7 @@ SSL *s;
 			if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
 				== NULL)
 				{
-				al=SSL3_AD_HANDSHAKE_FAILURE;
+				al=SSL_AD_DECODE_ERROR;
 				goto f_err;
 				}
 			kn=EVP_PKEY_size(pkey);
@@ -1030,7 +1032,8 @@ SSL *s;
 				j=0;
 				for (num=2; num > 0; num--)
 					{
-					EVP_DigestInit(&md_ctx,(num == 2)?EVP_md5():EVP_sha1());
+					EVP_DigestInit(&md_ctx,(num == 2)
+						?s->ctx->md5:s->ctx->sha1);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(d[4]),n);
@@ -1072,7 +1075,7 @@ SSL *s;
 #endif
 				{
 				/* Is this error check actually needed? */
-				al=SSL3_AD_HANDSHAKE_FAILURE;
+				al=SSL_AD_HANDSHAKE_FAILURE;
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
 				goto f_err;
 				}
@@ -1135,7 +1138,7 @@ SSL *s;
 					goto err;
 					}
 				p=(unsigned char *)&(buf->data[4+n]);
-				if (!(s->ctx->options & SSL_OP_NETSCAPE_CA_DN_BUG))
+				if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
 					{
 					s2n(j,p);
 					i2d_X509_NAME(name,&p);
@@ -1181,9 +1184,11 @@ SSL *s;
 	unsigned long l;
 	unsigned char *p;
 	RSA *rsa=NULL;
-	BIGNUM *pub=NULL;
 	EVP_PKEY *pkey=NULL;
+#ifndef NO_DH
+	BIGNUM *pub=NULL;
 	DH *dh_srvr;
+#endif
 
 	n=ssl3_get_message(s,
 		SSL3_ST_SR_KEY_EXCH_A,
@@ -1213,7 +1218,7 @@ SSL *s;
 			 * be sent already */
 			if (rsa == NULL)
 				{
-				al=SSL3_AD_HANDSHAKE_FAILURE;
+				al=SSL_AD_HANDSHAKE_FAILURE;
 				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
 				goto f_err;
 
@@ -1226,22 +1231,41 @@ SSL *s;
 				(pkey->type != EVP_PKEY_RSA) ||
 				(pkey->pkey.rsa == NULL))
 				{
-				al=SSL3_AD_HANDSHAKE_FAILURE;
+				al=SSL_AD_HANDSHAKE_FAILURE;
 				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
 				goto f_err;
 				}
 			rsa=pkey->pkey.rsa;
 			}
 
+		/* TLS */
+		if (s->version > SSL3_VERSION)
+			{
+			n2s(p,i);
+			if (n != i+2)
+				{
+				if (!(s->options & SSL_OP_TLS_D5_BUG))
+					{
+					SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+					goto err;
+					}
+				else
+					p-=2;
+				}
+			else
+				n=i;
+			}
+
 		i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+
 #if 1
 		/* If a bad decrypt, use a dud master key */
 		if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
-			(p[0] != 3) ||
-			 (p[1] != 0))
+			((p[0] != (s->version>>8)) ||
+			 (p[1] != (s->version & 0xff))))
 			{
-			p[0]=3;
-			p[1]=0;
+			p[0]=(s->version>>8);
+			p[1]=(s->version & 0xff);
 			RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
 			i=SSL_MAX_MASTER_KEY_LENGTH;
 			}
@@ -1262,7 +1286,7 @@ SSL *s;
 #endif
 
 		s->session->master_key_length=
-			ssl3_generate_master_secret(s,
+			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,
 				p,i);
 		memset(p,0,i);
@@ -1272,11 +1296,10 @@ SSL *s;
 #ifndef NO_DH
 		if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 		{
-
 		n2s(p,i);
 		if (n != i+2)
 			{
-			if (!(s->ctx->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
+			if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
 				{
 				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
 				goto err;
@@ -1290,7 +1313,7 @@ SSL *s;
 
 		if (n == 0L) /* the parameters are in the cert */
 			{
-			al=SSL3_AD_HANDSHAKE_FAILURE;
+			al=SSL_AD_HANDSHAKE_FAILURE;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
 			goto f_err;
 			}
@@ -1298,7 +1321,7 @@ SSL *s;
 			{
 			if (s->s3->tmp.dh == NULL)
 				{
-				al=SSL3_AD_HANDSHAKE_FAILURE;
+				al=SSL_AD_HANDSHAKE_FAILURE;
 				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
 				goto f_err;
 				}
@@ -1312,6 +1335,7 @@ SSL *s;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
 			goto err;
 			}
+
 		i=DH_compute_key(p,pub,dh_srvr);
 
 		if (i <= 0)
@@ -1326,13 +1350,13 @@ SSL *s;
 		BN_clear_free(pub);
 		pub=NULL;
 		s->session->master_key_length=
-			ssl3_generate_master_secret(s,
+			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,p,i);
 		}
 	else
 #endif
 		{
-		al=SSL3_AD_HANDSHAKE_FAILURE;
+		al=SSL_AD_HANDSHAKE_FAILURE;
 		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNKNOWN_CIPHER_TYPE);
 		goto f_err;
 		}
@@ -1340,7 +1364,9 @@ SSL *s;
 	return(1);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+#if !defined(NO_DH) || !defined(NO_RSA)
 err:
+#endif
 	return(-1);
 	}
 
@@ -1380,8 +1406,8 @@ SSL *s;
 		s->s3->tmp.reuse_message=1;
 		if ((peer != NULL) && (type | EVP_PKT_SIGN))
 			{
+			al=SSL_AD_UNEXPECTED_MESSAGE;
 			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
-			al=SSL3_AD_UNEXPECTED_MESSAGE;
 			goto f_err;
 			}
 		ret=1;
@@ -1391,21 +1417,21 @@ SSL *s;
 	if (peer == NULL)
 		{
 		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
-		al=SSL3_AD_UNEXPECTED_MESSAGE;
+		al=SSL_AD_UNEXPECTED_MESSAGE;
 		goto f_err;
 		}
 
 	if (!(type & EVP_PKT_SIGN))
 		{
 		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_ILLEGAL_PARAMETER;
 		goto f_err;
 		}
 
 	if (s->s3->change_cipher_spec)
 		{
 		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
-		al=SSL3_AD_UNEXPECTED_MESSAGE;
+		al=SSL_AD_UNEXPECTED_MESSAGE;
 		goto f_err;
 		}
 
@@ -1416,7 +1442,7 @@ SSL *s;
 	if (i > n)
 		{
 		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_DECODE_ERROR;
 		goto f_err;
 		}
 
@@ -1424,7 +1450,7 @@ SSL *s;
 	if ((i > j) || (n > j) || (n <= 0))
 		{
 		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_DECODE_ERROR;
 		goto f_err;
 		}
 
@@ -1434,17 +1460,15 @@ SSL *s;
 		i=RSA_public_decrypt(i,p,p,pkey->pkey.rsa,RSA_PKCS1_PADDING);
 		if (i < 0)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECRYPT_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
 			goto f_err;
 			}
 		if ((i != (MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) ||
-			memcmp(&(s->s3->tmp.finish_md1[0]),
-				p,MD5_DIGEST_LENGTH) ||
-			memcmp(&(s->s3->tmp.finish_md2[0]),
-				&(p[MD5_DIGEST_LENGTH]),SHA_DIGEST_LENGTH))
+			memcmp(&(s->s3->tmp.finish_md[0]),p,
+				MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH))
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECRYPT_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
 			goto f_err;
 			}
@@ -1454,12 +1478,13 @@ SSL *s;
 #ifndef NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		{
-		j=DSA_verify(pkey->save_type,s->s3->tmp.finish_md2,
+		j=DSA_verify(pkey->save_type,
+			&(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]),
 			SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
 		if (j <= 0)
 			{
 			/* bad signature */
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECRYPT_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
 			goto f_err;
 			}
@@ -1468,7 +1493,7 @@ SSL *s;
 #endif
 		{
 		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_INTERNAL_ERROR);
-		al=SSL3_AD_UNSUPPORTED_CERTIFICATE;
+		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
 		goto f_err;
 		}
 
@@ -1511,7 +1536,14 @@ SSL *s;
 			(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-			al=SSL3_AD_NO_CERTIFICATE;
+			al=SSL_AD_HANDSHAKE_FAILURE;
+			goto f_err;
+			}
+		/* If tls asked for a client cert we must return a 0 list */
+		if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
+			al=SSL_AD_UNEXPECTED_MESSAGE;
 			goto f_err;
 			}
 		s->s3->tmp.reuse_message=1;
@@ -1520,7 +1552,7 @@ SSL *s;
 
 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
 		{
-		al=SSL3_AD_UNEXPECTED_MESSAGE;
+		al=SSL_AD_UNEXPECTED_MESSAGE;
 		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
 		goto f_err;
 		}
@@ -1535,7 +1567,7 @@ SSL *s;
 	n2l3(p,llen);
 	if (llen+3 != n)
 		{
-		al=SSL3_AD_ILLEGAL_PARAMETER;
+		al=SSL_AD_DECODE_ERROR;
 		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
 		goto f_err;
 		}
@@ -1544,7 +1576,7 @@ SSL *s;
 		n2l3(p,l);
 		if ((l+nc+3) > llen)
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 			}
@@ -1558,7 +1590,7 @@ SSL *s;
 			}
 		if (p != (q+l))
 			{
-			al=SSL3_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 			}
@@ -1573,22 +1605,36 @@ SSL *s;
 
 	if (sk_num(sk) <= 0)
 		{
-		al=SSL3_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_PASSED);
-		goto f_err;
+		/* TLS does not mind 0 certs returned */
+		if (s->version == SSL3_VERSION)
+			{
+			al=SSL_AD_HANDSHAKE_FAILURE;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
+			goto f_err;
+			}
+		/* Fail for TLS only if we required a certificate */
+		else if ((s->verify_mode & SSL_VERIFY_PEER) &&
+			 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+			al=SSL_AD_HANDSHAKE_FAILURE;
+			goto f_err;
+			}
 		}
-	i=ssl_verify_cert_chain(s,sk);
-	if (!i)
+	else
 		{
-		al=ssl_verify_alarm_type(s->verify_result);
-		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
-		goto f_err;
+		i=ssl_verify_cert_chain(s,sk);
+		if (!i)
+			{
+			al=ssl_verify_alarm_type(s->verify_result);
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
+			goto f_err;
+			}
 		}
 
 	/* This should not be needed */
 	if (s->session->peer != NULL)
 		X509_free(s->session->peer);
-	
 	s->session->peer=(X509 *)sk_shift(sk);
 
 	ret=1;
diff --git a/ssl/ssl.c b/ssl/ssl.c
index fcc29b0e4..1f769a18f 100644
--- a/ssl/ssl.c
+++ b/ssl/ssl.c
@@ -1,5 +1,5 @@
 /* ssl/ssl.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/ssl/ssl.err b/ssl/ssl.err
index f3bc5d37a..c54326c62 100644
--- a/ssl/ssl.err
+++ b/ssl/ssl.err
@@ -82,29 +82,34 @@
 #define SSL_F_SSL_GET_NEW_SESSION			 178
 #define SSL_F_SSL_GET_SERVER_SEND_CERT			 179
 #define SSL_F_SSL_GET_SIGN_PKEY				 180
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 181
-#define SSL_F_SSL_NEW					 182
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 183
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 184
-#define SSL_F_SSL_SESSION_NEW				 185
-#define SSL_F_SSL_SESSION_PRINT_FP			 186
-#define SSL_F_SSL_SET_FD				 187
-#define SSL_F_SSL_SET_PKEY				 188
-#define SSL_F_SSL_SET_RFD				 189
-#define SSL_F_SSL_SET_SESSION				 190
-#define SSL_F_SSL_SET_WFD				 191
-#define SSL_F_SSL_UNDEFINED_FUNCTION			 192
-#define SSL_F_SSL_USE_CERTIFICATE			 193
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 194
-#define SSL_F_SSL_USE_CERTIFICATE_FILE			 195
-#define SSL_F_SSL_USE_PRIVATEKEY			 196
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 197
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 198
-#define SSL_F_SSL_USE_RSAPRIVATEKEY			 199
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 200
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 201
-#define SSL_F_SSL_WRITE					 202
-#define SSL_F_WRITE_PENDING				 203
+#define SSL_F_SSL_INIT_WBIO_BUFFER			 181
+#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 182
+#define SSL_F_SSL_NEW					 183
+#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 184
+#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 185
+#define SSL_F_SSL_SESSION_NEW				 186
+#define SSL_F_SSL_SESSION_PRINT_FP			 187
+#define SSL_F_SSL_SET_CERT				 188
+#define SSL_F_SSL_SET_FD				 189
+#define SSL_F_SSL_SET_PKEY				 190
+#define SSL_F_SSL_SET_RFD				 191
+#define SSL_F_SSL_SET_SESSION				 192
+#define SSL_F_SSL_SET_WFD				 193
+#define SSL_F_SSL_UNDEFINED_FUNCTION			 194
+#define SSL_F_SSL_USE_CERTIFICATE			 195
+#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 196
+#define SSL_F_SSL_USE_CERTIFICATE_FILE			 197
+#define SSL_F_SSL_USE_PRIVATEKEY			 198
+#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 199
+#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 200
+#define SSL_F_SSL_USE_RSAPRIVATEKEY			 201
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 202
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 203
+#define SSL_F_SSL_WRITE					 204
+#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 205
+#define SSL_F_TLS1_ENC					 206
+#define SSL_F_TLS1_SETUP_KEY_BLOCK			 207
+#define SSL_F_WRITE_PENDING				 208
 
 /* Reason codes. */
 #define SSL_R_APP_DATA_IN_HANDSHAKE			 100
@@ -123,103 +128,109 @@
 #define SSL_R_BAD_MAC_DECODE				 113
 #define SSL_R_BAD_MESSAGE_TYPE				 114
 #define SSL_R_BAD_PACKET_LENGTH				 115
-#define SSL_R_BAD_RESPONSE_ARGUMENT			 116
-#define SSL_R_BAD_RSA_DECRYPT				 117
-#define SSL_R_BAD_RSA_ENCRYPT				 118
-#define SSL_R_BAD_RSA_E_LENGTH				 119
-#define SSL_R_BAD_RSA_MODULUS_LENGTH			 120
-#define SSL_R_BAD_RSA_SIGNATURE				 121
-#define SSL_R_BAD_SIGNATURE				 122
-#define SSL_R_BAD_SSL_FILETYPE				 123
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 124
-#define SSL_R_BAD_STATE					 125
-#define SSL_R_BAD_WRITE_RETRY				 126
-#define SSL_R_BIO_NOT_SET				 127
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 128
-#define SSL_R_BN_LIB					 129
-#define SSL_R_CA_DN_LENGTH_MISMATCH			 130
-#define SSL_R_CA_DN_TOO_LONG				 131
-#define SSL_R_CCS_RECEIVED_EARLY			 132
-#define SSL_R_CERTIFICATE_VERIFY_FAILED			 133
-#define SSL_R_CERT_LENGTH_MISMATCH			 134
-#define SSL_R_CHALLENGE_IS_DIFFERENT			 135
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 136
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 137
-#define SSL_R_CIPHER_TABLE_SRC_ERROR			 138
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 139
-#define SSL_R_COMPRESSION_FAILURE			 140
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 141
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 142
-#define SSL_R_DATA_LENGTH_TOO_LONG			 143
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 144
-#define SSL_R_DIGEST_CHECK_FAILED			 145
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 146
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 147
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 148
-#define SSL_R_EXTRA_DATA_IN_MESSAGE			 149
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 150
-#define SSL_R_INTERNAL_ERROR				 151
-#define SSL_R_INVALID_CHALLENGE_LENGTH			 152
-#define SSL_R_LENGTH_MISMATCH				 153
-#define SSL_R_LENGTH_TOO_SHORT				 154
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 155
-#define SSL_R_MISSING_DH_DSA_CERT			 156
-#define SSL_R_MISSING_DH_KEY				 157
-#define SSL_R_MISSING_DH_RSA_CERT			 158
-#define SSL_R_MISSING_DSA_SIGNING_CERT			 159
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 160
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 161
-#define SSL_R_MISSING_RSA_CERTIFICATE			 162
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 163
-#define SSL_R_MISSING_RSA_SIGNING_CERT			 164
-#define SSL_R_MISSING_TMP_DH_KEY			 165
-#define SSL_R_MISSING_TMP_RSA_KEY			 166
-#define SSL_R_MISSING_TMP_RSA_PKEY			 167
-#define SSL_R_MISSING_VERIFY_MESSAGE			 168
-#define SSL_R_NON_SSLV2_INITIAL_PACKET			 169
-#define SSL_R_NO_CERTIFICATES_PASSED			 170
-#define SSL_R_NO_CERTIFICATE_ASSIGNED			 171
-#define SSL_R_NO_CERTIFICATE_RETURNED			 172
-#define SSL_R_NO_CERTIFICATE_SET			 173
-#define SSL_R_NO_CERTIFICATE_SPECIFIED			 174
-#define SSL_R_NO_CIPHERS_AVAILABLE			 175
-#define SSL_R_NO_CIPHERS_PASSED				 176
-#define SSL_R_NO_CIPHERS_SPECIFIED			 177
-#define SSL_R_NO_CIPHER_LIST				 178
-#define SSL_R_NO_CIPHER_MATCH				 179
-#define SSL_R_NO_CLIENT_CERT_RECEIVED			 180
-#define SSL_R_NO_COMPRESSION_SPECIFIED			 181
-#define SSL_R_NO_PRIVATEKEY				 182
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 183
-#define SSL_R_NO_PUBLICKEY				 184
-#define SSL_R_NO_SHARED_CIPHER				 185
-#define SSL_R_NULL_SSL_CTX				 186
-#define SSL_R_NULL_SSL_METHOD_PASSED			 187
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 188
-#define SSL_R_PACKET_LENGTH_TOO_LONG			 189
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 190
-#define SSL_R_PEER_ERROR				 191
-#define SSL_R_PEER_ERROR_CERTIFICATE			 192
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 193
-#define SSL_R_PEER_ERROR_NO_CIPHER			 194
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 195
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 196
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 197
-#define SSL_R_PROTOCOL_IS_SHUTDOWN			 198
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 199
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 200
-#define SSL_R_PUBLIC_KEY_NOT_RSA			 201
-#define SSL_R_READ_BIO_NOT_SET				 202
-#define SSL_R_READ_WRONG_PACKET_TYPE			 203
-#define SSL_R_RECORD_LENGTH_MISMATCH			 204
-#define SSL_R_RECORD_TOO_LARGE				 205
-#define SSL_R_REQUIRED_CIPHER_MISSING			 206
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 207
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 208
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 209
-#define SSL_R_SHORT_READ				 210
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 211
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 212
+#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116
+#define SSL_R_BAD_RESPONSE_ARGUMENT			 117
+#define SSL_R_BAD_RSA_DECRYPT				 118
+#define SSL_R_BAD_RSA_ENCRYPT				 119
+#define SSL_R_BAD_RSA_E_LENGTH				 120
+#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121
+#define SSL_R_BAD_RSA_SIGNATURE				 122
+#define SSL_R_BAD_SIGNATURE				 123
+#define SSL_R_BAD_SSL_FILETYPE				 124
+#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125
+#define SSL_R_BAD_STATE					 126
+#define SSL_R_BAD_WRITE_RETRY				 127
+#define SSL_R_BIO_NOT_SET				 128
+#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129
+#define SSL_R_BN_LIB					 130
+#define SSL_R_CA_DN_LENGTH_MISMATCH			 131
+#define SSL_R_CA_DN_TOO_LONG				 132
+#define SSL_R_CCS_RECEIVED_EARLY			 133
+#define SSL_R_CERTIFICATE_VERIFY_FAILED			 134
+#define SSL_R_CERT_LENGTH_MISMATCH			 135
+#define SSL_R_CHALLENGE_IS_DIFFERENT			 136
+#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137
+#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138
+#define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
+#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
+#define SSL_R_COMPRESSION_FAILURE			 141
+#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 142
+#define SSL_R_CONNECTION_TYPE_NOT_SET			 143
+#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 144
+#define SSL_R_DATA_LENGTH_TOO_LONG			 145
+#define SSL_R_DECRYPTION_FAILED				 146
+#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 147
+#define SSL_R_DIGEST_CHECK_FAILED			 148
+#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 149
+#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 150
+#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 151
+#define SSL_R_EXTRA_DATA_IN_MESSAGE			 152
+#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 153
+#define SSL_R_HTTPS_PROXY_REQUEST			 154
+#define SSL_R_HTTP_REQUEST				 155
+#define SSL_R_INTERNAL_ERROR				 156
+#define SSL_R_INVALID_CHALLENGE_LENGTH			 157
+#define SSL_R_LENGTH_MISMATCH				 158
+#define SSL_R_LENGTH_TOO_SHORT				 159
+#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 160
+#define SSL_R_MISSING_DH_DSA_CERT			 161
+#define SSL_R_MISSING_DH_KEY				 162
+#define SSL_R_MISSING_DH_RSA_CERT			 163
+#define SSL_R_MISSING_DSA_SIGNING_CERT			 164
+#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 165
+#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 166
+#define SSL_R_MISSING_RSA_CERTIFICATE			 167
+#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 168
+#define SSL_R_MISSING_RSA_SIGNING_CERT			 169
+#define SSL_R_MISSING_TMP_DH_KEY			 170
+#define SSL_R_MISSING_TMP_RSA_KEY			 171
+#define SSL_R_MISSING_TMP_RSA_PKEY			 172
+#define SSL_R_MISSING_VERIFY_MESSAGE			 173
+#define SSL_R_NON_SSLV2_INITIAL_PACKET			 174
+#define SSL_R_NO_CERTIFICATES_RETURNED			 175
+#define SSL_R_NO_CERTIFICATE_ASSIGNED			 176
+#define SSL_R_NO_CERTIFICATE_RETURNED			 177
+#define SSL_R_NO_CERTIFICATE_SET			 178
+#define SSL_R_NO_CERTIFICATE_SPECIFIED			 179
+#define SSL_R_NO_CIPHERS_AVAILABLE			 180
+#define SSL_R_NO_CIPHERS_PASSED				 181
+#define SSL_R_NO_CIPHERS_SPECIFIED			 182
+#define SSL_R_NO_CIPHER_LIST				 183
+#define SSL_R_NO_CIPHER_MATCH				 184
+#define SSL_R_NO_CLIENT_CERT_RECEIVED			 185
+#define SSL_R_NO_COMPRESSION_SPECIFIED			 186
+#define SSL_R_NO_PRIVATEKEY				 187
+#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 188
+#define SSL_R_NO_PROTOCOLS_AVAILABLE			 189
+#define SSL_R_NO_PUBLICKEY				 190
+#define SSL_R_NO_SHARED_CIPHER				 191
+#define SSL_R_NULL_SSL_CTX				 192
+#define SSL_R_NULL_SSL_METHOD_PASSED			 193
+#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 194
+#define SSL_R_PACKET_LENGTH_TOO_LONG			 195
+#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 196
+#define SSL_R_PEER_ERROR				 197
+#define SSL_R_PEER_ERROR_CERTIFICATE			 198
+#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 199
+#define SSL_R_PEER_ERROR_NO_CIPHER			 200
+#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 201
+#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 202
+#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 203
+#define SSL_R_PROTOCOL_IS_SHUTDOWN			 204
+#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 205
+#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 206
+#define SSL_R_PUBLIC_KEY_NOT_RSA			 207
+#define SSL_R_READ_BIO_NOT_SET				 208
+#define SSL_R_READ_WRONG_PACKET_TYPE			 209
+#define SSL_R_RECORD_LENGTH_MISMATCH			 210
+#define SSL_R_RECORD_TOO_LARGE				 211
+#define SSL_R_REQUIRED_CIPHER_MISSING			 212
+#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 213
+#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 214
+#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 215
+#define SSL_R_SHORT_READ				 216
+#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 217
+#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 218
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
 #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045
@@ -229,44 +240,51 @@
 #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040
 #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047
 #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE	 213
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE	 214
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER		 215
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 216
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE	 219
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE	 220
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER		 221
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 222
 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010
-#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE	 217
+#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE	 223
 #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 218
-#define SSL_R_SSL_HANDSHAKE_FAILURE			 219
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 220
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 221
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 222
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 223
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 224
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 225
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 226
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 227
-#define SSL_R_UNEXPECTED_MESSAGE			 228
-#define SSL_R_UNEXPECTED_RECORD				 229
-#define SSL_R_UNKNOWN_ALERT_TYPE			 230
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 231
-#define SSL_R_UNKNOWN_CIPHER_RETURNED			 232
-#define SSL_R_UNKNOWN_CIPHER_TYPE			 233
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 234
-#define SSL_R_UNKNOWN_PKEY_TYPE				 235
-#define SSL_R_UNKNOWN_PROTOCOL				 236
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 237
-#define SSL_R_UNKNOWN_SSL_VERSION			 238
-#define SSL_R_UNKNOWN_STATE				 239
-#define SSL_R_UNSUPPORTED_CIPHER			 240
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 241
-#define SSL_R_UNSUPPORTED_SSL_VERSION			 242
-#define SSL_R_WRITE_BIO_NOT_SET				 243
-#define SSL_R_WRONG_CIPHER_RETURNED			 244
-#define SSL_R_WRONG_MESSAGE_TYPE			 245
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 246
-#define SSL_R_WRONG_SIGNATURE_LENGTH			 247
-#define SSL_R_WRONG_SIGNATURE_SIZE			 248
-#define SSL_R_WRONG_SSL_VERSION				 249
-#define SSL_R_WRONG_VERSION_NUMBER			 250
-#define SSL_R_X509_LIB					 251
+#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 224
+#define SSL_R_SSL_HANDSHAKE_FAILURE			 225
+#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 226
+#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 227
+#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 228
+#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 229
+#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 230
+#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 231
+#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 232
+#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 233
+#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 234
+#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 235
+#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 236
+#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 237
+#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 238
+#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 239
+#define SSL_R_UNEXPECTED_MESSAGE			 240
+#define SSL_R_UNEXPECTED_RECORD				 241
+#define SSL_R_UNKNOWN_ALERT_TYPE			 242
+#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 243
+#define SSL_R_UNKNOWN_CIPHER_RETURNED			 244
+#define SSL_R_UNKNOWN_CIPHER_TYPE			 245
+#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 246
+#define SSL_R_UNKNOWN_PKEY_TYPE				 247
+#define SSL_R_UNKNOWN_PROTOCOL				 248
+#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 249
+#define SSL_R_UNKNOWN_SSL_VERSION			 250
+#define SSL_R_UNKNOWN_STATE				 251
+#define SSL_R_UNSUPPORTED_CIPHER			 252
+#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 253
+#define SSL_R_UNSUPPORTED_PROTOCOL			 254
+#define SSL_R_UNSUPPORTED_SSL_VERSION			 255
+#define SSL_R_WRITE_BIO_NOT_SET				 256
+#define SSL_R_WRONG_CIPHER_RETURNED			 257
+#define SSL_R_WRONG_MESSAGE_TYPE			 258
+#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 259
+#define SSL_R_WRONG_SIGNATURE_LENGTH			 260
+#define SSL_R_WRONG_SIGNATURE_SIZE			 261
+#define SSL_R_WRONG_SSL_VERSION				 262
+#define SSL_R_WRONG_VERSION_NUMBER			 263
+#define SSL_R_X509_LIB					 264
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 594295d5e..cf8f9651b 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1,5 +1,5 @@
 /* ssl/ssl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -118,7 +118,6 @@ extern "C" {
 #define SSL_TXT_RC2		"RC2"
 #define SSL_TXT_IDEA		"IDEA"
 #define SSL_TXT_MD5		"MD5"
-#define SSL_TXT_SHA0		"SHA0"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA"
 #define SSL_TXT_EXP		"EXP"
@@ -130,22 +129,18 @@ extern "C" {
 /* 'DEFAULT' at the start of the cipher list insert the following string
  * in addition to this being the default cipher string */
 #ifndef NO_RSA
-#define SSL_DEFAULT_CIPHER_LIST	"!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP"
+#define SSL_DEFAULT_CIPHER_LIST	"ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
 #else
 #define SSL_ALLOW_ADH
 #define SSL_DEFAULT_CIPHER_LIST	"HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP"
 #endif
 
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 #define SSL_SENT_SHUTDOWN	1
 #define SSL_RECEIVED_SHUTDOWN	2
-#define SSL_CTX_set_quiet_shutdown(ctx,y) ((ctx)->quiet_shutdown=(y));
-#define SSL_CTX_get_quiet_shutdown(ctx) ((ctx)->quiet_shutdown);
-#define SSL_set_quiet_shutdown(s,y)	((s)->quiet_shutdown=(y));
-#define SSL_get_quiet_shutdown(s)	((s)->quiet_shutdown);
-#define SSL_set_shutdown(s,mode)	((s)->shutdown=(mode))
-#define SSL_get_shutdown(s)		((s)->shutdown)
-#define SSL_version(s)			((s)->version)
 
+#include "crypto.h"
+#include "lhash.h"
 #include "buffer.h"
 #include "bio.h"
 #include "x509.h"
@@ -153,6 +148,9 @@ extern "C" {
 #define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
 #define SSL_FILETYPE_PEM	X509_FILETYPE_PEM
 
+/* This is needed to stop compilers complaining about the
+ * 'struct ssl_st *' function parameters used to prototype callbacks
+ * in SSL_CTX. */
 typedef struct ssl_st *ssl_crock_st;
 
 /* used to hold info on the particular ciphers used */
@@ -166,7 +164,7 @@ typedef struct ssl_cipher_st
 	unsigned long mask;		/* used for matching */
 	} SSL_CIPHER;
 
-/* Used to hold functions for SSLv2 or SSLv3 functions */
+/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
 typedef struct ssl_method_st
 	{
 	int version;
@@ -189,6 +187,7 @@ typedef struct ssl_method_st
 	SSL_CIPHER *(*get_cipher)();
 	struct ssl_method_st *(*get_ssl_method)();
 	long (*get_timeout)();
+	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
 	} SSL_METHOD;
 
 typedef struct ssl_compression_st
@@ -248,28 +247,39 @@ typedef struct ssl_session_st
 
 	STACK /* SSL_CIPHER */ *ciphers; /* shared ciphers? */
 
-	char *app_data; /* application specific data */
+	CRYPTO_EX_DATA ex_data; /* application specific data */
+
+	/* These are used to make removal of session-ids more
+	 * efficient and to implement a maximum cache size. */
+	struct ssl_session_st *prev,*next;
 	} SSL_SESSION;
 
 #define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
-#define SSL_OP_NETSCAPE_CA_DN_BUG			0x00000004L
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
 #define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
+#define SSL_OP_TLS_D5_BUG				0x00000100L
+#define	SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
 
 /* If set, only use tmp_dh parameters once */
 #define SSL_OP_SINGLE_DH_USE				0x00100000L
 /* Set to also use the tmp_rsa key when doing RSA operations. */
 #define SSL_OP_EPHEMERAL_RSA				0x00200000L
 
+#define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
 #define SSL_OP_NON_EXPORT_FIRST 			0x40000000L
 #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x80000000L
 #define SSL_OP_ALL					0x000FFFFFL
 
 #define SSL_CTX_set_options(ctx,op)	((ctx)->options|=(op))
+#define SSL_set_options(ssl,op)		((ssl)->options|=(op))
+
+#define SSL_OP_NO_SSLv2					0x01000000L
+#define SSL_OP_NO_SSLv3					0x02000000L
+#define SSL_OP_NO_TLSv1					0x04000000L
 
 /* Normally you will only use these if your application wants to use
  * the certificate store in other places, perhaps PKCS7 */
@@ -278,6 +288,8 @@ typedef struct ssl_session_st
                 (X509_STORE_free((ctx)->cert_store),(ctx)->cert_store=(cs))
 
 
+#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)
+
 typedef struct ssl_ctx_st
 	{
 	SSL_METHOD *method;
@@ -289,6 +301,11 @@ typedef struct ssl_ctx_st
 
 	struct x509_store_st /* X509_STORE */ *cert_store;
 	struct lhash_st /* LHASH */ *sessions;	/* a set of SSL_SESSION's */
+	/* Most session-ids that will be cached, default is
+	 * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited. */
+	unsigned long session_cache_size;
+	struct ssl_session_st *session_cache_head;
+	struct ssl_session_st *session_cache_tail;
 
 	/* This can have one of 2 values, ored together,
 	 * SSL_SESS_CACHE_CLIENT,
@@ -322,12 +339,15 @@ typedef struct ssl_ctx_st
 	SSL_SESSION *(*get_session_cb)();
 #endif
 
-	int sess_connect;	/* SSL new (expensive) connection - started */
-	int sess_connect_good;	/* SSL new (expensive) connection - finished */
-	int sess_accept;	/* SSL new (expensive) accept - started */
-	int sess_accept_good;	/* SSL new (expensive) accept - finished */
+	int sess_connect;	/* SSL new connection - started */
+	int sess_connect_renegotiate;/* SSL renegotiatene  - requested */
+	int sess_connect_good;	/* SSL new connection/renegotiate - finished */
+	int sess_accept;	/* SSL new accept - started */
+	int sess_accept_renegotiate;/* SSL renegotiatene - requested */
+	int sess_accept_good;	/* SSL accept/renegotiate - finished */
 	int sess_miss;		/* session lookup misses  */
 	int sess_timeout;	/* session reuse attempt on timeouted session */
+	int sess_cache_full;	/* session removed due to full cache */
 	int sess_hit;		/* session reuse actually done */
 	int sess_cb_hit;	/* session-id that was not in the cache was
 				 * passed back via the callback.  This
@@ -360,16 +380,22 @@ typedef struct ssl_ctx_st
 
 	int quiet_shutdown;
 
-	char *app_data;
+	CRYPTO_EX_DATA ex_data;
+
+	EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
+	EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
+	EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
 	} SSL_CTX;
 
-#define SSL_SESS_CACHE_OFF	0x00
-#define SSL_SESS_CACHE_CLIENT	0x01
-#define SSL_SESS_CACHE_SERVER	0x02
+#define SSL_SESS_CACHE_OFF			0x0000
+#define SSL_SESS_CACHE_CLIENT			0x0001
+#define SSL_SESS_CACHE_SERVER			0x0002
 #define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
-#define SSL_SESS_CACHE_NO_AUTO_CLEAR	0x80
-
-#define SSL_session_reused(s)	((s)->hit)
+#define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
+/* This one, when set, makes the server session-id lookup not look
+ * in the cache.  If there is an application get_session callback
+ * defined, this will still get called. */
+#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
 
 #define SSL_CTX_sessions(ctx)		((ctx)->sessions)
 /* You will need to include lhash.h to access the following #define */
@@ -377,11 +403,17 @@ typedef struct ssl_ctx_st
 #define SSL_CTX_sess_connect(ctx)	((ctx)->sess_connect)
 #define SSL_CTX_sess_connect_good(ctx)	((ctx)->sess_connect_good)
 #define SSL_CTX_sess_accept(ctx)	((ctx)->sess_accept)
+#define SSL_CTX_sess_accept_renegotiate(ctx)	((ctx)->sess_accept_renegotiate)
+#define SSL_CTX_sess_connect_renegotiate(ctx)	((ctx)->sess_connect_renegotiate)
 #define SSL_CTX_sess_accept_good(ctx)	((ctx)->sess_accept_good)
 #define SSL_CTX_sess_hits(ctx)		((ctx)->sess_hit)
 #define SSL_CTX_sess_cb_hits(ctx)	((ctx)->sess_cb_hit)
 #define SSL_CTX_sess_misses(ctx)	((ctx)->sess_miss)
 #define SSL_CTX_sess_timeouts(ctx)	((ctx)->sess_timeout)
+#define SSL_CTX_sess_cache_full(ctx)	((ctx)->sess_cache_full)
+
+#define SSL_CTX_sess_set_cache_size(ctx,t) ((ctx)->session_cache_size=(t))
+#define SSL_CTX_sess_get_cache_size(ctx)   ((ctx)->session_cache_size)
 
 #define SSL_CTX_sess_set_new_cb(ctx,cb)	((ctx)->new_session_cb=(cb))
 #define SSL_CTX_sess_get_new_cb(ctx)	((ctx)->new_session_cb)
@@ -510,30 +542,29 @@ typedef struct ssl_st
 	int debug;	
 
 	/* extra application data */
-	int verify_result;
-	char *app_data;
+	long verify_result;
+	CRYPTO_EX_DATA ex_data;
 
 	/* for server side, keep the list of CA_dn we can use */
 	STACK /* X509_NAME */ *client_CA;
 
+	int references;
+	unsigned long options;
 	int first_packet;
 	} SSL;
 
 #include "ssl2.h"
 #include "ssl3.h"
+#include "tls1.h" /* This is mostly sslv3 with a few tweaks */
 #include "ssl23.h"
 
-/* application stuff */
-#define SSL_set_verify_result(s,arg)	((s)->verify_result=(long)arg)
-#define SSL_get_verify_result(s)	((s)->verify_result)
-#define SSL_set_app_data(s,arg)		((s)->app_data=(char *)arg)
-#define SSL_get_app_data(s)		((s)->app_data)
-
-#define SSL_SESSION_set_app_data(s,arg)		((s)->app_data=(char *)arg)
-#define SSL_SESSION_get_app_data(s)		((s)->app_data)
-
-#define SSL_CTX_set_app_data(ctx,arg)	((ctx)->app_data=(char *)arg)
-#define SSL_CTX_get_app_data(ctx)	((ctx)->app_data)
+/* compatablity */
+#define SSL_set_app_data(s,arg)		(SSL_set_ex_data(s,0,(char *)arg))
+#define SSL_get_app_data(s)		(SSL_get_ex_data(s,0))
+#define SSL_SESSION_set_app_data(s,a)	(SSL_SESSION_set_ex_data(s,0,(char *)a))
+#define SSL_SESSION_get_app_data(s)	(SSL_SESSION_get_ex_data(s,0))
+#define SSL_CTX_get_app_data(ctx)	(SSL_CTX_get_ex_data(ctx,0))
+#define SSL_CTX_set_app_data(ctx,arg)	(SSL_CTX_set_ex_data(ctx,0,(char *)arg))
 
 /* The following are the possible values for ssl->state are are
  * used to indicate where we are upto in the SSL connection establishment.
@@ -542,7 +573,6 @@ typedef struct ssl_st
  * It can also be useful to work out where you were when the connection
  * failed */
 
-#define SSL_state(a)			((a)->state)
 #define SSL_ST_CONNECT			0x1000
 #define SSL_ST_ACCEPT			0x2000
 #define SSL_ST_MASK			0x0FFF
@@ -551,10 +581,6 @@ typedef struct ssl_st
 #define SSL_ST_OK			0x03
 #define SSL_ST_RENEGOTIATE		(0x04|SSL_ST_INIT)
 
-/* SSL info callback functions */
-#define SSL_set_info_callback(ssl,cb)	((ssl)->info_callback=(cb))
-#define SSL_get_info_callback(ssl)	((ssl)->info_callback)
-
 #define SSL_CB_LOOP			0x01
 #define SSL_CB_EXIT			0x02
 #define SSL_CB_READ			0x04
@@ -570,11 +596,12 @@ typedef struct ssl_st
 #define SSL_CB_HANDSHAKE_DONE		0x20
 
 /* Is the SSL_connection established? */
-#define SSL_is_init_finished(a)		((a)->state == SSL_ST_OK)
-#define SSL_in_init(a)			((a)->state&SSL_ST_INIT)
-#define SSL_in_before(a)		((a)->state&SSL_ST_BEFORE)
-#define SSL_in_connect_init(a)		((a)->state&SSL_ST_CONNECT)
-#define SSL_in_accept_init(a)		((a)->state&SSL_ST_ACCEPT)
+#define SSL_get_state(a)		SSL_state(a)
+#define SSL_is_init_finished(a)		(SSL_state(a) == SSL_ST_OK)
+#define SSL_in_init(a)			(SSL_state(a)&SSL_ST_INIT)
+#define SSL_in_before(a)		(SSL_state(a)&SSL_ST_BEFORE)
+#define SSL_in_connect_init(a)		(SSL_state(a)&SSL_ST_CONNECT)
+#define SSL_in_accept_init(a)		(SSL_state(a)&SSL_ST_ACCEPT)
 
 /* The following 2 states are kept in ssl->rstate when reads fail,
  * you should not need these */
@@ -589,20 +616,6 @@ typedef struct ssl_st
 #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT	0x02
 #define SSL_VERIFY_CLIENT_ONCE		0x04
 
-#define SSL_RWERR_BAD_WRITE_RETRY	(-2)
-#define SSL_RWERR_BAD_MAC_DECODE	(-3)
-#define SSL_RWERR_INTERNAL_ERROR	(-4) /* should not get this one */
-#define SSL_RWERR_WRONG_RECORD_TYPE	(-5) /* used internally */
-
-#define SSL_CTX_set_default_verify_paths(ctx) \
-		X509_STORE_set_default_paths((ctx)->cert_store)
-#define SSL_CTX_load_verify_locations(ctx,CAfile,CApath) \
-		X509_STORE_load_locations((ctx)->cert_store,\
-		(CAfile),(CApath))
-
-#define SSL_get_session(s)	((s)->session)
-#define SSL_get_SSL_CTX(s)	((s)->ctx)
-
 /* this is for backward compatablility */
 #if 0 /* NEW_SSLEAY */
 #define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
@@ -620,6 +633,10 @@ typedef struct ssl_st
 		SSL_CIPHER_get_version(SSL_get_current_cipher(s))
 #define SSL_get_cipher_name(s) \
 		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+#define SSL_get_time(a)		SSL_SESSION_get_time(a)
+#define SSL_set_time(a,b)	SSL_SESSION_set_time((a),(b))
+#define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)
+#define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))
 
 /* VMS linker has a 31 char name limit */
 #define SSL_CTX_set_cert_verify_callback(a,b,c) \
@@ -643,6 +660,32 @@ typedef struct ssl_st
 		PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
 #endif
 
+/* These alert types are for SSLv3 and TLSv1 */
+#define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY
+#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
+#define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC     /* fatal */
+#define SSL_AD_DECRYPTION_FAILED	TLS1_AD_DECRYPTION_FAILED
+#define SSL_AD_RECORD_OVERFLOW		TLS1_AD_RECORD_OVERFLOW
+#define SSL_AD_DECOMPRESSION_FAILURE	SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
+#define SSL_AD_HANDSHAKE_FAILURE	SSL3_AD_HANDSHAKE_FAILURE/* fatal */
+#define SSL_AD_NO_CERTIFICATE		SSL3_AD_NO_CERTIFICATE /* Not for TLS */
+#define SSL_AD_BAD_CERTIFICATE		SSL3_AD_BAD_CERTIFICATE
+#define SSL_AD_UNSUPPORTED_CERTIFICATE	SSL3_AD_UNSUPPORTED_CERTIFICATE
+#define SSL_AD_CERTIFICATE_REVOKED	SSL3_AD_CERTIFICATE_REVOKED
+#define SSL_AD_CERTIFICATE_EXPIRED	SSL3_AD_CERTIFICATE_EXPIRED
+#define SSL_AD_CERTIFICATE_UNKNOWN	SSL3_AD_CERTIFICATE_UNKNOWN
+#define SSL_AD_ILLEGAL_PARAMETER	SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
+#define SSL_AD_UNKNOWN_CA		TLS1_AD_UNKNOWN_CA	/* fatal */
+#define SSL_AD_ACCESS_DENIED		TLS1_AD_ACCESS_DENIED	/* fatal */
+#define SSL_AD_DECODE_ERROR		TLS1_AD_DECODE_ERROR	/* fatal */
+#define SSL_AD_DECRYPT_ERROR		TLS1_AD_DECRYPT_ERROR
+#define SSL_AD_EXPORT_RESTRICION	TLS1_AD_EXPORT_RESTRICION/* fatal */
+#define SSL_AD_PROTOCOL_VERSION		TLS1_AD_PROTOCOL_VERSION /* fatal */
+#define SSL_AD_INSUFFICIENT_SECURITY	TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
+#define SSL_AD_INTERNAL_ERROR		TLS1_AD_INTERNAL_ERROR	/* fatal */
+#define SSL_AD_USER_CANCLED		TLS1_AD_USER_CANCLED
+#define SSL_AD_NO_RENEGOTIATION		TLS1_AD_NO_RENEGOTIATION
+
 #define SSL_ERROR_NONE			0
 #define SSL_ERROR_SSL			1
 #define SSL_ERROR_WANT_READ		2
@@ -652,11 +695,26 @@ typedef struct ssl_st
 #define SSL_ERROR_ZERO_RETURN		6
 #define SSL_ERROR_WANT_CONNECT		7
 
-#define SSL_CTRL_NEED_TMP_RSA		1
-#define SSL_CTRL_SET_TMP_RSA		2
-#define SSL_CTRL_SET_TMP_DH		3
-#define SSL_CTRL_SET_TMP_RSA_CB		4
-#define SSL_CTRL_SET_TMP_DH_CB		5
+#define SSL_CTRL_NEED_TMP_RSA			1
+#define SSL_CTRL_SET_TMP_RSA			2
+#define SSL_CTRL_SET_TMP_DH			3
+#define SSL_CTRL_SET_TMP_RSA_CB			4
+#define SSL_CTRL_SET_TMP_DH_CB			5
+/* Add these ones */
+#define SSL_CTRL_GET_SESSION_REUSED		6
+#define SSL_CTRL_GET_CLIENT_CERT_REQUEST	7
+#define SSL_CTRL_GET_NUM_RENEGOTIATIONS		8
+#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS	9
+#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS	10
+
+#define SSL_session_reused(ssl) \
+	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
+#define SSL_num_renegotiations(ssl) \
+	SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
+#define SSL_clear_num_renegotiations(ssl) \
+	SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
+#define SSL_total_renegotiations(ssl) \
+	SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
 
 #define SSL_CTX_need_tmp_RSA(ctx) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
@@ -672,13 +730,15 @@ typedef struct ssl_st
 #define SSL_CTX_set_tmp_rsa_callback(ctx,cb) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb)
 #define SSL_CTX_set_tmp_dh_callback(ctx,dh) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)cb)
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh)
 
 #ifndef NOPROTO
 
 #ifdef HEADER_BIO_H
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
 int BIO_ssl_copy_session_id(BIO *to,BIO *from);
 void BIO_ssl_shutdown(BIO *ssl_bio);
 
@@ -717,27 +777,37 @@ int	(*SSL_get_verify_callback(SSL *s))();
 void	SSL_set_verify(SSL *s, int mode, int (*callback) ());
 int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
 int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
-int	SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);
 int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
 int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
-int	SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);
 int	SSL_use_certificate(SSL *ssl, X509 *x);
 int	SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);
+
+#ifndef NO_STDIO
+int	SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);
+int	SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);
 int	SSL_use_certificate_file(SSL *ssl, char *file, int type);
+int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);
+int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);
+int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);
+STACK * SSL_load_client_CA_file(char *file);
+#endif
+
 void	ERR_load_SSL_strings(void );
 void	SSL_load_error_strings(void );
 char * 	SSL_state_string(SSL *s);
 char * 	SSL_rstate_string(SSL *s);
 char * 	SSL_state_string_long(SSL *s);
 char * 	SSL_rstate_string_long(SSL *s);
-long	SSL_get_time(SSL_SESSION *s);
-long	SSL_set_time(SSL_SESSION *s, long t);
-long	SSL_get_timeout(SSL_SESSION *s);
-long	SSL_set_timeout(SSL_SESSION *s, long t);
+long	SSL_SESSION_get_time(SSL_SESSION *s);
+long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
+long	SSL_SESSION_get_timeout(SSL_SESSION *s);
+long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
 void	SSL_copy_session_id(SSL *to,SSL *from);
 
 SSL_SESSION *SSL_SESSION_new(void);
-#ifndef WIN16
+unsigned long SSL_SESSION_hash(SSL_SESSION *a);
+int	SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b);
+#ifndef NO_FP_API
 int	SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
 #endif
 #ifdef HEADER_BIO_H
@@ -762,14 +832,11 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)());
 void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
 int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
 	unsigned char *d, long len);
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);
 
 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
 
@@ -793,17 +860,21 @@ char *	SSL_get_version(SSL *s);
 /* This sets the 'default' SSL version that SSL_new() will create */
 int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
 
-SSL_METHOD *SSLv2_method(void);		/* sslv2 */
-SSL_METHOD *SSLv2_server_method(void);	/* sslv2 */
-SSL_METHOD *SSLv2_client_method(void);	/* sslv2 */
+SSL_METHOD *SSLv2_method(void);		/* SSLv2 */
+SSL_METHOD *SSLv2_server_method(void);	/* SSLv2 */
+SSL_METHOD *SSLv2_client_method(void);	/* SSLv2 */
 
-SSL_METHOD *SSLv3_method(void);		/* sslv3 */
-SSL_METHOD *SSLv3_server_method(void);	/* sslv3 */
-SSL_METHOD *SSLv3_client_method(void);	/* sslv3 */
+SSL_METHOD *SSLv3_method(void);		/* SSLv3 */
+SSL_METHOD *SSLv3_server_method(void);	/* SSLv3 */
+SSL_METHOD *SSLv3_client_method(void);	/* SSLv3 */
 
-SSL_METHOD *SSLv23_method(void);	/* sslv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_server_method(void);	/* sslv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_client_method(void);	/* sslv3 but can rollback to v2 */
+SSL_METHOD *SSLv23_method(void);	/* SSLv3 but can rollback to v2 */
+SSL_METHOD *SSLv23_server_method(void);	/* SSLv3 but can rollback to v2 */
+SSL_METHOD *SSLv23_client_method(void);	/* SSLv3 but can rollback to v2 */
+
+SSL_METHOD *TLSv1_method(void);		/* TLSv1.0 */
+SSL_METHOD *TLSv1_server_method(void);	/* TLSv1.0 */
+SSL_METHOD *TLSv1_client_method(void);	/* TLSv1.0 */
 
 STACK *SSL_get_ciphers(SSL *s);
 
@@ -818,7 +889,6 @@ char *SSL_alert_type_string(int value);
 char *SSL_alert_desc_string_long(int value);
 char *SSL_alert_desc_string(int value);
 
-STACK *SSL_load_client_CA_file(char *file);
 void SSL_set_client_CA_list(SSL *s, STACK *list);
 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);
 STACK *SSL_get_client_CA_list(SSL *s);
@@ -841,10 +911,45 @@ SSL *SSL_dup(SSL *ssl);
 X509 *SSL_get_certificate(SSL *ssl);
 /* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
 
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
+int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
+void SSL_set_quiet_shutdown(SSL *ssl,int mode);
+int SSL_get_quiet_shutdown(SSL *ssl);
+void SSL_set_shutdown(SSL *ssl,int mode);
+int SSL_get_shutdown(SSL *ssl);
+int SSL_version(SSL *ssl);
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx,char *CAfile,char *CApath);
+SSL_SESSION *SSL_get_session(SSL *ssl);
+SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
+void SSL_set_info_callback(SSL *ssl,void (*cb)());
+void (*SSL_get_info_callback(SSL *ssl))();
+int SSL_state(SSL *ssl);
+
+void SSL_set_verify_result(SSL *ssl,long v);
+long SSL_get_verify_result(SSL *ssl);
+
+int SSL_set_ex_data(SSL *ssl,int idx,char *data);
+char *SSL_get_ex_data(SSL *ssl,int idx);
+int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,char *data);
+char *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
+int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+
+int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,char *data);
+char *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
+int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+
 #else
 
 BIO_METHOD *BIO_f_ssl();
 BIO *BIO_new_ssl();
+BIO *BIO_new_ssl_connect();
+BIO *BIO_new_buffer_ssl_connect();
 int BIO_ssl_copy_session_id();
 void BIO_ssl_shutdown();
 
@@ -881,27 +986,37 @@ int	SSL_get_verify_mode();
 void	SSL_set_verify();
 int	SSL_use_RSAPrivateKey();
 int	SSL_use_RSAPrivateKey_ASN1();
-int	SSL_use_RSAPrivateKey_file();
 int	SSL_use_PrivateKey();
 int	SSL_use_PrivateKey_ASN1();
-int	SSL_use_PrivateKey_file();
 int	SSL_use_certificate();
 int	SSL_use_certificate_ASN1();
+
+#ifndef NO_STDIO
+int	SSL_use_RSAPrivateKey_file();
+int	SSL_use_PrivateKey_file();
 int	SSL_use_certificate_file();
+int	SSL_CTX_use_RSAPrivateKey_file();
+int	SSL_CTX_use_PrivateKey_file();
+int	SSL_CTX_use_certificate_file();
+STACK * SSL_load_client_CA_file();
+#endif
+
 void	ERR_load_SSL_strings();
 void	SSL_load_error_strings();
 char * 	SSL_state_string();
 char * 	SSL_rstate_string();
 char * 	SSL_state_string_long();
 char * 	SSL_rstate_string_long();
-long	SSL_get_time();
-long	SSL_set_time();
-long	SSL_get_timeout();
-long	SSL_set_timeout();
+long	SSL_SESSION_get_time();
+long	SSL_SESSION_set_time();
+long	SSL_SESSION_get_timeout();
+long	SSL_SESSION_set_timeout();
 void	SSL_copy_session_id();
 
 SSL_SESSION *SSL_SESSION_new();
-#ifndef WIN16
+unsigned long SSL_SESSION_hash();
+int	SSL_SESSION_cmp();
+#ifndef NO_FP_API
 int	SSL_SESSION_print_fp();
 #endif
 #ifdef HEADER_BIO_H
@@ -926,13 +1041,10 @@ void SSL_CTX_set_verify();
 void SSL_CTX_set_cert_verify_cb();
 int SSL_CTX_use_RSAPrivateKey();
 int SSL_CTX_use_RSAPrivateKey_ASN1();
-int SSL_CTX_use_RSAPrivateKey_file();
 int SSL_CTX_use_PrivateKey();
 int SSL_CTX_use_PrivateKey_ASN1();
-int SSL_CTX_use_PrivateKey_file();
 int SSL_CTX_use_certificate();
 int SSL_CTX_use_certificate_ASN1();
-int SSL_CTX_use_certificate_file();
 
 void SSL_CTX_set_default_passwd_cb();
 
@@ -967,6 +1079,10 @@ SSL_METHOD *SSLv23_method();
 SSL_METHOD *SSLv23_server_method();
 SSL_METHOD *SSLv23_client_method();
 
+SSL_METHOD *TLSv1_method();
+SSL_METHOD *TLSv1_server_method();
+SSL_METHOD *TLSv1_client_method();
+
 STACK *SSL_get_ciphers();
 
 int SSL_do_handshake();
@@ -980,7 +1096,6 @@ char *SSL_alert_type_string();
 char *SSL_alert_desc_string_long();
 char *SSL_alert_desc_string();
 
-STACK *SSL_load_client_CA_file();
 void SSL_set_client_CA_list();
 void SSL_CTX_set_client_CA_list();
 STACK *SSL_get_client_CA_list();
@@ -1005,6 +1120,36 @@ X509 *SSL_get_certificate();
 
 #ifdef this_is_for_mk1mf_pl
 EVP *SSL_get_privatekey();
+
+void SSL_CTX_set_quiet_shutdown();
+int SSL_CTX_get_quiet_shutdown();
+void SSL_set_quiet_shutdown();
+int SSL_get_quiet_shutdown();
+void SSL_set_shutdown();
+int SSL_get_shutdown();
+int SSL_version();
+int SSL_CTX_set_default_verify_paths();
+int SSL_CTX_load_verify_locations();
+SSL_SESSION *SSL_get_session();
+SSL_CTX *SSL_get_SSL_CTX();
+void SSL_set_info_callback();
+int (*SSL_get_info_callback())();
+int SSL_state();
+void SSL_set_verify_result();
+long SSL_get_verify_result();
+
+int SSL_set_ex_data();
+char *SSL_get_ex_data();
+int SSL_get_ex_new_index();
+
+int SSL_SESSION_set_ex_data();
+char *SSL_SESSION_get_ex_data();
+int SSL_SESSION_get_ex_new_index();
+
+int SSL_CTX_set_ex_data();
+char *SSL_CTX_get_ex_data();
+int SSL_CTX_get_ex_new_index();
+
 #endif
 
 #endif
@@ -1094,29 +1239,34 @@ EVP *SSL_get_privatekey();
 #define SSL_F_SSL_GET_NEW_SESSION			 178
 #define SSL_F_SSL_GET_SERVER_SEND_CERT			 179
 #define SSL_F_SSL_GET_SIGN_PKEY				 180
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 181
-#define SSL_F_SSL_NEW					 182
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 183
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 184
-#define SSL_F_SSL_SESSION_NEW				 185
-#define SSL_F_SSL_SESSION_PRINT_FP			 186
-#define SSL_F_SSL_SET_FD				 187
-#define SSL_F_SSL_SET_PKEY				 188
-#define SSL_F_SSL_SET_RFD				 189
-#define SSL_F_SSL_SET_SESSION				 190
-#define SSL_F_SSL_SET_WFD				 191
-#define SSL_F_SSL_UNDEFINED_FUNCTION			 192
-#define SSL_F_SSL_USE_CERTIFICATE			 193
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 194
-#define SSL_F_SSL_USE_CERTIFICATE_FILE			 195
-#define SSL_F_SSL_USE_PRIVATEKEY			 196
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 197
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 198
-#define SSL_F_SSL_USE_RSAPRIVATEKEY			 199
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 200
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 201
-#define SSL_F_SSL_WRITE					 202
-#define SSL_F_WRITE_PENDING				 203
+#define SSL_F_SSL_INIT_WBIO_BUFFER			 181
+#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 182
+#define SSL_F_SSL_NEW					 183
+#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 184
+#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 185
+#define SSL_F_SSL_SESSION_NEW				 186
+#define SSL_F_SSL_SESSION_PRINT_FP			 187
+#define SSL_F_SSL_SET_CERT				 188
+#define SSL_F_SSL_SET_FD				 189
+#define SSL_F_SSL_SET_PKEY				 190
+#define SSL_F_SSL_SET_RFD				 191
+#define SSL_F_SSL_SET_SESSION				 192
+#define SSL_F_SSL_SET_WFD				 193
+#define SSL_F_SSL_UNDEFINED_FUNCTION			 194
+#define SSL_F_SSL_USE_CERTIFICATE			 195
+#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 196
+#define SSL_F_SSL_USE_CERTIFICATE_FILE			 197
+#define SSL_F_SSL_USE_PRIVATEKEY			 198
+#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 199
+#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 200
+#define SSL_F_SSL_USE_RSAPRIVATEKEY			 201
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 202
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 203
+#define SSL_F_SSL_WRITE					 204
+#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 205
+#define SSL_F_TLS1_ENC					 206
+#define SSL_F_TLS1_SETUP_KEY_BLOCK			 207
+#define SSL_F_WRITE_PENDING				 208
 
 /* Reason codes. */
 #define SSL_R_APP_DATA_IN_HANDSHAKE			 100
@@ -1135,103 +1285,109 @@ EVP *SSL_get_privatekey();
 #define SSL_R_BAD_MAC_DECODE				 113
 #define SSL_R_BAD_MESSAGE_TYPE				 114
 #define SSL_R_BAD_PACKET_LENGTH				 115
-#define SSL_R_BAD_RESPONSE_ARGUMENT			 116
-#define SSL_R_BAD_RSA_DECRYPT				 117
-#define SSL_R_BAD_RSA_ENCRYPT				 118
-#define SSL_R_BAD_RSA_E_LENGTH				 119
-#define SSL_R_BAD_RSA_MODULUS_LENGTH			 120
-#define SSL_R_BAD_RSA_SIGNATURE				 121
-#define SSL_R_BAD_SIGNATURE				 122
-#define SSL_R_BAD_SSL_FILETYPE				 123
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 124
-#define SSL_R_BAD_STATE					 125
-#define SSL_R_BAD_WRITE_RETRY				 126
-#define SSL_R_BIO_NOT_SET				 127
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 128
-#define SSL_R_BN_LIB					 129
-#define SSL_R_CA_DN_LENGTH_MISMATCH			 130
-#define SSL_R_CA_DN_TOO_LONG				 131
-#define SSL_R_CCS_RECEIVED_EARLY			 132
-#define SSL_R_CERTIFICATE_VERIFY_FAILED			 133
-#define SSL_R_CERT_LENGTH_MISMATCH			 134
-#define SSL_R_CHALLENGE_IS_DIFFERENT			 135
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 136
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 137
-#define SSL_R_CIPHER_TABLE_SRC_ERROR			 138
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 139
-#define SSL_R_COMPRESSION_FAILURE			 140
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 141
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 142
-#define SSL_R_DATA_LENGTH_TOO_LONG			 143
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 144
-#define SSL_R_DIGEST_CHECK_FAILED			 145
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 146
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 147
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 148
-#define SSL_R_EXTRA_DATA_IN_MESSAGE			 149
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 150
-#define SSL_R_INTERNAL_ERROR				 151
-#define SSL_R_INVALID_CHALLENGE_LENGTH			 152
-#define SSL_R_LENGTH_MISMATCH				 153
-#define SSL_R_LENGTH_TOO_SHORT				 154
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 155
-#define SSL_R_MISSING_DH_DSA_CERT			 156
-#define SSL_R_MISSING_DH_KEY				 157
-#define SSL_R_MISSING_DH_RSA_CERT			 158
-#define SSL_R_MISSING_DSA_SIGNING_CERT			 159
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 160
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 161
-#define SSL_R_MISSING_RSA_CERTIFICATE			 162
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 163
-#define SSL_R_MISSING_RSA_SIGNING_CERT			 164
-#define SSL_R_MISSING_TMP_DH_KEY			 165
-#define SSL_R_MISSING_TMP_RSA_KEY			 166
-#define SSL_R_MISSING_TMP_RSA_PKEY			 167
-#define SSL_R_MISSING_VERIFY_MESSAGE			 168
-#define SSL_R_NON_SSLV2_INITIAL_PACKET			 169
-#define SSL_R_NO_CERTIFICATES_PASSED			 170
-#define SSL_R_NO_CERTIFICATE_ASSIGNED			 171
-#define SSL_R_NO_CERTIFICATE_RETURNED			 172
-#define SSL_R_NO_CERTIFICATE_SET			 173
-#define SSL_R_NO_CERTIFICATE_SPECIFIED			 174
-#define SSL_R_NO_CIPHERS_AVAILABLE			 175
-#define SSL_R_NO_CIPHERS_PASSED				 176
-#define SSL_R_NO_CIPHERS_SPECIFIED			 177
-#define SSL_R_NO_CIPHER_LIST				 178
-#define SSL_R_NO_CIPHER_MATCH				 179
-#define SSL_R_NO_CLIENT_CERT_RECEIVED			 180
-#define SSL_R_NO_COMPRESSION_SPECIFIED			 181
-#define SSL_R_NO_PRIVATEKEY				 182
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 183
-#define SSL_R_NO_PUBLICKEY				 184
-#define SSL_R_NO_SHARED_CIPHER				 185
-#define SSL_R_NULL_SSL_CTX				 186
-#define SSL_R_NULL_SSL_METHOD_PASSED			 187
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 188
-#define SSL_R_PACKET_LENGTH_TOO_LONG			 189
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 190
-#define SSL_R_PEER_ERROR				 191
-#define SSL_R_PEER_ERROR_CERTIFICATE			 192
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 193
-#define SSL_R_PEER_ERROR_NO_CIPHER			 194
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 195
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 196
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 197
-#define SSL_R_PROTOCOL_IS_SHUTDOWN			 198
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 199
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 200
-#define SSL_R_PUBLIC_KEY_NOT_RSA			 201
-#define SSL_R_READ_BIO_NOT_SET				 202
-#define SSL_R_READ_WRONG_PACKET_TYPE			 203
-#define SSL_R_RECORD_LENGTH_MISMATCH			 204
-#define SSL_R_RECORD_TOO_LARGE				 205
-#define SSL_R_REQUIRED_CIPHER_MISSING			 206
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 207
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 208
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 209
-#define SSL_R_SHORT_READ				 210
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 211
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 212
+#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116
+#define SSL_R_BAD_RESPONSE_ARGUMENT			 117
+#define SSL_R_BAD_RSA_DECRYPT				 118
+#define SSL_R_BAD_RSA_ENCRYPT				 119
+#define SSL_R_BAD_RSA_E_LENGTH				 120
+#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121
+#define SSL_R_BAD_RSA_SIGNATURE				 122
+#define SSL_R_BAD_SIGNATURE				 123
+#define SSL_R_BAD_SSL_FILETYPE				 124
+#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125
+#define SSL_R_BAD_STATE					 126
+#define SSL_R_BAD_WRITE_RETRY				 127
+#define SSL_R_BIO_NOT_SET				 128
+#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129
+#define SSL_R_BN_LIB					 130
+#define SSL_R_CA_DN_LENGTH_MISMATCH			 131
+#define SSL_R_CA_DN_TOO_LONG				 132
+#define SSL_R_CCS_RECEIVED_EARLY			 133
+#define SSL_R_CERTIFICATE_VERIFY_FAILED			 134
+#define SSL_R_CERT_LENGTH_MISMATCH			 135
+#define SSL_R_CHALLENGE_IS_DIFFERENT			 136
+#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137
+#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138
+#define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
+#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
+#define SSL_R_COMPRESSION_FAILURE			 141
+#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 142
+#define SSL_R_CONNECTION_TYPE_NOT_SET			 143
+#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 144
+#define SSL_R_DATA_LENGTH_TOO_LONG			 145
+#define SSL_R_DECRYPTION_FAILED				 146
+#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 147
+#define SSL_R_DIGEST_CHECK_FAILED			 148
+#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 149
+#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 150
+#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 151
+#define SSL_R_EXTRA_DATA_IN_MESSAGE			 152
+#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 153
+#define SSL_R_HTTPS_PROXY_REQUEST			 154
+#define SSL_R_HTTP_REQUEST				 155
+#define SSL_R_INTERNAL_ERROR				 156
+#define SSL_R_INVALID_CHALLENGE_LENGTH			 157
+#define SSL_R_LENGTH_MISMATCH				 158
+#define SSL_R_LENGTH_TOO_SHORT				 159
+#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 160
+#define SSL_R_MISSING_DH_DSA_CERT			 161
+#define SSL_R_MISSING_DH_KEY				 162
+#define SSL_R_MISSING_DH_RSA_CERT			 163
+#define SSL_R_MISSING_DSA_SIGNING_CERT			 164
+#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 165
+#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 166
+#define SSL_R_MISSING_RSA_CERTIFICATE			 167
+#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 168
+#define SSL_R_MISSING_RSA_SIGNING_CERT			 169
+#define SSL_R_MISSING_TMP_DH_KEY			 170
+#define SSL_R_MISSING_TMP_RSA_KEY			 171
+#define SSL_R_MISSING_TMP_RSA_PKEY			 172
+#define SSL_R_MISSING_VERIFY_MESSAGE			 173
+#define SSL_R_NON_SSLV2_INITIAL_PACKET			 174
+#define SSL_R_NO_CERTIFICATES_RETURNED			 175
+#define SSL_R_NO_CERTIFICATE_ASSIGNED			 176
+#define SSL_R_NO_CERTIFICATE_RETURNED			 177
+#define SSL_R_NO_CERTIFICATE_SET			 178
+#define SSL_R_NO_CERTIFICATE_SPECIFIED			 179
+#define SSL_R_NO_CIPHERS_AVAILABLE			 180
+#define SSL_R_NO_CIPHERS_PASSED				 181
+#define SSL_R_NO_CIPHERS_SPECIFIED			 182
+#define SSL_R_NO_CIPHER_LIST				 183
+#define SSL_R_NO_CIPHER_MATCH				 184
+#define SSL_R_NO_CLIENT_CERT_RECEIVED			 185
+#define SSL_R_NO_COMPRESSION_SPECIFIED			 186
+#define SSL_R_NO_PRIVATEKEY				 187
+#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 188
+#define SSL_R_NO_PROTOCOLS_AVAILABLE			 189
+#define SSL_R_NO_PUBLICKEY				 190
+#define SSL_R_NO_SHARED_CIPHER				 191
+#define SSL_R_NULL_SSL_CTX				 192
+#define SSL_R_NULL_SSL_METHOD_PASSED			 193
+#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 194
+#define SSL_R_PACKET_LENGTH_TOO_LONG			 195
+#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 196
+#define SSL_R_PEER_ERROR				 197
+#define SSL_R_PEER_ERROR_CERTIFICATE			 198
+#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 199
+#define SSL_R_PEER_ERROR_NO_CIPHER			 200
+#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 201
+#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 202
+#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 203
+#define SSL_R_PROTOCOL_IS_SHUTDOWN			 204
+#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 205
+#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 206
+#define SSL_R_PUBLIC_KEY_NOT_RSA			 207
+#define SSL_R_READ_BIO_NOT_SET				 208
+#define SSL_R_READ_WRONG_PACKET_TYPE			 209
+#define SSL_R_RECORD_LENGTH_MISMATCH			 210
+#define SSL_R_RECORD_TOO_LARGE				 211
+#define SSL_R_REQUIRED_CIPHER_MISSING			 212
+#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 213
+#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 214
+#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 215
+#define SSL_R_SHORT_READ				 216
+#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 217
+#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 218
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
 #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045
@@ -1241,47 +1397,54 @@ EVP *SSL_get_privatekey();
 #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040
 #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047
 #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE	 213
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE	 214
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER		 215
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 216
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE	 219
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE	 220
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER		 221
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 222
 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010
-#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE	 217
+#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE	 223
 #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 218
-#define SSL_R_SSL_HANDSHAKE_FAILURE			 219
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 220
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 221
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 222
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 223
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 224
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 225
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 226
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 227
-#define SSL_R_UNEXPECTED_MESSAGE			 228
-#define SSL_R_UNEXPECTED_RECORD				 229
-#define SSL_R_UNKNOWN_ALERT_TYPE			 230
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 231
-#define SSL_R_UNKNOWN_CIPHER_RETURNED			 232
-#define SSL_R_UNKNOWN_CIPHER_TYPE			 233
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 234
-#define SSL_R_UNKNOWN_PKEY_TYPE				 235
-#define SSL_R_UNKNOWN_PROTOCOL				 236
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 237
-#define SSL_R_UNKNOWN_SSL_VERSION			 238
-#define SSL_R_UNKNOWN_STATE				 239
-#define SSL_R_UNSUPPORTED_CIPHER			 240
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 241
-#define SSL_R_UNSUPPORTED_SSL_VERSION			 242
-#define SSL_R_WRITE_BIO_NOT_SET				 243
-#define SSL_R_WRONG_CIPHER_RETURNED			 244
-#define SSL_R_WRONG_MESSAGE_TYPE			 245
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 246
-#define SSL_R_WRONG_SIGNATURE_LENGTH			 247
-#define SSL_R_WRONG_SIGNATURE_SIZE			 248
-#define SSL_R_WRONG_SSL_VERSION				 249
-#define SSL_R_WRONG_VERSION_NUMBER			 250
-#define SSL_R_X509_LIB					 251
+#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 224
+#define SSL_R_SSL_HANDSHAKE_FAILURE			 225
+#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 226
+#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 227
+#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 228
+#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 229
+#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 230
+#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 231
+#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 232
+#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 233
+#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 234
+#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 235
+#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 236
+#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 237
+#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 238
+#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 239
+#define SSL_R_UNEXPECTED_MESSAGE			 240
+#define SSL_R_UNEXPECTED_RECORD				 241
+#define SSL_R_UNKNOWN_ALERT_TYPE			 242
+#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 243
+#define SSL_R_UNKNOWN_CIPHER_RETURNED			 244
+#define SSL_R_UNKNOWN_CIPHER_TYPE			 245
+#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 246
+#define SSL_R_UNKNOWN_PKEY_TYPE				 247
+#define SSL_R_UNKNOWN_PROTOCOL				 248
+#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 249
+#define SSL_R_UNKNOWN_SSL_VERSION			 250
+#define SSL_R_UNKNOWN_STATE				 251
+#define SSL_R_UNSUPPORTED_CIPHER			 252
+#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 253
+#define SSL_R_UNSUPPORTED_PROTOCOL			 254
+#define SSL_R_UNSUPPORTED_SSL_VERSION			 255
+#define SSL_R_WRITE_BIO_NOT_SET				 256
+#define SSL_R_WRONG_CIPHER_RETURNED			 257
+#define SSL_R_WRONG_MESSAGE_TYPE			 258
+#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 259
+#define SSL_R_WRONG_SIGNATURE_LENGTH			 260
+#define SSL_R_WRONG_SIGNATURE_SIZE			 261
+#define SSL_R_WRONG_SSL_VERSION				 262
+#define SSL_R_WRONG_VERSION_NUMBER			 263
+#define SSL_R_X509_LIB					 264
  
 #ifdef  __cplusplus
 }
diff --git a/ssl/ssl2.h b/ssl/ssl2.h
index db353f584..3dc94e520 100644
--- a/ssl/ssl2.h
+++ b/ssl/ssl2.h
@@ -1,5 +1,5 @@
 /* ssl/ssl2.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -64,6 +64,9 @@ extern "C" {
 #endif
 
 /* Protocol Version Codes */
+#define SSL2_VERSION		0x0002
+#define SSL2_VERSION_MAJOR	0x00
+#define SSL2_VERSION_MINOR	0x02
 #define SSL2_CLIENT_VERSION	0x0002
 #define SSL2_SERVER_VERSION	0x0002
 
@@ -150,7 +153,6 @@ extern "C" {
 
 typedef struct ssl2_ctx_st
 	{
-	int first_packet;	/* enable first packet checking in server */
 	int three_byte_header;
 	int clear_text;		/* clear text */
 	int escape;		/* not used in SSLv2 */
diff --git a/ssl/ssl23.h b/ssl/ssl23.h
index 6e6f26bbb..d3228983c 100644
--- a/ssl/ssl23.h
+++ b/ssl/ssl23.h
@@ -1,5 +1,5 @@
 /* ssl/ssl23.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 9675ec2d7..95772eef6 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -1,5 +1,5 @@
 /* ssl/ssl3.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -94,7 +94,7 @@ extern "C" {
 #define SSL3_CK_ADH_RC4_128_MD5			0x03000018
 #define SSL3_CK_ADH_DES_40_CBC_SHA		0x03000019
 #define SSL3_CK_ADH_DES_64_CBC_SHA		0x0300001A
-#define SSL3_CK_ADH_DES_196_CBC_SHA		0x0300001B
+#define SSL3_CK_ADH_DES_192_CBC_SHA		0x0300001B
 
 #define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C
 #define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D
@@ -106,7 +106,7 @@ extern "C" {
 #define SSL3_TXT_RSA_RC4_128_MD5		"RC4-MD5"
 #define SSL3_TXT_RSA_RC4_128_SHA		"RC4-SHA"
 #define SSL3_TXT_RSA_RC2_40_MD5			"EXP-RC2-CBC-MD5"
-#define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-MD5"
+#define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-SHA"
 #define SSL3_TXT_RSA_DES_40_CBC_SHA		"EXP-DES-CBC-SHA"
 #define SSL3_TXT_RSA_DES_64_CBC_SHA		"DES-CBC-SHA"
 #define SSL3_TXT_RSA_DES_192_CBC3_SHA		"DES-CBC3-SHA"
@@ -121,7 +121,7 @@ extern "C" {
 #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA		"EXP-EDH-DSS-DES-CBC-SHA"
 #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA		"EDH-DSS-DES-CBC-SHA"
 #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA	"EDH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC"
+#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC-SHA"
 #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA		"EDH-RSA-DES-CBC-SHA"
 #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA	"EDH-RSA-DES-CBC3-SHA"
 
@@ -129,7 +129,7 @@ extern "C" {
 #define SSL3_TXT_ADH_RC4_128_MD5		"ADH-RC4-MD5"
 #define SSL3_TXT_ADH_DES_40_CBC_SHA		"EXP-ADH-DES-CBC-SHA"
 #define SSL3_TXT_ADH_DES_64_CBC_SHA		"ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_196_CBC_SHA		"ADH-DES-CBC3-SHA"
+#define SSL3_TXT_ADH_DES_192_CBC_SHA		"ADH-DES-CBC3-SHA"
 
 #define SSL3_TXT_FZA_DMS_NULL_SHA		"FZA-NULL-SHA"
 #define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"
@@ -172,8 +172,8 @@ extern "C" {
 #define SSL3_RS_PART_READ		4
 #define SSL3_RS_PART_WRITE		5
 
-#define SSL3_MD_CLIENT_FINISHED_CONST	0x43,0x4C,0x4E,0x54
-#define SSL3_MD_SERVER_FINISHED_CONST	0x53,0x52,0x56,0x52
+#define SSL3_MD_CLIENT_FINISHED_CONST	{0x43,0x4C,0x4E,0x54}
+#define SSL3_MD_SERVER_FINISHED_CONST	{0x53,0x52,0x56,0x52}
 
 #define SSL3_VERSION			0x0300
 #define SSL3_VERSION_MAJOR		0x03
@@ -236,6 +236,34 @@ typedef struct ssl3_compression_st {
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
 #define SSL3_FLAGS_POP_BUFFER			0x0004
+#define	TLS1_FLAGS_TLS_PADDING_BUG		0x0008
+
+#if 0
+#define AD_CLOSE_NOTIFY			0
+#define AD_UNEXPECTED_MESSAGE		1
+#define AD_BAD_RECORD_MAC		2
+#define AD_DECRYPTION_FAILED		3
+#define AD_RECORD_OVERFLOW		4
+#define AD_DECOMPRESSION_FAILURE	5	/* fatal */
+#define AD_HANDSHAKE_FAILURE		6	/* fatal */
+#define AD_NO_CERTIFICATE		7	/* Not under TLS */
+#define AD_BAD_CERTIFICATE		8
+#define AD_UNSUPPORTED_CERTIFICATE	9
+#define AD_CERTIFICATE_REVOKED		10	
+#define AD_CERTIFICATE_EXPIRED		11
+#define AD_CERTIFICATE_UNKNOWN		12
+#define AD_ILLEGAL_PARAMETER		13	/* fatal */
+#define AD_UNKNOWN_CA			14	/* fatal */
+#define AD_ACCESS_DENIED		15	/* fatal */
+#define AD_DECODE_ERROR			16	/* fatal */
+#define AD_DECRYPT_ERROR		17
+#define AD_EXPORT_RESTRICION		18	/* fatal */
+#define AD_PROTOCOL_VERSION		19	/* fatal */
+#define AD_INSUFFICIENT_SECURITY	20	/* fatal */
+#define AD_INTERNAL_ERROR		21	/* fatal */
+#define AD_USER_CANCLED			22
+#define AD_NO_RENEGOTIATION		23
+#endif
 
 typedef struct ssl3_ctx_st
 	{
@@ -279,9 +307,17 @@ typedef struct ssl3_ctx_st
 	int alert_dispatch;
 	char send_alert[2];
 
+	/* This flag is set when we should renegotiate ASAP, basically when
+	 * there is no more data in the read or write buffers */
+	int renegotiate;
+	int total_renegotiations;
+	int num_renegotiations;
+
+	int in_read_app_data;
+
 	struct	{
-		unsigned char finish_md1[EVP_MAX_MD_SIZE];
-		unsigned char finish_md2[EVP_MAX_MD_SIZE];
+		/* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
+		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
 		
 		unsigned long message_size;
 		int message_type;
@@ -309,6 +345,7 @@ typedef struct ssl3_ctx_st
 		EVP_CIPHER *new_sym_enc;
 		EVP_MD *new_hash;
 		SSL_COMPRESSION *new_compression;
+		int cert_request;
 		} tmp;
 	} SSL3_CTX;
 
@@ -353,6 +390,7 @@ typedef struct ssl3_ctx_st
 /* extra state */
 #define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)
 /* read from client */
+/* Do not change the number values, they do matter */
 #define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index 36b03335b..65f3a5938 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_algs.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -82,9 +82,12 @@ void SSLeay_add_ssl_algorithms()
 #endif
 #ifndef NO_MD5
 	EVP_add_digest(EVP_md5());
+	EVP_add_alias(SN_md5,"ssl2-md5");
+	EVP_add_alias(SN_md5,"ssl3-md5");
 #endif
 #ifndef NO_SHA1
 	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+	EVP_add_alias(SN_sha1,"ssl3-sha1");
 #endif
 #if !defined(NO_SHA1) && !defined(NO_DSA)
 	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 873497a87..116a83de6 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_asn1.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -116,7 +116,7 @@ unsigned char **pp;
 		l=in->cipher_id;
 	else
 		l=in->cipher->id;
-	if (in->ssl_version == 2)
+	if (in->ssl_version == SSL2_VERSION)
 		{
 		a.cipher.length=3;
 		buf[0]=((unsigned char)(l>>16L))&0xff;
@@ -221,7 +221,7 @@ long length;
 
 	os.data=NULL; os.length=0;
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
-	if (ssl_version == 2)
+	if (ssl_version == SSL2_VERSION)
 		{
 		if (os.length != 3)
 			{
@@ -233,7 +233,7 @@ long length;
 			((unsigned long)os.data[1]<< 8L)|
 			 (unsigned long)os.data[2];
 		}
-	else if (ssl_version == 3)
+	else if ((ssl_version>>8) == 3)
 		{
 		if (os.length != 2)
 			{
@@ -254,9 +254,9 @@ long length;
 	ret->cipher_id=id;
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
-	if (ssl_version == 3)
+	if ((ssl_version>>8) == SSL3_VERSION)
 		i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
-	else /* if (ssl_version == 2) */
+	else /* if (ssl_version == SSL2_VERSION) */
 		i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
 
 	if (os.length > i)
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 0c040d9cf..c1cb86e1b 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_cert.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -94,6 +94,9 @@ CERT *c;
 	int i;
 
 	i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
+#ifdef REF_PRINT
+	REF_PRINT("CERT",c);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
@@ -215,7 +218,8 @@ SSL *s;
 	{
 	if (s->type == SSL_ST_CONNECT)
 		{ /* we are in the client */
-		if ((s->version == 3) && (s->s3 != NULL))
+		if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
+			(s->s3 != NULL))
 			return(s->s3->tmp.ca_names);
 		else
 			return(NULL);
@@ -270,6 +274,7 @@ X509_NAME **a,**b;
 	return(X509_NAME_cmp(*a,*b));
 	}
 
+#ifndef NO_STDIO
 STACK *SSL_load_client_CA_file(file)
 char *file;
 	{
@@ -280,11 +285,9 @@ char *file;
 
 	ret=sk_new(NULL);
 	sk=sk_new(name_cmp);
-#ifdef WIN16
-	in=BIO_new(BIO_s_file_internal_w16());
-#else
-	in=BIO_new(BIO_s_file());
-#endif
+
+	in=BIO_new(BIO_s_file_internal());
+
 	if ((ret == NULL) || (sk == NULL) || (in == NULL))
 		{
 		SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
@@ -322,5 +325,5 @@ err:
 	if (x != NULL) X509_free(x);
 	return(ret);
 	}
-
+#endif
 
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 9fed3ad59..820994408 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_ciph.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -74,11 +74,10 @@ static EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
 	};
 
 #define SSL_MD_MD5_IDX	0
-#define SSL_MD_SHA0_IDX	1
-#define SSL_MD_SHA1_IDX	2
-#define SSL_MD_NUM_IDX	3
+#define SSL_MD_SHA1_IDX	1
+#define SSL_MD_NUM_IDX	2
 static EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
-	NULL,NULL,NULL,
+	NULL,NULL,
 	};
 
 typedef struct cipher_sort_st
@@ -90,16 +89,24 @@ typedef struct cipher_sort_st
 #define CIPHER_ADD	1
 #define CIPHER_KILL	2
 #define CIPHER_DEL	3
-#define CIPHER_ORDER	4
+#define CIPHER_ORD	4
 
 typedef struct cipher_choice_st
 	{
 	int type;
 	unsigned long algorithms;
 	unsigned long mask;
-	STACK *order;
+	long top;
 	} CIPHER_CHOICE;
 
+typedef struct cipher_order_st
+	{
+	SSL_CIPHER *cipher;
+	int active;
+	int dead;
+	struct cipher_order_st *next,*prev;
+	} CIPHER_ORDER;
+
 static SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_ALL, 0,SSL_ALL,   0,SSL_ALL},	/* must be first */
 	{0,SSL_TXT_kRSA,0,SSL_kRSA,  0,SSL_MKEY_MASK},
@@ -126,7 +133,6 @@ static SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_eFZA,0,SSL_eFZA,  0,SSL_ENC_MASK},
 
 	{0,SSL_TXT_MD5,	0,SSL_MD5,   0,SSL_MAC_MASK},
-	{0,SSL_TXT_SHA0,0,SSL_SHA0,  0,SSL_MAC_MASK},
 	{0,SSL_TXT_SHA1,0,SSL_SHA1,  0,SSL_MAC_MASK},
 	{0,SSL_TXT_SHA,	0,SSL_SHA,   0,SSL_MAC_MASK},
 
@@ -169,8 +175,6 @@ static void load_ciphers()
 
 	ssl_digest_methods[SSL_MD_MD5_IDX]=
 		EVP_get_digestbyname(SN_md5);
-	ssl_digest_methods[SSL_MD_SHA0_IDX]=
-		EVP_get_digestbyname(SN_sha);
 	ssl_digest_methods[SSL_MD_SHA1_IDX]=
 		EVP_get_digestbyname(SN_sha1);
 	}
@@ -225,9 +229,6 @@ EVP_MD **md;
 	case SSL_MD5:
 		i=SSL_MD_MD5_IDX;
 		break;
-	case SSL_SHA0:
-		i=SSL_MD_SHA0_IDX;
-		break;
 	case SSL_SHA1:
 		i=SSL_MD_SHA1_IDX;
 		break;
@@ -246,6 +247,25 @@ EVP_MD **md;
 		return(0);
 	}
 
+#define ITEM_SEP(a) \
+	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
+
+static void ll_append_tail(head,curr,tail)
+CIPHER_ORDER **head,*curr,**tail;
+	{
+	if (curr == *tail) return;
+	if (curr == *head)
+		*head=curr->next;
+	if (curr->prev != NULL)
+		curr->prev->next=curr->next;
+	if (curr->next != NULL) /* should always be true */
+		curr->next->prev=curr->prev;
+	(*tail)->next=curr;
+	curr->prev= *tail;
+	curr->next=NULL;
+	*tail=curr;
+	}
+
 STACK *ssl_create_cipher_list(ssl_method,cipher_list,cipher_list_by_id,str)
 SSL_METHOD *ssl_method;
 STACK **cipher_list,**cipher_list_by_id;
@@ -262,9 +282,11 @@ char *str;
 	int i,j,k,num=0,ch,multi;
 	unsigned long al;
 	STACK *ca_list=NULL;
-	STACK *c_list=NULL;
-	int old_x,old_y,current_x,num_x;
+	int current_x,num_x;
 	CIPHER_CHOICE *ops=NULL;
+	CIPHER_ORDER *list=NULL,*head=NULL,*tail=NULL,*curr,*tail2,*curr2;
+	int list_num;
+	int type;
 	SSL_CIPHER c_tmp,*cp;
 
 	if (str == NULL) return(NULL);
@@ -278,6 +300,7 @@ char *str;
 			goto err;
 			}
 		strcpy(tmp_str,SSL_DEFAULT_CIPHER_LIST);
+		strcat(tmp_str,":");
 		strcat(tmp_str,&(str[7]));
 		str=tmp_str;
 		}
@@ -286,7 +309,6 @@ char *str;
 	num=ssl_method->num_ciphers();
 
 	if ((ret=(STACK *)sk_new(NULL)) == NULL) goto err;
-	if ((c_list=(STACK *)sk_new(NULL)) == NULL) goto err;
 	if ((ca_list=(STACK *)sk_new(cmp_by_name)) == NULL) goto err;
 
 	mask =SSL_kFZA;
@@ -312,20 +334,42 @@ char *str;
 	mask|=(ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL)?SSL_eFZA:0;
 
 	mask|=(ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL)?SSL_MD5 :0;
-	mask|=(ssl_digest_methods[SSL_MD_SHA0_IDX] == NULL)?SSL_SHA0:0;
 	mask|=(ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL)?SSL_SHA1:0;
 
+	if ((list=(CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER)*num)) == NULL)
+		goto err;
+
 	/* Get the initial list of ciphers */
+	list_num=0;
 	for (i=0; i<num; i++)
 		{
 		c=ssl_method->get_cipher((unsigned int)i);
 		/* drop those that use any of that is not available */
 		if ((c != NULL) && c->valid && !(c->algorithms & mask))
 			{
-			if (!sk_push(c_list,(char *)c)) goto err;
+			list[list_num].cipher=c;
+			list[list_num].next=NULL;
+			list[list_num].prev=NULL;
+			list[list_num].active=0;
+			list_num++;
 			if (!sk_push(ca_list,(char *)c)) goto err;
 			}
 		}
+	
+	for (i=1; i<list_num-1; i++)
+		{
+		list[i].prev= &(list[i-1]);
+		list[i].next= &(list[i+1]);
+		}
+	if (list_num > 0)
+		{
+		head= &(list[0]);
+		head->prev=NULL;
+		head->next= &(list[1]);
+		tail= &(list[list_num-1]);
+		tail->prev= &(list[list_num-2]);
+		tail->next=NULL;
+		}
 
 	/* special case */
 	cipher_aliases[0].algorithms= ~mask;
@@ -346,12 +390,11 @@ char *str;
 	/* how many parameters are there? */
 	num=1;
 	for (l=str; *l; l++)
-		if (*l == ':') num++;
+		if (ITEM_SEP(*l))
+			num++;
 	ops=(CIPHER_CHOICE *)Malloc(sizeof(CIPHER_CHOICE)*num);
 	if (ops == NULL) goto err;
 	memset(ops,0,sizeof(CIPHER_CHOICE)*num);
-	for (i=0; i<num; i++)
-		if ((ops[i].order=sk_new_null()) == NULL) goto err;
 
 	/* we now parse the input string and create our operations */
 	l=str;
@@ -361,16 +404,19 @@ char *str;
 	for (;;)
 		{
 		ch= *l;
+
+		if (ch == '\0') break;
+
 		if (ch == '-')
 			{ j=CIPHER_DEL; l++; }
 		else if (ch == '+')
-			{ j=CIPHER_ORDER; l++; }
+			{ j=CIPHER_ORD; l++; }
 		else if (ch == '!')
 			{ j=CIPHER_KILL; l++; }
 		else	
 			{ j=CIPHER_ADD; }
 
-		if (*l == ':')
+		if (ITEM_SEP(ch))
 			{
 			l++;
 			continue;
@@ -395,20 +441,20 @@ char *str;
 				 if (i >= (CL_BUF-2)) break;
 				 }
 			buf[i]='\0';
-			if (ch != '\0') l++;
 
 			/* check for multi-part specification */
-			multi=(ch == '+')?1:0;
+			if (ch == '+')
+				{
+				multi=1;
+				l++;
+				}
+			else
+				multi=0;
 
 			c_tmp.name=buf;
 			j=sk_find(ca_list,(char *)&c_tmp);
 			if (j < 0)
-				{
-				if (ch == '\0')
-					break;
-				else
-					continue;
-				}
+				goto end_loop;
 
 			cp=(SSL_CIPHER *)sk_value(ca_list,j);
 			ops[current_x].algorithms|=cp->algorithms;
@@ -419,87 +465,86 @@ char *str;
 			}
 		current_x++;
 		if (ch == '\0') break;
+end_loop:
+		/* Make sure we scan until the next valid start point */
+		while ((*l != '\0') && ITEM_SEP(*l))
+			l++;
 		}
 
 	num_x=current_x;
 	current_x=0;
 
-#ifdef CIPHER_DEBUG
-	printf("<--->\n");
-#endif
-
-	for (i=0; i<sk_num(c_list); i++)
+	/* We will now process the list of ciphers, once for each category, to
+	 * decide what we should do with it. */
+	for (j=0; j<num_x; j++)
 		{
-		old_x= -1;
-		old_y= -1;
-		cp=(SSL_CIPHER *)sk_value(c_list,i);
-#ifdef CIPHER_DEBUG
-		printf("[%s]\n",cp->name);
-#endif
-		for (j=0; j<num_x; j++)
+		algorithms=ops[j].algorithms;
+		type=ops[j].type;
+		mask=ops[j].mask;
+
+		curr=head;
+		curr2=head;
+		tail2=tail;
+		for (;;)
 			{
-			algorithms=ops[j].algorithms;
-			ma=ops[j].mask & cp->algorithms;
-#ifdef CIPHER_DEBUG
-			printf("  %s %08lX&%08lX==0 || %08lX != %08lX \n",
-				cp->name,ops[j].mask,cp->algorithms,ma,algorithms);
-#endif
+			if ((curr == NULL) || (curr == tail2)) break;
+			curr=curr2;
+			curr2=curr->next;
+
+			cp=curr->cipher;
+			ma=mask & cp->algorithms;
 			if ((ma == 0) || ((ma & algorithms) != ma))
 				{
+				/* does not apply */
 				continue;
 				}
-			k=ops[j].type;
-#ifdef CIPHER_DEBUG
-			printf(">>%s\n",cp->name);
-#endif
 
 			/* add the cipher if it has not been added yet. */
-			if (k == CIPHER_ADD)
+			if (type == CIPHER_ADD)
 				{
-				if (old_x < 0)
+				if (!curr->active)
 					{
-					old_x=j;
-					old_y=sk_num(ops[j].order);
-					sk_push(ops[j].order,(char *)cp);
+					ll_append_tail(&head,curr,&tail);
+					curr->active=1;
 					}
 				}
 			/* Move the added cipher to this location */
-			else if (k == CIPHER_ORDER)
+			else if (type == CIPHER_ORD)
 				{
-				if (old_x >= 0)
+				if (curr->active)
 					{
-					sk_value(ops[old_x].order,old_y)=NULL;
-					old_y=sk_num(ops[j].order);
-					sk_push(ops[j].order,(char *)cp);
-					old_x=j;
+					ll_append_tail(&head,curr,&tail);
 					}
 				}
-			/* Remove added cipher */
-			else if ((k == CIPHER_DEL) || (k == CIPHER_KILL))
+			else if	(type == CIPHER_DEL)
+				curr->active=0;
+			if (type == CIPHER_KILL)
 				{
-				if (old_x >= 0)
-					{
-					sk_value(ops[old_x].order,old_y)=NULL;
-					old_x= -1;
-					}
-				if (k == CIPHER_KILL)
-					break;
+				if (head == curr)
+					head=curr->next;
+				else
+					curr->prev->next=curr->next;
+				if (tail == curr)
+					tail=curr->prev;
+				curr->active=0;
+				if (curr->next != NULL)
+					curr->next->prev=curr->prev;
+				if (curr->prev != NULL)
+					curr->prev->next=curr->next;
+				curr->next=NULL;
+				curr->prev=NULL;
 				}
 			}
 		}
 
-	for (i=0; i<num_x; i++)
+	for (curr=head; curr != NULL; curr=curr->next)
 		{
-		for (j=0; j<sk_num(ops[i].order); j++)
+		if (curr->active)
 			{
-			cp=(SSL_CIPHER *)sk_value(ops[i].order,j);
-			if (cp != NULL)
-				{
-				sk_push(ret,(char *)cp);
+			sk_push(ret,(char *)curr->cipher);
 #ifdef CIPHER_DEBUG
-				printf("<%s>\n",cp->name);
+			printf("<%s>\n",curr->cipher->name);
 #endif
-				}
 			}
 		}
 
@@ -528,16 +573,10 @@ char *str;
 	ret=NULL;
 err:
 	if (tmp_str) Free(tmp_str);
-	if (ops != NULL)
-		{
-		for (i=0; i<num; i++)
-			if (ops[i].order != NULL)
-				sk_free(ops[i].order);
-		Free(ops);
-		}
+	if (ops != NULL) Free(ops);
 	if (ret != NULL) sk_free(ret);
-	if (c_list != NULL) sk_free(c_list);
 	if (ca_list != NULL) sk_free(ca_list);
+	if (list != NULL) Free(list);
 	return(ok);
 	}
 
@@ -639,9 +678,6 @@ int len;
 	case SSL_MD5:
 		mac="MD5";
 		break;
-	case SSL_SHA0:
-		mac="SHA0";
-		break;
 	case SSL_SHA1:
 		mac="SHA1";
 		break;
@@ -667,9 +703,10 @@ SSL_CIPHER *c;
 	{
 	int i;
 
+	if (c == NULL) return("(NONE)");
 	i=(int)(c->id>>24L);
 	if (i == 3)
-		return("SSLv3");
+		return("TLSv1/SSLv3");
 	else if (i == 2)
 		return("SSLv2");
 	else
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 18a1a22a8..bcbb98591 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -60,6 +60,7 @@
 #include "ssl.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA SSL_str_functs[]=
 	{
 {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),	"CLIENT_CERTIFICATE"},
@@ -143,12 +144,14 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0),	"SSL_GET_NEW_SESSION"},
 {ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0),	"SSL_GET_SERVER_SEND_CERT"},
 {ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0),	"SSL_GET_SIGN_PKEY"},
+{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0),	"SSL_INIT_WBIO_BUFFER"},
 {ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0),	"SSL_load_client_CA_file"},
 {ERR_PACK(0,SSL_F_SSL_NEW,0),	"SSL_new"},
 {ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0),	"SSL_RSA_PRIVATE_DECRYPT"},
 {ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0),	"SSL_RSA_PUBLIC_ENCRYPT"},
 {ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0),	"SSL_SESSION_new"},
 {ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0),	"SSL_SESSION_print_fp"},
+{ERR_PACK(0,SSL_F_SSL_SET_CERT,0),	"SSL_SET_CERT"},
 {ERR_PACK(0,SSL_F_SSL_SET_FD,0),	"SSL_set_fd"},
 {ERR_PACK(0,SSL_F_SSL_SET_PKEY,0),	"SSL_SET_PKEY"},
 {ERR_PACK(0,SSL_F_SSL_SET_RFD,0),	"SSL_set_rfd"},
@@ -165,6 +168,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0),	"SSL_use_RSAPrivateKey_ASN1"},
 {ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0),	"SSL_use_RSAPrivateKey_file"},
 {ERR_PACK(0,SSL_F_SSL_WRITE,0),	"SSL_write"},
+{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0),	"TLS1_CHANGE_CIPHER_STATE"},
+{ERR_PACK(0,SSL_F_TLS1_ENC,0),	"TLS1_ENC"},
+{ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0),	"TLS1_SETUP_KEY_BLOCK"},
 {ERR_PACK(0,SSL_F_WRITE_PENDING,0),	"WRITE_PENDING"},
 {0,NULL},
 	};
@@ -187,6 +193,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_BAD_MAC_DECODE                    ,"bad mac decode"},
 {SSL_R_BAD_MESSAGE_TYPE                  ,"bad message type"},
 {SSL_R_BAD_PACKET_LENGTH                 ,"bad packet length"},
+{SSL_R_BAD_PROTOCOL_VERSION_NUMBER       ,"bad protocol version number"},
 {SSL_R_BAD_RESPONSE_ARGUMENT             ,"bad response argument"},
 {SSL_R_BAD_RSA_DECRYPT                   ,"bad rsa decrypt"},
 {SSL_R_BAD_RSA_ENCRYPT                   ,"bad rsa encrypt"},
@@ -213,8 +220,10 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_COMPRESSED_LENGTH_TOO_LONG        ,"compressed length too long"},
 {SSL_R_COMPRESSION_FAILURE               ,"compression failure"},
 {SSL_R_CONNECTION_ID_IS_DIFFERENT        ,"connection id is different"},
+{SSL_R_CONNECTION_TYPE_NOT_SET           ,"connection type not set"},
 {SSL_R_DATA_BETWEEN_CCS_AND_FINISHED     ,"data between ccs and finished"},
 {SSL_R_DATA_LENGTH_TOO_LONG              ,"data length too long"},
+{SSL_R_DECRYPTION_FAILED                 ,"decryption failed"},
 {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
 {SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
 {SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
@@ -222,6 +231,8 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_EXCESSIVE_MESSAGE_SIZE            ,"excessive message size"},
 {SSL_R_EXTRA_DATA_IN_MESSAGE             ,"extra data in message"},
 {SSL_R_GOT_A_FIN_BEFORE_A_CCS            ,"got a fin before a ccs"},
+{SSL_R_HTTPS_PROXY_REQUEST               ,"https proxy request"},
+{SSL_R_HTTP_REQUEST                      ,"http request"},
 {SSL_R_INTERNAL_ERROR                    ,"internal error"},
 {SSL_R_INVALID_CHALLENGE_LENGTH          ,"invalid challenge length"},
 {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
@@ -241,7 +252,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_MISSING_TMP_RSA_PKEY              ,"missing tmp rsa pkey"},
 {SSL_R_MISSING_VERIFY_MESSAGE            ,"missing verify message"},
 {SSL_R_NON_SSLV2_INITIAL_PACKET          ,"non sslv2 initial packet"},
-{SSL_R_NO_CERTIFICATES_PASSED            ,"no certificates passed"},
+{SSL_R_NO_CERTIFICATES_RETURNED          ,"no certificates returned"},
 {SSL_R_NO_CERTIFICATE_ASSIGNED           ,"no certificate assigned"},
 {SSL_R_NO_CERTIFICATE_RETURNED           ,"no certificate returned"},
 {SSL_R_NO_CERTIFICATE_SET                ,"no certificate set"},
@@ -255,6 +266,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_NO_COMPRESSION_SPECIFIED          ,"no compression specified"},
 {SSL_R_NO_PRIVATEKEY                     ,"no privatekey"},
 {SSL_R_NO_PRIVATE_KEY_ASSIGNED           ,"no private key assigned"},
+{SSL_R_NO_PROTOCOLS_AVAILABLE            ,"no protocols available"},
 {SSL_R_NO_PUBLICKEY                      ,"no publickey"},
 {SSL_R_NO_SHARED_CIPHER                  ,"no shared cipher"},
 {SSL_R_NULL_SSL_CTX                      ,"null ssl ctx"},
@@ -304,12 +316,18 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_SSL_HANDSHAKE_FAILURE             ,"ssl handshake failure"},
 {SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS        ,"ssl library has no ciphers"},
 {SSL_R_SSL_SESSION_ID_IS_DIFFERENT       ,"ssl session id is different"},
+{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
+{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
+{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
 {SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER   ,"tried to use unsupported cipher"},
 {SSL_R_UNABLE_TO_DECODE_DH_CERTS         ,"unable to decode dh certs"},
 {SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY      ,"unable to extract public key"},
 {SSL_R_UNABLE_TO_FIND_DH_PARAMETERS      ,"unable to find dh parameters"},
 {SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"},
 {SSL_R_UNABLE_TO_FIND_SSL_METHOD         ,"unable to find ssl method"},
+{SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES  ,"unable to load ssl2 md5 routines"},
+{SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES  ,"unable to load ssl3 md5 routines"},
+{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},
 {SSL_R_UNEXPECTED_MESSAGE                ,"unexpected message"},
 {SSL_R_UNEXPECTED_RECORD                 ,"unexpected record"},
 {SSL_R_UNKNOWN_ALERT_TYPE                ,"unknown alert type"},
@@ -324,6 +342,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_UNKNOWN_STATE                     ,"unknown state"},
 {SSL_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
 {SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"},
+{SSL_R_UNSUPPORTED_PROTOCOL              ,"unsupported protocol"},
 {SSL_R_UNSUPPORTED_SSL_VERSION           ,"unsupported ssl version"},
 {SSL_R_WRITE_BIO_NOT_SET                 ,"write bio not set"},
 {SSL_R_WRONG_CIPHER_RETURNED             ,"wrong cipher returned"},
@@ -337,14 +356,19 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_SSL_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
 		ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons);
+#endif
+
 		}
 	}
diff --git a/ssl/ssl_err2.c b/ssl/ssl_err2.c
index a159fbb7c..0b91f7b8d 100644
--- a/ssl/ssl_err2.c
+++ b/ssl/ssl_err2.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_err2.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index be091b1e7..f562ec6b1 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,13 +61,21 @@
 #include "lhash.h"
 #include "ssl_locl.h"
 
-#ifndef NOPROTO
-static unsigned long conn_hash(SSL_SESSION *a);
-#else
-static unsigned long conn_hash();
-#endif
+char *SSL_version_str="SSLeay 0.9.0b 29-Jun-1998";
+
+static STACK *ssl_meth=NULL;
+static STACK *ssl_ctx_meth=NULL;
+static int ssl_meth_num=0;
+static int ssl_ctx_meth_num=0;
 
-char *SSL_version_str="SSLeay 0.8.1b 29-Jun-1998";
+SSL3_ENC_METHOD ssl3_undef_enc_method={
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	};
 
 void SSL_clear(s)
 SSL *s;
@@ -178,7 +186,12 @@ SSL_CTX *ctx;
 		}
 
 	s->quiet_shutdown=ctx->quiet_shutdown;
+	s->references=1;
+	s->options=ctx->options;
 	SSL_clear(s);
+
+	CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
+
 	return(s);
 err:
 	SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
@@ -188,6 +201,23 @@ err:
 void SSL_free(s)
 SSL *s;
 	{
+	int i;
+
+	i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
+#ifdef REF_PRINT
+	REF_PRINT("SSL",s);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"SSL_free, bad reference count\n");
+		abort(); /* ok */
+		}
+#endif
+
+	CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
+
 	if (s->bbio != NULL)
 		{
 		/* If the buffering BIO is in place, pop it off */
@@ -196,6 +226,7 @@ SSL *s;
 			s->wbio=BIO_pop(s->wbio);
 			}
 		BIO_free(s->bbio);
+		s->bbio=NULL;
 		}
 	if (s->rbio != NULL)
 		BIO_free_all(s->rbio);
@@ -303,12 +334,18 @@ int fd;
 	int ret=0;
 	BIO *bio=NULL;
 
-	bio=BIO_new(BIO_s_socket());
+	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
+		|| ((int)BIO_get_fd(s->rbio,NULL) != fd))
+		{
+		bio=BIO_new(BIO_s_socket());
 
-	if (bio == NULL)
-		{ SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
-	BIO_set_fd(bio,fd,BIO_NOCLOSE);
-	SSL_set_bio(s,SSL_get_rbio(s),bio);
+		if (bio == NULL)
+			{ SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
+		BIO_set_fd(bio,fd,BIO_NOCLOSE);
+		SSL_set_bio(s,SSL_get_rbio(s),bio);
+		}
+	else
+		SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
 	ret=1;
 err:
 	return(ret);
@@ -321,15 +358,21 @@ int fd;
 	int ret=0;
 	BIO *bio=NULL;
 
-	bio=BIO_new(BIO_s_socket());
-
-	if (bio == NULL)
+	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
+		|| ((int)BIO_get_fd(s->wbio,NULL) != fd))
 		{
-		SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
-		goto err;
+		bio=BIO_new(BIO_s_socket());
+
+		if (bio == NULL)
+			{
+			SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
+			goto err;
+			}
+		BIO_set_fd(bio,fd,BIO_NOCLOSE);
+		SSL_set_bio(s,bio,SSL_get_wbio(s));
 		}
-	BIO_set_fd(bio,fd,BIO_NOCLOSE);
-	SSL_set_bio(s,bio,SSL_get_wbio(s));
+	else
+		SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
 	ret=1;
 err:
 	return(ret);
@@ -449,6 +492,7 @@ SSL *t,*f;
 	if (tmp != NULL) ssl_cert_free(tmp);
 	}
 
+/* Fix this so it checks all the valid key/cert options */
 int SSL_CTX_check_private_key(ctx)
 SSL_CTX *ctx;
 	{
@@ -467,6 +511,7 @@ SSL_CTX *ctx;
 	return(X509_check_private_key(ctx->default_cert->key->x509, ctx->default_cert->key->privatekey));
 	}
 
+/* Fix this function so that it takes an optional type parameter */
 int SSL_check_private_key(ssl)
 SSL *ssl;
 	{
@@ -560,6 +605,7 @@ SSL *s;
 int SSL_renegotiate(s)
 SSL *s;
 	{
+	s->new_session=1;
 	return(s->method->ssl_renegotiate(s));
 	}
 
@@ -614,7 +660,7 @@ SSL *s;
 		{
 		return(s->cipher_list);
 		}
-	else if ((s != NULL) && (s->ctx != NULL) &&
+	else if ((s->ctx != NULL) &&
 		(s->ctx->cipher_list != NULL))
 		{
 		return(s->ctx->cipher_list);
@@ -699,13 +745,14 @@ int len;
 
 	p=buf;
 	sk=s->session->ciphers;
-	len--;
 	for (i=0; i<sk_num(sk); i++)
 		{
+		/* Decrement for either the ':' or a '\0' */
+		len--;
 		c=(SSL_CIPHER *)sk_value(sk,i);
 		for (cp=c->name; *cp; )
 			{
-			if (--len == 0)
+			if (len-- == 0)
 				{
 				*p='\0';
 				return(buf);
@@ -787,27 +834,25 @@ err:
 	return(NULL);
 	}
 
-static unsigned long conn_hash(a)
+unsigned long SSL_SESSION_hash(a)
 SSL_SESSION *a;
 	{
 	unsigned long l;
 
 	l=      (a->session_id[0]     )|(a->session_id[1]<< 8L)|
-		(a->session_id[1]<<16L)|(a->session_id[2]<<24L);
+		(a->session_id[2]<<16L)|(a->session_id[3]<<24L);
 	return(l);
 	}
 
-static int session_cmp(a, b)
+int SSL_SESSION_cmp(a, b)
 SSL_SESSION *a;
 SSL_SESSION *b;
 	{
-	int i;
-
-	i=a->session_id_length - b->session_id_length;
-	if (i == 0)
-		return(memcmp(a->session_id,b->session_id,
-			a->session_id_length));
-	else    return(1);
+	if (a->ssl_version != b->ssl_version)
+		return(1);
+	if (a->session_id_length != b->session_id_length)
+		return(1);
+	return(memcmp(a->session_id,b->session_id,a->session_id_length));
 	}
 
 SSL_CTX *SSL_CTX_new(meth)
@@ -830,6 +875,9 @@ SSL_METHOD *meth;
 
 	ret->cert_store=NULL;
 	ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
+	ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
+	ret->session_cache_head=NULL;
+	ret->session_cache_tail=NULL;
 
 	/* We take the system default */
 	ret->session_timeout=meth->get_timeout();
@@ -841,9 +889,12 @@ SSL_METHOD *meth;
 	ret->sess_connect=0;
 	ret->sess_connect_good=0;
 	ret->sess_accept=0;
+	ret->sess_accept_renegotiate=0;
+	ret->sess_connect_renegotiate=0;
 	ret->sess_accept_good=0;
 	ret->sess_miss=0;
 	ret->sess_timeout=0;
+	ret->sess_cache_full=0;
 	ret->sess_hit=0;
 	ret->sess_cb_hit=0;
 
@@ -870,7 +921,7 @@ SSL_METHOD *meth;
 	ret->default_passwd_callback=NULL;
 	ret->client_cert_cb=NULL;
 
-	ret->sessions=lh_new(conn_hash,session_cmp);
+	ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
 	if (ret->sessions == NULL) goto err;
 	ret->cert_store=X509_STORE_new();
 	if (ret->cert_store == NULL) goto err;
@@ -884,9 +935,27 @@ SSL_METHOD *meth;
 		goto err2;
 		}
 
+	if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
+		goto err2;
+		}
+	if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+		goto err2;
+		}
+	if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+		goto err2;
+		}
+
 	if ((ret->client_CA=sk_new_null()) == NULL)
 		goto err;
 
+	CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
+
 	return(ret);
 err:
 	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -903,6 +972,9 @@ SSL_CTX *a;
 	if (a == NULL) return;
 
 	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
+#ifdef REF_PRINT
+	REF_PRINT("SSL_CTX",a);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
@@ -911,6 +983,7 @@ SSL_CTX *a;
 		abort(); /* ok */
 		}
 #endif
+	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
 
 	if (a->sessions != NULL)
 		{
@@ -1126,22 +1199,34 @@ void ssl_update_cache(s,mode)
 SSL *s;
 int mode;
 	{
+	int i;
+
+	/* If the session_id_length is 0, we are not supposed to cache it,
+	 * and it would be rather hard to do anyway :-) */
+	if (s->session->session_id_length == 0) return;
+
 	if ((s->ctx->session_cache_mode & mode)
 		&& (!s->hit)
 		&& SSL_CTX_add_session(s->ctx,s->session)
 		&& (s->ctx->new_session_cb != NULL))
 		{
-		CRYPTO_add(&s->session->references,1,
-			CRYPTO_LOCK_SSL_SESSION);
+		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
 		if (!s->ctx->new_session_cb(s,s->session))
 			SSL_SESSION_free(s->session);
 		}
 
 	/* auto flush every 255 connections */
-	if ((!(s->ctx->session_cache_mode &
-		SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
-		((s->ctx->sess_connect_good & 0xff) == 0))
-		SSL_CTX_flush_sessions(s->ctx,time(NULL));
+	i=s->ctx->session_cache_mode;
+	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
+		((i & mode) == mode))
+		{
+		if (  (((mode & SSL_SESS_CACHE_CLIENT)
+			?s->ctx->sess_connect_good
+			:s->ctx->sess_accept_good) & 0xff) == 0xff)
+			{
+			SSL_CTX_flush_sessions(s->ctx,time(NULL));
+			}
+		}
 	}
 
 SSL_METHOD *SSL_get_ssl_method(s)
@@ -1231,7 +1316,7 @@ int i;
 
 	if (i == 0)
 		{
-		if (s->version == 2)
+		if (s->version == SSL2_VERSION)
 			{
 			/* assume it is the socket being closed */
 			return(SSL_ERROR_ZERO_RETURN);
@@ -1239,7 +1324,7 @@ int i;
 		else
 			{
 			if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-				(s->s3->warn_alert == SSL3_AD_CLOSE_NOTIFY))
+				(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
 				return(SSL_ERROR_ZERO_RETURN);
 			}
 		}
@@ -1249,15 +1334,19 @@ int i;
 int SSL_do_handshake(s)
 SSL *s;
 	{
+	int ret=1;
+
 	if (s->handshake_func == NULL)
 		{
-		SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
 		return(-1);
 		}
+	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
 	if (SSL_in_init(s) || SSL_in_before(s))
-		return(s->handshake_func(s));
-	else
-		return(1);
+		{
+		ret=s->handshake_func(s);
+		}
+	return(ret);
 	}
 
 /* For the next 2 functions, SSL_clear() sets shutdown and so
@@ -1299,9 +1388,11 @@ int ver;
 char *SSL_get_version(s)
 SSL *s;
 	{
-	if (s->version == 3)
+	if (s->version == TLS1_VERSION)
+		return("TLSv1");
+	else if (s->version == SSL3_VERSION)
 		return("SSLv3");
-	else if (s->version == 2)
+	else if (s->version == SSL2_VERSION)
 		return("SSLv2");
 	else
 		return("unknown");
@@ -1327,9 +1418,11 @@ SSL *s;
 	SSL_set_info_callback(ret,SSL_get_info_callback(s));
 	
 	ret->debug=s->debug;
+	ret->options=s->options;
 
 	/* copy app data, a little dangerous perhaps */
-	SSL_set_app_data(ret,SSL_get_app_data(s));
+	if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
+		goto err;
 
 	/* setup rbio, and wbio */
 	if (s->rbio != NULL)
@@ -1341,7 +1434,7 @@ SSL *s;
 		{
 		if (s->wbio != s->rbio)
 			{
-			if (!BIO_dup_state(s->wbio,(char *)&ret->rbio))
+			if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
 				goto err;
 			}
 		else
@@ -1405,6 +1498,7 @@ SSL *s;
                 }
 	}
 
+/* Fix this function so that it takes an optional type parameter */
 X509 *SSL_get_certificate(s)
 SSL *s;
 	{
@@ -1414,6 +1508,7 @@ SSL *s;
 		return(NULL);
 	}
 
+/* Fix this function so that it takes an optional type parameter */
 EVP_PKEY *SSL_get_privatekey(s)
 SSL *s;
 	{
@@ -1431,3 +1526,196 @@ SSL *s;
         return(NULL);
 	}
 
+int ssl_init_wbio_buffer(s,push)
+SSL *s;
+int push;
+	{
+	BIO *bbio;
+
+	if (s->bbio == NULL)
+		{
+		bbio=BIO_new(BIO_f_buffer());
+		if (bbio == NULL) return(0);
+		s->bbio=bbio;
+		}
+	else
+		{
+		bbio=s->bbio;
+		if (s->bbio == s->wbio)
+			s->wbio=BIO_pop(s->wbio);
+		}
+	BIO_reset(bbio);
+/*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
+	if (!BIO_set_read_buffer_size(bbio,1))
+		{
+		SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
+		return(0);
+		}
+	if (push)
+		{
+		if (s->wbio != bbio)
+			s->wbio=BIO_push(bbio,s->wbio);
+		}
+	else
+		{
+		if (s->wbio == bbio)
+			s->wbio=BIO_pop(bbio);
+		}
+	return(1);
+	}
+	
+void SSL_CTX_set_quiet_shutdown(ctx,mode)
+SSL_CTX *ctx;
+int mode;
+	{
+	ctx->quiet_shutdown=mode;
+	}
+
+int SSL_CTX_get_quiet_shutdown(ctx)
+SSL_CTX *ctx;
+	{
+	return(ctx->quiet_shutdown);
+	}
+
+void SSL_set_quiet_shutdown(s,mode)
+SSL *s;
+int mode;
+	{
+	s->quiet_shutdown=mode;
+	}
+
+int SSL_get_quiet_shutdown(s)
+SSL *s;
+	{
+	return(s->quiet_shutdown);
+	}
+
+void SSL_set_shutdown(s,mode)
+SSL *s;
+int mode;
+	{
+	s->shutdown=mode;
+	}
+
+int SSL_get_shutdown(s)
+SSL *s;
+	{
+	return(s->shutdown);
+	}
+
+int SSL_version(s)
+SSL *s;
+	{
+	return(s->version);
+	}
+
+SSL_CTX *SSL_get_SSL_CTX(ssl)
+SSL *ssl;
+	{
+	return(ssl->ctx);
+	}
+
+int SSL_CTX_set_default_verify_paths(ctx)
+SSL_CTX *ctx;
+	{
+	return(X509_STORE_set_default_paths(ctx->cert_store));
+	}
+
+int SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
+SSL_CTX *ctx;
+char *CAfile;
+char *CApath;
+	{
+	return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
+	}
+
+void SSL_set_info_callback(ssl,cb)
+SSL *ssl;
+void (*cb)();
+	{
+	ssl->info_callback=cb;
+	}
+
+void (*SSL_get_info_callback(ssl))()
+SSL *ssl;
+	{
+	return(ssl->info_callback);
+	}
+
+int SSL_state(ssl)
+SSL *ssl;
+	{
+	return(ssl->state);
+	}
+
+void SSL_set_verify_result(ssl,arg)
+SSL *ssl;
+long arg;
+	{
+	ssl->verify_result=arg;
+	}
+
+long SSL_get_verify_result(ssl)
+SSL *ssl;
+	{
+	return(ssl->verify_result);
+	}
+
+int SSL_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+	ssl_meth_num++;
+	return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
+		&ssl_meth,argl,argp,new_func,dup_func,free_func));
+        }
+
+int SSL_set_ex_data(s,idx,arg)
+SSL *s;
+int idx;
+char *arg;
+	{
+	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+	}
+
+char *SSL_get_ex_data(s,idx)
+SSL *s;
+int idx;
+	{
+	return(CRYPTO_get_ex_data(&s->ex_data,idx));
+	}
+
+int SSL_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+	ssl_ctx_meth_num++;
+	return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
+		&ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
+        }
+
+int SSL_CTX_set_ex_data(s,idx,arg)
+SSL_CTX *s;
+int idx;
+char *arg;
+	{
+	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+	}
+
+char *SSL_CTX_get_ex_data(s,idx)
+SSL_CTX *s;
+int idx;
+	{
+	return(CRYPTO_get_ex_data(&s->ex_data,idx));
+	}
+
+#if defined(_WINDLL) && defined(WIN16)
+#include "../crypto/bio/bss_file.c"
+#endif
+
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index ef3a70e93..b29517081 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1,5 +1,5 @@
 /* ssl/ssl_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,11 +63,7 @@
 #include <string.h>
 #include <errno.h>
 
-#ifdef FLAT_INC
 #include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
 
 #include "buffer.h"
 #include "bio.h"
@@ -188,11 +184,10 @@
 #define SSL_eFZA		0x00008000L
 #define SSL_eNULL		0x00010000L
 
-#define SSL_MAC_MASK		0x000e0000L
+#define SSL_MAC_MASK		0x00060000L
 #define SSL_MD5			0x00020000L
-#define SSL_SHA0		0x00040000L
-#define SSL_SHA1		0x00080000L
-#define SSL_SHA			(SSL_SHA0|SSL_SHA1)
+#define SSL_SHA1		0x00040000L
+#define SSL_SHA			(SSL_SHA1)
 
 #define SSL_EXP_MASK		0x00300000L
 #define SSL_EXP			0x00100000L
@@ -298,9 +293,27 @@ typedef struct cert_st
 #define ssl_get_cipher_by_char(ssl,ptr) \
 		((ssl)->method->get_cipher_by_char(ptr))
 
-extern unsigned char ssl3_client_finished_const[4];
-extern unsigned char ssl3_server_finished_const[4];
-
+/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
+ * It is a bit of a mess of functions, but hell, think of it as
+ * an opaque strucute :-) */
+typedef struct ssl3_enc_method
+	{
+	int (*enc)();
+	int (*mac)();
+	int (*setup_key_block)();
+	int (*generate_master_secret)();
+	int (*change_cipher_state)();
+	int (*final_finish_mac)();
+	int finish_mac_length;
+	int (*cert_verify_mac)();
+	unsigned char client_finished[20];
+	int client_finished_len;
+	unsigned char server_finished[20];
+	int server_finished_len;
+	int (*alert_value)();
+	} SSL3_ENC_METHOD;
+
+extern SSL3_ENC_METHOD ssl3_undef_enc_method;
 extern SSL_CIPHER ssl2_ciphers[];
 extern SSL_CIPHER ssl3_ciphers[];
 
@@ -317,7 +330,7 @@ CERT *ssl_cert_new(void);
 void ssl_cert_free(CERT *c);
 int ssl_set_cert_type(CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, int len, unsigned char *session);
+int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
 int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b);
 int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp);
 STACK *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,STACK **skp);
@@ -333,7 +346,7 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c);
 STACK *ssl_get_ciphers_by_id(SSL *s);
-int ssl_verify_alarm_type(int type);
+int ssl_verify_alarm_type(long type);
 
 int ssl2_enc_init(SSL *s, int client);
 void ssl2_generate_key_material(SSL *s);
@@ -354,7 +367,7 @@ int	ssl2_accept(SSL *s);
 int	ssl2_connect(SSL *s);
 int	ssl2_read(SSL *s, char *buf, int len);
 int	ssl2_peek(SSL *s, char *buf, int len);
-int	ssl2_write(SSL *s, const char *buf, int len);
+int	ssl2_write(SSL *s, char *buf, int len);
 int	ssl2_shutdown(SSL *s);
 void	ssl2_clear(SSL *s);
 long	ssl2_ctrl(SSL *s,int cmd, long larg, char *parg);
@@ -365,7 +378,7 @@ SSL_CIPHER *ssl3_get_cipher_by_char(unsigned char *p);
 int ssl3_put_cipher_by_char(SSL_CIPHER *c,unsigned char *p);
 void ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
-int ssl3_get_finished(SSL *s,int state_a,int state_b,unsigned char *sender);
+int ssl3_get_finished(SSL *s,int state_a,int state_b);
 int ssl3_setup_key_block(SSL *s);
 int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
 int ssl3_change_cipher_state(SSL *s,int which);
@@ -376,17 +389,18 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out,
 	unsigned char *p, int len);
 int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender);
+int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender,int slen);
 int ssl3_num_ciphers(void);
 SSL_CIPHER *ssl3_get_cipher(unsigned int u);
 int ssl3_renegotiate(SSL *ssl); 
+int ssl3_renegotiate_check(SSL *ssl); 
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, char *buf, int len);
-void ssl3_generate_key_block(SSL *s, unsigned char *km, int num);
 int ssl3_part_read(SSL *s, int i);
 int ssl3_write_bytes(SSL *s, int type, char *buf, int len);
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *in_ctx,
-	unsigned char *sender, unsigned char *p);
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1,EVP_MD_CTX *ctx2,
+	unsigned char *sender, int slen,unsigned char *p);
+int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
 void ssl3_finish_mac(SSL *s, unsigned char *buf, int len);
 int ssl3_enc(SSL *s, int send_data);
 int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
@@ -399,7 +413,7 @@ int	ssl3_accept(SSL *s);
 int	ssl3_connect(SSL *s);
 int	ssl3_read(SSL *s, char *buf, int len);
 int	ssl3_peek(SSL *s,char *buf, int len);
-int	ssl3_write(SSL *s, const char *buf, int len);
+int	ssl3_write(SSL *s, char *buf, int len);
 int	ssl3_shutdown(SSL *s);
 void	ssl3_clear(SSL *s);
 long	ssl3_ctrl(SSL *s,int cmd, long larg, char *parg);
@@ -411,6 +425,28 @@ int ssl23_connect(SSL *s);
 int ssl23_read_bytes(SSL *s, int n);
 int ssl23_write_bytes(SSL *s);
 
+int tls1_new(SSL *s);
+void tls1_free(SSL *s);
+void tls1_clear(SSL *s);
+long tls1_ctrl(SSL *s,int cmd, long larg, char *parg);
+SSL_METHOD *tlsv1_base_method(void );
+
+
+int ssl_init_wbio_buffer(SSL *s, int push);
+
+int tls1_change_cipher_state(SSL *s, int which);
+int tls1_setup_key_block(SSL *s);
+int tls1_enc(SSL *s, int snd);
+int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+	unsigned char *str, int slen, unsigned char *p);
+int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+int tls1_mac(SSL *ssl, unsigned char *md, int snd);
+int tls1_generate_master_secret(SSL *s, unsigned char *out,
+	unsigned char *p, int len);
+int tls1_alert_code(int code);
+int ssl3_alert_code(int code);
+
+
 #else
 
 SSL_METHOD *ssl_bad_method();
@@ -485,9 +521,9 @@ int ssl3_send_finished();
 int ssl3_num_ciphers();
 SSL_CIPHER *ssl3_get_cipher();
 int ssl3_renegotiate();
+int ssl3_renegotiate_check();
 int ssl3_dispatch_alert();
 int ssl3_read_bytes();
-void ssl3_generate_key_block();
 int ssl3_part_read();
 int ssl3_write_bytes();
 int ssl3_final_finish_mac();
@@ -515,6 +551,8 @@ int ssl23_connect();
 int ssl23_read_bytes();
 int ssl23_write_bytes();
 
+int ssl_init_wbio_buffer();
+
 #endif
 
 #endif
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 3a7b8d3c3..140475e5f 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_rsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -99,6 +99,7 @@ X509 *x;
 	return(ssl_set_cert(c,x));
 	}
 
+#ifndef NO_STDIO
 int SSL_use_certificate_file(ssl, file, type)
 SSL *ssl;
 char *file;
@@ -109,11 +110,7 @@ int type;
 	int ret=0;
 	X509 *x=NULL;
 
-#ifdef WIN16
-	in=BIO_new(BIO_s_file_internal_w16());
-#else
-	in=BIO_new(BIO_s_file());
-#endif
+	in=BIO_new(BIO_s_file_internal());
 	if (in == NULL)
 		{
 		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
@@ -122,7 +119,6 @@ int type;
 
 	if (BIO_read_filename(in,file) <= 0)
 		{
-		SYSerr(SYS_F_FOPEN,errno);
 		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
 		goto end;
 		}
@@ -154,6 +150,7 @@ end:
 	if (in != NULL) BIO_free(in);
 	return(ret);
 	}
+#endif
 
 int SSL_use_certificate_ASN1(ssl, len, d)
 SSL *ssl;
@@ -232,7 +229,16 @@ EVP_PKEY *pkey;
 
 	if (c->pkeys[i].x509 != NULL)
 		{
-		if (!X509_check_private_key(c->pkeys[i].x509,pkey))
+#ifndef NO_RSA
+		/* Don't check the public/private key, this is mostly
+		 * for smart cards. */
+		if ((pkey->type == EVP_PKEY_RSA) &&
+			(RSA_flags(pkey->pkey.rsa) &
+			 RSA_METHOD_FLAG_NO_CHECK))
+			 ok=1;
+		else
+#endif
+			if (!X509_check_private_key(c->pkeys[i].x509,pkey))
 			{
 			if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
 				{
@@ -277,6 +283,7 @@ EVP_PKEY *pkey;
 	}
 
 #ifndef NO_RSA
+#ifndef NO_STDIO
 int SSL_use_RSAPrivateKey_file(ssl, file, type)
 SSL *ssl;
 char *file;
@@ -286,11 +293,7 @@ int type;
 	BIO *in;
 	RSA *rsa=NULL;
 
-#ifdef WIN16
-	in=BIO_new(BIO_s_file_internal_w16());
-#else
-	in=BIO_new(BIO_s_file());
-#endif
+	in=BIO_new(BIO_s_file_internal());
 	if (in == NULL)
 		{
 		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
@@ -299,7 +302,6 @@ int type;
 
 	if (BIO_read_filename(in,file) <= 0)
 		{
-		SYSerr(SYS_F_FOPEN,errno);
 		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
 		goto end;
 		}
@@ -330,6 +332,7 @@ end:
 	if (in != NULL) BIO_free(in);
 	return(ret);
 	}
+#endif
 
 int SSL_use_RSAPrivateKey_ASN1(ssl,d,len)
 SSL *ssl;
@@ -383,6 +386,7 @@ EVP_PKEY *pkey;
 	return(ret);
 	}
 
+#ifndef NO_STDIO
 int SSL_use_PrivateKey_file(ssl, file, type)
 SSL *ssl;
 char *file;
@@ -392,11 +396,7 @@ int type;
 	BIO *in;
 	EVP_PKEY *pkey=NULL;
 
-#ifdef WIN16
-	in=BIO_new(BIO_s_file_internal_w16());
-#else
-	in=BIO_new(BIO_s_file());
-#endif
+	in=BIO_new(BIO_s_file_internal());
 	if (in == NULL)
 		{
 		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
@@ -405,7 +405,6 @@ int type;
 
 	if (BIO_read_filename(in,file) <= 0)
 		{
-		SYSerr(SYS_F_FOPEN,errno);
 		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
 		goto end;
 		}
@@ -431,6 +430,7 @@ end:
 	if (in != NULL) BIO_free(in);
 	return(ret);
 	}
+#endif
 
 int SSL_use_PrivateKey_ASN1(type,ssl,d,len)
 int type;
@@ -491,14 +491,14 @@ X509 *x;
 	pkey=X509_get_pubkey(x);
 	if (pkey == NULL)
 		{
-		SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_X509_LIB);
+		SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
 		return(0);
 		}
 
 	i=ssl_cert_type(x,pkey);
 	if (i < 0)
 		{
-		SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+		SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
 		return(0);
 		}
 
@@ -547,6 +547,7 @@ X509 *x;
 	return(1);
 	}
 
+#ifndef NO_STDIO
 int SSL_CTX_use_certificate_file(ctx, file, type)
 SSL_CTX *ctx;
 char *file;
@@ -557,11 +558,7 @@ int type;
 	int ret=0;
 	X509 *x=NULL;
 
-#ifdef WIN16
-	in=BIO_new(BIO_s_file_internal_w16());
-#else
-	in=BIO_new(BIO_s_file());
-#endif
+	in=BIO_new(BIO_s_file_internal());
 	if (in == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
@@ -570,7 +567,6 @@ int type;
 
 	if (BIO_read_filename(in,file) <= 0)
 		{
-		SYSerr(SYS_F_FOPEN,errno);
 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
 		goto end;
 		}
@@ -602,6 +598,7 @@ end:
 	if (in != NULL) BIO_free(in);
 	return(ret);
 	}
+#endif
 
 int SSL_CTX_use_certificate_ASN1(ctx, len, d)
 SSL_CTX *ctx;
@@ -663,6 +660,7 @@ RSA *rsa;
 	return(ret);
 	}
 
+#ifndef NO_STDIO
 int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type)
 SSL_CTX *ctx;
 char *file;
@@ -672,11 +670,7 @@ int type;
 	BIO *in;
 	RSA *rsa=NULL;
 
-#ifdef WIN16
-	in=BIO_new(BIO_s_file_internal_w16());
-#else
-	in=BIO_new(BIO_s_file());
-#endif
+	in=BIO_new(BIO_s_file_internal());
 	if (in == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
@@ -685,7 +679,6 @@ int type;
 
 	if (BIO_read_filename(in,file) <= 0)
 		{
-		SYSerr(SYS_F_FOPEN,errno);
 		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
 		goto end;
 		}
@@ -716,6 +709,7 @@ end:
 	if (in != NULL) BIO_free(in);
 	return(ret);
 	}
+#endif
 
 int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len)
 SSL_CTX *ctx;
@@ -766,6 +760,7 @@ EVP_PKEY *pkey;
 	return(ssl_set_pkey(c,pkey));
 	}
 
+#ifndef NO_STDIO
 int SSL_CTX_use_PrivateKey_file(ctx, file, type)
 SSL_CTX *ctx;
 char *file;
@@ -775,11 +770,7 @@ int type;
 	BIO *in;
 	EVP_PKEY *pkey=NULL;
 
-#ifdef WIN16
-	in=BIO_new(BIO_s_file_internal_w16());
-#else
-	in=BIO_new(BIO_s_file());
-#endif
+	in=BIO_new(BIO_s_file_internal());
 	if (in == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
@@ -788,7 +779,6 @@ int type;
 
 	if (BIO_read_filename(in,file) <= 0)
 		{
-		SYSerr(SYS_F_FOPEN,errno);
 		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
 		goto end;
 		}
@@ -814,6 +804,7 @@ end:
 	if (in != NULL) BIO_free(in);
 	return(ret);
 	}
+#endif
 
 int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len)
 int type;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index af65c65da..8212600e4 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_sess.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,6 +61,51 @@
 #include "rand.h"
 #include "ssl_locl.h"
 
+#ifndef NOPROTO
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
+#else
+static void SSL_SESSION_list_remove();
+static void SSL_SESSION_list_add();
+#endif
+
+static ssl_session_num=0;
+static STACK *ssl_session_meth=NULL;
+
+SSL_SESSION *SSL_get_session(ssl)
+SSL *ssl;
+	{
+	return(ssl->session);
+	}
+
+int SSL_SESSION_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+        ssl_session_num++;
+        return(CRYPTO_get_ex_new_index(ssl_session_num-1,
+		&ssl_session_meth,
+                argl,argp,new_func,dup_func,free_func));
+        }
+
+int SSL_SESSION_set_ex_data(s,idx,arg)
+SSL_SESSION *s;
+int idx;
+char *arg;
+	{
+	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+	}
+
+char *SSL_SESSION_get_ex_data(s,idx)
+SSL_SESSION *s;
+int idx;
+	{
+	return(CRYPTO_get_ex_data(&s->ex_data,idx));
+	}
+
 SSL_SESSION *SSL_SESSION_new()
 	{
 	SSL_SESSION *ss;
@@ -76,6 +121,9 @@ SSL_SESSION *SSL_SESSION_new()
 	ss->references=1;
 	ss->timeout=60*5+4; /* 5 minute timeout by default */
 	ss->time=time(NULL);
+	ss->prev=NULL;
+	ss->next=NULL;
+	CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
 	return(ss);
 	}
 
@@ -101,12 +149,17 @@ int session;
 		{
 		if (s->version == SSL2_CLIENT_VERSION)
 			{
-			ss->ssl_version=2;
+			ss->ssl_version=SSL2_VERSION;
 			ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
 			}
-		else if (s->version == SSL3_VERSION_MAJOR)
+		else if (s->version == SSL3_VERSION)
 			{
-			ss->ssl_version=3;
+			ss->ssl_version=SSL3_VERSION;
+			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+			}
+		else if (s->version == TLS1_VERSION)
+			{
+			ss->ssl_version=TLS1_VERSION;
 			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
 			}
 		else
@@ -140,23 +193,26 @@ int session;
 	return(1);
 	}
 
-int ssl_get_prev_session(s, len, session)
+int ssl_get_prev_session(s,session_id,len)
 SSL *s;
+unsigned char *session_id;
 int len;
-unsigned char *session;
 	{
-	SSL_SESSION *ret,data;
+	SSL_SESSION *ret=NULL,data;
 
 	/* conn_init();*/
 	data.ssl_version=s->version;
 	data.session_id_length=len;
 	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
 		return(0);
-	memcpy(data.session_id,session,len);;
+	memcpy(data.session_id,session_id,len);;
 
-	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-	ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
-	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+		{
+		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+		ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
+		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+		}
 
 	if (ret == NULL)
 		{
@@ -165,7 +221,7 @@ unsigned char *session;
 		s->ctx->sess_miss++;
 		ret=NULL;
 		if ((s->ctx->get_session_cb != NULL) &&
-			((ret=s->ctx->get_session_cb(s,session,len,&copy))
+			((ret=s->ctx->get_session_cb(s,session_id,len,&copy))
 				!= NULL))
 			{
 			s->ctx->sess_cb_hit++;
@@ -188,7 +244,7 @@ unsigned char *session;
 		p=buf;
 		l=ret->cipher_id;
 		l2n(l,p);
-		if (ret->ssl_version == 3)
+		if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
 			ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
 		else 
 			ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
@@ -227,6 +283,7 @@ int SSL_CTX_add_session(ctx,c)
 SSL_CTX *ctx;
 SSL_SESSION *c;
 	{
+	int ret=0;
 	SSL_SESSION *s;
 
 	/* conn_init(); */
@@ -234,7 +291,10 @@ SSL_SESSION *c;
 
 	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
 	s=(SSL_SESSION *)lh_insert(ctx->sessions,(char *)c);
-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+	
+	/* Put on the end of the queue unless it is already in the cache */
+	if (s == NULL)
+		SSL_SESSION_list_add(ctx,c);
 
 	/* If the same session if is being 're-added', Free the old
 	 * one when the last person stops using it.
@@ -243,10 +303,27 @@ SSL_SESSION *c;
 	if (s != NULL)
 		{
 		SSL_SESSION_free(s);
-		return(0);
+		ret=0;
 		}
 	else
-		return(1);
+		{
+		ret=1;
+
+		if (SSL_CTX_sess_get_cache_size(ctx) > 0)
+			{
+			while (SSL_CTX_sess_number(ctx) >
+				SSL_CTX_sess_get_cache_size(ctx))
+				{
+				if (!SSL_CTX_remove_session(ctx,
+					ctx->session_cache_tail))
+					break;
+				else
+					ctx->sess_cache_full++;
+				}
+			}
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+	return(ret);
 	}
 
 int SSL_CTX_remove_session(ctx,c)
@@ -256,11 +333,15 @@ SSL_SESSION *c;
 	SSL_SESSION *r;
 	int ret=0;
 
-	if ((c->session_id_length != 0) && (c != NULL))
+	if ((c != NULL) && (c->session_id_length != 0))
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
 		r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c);
-		if (r != NULL) ret=1;
+		if (r != NULL)
+			{
+			ret=1;
+			SSL_SESSION_list_remove(ctx,c);
+			}
 
 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
 
@@ -268,7 +349,7 @@ SSL_SESSION *c;
 			{
 			r->not_resumable=1;
 			if (ctx->remove_session_cb != NULL)
-				ctx->remove_session_cb(ctx,c);
+				ctx->remove_session_cb(ctx,r);
 			SSL_SESSION_free(r);
 			}
 		}
@@ -283,6 +364,9 @@ SSL_SESSION *ss;
 	int i;
 
 	i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
+#ifdef REF_PRINT
+	REF_PRINT("SSL_SESSION",ss);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
@@ -292,6 +376,8 @@ SSL_SESSION *ss;
 		}
 #endif
 
+	CRYPTO_free_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
+
 	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
 	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
 	memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
@@ -335,10 +421,18 @@ SSL_SESSION *session;
 		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
 		ret=1;
 		}
+	else
+		{
+		if (s->session != NULL)
+			{
+			SSL_SESSION_free(s->session);
+			s->session=NULL;
+			}
+		}
 	return(ret);
 	}
 
-long SSL_set_timeout(s,t)
+long SSL_SESSION_set_timeout(s,t)
 SSL_SESSION *s;
 long t;
 	{
@@ -347,21 +441,21 @@ long t;
 	return(1);
 	}
 
-long SSL_get_timeout(s)
+long SSL_SESSION_get_timeout(s)
 SSL_SESSION *s;
 	{
 	if (s == NULL) return(0);
 	return(s->timeout);
 	}
 
-long SSL_get_time(s)
+long SSL_SESSION_get_time(s)
 SSL_SESSION *s;
 	{
 	if (s == NULL) return(0);
 	return(s->time);
 	}
 
-long SSL_set_time(s,t)
+long SSL_SESSION_set_time(s,t)
 SSL_SESSION *s;
 long t;
 	{
@@ -383,7 +477,10 @@ TIMEOUT_PARAM *p;
 	{
 	if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
 		{
+		/* The reason we don't call SSL_CTX_remove_session() is to
+		 * save on locking overhead */
 		lh_delete(p->cache,(char *)s);
+		SSL_SESSION_list_remove(p->ctx,s);
 		s->not_resumable=1;
 		if (p->ctx->remove_session_cb != NULL)
 			p->ctx->remove_session_cb(p->ctx,s);
@@ -423,3 +520,63 @@ SSL *s;
 	else
 		return(0);
 	}
+
+/* locked by SSL_CTX in the calling function */
+static void SSL_SESSION_list_remove(ctx,s)
+SSL_CTX *ctx;
+SSL_SESSION *s;
+	{
+	if ((s->next == NULL) || (s->prev == NULL)) return;
+
+	if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
+		{ /* last element in list */
+		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
+			{ /* only one element in list */
+			ctx->session_cache_head=NULL;
+			ctx->session_cache_tail=NULL;
+			}
+		else
+			{
+			ctx->session_cache_tail=s->prev;
+			s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
+			}
+		}
+	else
+		{
+		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
+			{ /* first element in list */
+			ctx->session_cache_head=s->next;
+			s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+			}
+		else
+			{ /* middle of list */
+			s->next->prev=s->prev;
+			s->prev->next=s->next;
+			}
+		}
+	s->prev=s->next=NULL;
+	}
+
+static void SSL_SESSION_list_add(ctx,s)
+SSL_CTX *ctx;
+SSL_SESSION *s;
+	{
+	if ((s->next != NULL) && (s->prev != NULL))
+		SSL_SESSION_list_remove(ctx,s);
+
+	if (ctx->session_cache_head == NULL)
+		{
+		ctx->session_cache_head=s;
+		ctx->session_cache_tail=s;
+		s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+		s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
+		}
+	else
+		{
+		s->next=ctx->session_cache_head;
+		s->next->prev=s;
+		s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+		ctx->session_cache_head=s;
+		}
+	}
+
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
index 328ccc94f..a1daf25dd 100644
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_stat.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -207,6 +207,7 @@ SSL *s;
 		{
 	case SSL_ST_READ_HEADER: str="read header"; break;
 	case SSL_ST_READ_BODY: str="read body"; break;
+	case SSL_ST_READ_DONE: str="read done"; break;
 	default: str="unknown"; break;
 		}
 	return(str);
diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c
index c27ce913e..ab7216666 100644
--- a/ssl/ssl_task.c
+++ b/ssl/ssl_task.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_task.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index b9cb9ef67..ce60e1a6d 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_txt.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,7 +60,7 @@
 #include "buffer.h"
 #include "ssl_locl.h"
 
-#ifndef WIN16
+#ifndef NO_FP_API
 int SSL_SESSION_print_fp(fp, x)
 FILE *fp;
 SSL_SESSION *x;
@@ -68,7 +68,7 @@ SSL_SESSION *x;
         BIO *b;
         int ret;
 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
+        if ((b=BIO_new(BIO_s_file_internal())) == NULL)
 		{
 		SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
                 return(0);
@@ -85,11 +85,30 @@ BIO *bp;
 SSL_SESSION *x;
 	{
 	int i;
-	char str[128];
+	char str[128],*s;
 
 	if (x == NULL) goto err;
 	if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
-	sprintf(str,"    Cipher    : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name);
+	if (x->ssl_version == SSL2_VERSION)
+		s="SSLv2";
+	else if (x->ssl_version == SSL3_VERSION)
+		s="SSLv3";
+	else if (x->ssl_version == TLS1_VERSION)
+		s="TLSv1";
+	else
+		s="unknown";
+	sprintf(str,"    Protocol  : %s\n",s);
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	if (x->cipher == NULL)
+		{
+		if (((x->cipher_id) & 0xff000000) == 0x02000000)
+			sprintf(str,"    Cipher    : %06lX\n",x->cipher_id&0xffffff);
+		else
+			sprintf(str,"    Cipher    : %04lX\n",x->cipher_id&0xffff);
+		}
+	else
+		sprintf(str,"    Cipher    : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name);
 	if (BIO_puts(bp,str) <= 0) goto err;
 	if (BIO_puts(bp,"    Session-ID: ") <= 0) goto err;
 	for (i=0; i<(int)x->session_id_length; i++)
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index b8d657f3b..f9dca4e3e 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -1,5 +1,5 @@
 /* ssl/ssltest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,18 +60,13 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#ifdef WIN16
-#define APPS_WIN16
-#endif
+#include "e_os.h"
 #include "bio.h"
 #include "crypto.h"
-#include "../e_os.h"
 #include "x509.h"
 #include "ssl.h"
 #include "err.h"
-
-#ifdef WIN16
-#define APPS_WIN16
+#ifdef WINDOWS
 #include "../crypto/bio/bss_file.c"
 #endif
 
@@ -80,24 +75,31 @@
 
 #ifndef NOPROTO
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
+#ifndef NO_DSA
 static DH *get_dh512(void);
+#endif
 #else
 int MS_CALLBACK verify_callback();
+static RSA MS_CALLBACK *tmp_rsa_cb();
+#ifndef NO_DSA
 static DH *get_dh512();
 #endif
+#endif
 
 BIO *bio_err=NULL;
 BIO *bio_stdout=NULL;
 
 static char *cipher=NULL;
 int verbose=0;
+int debug=0;
 #ifdef FIONBIO
 static int s_nbio=0;
 #endif
 
 
 #ifndef  NOPROTO
-int doit(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
+int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
 #else
 int doit();
 #endif
@@ -109,14 +111,25 @@ static void sv_usage()
 	fprintf(stderr," -server_auth  - check server certificate\n");
 	fprintf(stderr," -client_auth  - do client authentication\n");
 	fprintf(stderr," -v            - more output\n");
+	fprintf(stderr," -d            - debug output\n");
+	fprintf(stderr," -reuse        - use session-id reuse\n");
+	fprintf(stderr," -num <val>    - number of connections to perform\n");
+	fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
 #ifndef NO_SSL2
 	fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
 #ifndef NO_SSL3
 	fprintf(stderr," -ssl3         - use SSLv3\n");
 #endif
+#ifndef NO_TLS1
+	fprintf(stderr," -tls1         - use TLSv1\n");
+#endif
 	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
 	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+	fprintf(stderr," -cert arg     - Certificate file\n");
+	fprintf(stderr," -s_cert arg   - Just the server certificate file\n");
+	fprintf(stderr," -c_cert arg   - Just the client certificate file\n");
+	fprintf(stderr," -cipher arg   - The cipher list\n");
 	}
 
 int main(argc, argv)
@@ -125,15 +138,21 @@ char *argv[];
 	{
 	char *CApath=NULL,*CAfile=NULL;
 	int badop=0;
-	int ssl2=0,ssl3=0,ret=1;
+	int tls1=0,ssl2=0,ssl3=0,ret=1;
 	int client_auth=0;
-	int server_auth=0;
+	int server_auth=0,i;
 	char *server_cert=TEST_SERVER_CERT;
 	char *client_cert=TEST_CLIENT_CERT;
 	SSL_CTX *s_ctx=NULL;
 	SSL_CTX *c_ctx=NULL;
 	SSL_METHOD *meth=NULL;
+	SSL *c_ssl,*s_ssl;
+	int number=1,reuse=0;
+	long bytes=1L;
+	SSL_CIPHER *ciph;
+#ifndef NO_DH
 	DH *dh;
+#endif
 
 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
@@ -151,10 +170,31 @@ char *argv[];
 			client_auth=1;
 		else if	(strcmp(*argv,"-v") == 0)
 			verbose=1;
+		else if	(strcmp(*argv,"-d") == 0)
+			debug=1;
+		else if	(strcmp(*argv,"-reuse") == 0)
+			reuse=1;
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			ssl2=1;
+		else if	(strcmp(*argv,"-tls1") == 0)
+			tls1=1;
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			ssl3=1;
+		else if	(strncmp(*argv,"-num",4) == 0)
+			{
+			if (--argc < 1) goto bad;
+			number= atoi(*(++argv));
+			if (number == 0) number=1;
+			}
+		else if	(strcmp(*argv,"-bytes") == 0)
+			{
+			if (--argc < 1) goto bad;
+			bytes= atol(*(++argv));
+			if (bytes == 0L) bytes=1L;
+			i=strlen(argv[0]);
+			if (argv[0][i-1] == 'k') bytes*=1024L;
+			if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
+			}
 		else if	(strcmp(*argv,"-cert") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -210,6 +250,9 @@ bad:
 	if (ssl2)
 		meth=SSLv2_method();
 	else 
+	if (tls1)
+		meth=TLSv1_method();
+	else
 	if (ssl3)
 		meth=SSLv3_method();
 	else
@@ -239,7 +282,11 @@ bad:
 #ifndef NO_DH
 	dh=get_dh512();
 	SSL_CTX_set_tmp_dh(s_ctx,dh);
-        DH_free(dh);
+	DH_free(dh);
+#endif
+
+#ifndef NO_RSA
+	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
 #endif
 
 	if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
@@ -266,9 +313,9 @@ bad:
 		(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(c_ctx)))
 		{
-		fprintf(stderr,"SSL_load_verify_locations\n");
+		/* fprintf(stderr,"SSL_load_verify_locations\n"); */
 		ERR_print_errors(bio_err);
-		goto end;
+		/* goto end; */
 		}
 
 	if (client_auth)
@@ -285,7 +332,29 @@ bad:
 			verify_callback);
 		}
 
-	ret=doit(s_ctx,c_ctx);
+	c_ssl=SSL_new(c_ctx);
+	s_ssl=SSL_new(s_ctx);
+
+	for (i=0; i<number; i++)
+		{
+		if (!reuse) SSL_set_session(c_ssl,NULL);
+		ret=doit(s_ssl,c_ssl,bytes);
+		}
+
+	if (!verbose)
+		{
+		ciph=SSL_get_current_cipher(c_ssl);
+		fprintf(stdout,"Protocol %s, cipher %s, %s\n",
+			SSL_get_version(c_ssl),
+			SSL_CIPHER_get_version(ciph),
+			SSL_CIPHER_get_name(ciph));
+		}
+	if ((number > 1) || (bytes > 1L))
+		printf("%d handshakes of %ld bytes done\n",number,bytes);
+
+	SSL_free(s_ssl);
+	SSL_free(c_ssl);
+
 end:
 	if (s_ctx != NULL) SSL_CTX_free(s_ctx);
 	if (c_ctx != NULL) SSL_CTX_free(c_ctx);
@@ -303,33 +372,26 @@ end:
 #define C_DONE	1
 #define S_DONE	2
 
-int doit(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
+int doit(s_ssl,c_ssl,count)
+SSL *s_ssl,*c_ssl;
+long count;
 	{
-	static char cbuf[200],sbuf[200];
+	MS_STATIC char cbuf[1024*8],sbuf[1024*8];
+	long cw_num=count,cr_num=count;
+	long sw_num=count,sr_num=count;
 	int ret=1;
-	SSL *c_ssl=NULL;
-	SSL *s_ssl=NULL;
 	BIO *c_to_s=NULL;
 	BIO *s_to_c=NULL;
 	BIO *c_bio=NULL;
 	BIO *s_bio=NULL;
 	int c_r,c_w,s_r,s_w;
 	int c_want,s_want;
-	int i;
+	int i,j;
 	int done=0;
 	int c_write,s_write;
 	int do_server=0,do_client=0;
 	SSL_CIPHER *ciph;
 
-	c_ssl=SSL_new(c_ctx);
-	s_ssl=SSL_new(s_ctx);
-	if ((s_ssl == NULL) || (c_ssl == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
 	c_to_s=BIO_new(BIO_s_mem());
 	s_to_c=BIO_new(BIO_s_mem());
 	if ((s_to_c == NULL) || (c_to_s == NULL))
@@ -348,11 +410,11 @@ SSL_CTX *s_ctx,*c_ctx;
 
 	SSL_set_connect_state(c_ssl);
 	SSL_set_bio(c_ssl,s_to_c,c_to_s);
-	BIO_set_ssl(c_bio,c_ssl,BIO_CLOSE);
+	BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
 
 	SSL_set_accept_state(s_ssl);
 	SSL_set_bio(s_ssl,c_to_s,s_to_c);
-	BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE);
+	BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
 
 	c_r=0; s_r=1;
 	c_w=1; s_w=0;
@@ -372,26 +434,26 @@ SSL_CTX *s_ctx,*c_ctx;
 		i=(int)BIO_pending(c_bio);
 		if ((i && c_r) || c_w) do_client=1;
 
-		if (do_server && verbose)
+		if (do_server && debug)
 			{
 			if (SSL_in_init(s_ssl))
 				printf("server waiting in SSL_accept - %s\n",
 					SSL_state_string_long(s_ssl));
-			else if (s_write)
+/*			else if (s_write)
 				printf("server:SSL_write()\n");
-			else 
-				printf("server:SSL_read()\n");
+			else
+				printf("server:SSL_read()\n"); */
 			}
 
-		if (do_client && verbose)
+		if (do_client && debug)
 			{
 			if (SSL_in_init(c_ssl))
 				printf("client waiting in SSL_connect - %s\n",
 					SSL_state_string_long(c_ssl));
-			else if (c_write)
+/*			else if (c_write)
 				printf("client:SSL_write()\n");
 			else
-				printf("client:SSL_read()\n");
+				printf("client:SSL_read()\n"); */
 			}
 
 		if (!do_client && !do_server)
@@ -404,7 +466,9 @@ SSL_CTX *s_ctx,*c_ctx;
 			{
 			if (c_write)
 				{
-				i=BIO_write(c_bio,"hello from client\n",18);
+				j=(cw_num > (long)sizeof(cbuf))
+					?sizeof(cbuf):(int)cw_num;
+				i=BIO_write(c_bio,cbuf,j);
 				if (i < 0)
 					{
 					c_r=0;
@@ -430,13 +494,17 @@ SSL_CTX *s_ctx,*c_ctx;
 					}
 				else
 					{
+					if (debug)
+						printf("client wrote %d\n",i);
 					/* ok */
+					s_r=1;
 					c_write=0;
+					cw_num-=i;
 					}
 				}
 			else
 				{
-				i=BIO_read(c_bio,cbuf,100);
+				i=BIO_read(c_bio,cbuf,sizeof(cbuf));
 				if (i < 0)
 					{
 					c_r=0;
@@ -462,10 +530,20 @@ SSL_CTX *s_ctx,*c_ctx;
 					}
 				else
 					{
-					done|=C_DONE;
-					fprintf(stdout,"CLIENT:from server:");
-					fwrite(cbuf,1,i,stdout);
-					fflush(stdout);
+					if (debug)
+						printf("client read %d\n",i);
+					cr_num-=i;
+					if (sw_num > 0)
+						{
+						s_write=1;
+						s_w=1;
+						}
+					if (cr_num <= 0)
+						{
+						s_write=1;
+						s_w=1;
+						done=S_DONE|C_DONE;
+						}
 					}
 				}
 			}
@@ -474,7 +552,7 @@ SSL_CTX *s_ctx,*c_ctx;
 			{
 			if (!s_write)
 				{
-				i=BIO_read(s_bio,sbuf,100);
+				i=BIO_read(s_bio,sbuf,sizeof(cbuf));
 				if (i < 0)
 					{
 					s_r=0;
@@ -501,16 +579,27 @@ SSL_CTX *s_ctx,*c_ctx;
 					}
 				else
 					{
-					s_write=1;
-					s_w=1;
-					fprintf(stdout,"SERVER:from client:");
-					fwrite(sbuf,1,i,stdout);
-					fflush(stdout);
+					if (debug)
+						printf("server read %d\n",i);
+					sr_num-=i;
+					if (cw_num > 0)
+						{
+						c_write=1;
+						c_w=1;
+						}
+					if (sr_num <= 0)
+						{
+						s_write=1;
+						s_w=1;
+						c_write=0;
+						}
 					}
 				}
 			else
 				{
-				i=BIO_write(s_bio,"hello from server\n",18);
+				j=(sw_num > (long)sizeof(sbuf))?
+					sizeof(sbuf):(int)sw_num;
+				i=BIO_write(s_bio,sbuf,j);
 				if (i < 0)
 					{
 					s_r=0;
@@ -537,9 +626,13 @@ SSL_CTX *s_ctx,*c_ctx;
 					}
 				else
 					{
+					if (debug)
+						printf("server wrote %d\n",i);
+					sw_num-=i;
 					s_write=0;
-					s_r=1;
-					done|=S_DONE;
+					c_r=1;
+					if (sw_num <= 0)
+						done|=S_DONE;
 					}
 				}
 			}
@@ -548,8 +641,11 @@ SSL_CTX *s_ctx,*c_ctx;
 		}
 
 	ciph=SSL_get_current_cipher(c_ssl);
-	fprintf(stdout,"DONE, used %s, %s\n",SSL_CIPHER_get_version(ciph),
-		SSL_CIPHER_get_name(ciph));
+	if (verbose)
+		fprintf(stdout,"DONE, protocol %s, cipher %s, %s\n",
+			SSL_get_version(c_ssl),
+			SSL_CIPHER_get_version(ciph),
+			SSL_CIPHER_get_name(ciph));
 	ret=0;
 err:
 	/* We have to set the BIO's to NULL otherwise they will be
@@ -572,8 +668,8 @@ err:
 
 	if (c_to_s != NULL) BIO_free(c_to_s);
 	if (s_to_c != NULL) BIO_free(s_to_c);
-	if (c_bio != NULL) BIO_free(c_bio);
-	if (s_bio != NULL) BIO_free(s_bio);
+	if (c_bio != NULL) BIO_free_all(c_bio);
+	if (s_bio != NULL) BIO_free_all(s_bio);
 	return(ret);
 	}
 
@@ -607,6 +703,7 @@ X509_STORE_CTX *ctx;
 	return(ok);
 	}
 
+#ifndef NO_DH
 static unsigned char dh512_p[]={
 	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
 	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
@@ -623,13 +720,32 @@ static DH *get_dh512()
 	{
 	DH *dh=NULL;
 
-#ifndef NO_DH
 	if ((dh=DH_new()) == NULL) return(NULL);
 	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
 	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
 	if ((dh->p == NULL) || (dh->g == NULL))
 		return(NULL);
-#endif
 	return(dh);
 	}
+#endif
+
+static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
+SSL *s;
+int export;
+	{
+	static RSA *rsa_tmp=NULL;
+
+	if (rsa_tmp == NULL)
+		{
+		BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+		BIO_flush(bio_err);
+#ifndef NO_RSA
+		rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
+#endif
+		BIO_printf(bio_err,"\n");
+		BIO_flush(bio_err);
+		}
+	return(rsa_tmp);
+	}
+
 
diff --git a/test/Makefile.ssl b/test/Makefile.ssl
index ee48d5493..b3de76751 100644
--- a/test/Makefile.ssl
+++ b/test/Makefile.ssl
@@ -13,7 +13,7 @@ MAKE=		make -f $(MAKEFILE)
 MAKEDEPEND=	makedepend -f$(MAKEFILE)
 
 PEX_LIBS=
-EX_LIBS= -lnsl -lsocket
+EX_LIBS= #-lnsl -lsocket
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
@@ -30,11 +30,15 @@ IDEATEST=	ideatest
 SHATEST=	shatest
 SHA1TEST=	sha1test
 MDC2TEST=	mdc2test
+RMDTEST=	rmdtest
 MD2TEST=	md2test
 MD5TEST=	md5test
-RC4TEST=	rc4test
+HMACTEST=	hmactest
 RC2TEST=	rc2test
+RC4TEST=	rc4test
+RC5TEST=	rc5test
 BFTEST=		bftest
+CASTTEST=	casttest
 DESTEST=	destest
 RANDTEST=	randtest
 DHTEST=		dhtest
@@ -42,20 +46,24 @@ DSATEST=	dsatest
 METHTEST=	methtest
 SSLTEST=	ssltest
 
-EXE=	$(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST)  $(RC4TEST) \
-	$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RANDTEST) $(DHTEST) \
-	$(RC2TEST) $(BFTEST) $(SSLTEST) $(EXPTEST) $(DSATEST)
+EXE=	$(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
+	$(RC2TEST) $(RC4TEST) $(RC5TEST) \
+	$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
+	$(RANDTEST) $(DHTEST) \
+	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST)
 
 # $(METHTEST)
 
-OBJ=	$(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o  $(RC4TEST).o \
-	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o \
-	$(RANDTEST).o $(DHTEST).o \
-	$(RC2TEST).o $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o
-SRC=	$(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(RC4TEST).c \
-	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c \
-	$(RANDTEST).c $(DHTEST).c \
-	$(RC2TEST).c $(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c
+OBJ=	$(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
+	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+	$(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
+	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o
+SRC=	$(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
+	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+	$(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
+	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c
 
 EXHEADER= 
 HEADER=	$(EXHEADER)
@@ -84,8 +92,8 @@ tags:
 	ctags $(SRC)
 
 tests:	exe apps \
-	test_des test_idea test_sha test_md5 test_md2 test_mdc2 \
-	test_rc2 test_rc4 test_bf \
+	test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
+	test_rc2 test_rc4 test_rc5 test_bf test_cast \
 	test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \
 	test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \
 	test_ss test_ssl test_ca
@@ -94,7 +102,7 @@ apps:
 	@(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
 
 test_des:
-	./$(DESTEST)
+	#./$(DESTEST)
 
 test_idea:
 	./$(IDEATEST)
@@ -109,18 +117,30 @@ test_mdc2:
 test_md5:
 	./$(MD5TEST)
 
+test_hmac:
+	./$(HMACTEST)
+
 test_md2:
 	./$(MD2TEST)
 
-test_rc2:
-	./$(RC2TEST)
+test_rmd:
+	./$(RMDTEST)
 
 test_bf:
 	./$(BFTEST)
 
+test_cast:
+	./$(CASTTEST)
+
+test_rc2:
+	./$(RC2TEST)
+
 test_rc4:
 	./$(RC4TEST)
 
+test_rc5:
+	./$(RC5TEST)
+
 test_rand:
 	./$(RANDTEST)
 
@@ -226,22 +246,33 @@ $(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
 $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
 	$(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
+$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
 $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
 	$(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
 	$(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
+$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
 $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
 	$(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
 	$(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
+$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
 	$(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
+$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
+	$(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
 $(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
 	$(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
diff --git a/test/certCA.srl b/test/certCA.srl
index f5c89552b..2bbd69c2e 100644
--- a/test/certCA.srl
+++ b/test/certCA.srl
@@ -1 +1 @@
-32
+70
diff --git a/test/methtest.c b/test/methtest.c
index 55d1ac793..630d29dc9 100644
--- a/test/methtest.c
+++ b/test/methtest.c
@@ -1,5 +1,5 @@
 /* test/methtest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/test/testenc b/test/testenc
index 7bcf3d145..42db56c2b 100644
--- a/test/testenc
+++ b/test/testenc
@@ -34,7 +34,8 @@ for i in rc4 \
 	des-cbc des-ede-cbc des-ede3-cbc \
 	idea-ecb idea-cfb idea-ofb idea-cbc \
 	rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
-	bf-ecb bf-cfb bf-ofb bf-cbc
+	bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
+	cast5-ecb cast5-cfb cast5-ofb cast5-cbc
 do
 	echo $i
 	$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
diff --git a/test/testkey.pem b/test/testkey.pem
index c8eba8266..562e77cb9 100644
--- a/test/testkey.pem
+++ b/test/testkey.pem
@@ -1,9 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBAK8j1FaU9b+TMyeiXGzIGJZ/Coj39v2v4a4NviCjWELm14fdcdg4
-3Q99LTLyvLDnq7sLQX4gOMaLM4rmGMgeuGsCAwEAAQJAAaFRvqSQTQIvvbSzK4gJ
-Qo1YKcI1GFNkxFv4YxFiJu0/LXaw9U/iDSlUdH15F6ezndqojovnn731Pmf7e08F
-MQIhAOCi7P0RtrV3O/KB0MYldxFOKNwp5lzH+um7jBq6oRw1AiEAx5fGT9fIFl6Z
-hXgWYy+eO8QPjEXDcLTgc5/VbE3o1h8CIBIre4nYxfOVqmaqM23jl+bxcIKmbPiy
-QExpnCKJWADFAiAL73CFb8LgS5HkoFS+Y6eTrVq8qaNRRw+w+lrZ2iLVQwIgRk40
-WRSH7Yv90rv1PpcQ4wxSnu3lfyFO1XZ/J1UxdfA=
+MIIBOgIBAAJBAMIvB0MXsW7gNKJp7/7fTjmd/vdXk51GcgIxergzS13i6nCAL+97
+vD7erU7M5s6kWCm4/U8Q6wcY7jwauiUO7iUCAwEAAQJBAIsOypCNYw8XmBnG64sF
+tysjrfbKzHcQf4x6intmoE42dSc1SkyJXvQiNcXaiS5bGBGrfRkabE8j4X9mmMd6
+S/ECIQD0YIYwjPYLDDJGa2kog42JSiEu15dAOcAJTsnhiHvKbwIhAMtrXLguHYKb
+ScrW/q8Uq+eRcMHwgbuBvnqmzAMln6qrAiAEctFehuJftxwfLgtfAm4MJr5N5PzK
+3YJCaR3BrkNanwIgNcJh9qr5UZMIpXq8RDkKVWCylA6jupJHbNK4B/zhfZECIB+9
+Is3OLPuWFJmk9eQcUaNQZJ5WwEBsaGQ12JeW7Kpe
 -----END RSA PRIVATE KEY-----
diff --git a/test/testreq.pem b/test/testreq.pem
index ebae21d94..b20137b6e 100644
--- a/test/testreq.pem
+++ b/test/testreq.pem
@@ -2,8 +2,8 @@
 MIIBQjCB7QIBADCBhzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
 ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDET
 MBEGA1UEAxMKRXJpYyBZb3VuZzEfMB0GCSqGSIb3DQEJARYQZWF5QG1pbmNvbS5v
-ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCvI9RWlPW/kzMnolxsyBiWfwqI
-9/b9r+GuDb4go1hC5teH3XHYON0PfS0y8ryw56u7C0F+IDjGizOK5hjIHrhrAgMB
-AAGgADANBgkqhkiG9w0BAQQFAANBAAJIIXcUJRF4IW0bTYoBAAWnvWNA6gl2lvNF
-OTkJTP7rQG0kdx/YNbBKAosMUUtEk38o2fzsv64jzXL8weUwoPM=
+ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCLwdDF7Fu4DSiae/+3045nf73
+V5OdRnICMXq4M0td4upwgC/ve7w+3q1OzObOpFgpuP1PEOsHGO48GrolDu4lAgMB
+AAGgADANBgkqhkiG9w0BAQQFAANBAItCGg8qCPSoASvm3QUx/6PpreQclDO0bM2l
+eacLlzSHBUvaSqapR/pHfHG2r9l6PuEr/rrYHo+ZrAraSyPhEBc=
 -----END CERTIFICATE REQUEST-----
diff --git a/tools/c_rehash b/tools/c_rehash
index 007600152..cd4e26a49 100644
--- a/tools/c_rehash
+++ b/tools/c_rehash
@@ -4,12 +4,12 @@
 # on the command line.
 #
 
-if [ "$SSLEAY"x = "x" ]; then
+if [ "$SSLEAY"x = "x" -o ! -x $SSLEAY ]; then
 	SSLEAY='ssleay'
 	export SSLEAY
 fi
 DIR=/usr/local/ssl
-#PATH=$DIR/bin:$PATH
+PATH=$DIR/bin:$PATH
 
 SSL_DIR=$DIR/certs
 
diff --git a/util/add_cr.pl b/util/add_cr.pl
index 04d002677..c7b62c11e 100755
--- a/util/add_cr.pl
+++ b/util/add_cr.pl
@@ -63,7 +63,7 @@ sub dofile
 sub Copyright
 	{
 	return <<'EOF';
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/util/do_ms.sh b/util/do_ms.sh
index 03e349df6..f498d842b 100755
--- a/util/do_ms.sh
+++ b/util/do_ms.sh
@@ -7,7 +7,7 @@ PATH=util:../util:$PATH
 
 # perl util/mk1mf.pl VC-MSDOS no-sock >ms/msdos.mak
 # perl util/mk1mf.pl VC-W31-32 >ms/w31.mak
-perl util/mk1mf.pl VC-W31-32 dll >ms/w31dll.mak
+perl util/mk1mf.pl VC-WIN16 dll >ms/w31dll.mak
 # perl util/mk1mf.pl VC-WIN32 >ms/nt.mak
 perl util/mk1mf.pl VC-WIN32 dll >ms/ntdll.mak
 
diff --git a/util/fixNT.sh b/util/fixNT.sh
index a4eee1b7f..ce4f19299 100755
--- a/util/fixNT.sh
+++ b/util/fixNT.sh
@@ -10,5 +10,5 @@ chmod +x Configure util/*
 echo cleaning
 /bin/rm -f `find . -name '*.$$$' -print` 2>/dev/null >/dev/null
 echo 'removing those damn ^M'
-perl -pi -e 's/\015//' * */* */*/* 2>/dev/null >/dev/null
+perl -pi -e 's/\015//' `find . -type 'f' -print |grep -v '.obj$' |grep -v '.der$' |grep -v '.gz'`
 make -f Makefile.ssl links
diff --git a/util/libeay.num b/util/libeay.num
index 04ad69c6a..fcaf25428 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -46,11 +46,9 @@ BF_options				45
 BF_set_key				46
 BIO_CONNECT_free			47
 BIO_CONNECT_new				48
-BIO_PROXY_free				49
-BIO_PROXY_new				50
 BIO_accept				51
 BIO_ctrl				52
-BIO_ctrl_int				53
+BIO_int_ctrl				53
 BIO_debug_callback			54
 BIO_dump				55
 BIO_dup_chain				56
@@ -65,7 +63,6 @@ BIO_fd_should_retry			64
 BIO_find_type				65
 BIO_free				66
 BIO_free_all				67
-BIO_get_accept				68
 BIO_get_accept_socket			69
 BIO_get_filter_bio			70
 BIO_get_host_ip				71
@@ -74,7 +71,6 @@ BIO_get_retry_BIO			73
 BIO_get_retry_reason			74
 BIO_gethostbyname			75
 BIO_gets				76
-BIO_nbio_sock_error			77
 BIO_new					78
 BIO_new_accept				79
 BIO_new_connect				80
@@ -91,12 +87,10 @@ BIO_s_accept				90
 BIO_s_connect				91
 BIO_s_fd				92
 BIO_s_file				93
-BIO_s_file_internal_w16			94
 BIO_s_mem				95
 BIO_s_null				96
 BIO_s_proxy_client			97
 BIO_s_socket				98
-BIO_s_socket				99
 BIO_set					100
 BIO_set_cipher				101
 BIO_set_tcp_ndelay			102
@@ -114,9 +108,9 @@ BN_MONT_CTX_new				113
 BN_MONT_CTX_set				114
 BN_add					115
 BN_add_word				116
-BN_ascii2bn				117
+BN_hex2bn				117
 BN_bin2bn				118
-BN_bn2ascii				119
+BN_bn2hex				119
 BN_bn2bin				120
 BN_clear				121
 BN_clear_bit				122
@@ -354,7 +348,7 @@ OBJ_add_object				353
 OBJ_bsearch				354
 OBJ_cleanup				355
 OBJ_cmp					356
-OBJ_create_and_add_object		357
+OBJ_create				357
 OBJ_dup					358
 OBJ_ln2nid				359
 OBJ_new_nid				360
@@ -703,8 +697,8 @@ asn1_Finish				702
 asn1_GetSequence			703
 bn_div64				704
 bn_expand2				705
-bn_mul_add_word				706
-bn_mul_word				707
+bn_mul_add_words			706
+bn_mul_words				707
 bn_qadd					708
 bn_qsub					709
 bn_sqr_words				710
@@ -773,7 +767,6 @@ d2i_X509_SIG				772
 d2i_X509_VAL				773
 d2i_X509_bio				774
 d2i_X509_fp				775
-des_3cbc_encrypt			776
 des_cbc_cksum				777
 des_cbc_encrypt				778
 des_cblock_print_file			779
@@ -919,11 +912,6 @@ PKCS7_content_free			918
 ERR_load_PKCS7_strings			919
 X509_find_by_issuer_and_serial		920
 X509_find_by_subject			921
-d2i_PKCS7_fp				922
-i2d_PKCS7_fp				923
-PKCS7_dup				924
-d2i_PKCS7_bio				925
-i2d_PKCS7_bio				926
 PKCS7_ctrl				927
 PKCS7_set_type				928
 PKCS7_set_content			929
@@ -945,11 +933,133 @@ PEM_write_bio_RSAPublicKey		944
 d2i_RSAPublicKey_bio			945
 i2d_RSAPublicKey_bio			946
 PEM_read_RSAPublicKey			947
-PEM_read_bio_RSAPublicKey		948
 PEM_write_RSAPublicKey			949
-PEM_write_bio_RSAPublicKey		950
-d2i_RSAPublicKey_bio			951
 d2i_RSAPublicKey_fp			952
-i2d_RSAPublicKey_bio			953
 i2d_RSAPublicKey_fp			954
 BIO_copy_next_retry			955
+RSA_flags				956
+X509_STORE_add_crl			957
+X509_load_crl_file			958
+EVP_rc2_40_cbc				959
+EVP_rc4_40				960
+EVP_CIPHER_CTX_init			961
+HMAC					962
+HMAC_Init				963
+HMAC_Update				964
+HMAC_Final				965
+ERR_get_next_error_library		966
+EVP_PKEY_cmp_parameters			967
+HMAC_cleanup				968
+BIO_ptr_ctrl				969
+BIO_new_file_internal			970
+BIO_new_fp_internal			971
+BIO_s_file_internal			972
+BN_BLINDING_convert			973
+BN_BLINDING_invert			974
+BN_BLINDING_update			975
+RSA_blinding_on				977
+RSA_blinding_off			978
+i2t_ASN1_OBJECT				979
+BN_BLINDING_new				980
+BN_BLINDING_free			981
+EVP_cast5_cbc				983
+EVP_cast5_cfb				984
+EVP_cast5_ecb				985
+EVP_cast5_ofb				986
+BF_decrypt				987
+CAST_set_key				988
+CAST_encrypt				989
+CAST_decrypt				990
+CAST_ecb_encrypt			991
+CAST_cbc_encrypt			992
+CAST_cfb64_encrypt			993
+CAST_ofb64_encrypt			994
+RC2_decrypt				995
+OBJ_create_objects			997
+BN_exp					998
+BN_mul_word				999
+BN_sub_word				1000
+BN_dec2bn				1001
+BN_bn2dec				1002
+BIO_ghbn_ctrl				1003
+CRYPTO_free_ex_data			1004
+CRYPTO_get_ex_data			1005
+CRYPTO_set_ex_data			1007
+ERR_load_CRYPTO_strings			1009
+ERR_load_CRYPTOlib_strings		1009
+EVP_PKEY_bits				1010
+MD5_Transform				1011
+SHA1_Transform				1012
+SHA_Transform				1013
+X509_STORE_CTX_get_chain		1014
+X509_STORE_CTX_get_current_cert		1015
+X509_STORE_CTX_get_error		1016
+X509_STORE_CTX_get_error_depth		1017
+X509_STORE_CTX_get_ex_data		1018
+X509_STORE_CTX_set_cert			1020
+X509_STORE_CTX_set_chain		1021
+X509_STORE_CTX_set_error		1022
+X509_STORE_CTX_set_ex_data		1023
+CRYPTO_dup_ex_data			1025
+CRYPTO_get_new_lockid			1026
+CRYPTO_new_ex_data			1027
+RSA_set_ex_data				1028
+RSA_get_ex_data				1029
+RSA_get_ex_new_index			1030
+RSA_padding_add_PKCS1_type_1		1031
+RSA_padding_add_PKCS1_type_2		1032
+RSA_padding_add_SSLv23			1033
+RSA_padding_add_none			1034
+RSA_padding_check_PKCS1_type_1		1035
+RSA_padding_check_PKCS1_type_2		1036
+RSA_padding_check_SSLv23		1037
+RSA_padding_check_none			1038
+bn_add_words				1039
+d2i_Netscape_RSA_2			1040
+CRYPTO_get_ex_new_index			1041
+RIPEMD160_Init				1042
+RIPEMD160_Update			1043
+RIPEMD160_Final				1044
+RIPEMD160				1045
+RIPEMD160_Transform			1046
+RC5_32_set_key				1047
+RC5_32_ecb_encrypt			1048
+RC5_32_encrypt				1049
+RC5_32_decrypt				1050
+RC5_32_cbc_encrypt			1051
+RC5_32_cfb64_encrypt			1052
+RC5_32_ofb64_encrypt			1053
+BN_bn2mpi				1058
+BN_mpi2bn				1059
+ASN1_BIT_STRING_get_bit			1060
+ASN1_BIT_STRING_set_bit			1061
+BIO_get_ex_data				1062
+BIO_get_ex_new_index			1063
+BIO_set_ex_data				1064
+X509_STORE_CTX_get_ex_new_index		1065
+X509v3_get_key_usage			1066
+X509v3_set_key_usage			1067
+a2i_X509v3_key_usage			1068
+i2a_X509v3_key_usage			1069
+EVP_PKEY_decrypt			1070
+EVP_PKEY_encrypt			1071
+PKCS7_RECIP_INFO_set			1072
+PKCS7_add_recipient			1073
+PKCS7_add_recipient_info		1074
+PKCS7_set_cipher			1075
+ASN1_TYPE_get_int_octetstring		1076
+ASN1_TYPE_get_octetstring		1077
+ASN1_TYPE_set_int_octetstring		1078
+ASN1_TYPE_set_octetstring		1079
+ASN1_UTCTIME_set_string			1080
+ERR_add_error_data			1081
+ERR_set_error_data			1082
+EVP_CIPHER_asn1_to_param		1083
+EVP_CIPHER_param_to_asn1		1084
+EVP_CIPHER_get_asn1_iv			1085
+EVP_CIPHER_set_asn1_iv			1086
+EVP_rc5_32_12_16_cbc			1087
+EVP_rc5_32_12_16_cfb			1088
+EVP_rc5_32_12_16_ecb			1089
+EVP_rc5_32_12_16_ofb			1090
+asn1_add_error				1091
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index ef0769289..6f0881a29 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -7,6 +7,8 @@
 
 $INSTALLTOP="/usr/local/ssl";
 
+$ssl_version="0.8.2";
+
 $infile="MINFO";
 
 %ops=(
@@ -18,6 +20,7 @@ $infile="MINFO";
 	"BC-NT",   "Borland C++ 4.5 - Windows NT  - PROBABLY NOT WORKING",
 	"BC-W31",  "Borland C++ 4.5 - Windows 3.1 - PROBABLY NOT WORKING",
 	"BC-MSDOS","Borland C++ 4.5 - MSDOS",
+	"linux-elf","Linux elf",
 	"FreeBSD","FreeBSD distribution",
 	"default","cc under unix",
 	);
@@ -27,15 +30,18 @@ foreach (@ARGV)
 	{
 	if    (/^no-rc2$/)	{ $no_rc2=1; }
 	elsif (/^no-rc4$/)	{ $no_rc4=1; }
+	elsif (/^no-rc5$/)	{ $no_rc5=1; }
 	elsif (/^no-idea$/)	{ $no_idea=1; }
 	elsif (/^no-des$/)	{ $no_des=1; }
 	elsif (/^no-bf$/)	{ $no_bf=1; }
+	elsif (/^no-cast$/)	{ $no_cast=1; }
 	elsif (/^no-md2$/)  	{ $no_md2=1; }
 	elsif (/^no-md5$/)	{ $no_md5=1; }
 	elsif (/^no-sha$/)	{ $no_sha=1; }
 	elsif (/^no-sha1$/)	{ $no_sha1=1; }
+	elsif (/^no-rmd160$/)	{ $no_rmd160=1; }
 	elsif (/^no-mdc2$/)	{ $no_mdc2=1; }
-	elsif (/^no-patents$/)	{ $no_rc2=$no_rc4=$no_idea=$no_sha1=$no_rsa=1; }
+	elsif (/^no-patents$/)	{ $no_rc2=$no_rc4=$no_rc5=$no_idea=$no_rsa=1; }
 	elsif (/^no-rsa$/)	{ $no_rsa=1; }
 	elsif (/^no-dsa$/)	{ $no_dsa=1; }
 	elsif (/^no-dh$/)	{ $no_dh=1; }
@@ -45,6 +51,10 @@ foreach (@ARGV)
 	elsif (/^no-err$/)	{ $no_err=1; }
 	elsif (/^no-sock$/)	{ $no_sock=1; }
 
+	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+				  $no_ssl2=$no_err=1; }
+
 	elsif (/^rsaref$/)	{ $rsaref=1; }
 	elsif (/^gcc$/)		{ $gcc=1; }
 	elsif (/^debug$/)	{ $debug=1; }
@@ -65,8 +75,9 @@ foreach (@ARGV)
 				{ printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
 			print STDERR <<"EOF";
 and [options] can be one of
-	no-md2 no-md5 no-sha no-sha1 no-mdc2	- Skip this digest
-	no-rc2 no-rc4 no-idea no-des no-bf	- Skip this symetriccipher
+	no-md2 no-md5 no-sha no-sha1 no-mdc2 no-rmd160 - Skip this digest
+	no-rc2 no-rc4 no-idea no-des no-bf no-cast - Skip this symetric cipher
+	no-rc5
 	no-rsa no-dsa no-dh			- Skip this public key cipher
 	no-ssl2 no-ssl3				- Skip this version of SSL
 	just-ssl				- remove all non-ssl keys/digest
@@ -79,7 +90,7 @@ and [options] can be one of
 	rsaref					- Build to require RSAref
 
 Values that can be set
-TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath CC=C-compiler
+TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
 
 -L<ex_lib_path> -l<ex_lib>			- extra library flags (unix)
 -<ex_cc_flags>					- extra 'cc' flags,
@@ -99,16 +110,21 @@ $no_ssl3=1 if ($no_rsa && $no_dh);
 $no_ssl2=1 if ($no_md5 || $no_rsa);
 $no_ssl2=1 if ($no_rsa);
 
-$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
-$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
-$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:'out';
-$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:'tmp';
-$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
+$out_def="out";
+$inc_def="outinc";
+$tmp_def="tmp";
+
 
 ($ssl,$crypto)=("ssl","crypto");
 $RSAglue="RSAglue";
 $ranlib="echo ranlib";
 
+$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
+$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
+$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
+
+# $bin_dir.=$o causes a core dump on my sparc :-(
+
 push(@INC,"util/pl","pl");
 if ($type eq "VC-MSDOS")
 	{
@@ -159,6 +175,12 @@ elsif ($type eq "FreeBSD")
 	require 'unix.pl';
 	$cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
 	}
+elsif ($type eq "linux-elf")
+	{
+	require "unix.pl";
+	require "linux.pl";
+	$unix=1;
+	}
 else
 	{
 	require "unix.pl";
@@ -167,18 +189,24 @@ else
 	$cflags.=' -DTERMIO';
 	}
 
-# $bin_dir.=$o causes a core dump on my sparc :-(
+$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
+$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
+$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
+
 $bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
 
 $cflags.=" -DNO_IDEA" if $no_idea;
 $cflags.=" -DNO_RC2"  if $no_rc2;
 $cflags.=" -DNO_RC4"  if $no_rc4;
+$cflags.=" -DNO_RC5"  if $no_rc5;
 $cflags.=" -DNO_MD2"  if $no_md2;
 $cflags.=" -DNO_MD5"  if $no_md5;
 $cflags.=" -DNO_SHA"  if $no_sha;
 $cflags.=" -DNO_SHA1" if $no_sha1;
+$cflags.=" -DNO_RMD160" if $no_rmd160;
 $cflags.=" -DNO_MDC2" if $no_mdc2;
 $cflags.=" -DNO_BLOWFISH"  if $no_bf;
+$cflags.=" -DNO_CAST" if $no_cast;
 $cflags.=" -DNO_DES"  if $no_des;
 $cflags.=" -DNO_RSA"  if $no_rsa;
 $cflags.=" -DNO_DSA"  if $no_dsa;
@@ -234,6 +262,7 @@ CC=$bin_dir${cc}
 CFLAG=$cflags
 APP_CFLAG=$app_cflag
 LIB_CFLAG=$lib_cflag
+SHLIB_CFLAG=$shl_cflag
 APP_EX_OBJ=$app_ex_obj
 SHLIB_EX_OBJ=$shlib_ex_obj
 # add extra libraries to this define, for solaris -lsocket -lnsl would
@@ -254,11 +283,25 @@ DES_CRYPT_OBJ=$des_crypt_obj
 DES_CRYPT_SRC=$des_crypt_src
 BF_ENC_OBJ=$bf_enc_obj
 BF_ENC_SRC=$bf_enc_src
+CAST_ENC_OBJ=$cast_enc_obj
+CAST_ENC_SRC=$cast_enc_src
+RC4_ENC_OBJ=$rc4_enc_obj
+RC4_ENC_SRC=$rc4_enc_src
+RC5_ENC_OBJ=$rc5_enc_obj
+RC5_ENC_SRC=$rc5_enc_src
+MD5_ASM_OBJ=$md5_asm_obj
+MD5_ASM_SRC=$md5_asm_src
+SHA1_ASM_OBJ=$sha1_asm_obj
+SHA1_ASM_SRC=$sha1_asm_src
+RMD160_ASM_OBJ=$rmd160_asm_obj
+RMD160_ASM_SRC=$rmd160_asm_src
 
 # The output directory for everything intersting
 OUT_D=$out_dir
 # The output directory for all the temporary muck
 TMP_D=$tmp_dir
+# The output directory for the header files
+INC_D=$inc_dir
 
 CP=$cp
 RM=$rm
@@ -280,11 +323,9 @@ RSAGLUE=$RSAglue
 # BIN_D  - Binary output directory
 # TEST_D - Binary test file output directory
 # LIB_D  - library output directory
-# INC_D  - include directory
 BIN_D=\$(OUT_D)
 TEST_D=\$(OUT_D)
 LIB_D=\$(OUT_D)
-INC_D=\$(OUT_D)
 
 # INCL_D - local library directory
 # OBJ_D  - temp object file directory
@@ -294,8 +335,10 @@ INCL_D=\$(TMP_D)
 O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
 O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
 O_RSAGLUE= \$(LIB_D)$o$plib\$(RSAGLUE)$libp
-L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
-L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
+SO_SSL=    $plib\$(SSL)$so_shlibp
+SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
+L_SSL=     \$(LIB_D)$o\$(SSL)$libp
+L_CRYPTO=  \$(LIB_D)$o\$(CRYPTO)$libp
 
 L_LIBS= \$(L_SSL) \$(L_CRYPTO)
 #L_LIBS= \$(O_SSL) \$(O_RSAGLUE) -lrsaref \$(O_CRYPTO)
@@ -304,26 +347,36 @@ L_LIBS= \$(L_SSL) \$(L_CRYPTO)
 # Don't touch anything below this point
 ######################################################
 
-INC=-DFLAT_INC -I\$(INC_D) -I\$(INCL_D)
+INC=-I\$(INC_D) -I\$(INCL_D)
 APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
 LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
+SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
 LIBS_DEP=\$(O_CRYPTO) \$(O_RSAGLUE) \$(O_SSL)
 
 #############################################
 EOF
 
 $rules=<<"EOF";
-all: banner \$(OUT_D) \$(TMP_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INC_D) headers lib exe
 
 banner:
 $banner
 
-\$(OUT_D):
-	\$(MKDIR) \$(OUT_D)
-
 \$(TMP_D):
 	\$(MKDIR) \$(TMP_D)
 
+\$(BIN_D):
+	\$(MKDIR) \$(BIN_D)
+
+\$(TEST_D):
+	\$(MKDIR) \$(TEST_D)
+
+\$(LIB_D):
+	\$(MKDIR) \$(LIB_D)
+
+\$(INC_D):
+	\$(MKDIR) \$(INC_D)
+
 headers: \$(HEADER) \$(EXHEADER)
 
 lib: \$(LIBS_DEP)
@@ -335,10 +388,10 @@ install:
 	\$(MKDIR) \$(INSTALLTOP)${o}bin
 	\$(MKDIR) \$(INSTALLTOP)${o}include
 	\$(MKDIR) \$(INSTALLTOP)${o}lib
-	\$(CP) \$(INC_D)${o}*.h \$(INSTALLTOP)${o}include
+	\$(CP) \$(INC_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include
 	\$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin
-	\$(CP) \$(LIB_D)$o\$(O_SSL) \$(INSTALLTOP)${o}lib
-	\$(CP) \$(LIB_D)$o\$(O_CRYPTO) \$(INSTALLTOP)${o}lib
+	\$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib
+	\$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib
 
 clean:
 	\$(RM) \$(TMP_D)$o*.*
@@ -427,6 +480,9 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
 foreach (values %lib_nam)
 	{
 	$lib_obj=$lib_obj{$_};
+	local($slib)=$shlib;
+
+	$slib=0 if ($_ eq "RSAGLUE");
 
 	if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
 		{
@@ -442,22 +498,53 @@ foreach (values %lib_nam)
 
 	if (($bn_mulw_obj ne "") && ($_ eq "CRYPTO"))
 		{
-		$lib_obj =~ s/\S*bn_mulw\S*/\$(BN_MULW_OBJ)/;
+		$lib_obj =~ s/\s\S*\/bn_mulw\S*/ \$(BN_MULW_OBJ)/;
 		$rules.=&do_asm_rule($bn_mulw_obj,$bn_mulw_src);
 		}
 	if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
 		{
-		$lib_obj =~ s/\S*des_enc\S*/\$(DES_ENC_OBJ)/;
-		$lib_obj =~ s/\S*fcrypt_b\S*\s*//;
+		$lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
+		$lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
 		$rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
 		}
 	if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
 		{
-		$lib_obj =~ s/\S*bf_enc\S*/\$(BF_ENC_OBJ)/;
+		$lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/;
 		$rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src);
 		}
+	if (($cast_enc_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/;
+		$rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src);
+		}
+	if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/;
+		$rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src);
+		}
+	if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/;
+		$rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src);
+		}
+	if (($md5_asm_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
+		$rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
+		}
+	if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
+		$rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
+		}
+	if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
+		$rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
+		}
 	$defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
-	$rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},"\$(LIB_CFLAGS)");
+	$lib=($slib)?" \$(SHLIB_CFLAGS)":" \$(LIB_CFLAGS)";
+	$rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
 	}
 
 $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
@@ -468,10 +555,10 @@ foreach (split(/\s+/,$test))
 	$rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
 	}
 
-$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib);
-$rules.= &do_lib_rule("\$(RSAGLUEOBJ)","\$(O_RSAGLUE)",$RSAglue,0)
+$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
+$rules.= &do_lib_rule("\$(RSAGLUEOBJ)","\$(O_RSAGLUE)",$RSAglue,0,"")
 	unless $no_rsa;
-$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib);
+$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
 
 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
 
@@ -491,6 +578,7 @@ sub var_add
 	return("") if $no_idea && $dir =~ /\/idea/;
 	return("") if $no_rc2  && $dir =~ /\/rc2/;
 	return("") if $no_rc4  && $dir =~ /\/rc4/;
+	return("") if $no_rc5  && $dir =~ /\/rc5/;
 	return("") if $no_rsa  && $dir =~ /\/rsa/;
 	return("") if $no_rsa  && $dir =~ /^rsaref/;
 	return("") if $no_dsa  && $dir =~ /\/dsa/;
@@ -505,6 +593,7 @@ sub var_add
 	return("") if $no_mdc2 && $dir =~ /\/mdc2/;
 	return("") if $no_sock && $dir =~ /\/proxy/;
 	return("") if $no_bf   && $dir =~ /\/bf/;
+	return("") if $no_cast && $dir =~ /\/cast/;
 
 	$val =~ s/^\s*(.*)\s*$/$1/;
 	@a=split(/\s+/,$val);
@@ -514,7 +603,9 @@ sub var_add
 	@a=grep(!/^e_.*_d$/,@a) if $no_des;
 	@a=grep(!/^e_.*_i$/,@a) if $no_idea;
 	@a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
+	@a=grep(!/^e_.*_r5$/,@a) if $no_rc5;
 	@a=grep(!/^e_.*_bf$/,@a) if $no_bf;
+	@a=grep(!/^e_.*_c$/,@a) if $no_cast;
 	@a=grep(!/^e_rc4$/,@a) if $no_rc4;
 
 	@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
@@ -567,7 +658,7 @@ sub clean_up_ws
 sub do_defs
 	{
 	local($var,$files,$location,$postfix)=@_;
-	local($_,$ret);
+	local($_,$ret,$pf);
 	local(*OUT,$tmp,$t);
 
 	$files =~ s/\//$o/g if $o ne '/';
@@ -576,19 +667,26 @@ sub do_defs
 	$Vars{$var}.="";
 	foreach (split(/ /,$files))
 		{
+		$orig=$_;
 		$_=&bname($_) unless /^\$/;
 		if ($n++ == 2)
 			{
 			$n=0;
 			$ret.="\\\n\t";
 			}
-		if ($_ =~ /BN_MULW/)
-			{ $t="$_ "; }
-		elsif ($_ =~ /DES_ENC/)
-			{ $t="$_ "; }
-		elsif ($_ =~ /BF_ENC/)
-			{ $t="$_ "; }
-		else	{ $t="$location${o}$_$postfix "; }
+		if (($_ =~ /bss_file/) && ($postfix eq ".h"))
+			{ $pf=".c"; }
+		else	{ $pf=$postfix; }
+		if ($_ =~ /BN_MULW/)	{ $t="$_ "; }
+		elsif ($_ =~ /DES_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /BF_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
+		elsif ($_ =~ /RC4_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /RC5_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /MD5_ASM/)	{ $t="$_ "; }
+		elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
+		elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
+		else	{ $t="$location${o}$_$pf "; }
 
 		$Vars{$var}.="$t ";
 		$ret.=$t;
@@ -610,13 +708,16 @@ sub bname
 sub do_copy_rule
 	{
 	local($to,$files,$p)=@_;
-	local($ret,$_,$n);
+	local($ret,$_,$n,$pp);
 	
 	$files =~ s/\//$o/g if $o ne '/';
 	foreach (split(/\s+/,$files))
 		{
 		$n=&bname($_);
-		$ret.="$to${o}$n$p: \$(SRC_D)$o$_$p\n\t\$(CP) \$(SRC_D)$o$_$p $to${o}$n$p\n\n";
+		if ($n =~ /bss_file/)
+			{ $pp=".c"; }
+		else	{ $pp=$p; }
+		$ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n";
 		}
 	return($ret);
 	}
diff --git a/util/mkdef.pl b/util/mkdef.pl
index fa683330e..b8e99f012 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -33,12 +33,15 @@ $crypto ="crypto/crypto.h";
 $crypto.=" crypto/des/des.h";
 $crypto.=" crypto/idea/idea.h";
 $crypto.=" crypto/rc4/rc4.h";
+$crypto.=" crypto/rc5/rc5.h";
 $crypto.=" crypto/rc2/rc2.h";
 $crypto.=" crypto/bf/blowfish.h";
-$crypto.=" crypto/md/md2.h";
-$crypto.=" crypto/md/md5.h";
+$crypto.=" crypto/cast/cast.h";
+$crypto.=" crypto/md2/md2.h";
+$crypto.=" crypto/md5/md5.h";
 $crypto.=" crypto/mdc2/mdc2.h";
 $crypto.=" crypto/sha/sha.h";
+$crypto.=" crypto/ripemd/ripemd.h";
 
 $crypto.=" crypto/bn/bn.h";
 $crypto.=" crypto/rsa/rsa.h";
@@ -63,6 +66,7 @@ $crypto.=" crypto/pkcs7/pkcs7.h";
 $crypto.=" crypto/x509/x509.h";
 $crypto.=" crypto/x509/x509_vfy.h";
 $crypto.=" crypto/rand/rand.h";
+$crypto.=" crypto/hmac/hmac.h";
 
 $match{'NOPROTO'}=1;
 $match2{'PERL5'}=1;
@@ -97,42 +101,45 @@ sub do_defs
 			}
 		foreach (split("\n",$a))
 			{
-			if (/^\#ifndef (.*)/)
+			if (/^\#\s*ifndef (.*)/)
 				{
 				push(@tag,$1);
 				$tag{$1}=-1;
 				next;
 				}
-			elsif (/^\#if !defined\(([^\)]+)\)/)
+			elsif (/^\#\s*if !defined\(([^\)]+)\)/)
 				{
 				push(@tag,$1);
 				$tag{$1}=-1;
 				next;
 				}
-			elsif (/^\#ifdef (.*)/)
+			elsif (/^\#\s*ifdef (.*)/)
 				{
 				push(@tag,$1);
 				$tag{$1}=1;
 				next;
 				}
-			elsif (/^\#if (.*)/)
+			elsif (/^\#\s*if defined(.*)/)
 				{
 				push(@tag,$1);
 				$tag{$1}=1;
 				next;
 				}
-			elsif (/^\#endif/)
+			elsif (/^\#\s*endif/)
 				{
 				$tag{$tag[$#tag]}=0;
 				pop(@tag);
 				next;
 				}
-			elsif (/^\#else/)
+			elsif (/^\#\s*else/)
 				{
 				$t=$tag[$#tag];
 				$tag{$t}= -$tag{$t};
 				next;
 				}
+#printf STDERR "$_\n%2d %2d %2d %2d %2d $NT\n",
+#$tag{'NOPROTO'},$tag{'FreeBSD'},$tag{'WIN16'},$tag{'PERL5'},$tag{'NO_FP_API'};
+
 			$t=undef;
 			if (/^extern .*;$/)
 				{ $t=&do_extern($name,$_); }
@@ -140,12 +147,20 @@ sub do_defs
 				($tag{'FreeBSD'} != 1) &&
 				(($NT && ($tag{'WIN16'} != 1)) ||
 				 (!$NT && ($tag{'WIN16'} != -1))) &&
-				($tag{'PERL5'} != 1))
+				($tag{'PERL5'} != 1) &&
+#				($tag{'_WINDLL'} != -1) &&
+				((!$NT && $tag{'_WINDLL'} != -1) ||
+				 ($NT && $tag{'_WINDLL'} != 1)) &&
+				((($tag{'NO_FP_API'} != 1) && $NT) ||
+				 (($tag{'NO_FP_API'} != -1) && !$NT)))
 				{ $t=&do_line($name,$_); }
+			else
+				{ $t=undef; }
 			if (($t ne undef) && (!$done{$name,$t}))
 				{
 				$done{$name,$t}++;
 				push(@ret,$t);
+#printf STDERR "one:$t\n" if $t =~ /BIO_/;
 				}
 			}
 		close(IN);
@@ -160,6 +175,7 @@ sub do_line
 
 	return(undef) if /^$/;
 	return(undef) if /^\s/;
+#printf STDERR "two:$_\n" if $_ =~ /BIO_/;
 	if (/(CRYPTO_get_locking_callback)/)
 		{ return($1); }
 	elsif (/(CRYPTO_get_id_callback)/)
@@ -168,6 +184,22 @@ sub do_line
 		{ return($1); }
 	elsif (/(SSL_CTX_get_verify_callback)/)
 		{ return($1); }
+	elsif (/(SSL_get_info_callback)/)
+		{ return($1); }
+	elsif ((!$NT) && /(ERR_load_CRYPTO_strings)/)
+		{ return("ERR_load_CRYPTOlib_strings"); }
+	elsif (!$NT && /BIO_s_file/)
+		{ return(undef); }
+	elsif (!$NT && /BIO_new_file/)
+		{ return(undef); }
+	elsif (!$NT && /BIO_new_fp/)
+		{ return(undef); }
+	elsif ($NT && /BIO_s_file_internal/)
+		{ return(undef); }
+	elsif ($NT && /BIO_new_file_internal/)
+		{ return(undef); }
+	elsif ($NT && /BIO_new_fp_internal/)
+		{ return(undef); }
 	else
 		{
 		/\s\**(\S+)\s*\(/;
diff --git a/util/pl/BC-16.pl b/util/pl/BC-16.pl
index 133fe7fdf..99128809c 100644
--- a/util/pl/BC-16.pl
+++ b/util/pl/BC-16.pl
@@ -21,7 +21,7 @@ $lflags="$base_lflags";
 if ($win16)
 	{
 	$shlib=1;
-	$cflags.=" -DWIN16";
+	$cflags.=" -DWINDOWS -DWIN16";
 	$app_cflag="-W";
 	$lib_cflag="-WD";
 	$lflags.="/Twe";
diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl
index 84262a895..988512175 100644
--- a/util/pl/BC-32.pl
+++ b/util/pl/BC-32.pl
@@ -18,7 +18,7 @@ $cflags="-d $op -DL_ENDIAN ";
 $base_lflags="-c";
 $lflags="$base_lflags";
 
-$cflags.=" -DWIN32";
+$cflags.=" -DWINDOWS -DWIN32";
 $app_cflag="-WC";
 $lib_cflag="-WC";
 $lflags.=" -Tpe";
diff --git a/util/pl/VC-16.pl b/util/pl/VC-16.pl
index ea3e5932f..8119f50c2 100644
--- a/util/pl/VC-16.pl
+++ b/util/pl/VC-16.pl
@@ -13,6 +13,10 @@ $rm='del';
 # C compiler stuff
 $cc='cl';
 
+$out_def="out16";
+$tmp_def="tmp16";
+$inc_def="inc16";
+
 if ($debug)
 	{
 	$op="/Od /Zi /Zd";
@@ -30,11 +34,12 @@ $lflags="$base_lflags /STACK:20000";
 
 if ($win16)
 	{
-	$cflags.=" -DWIN16";
+	$cflags.=" -DWINDOWS -DWIN16";
 	$app_cflag="/Gw /FPi87";
 	$lib_cflag="/Gw";
+	$lib_cflag.=" -D_WINDLL -D_DLL" if $shlib;
 	$lib_cflag.=" -DWIN16TTY" if !$shlib;
-	$lflags.=" /ALIGN:16";
+	$lflags.=" /ALIGN:256";
 	$ex_libs.="oldnames llibcewq libw";
 	}
 else
@@ -51,6 +56,8 @@ if ($shlib)
 	$libs="oldnames ldllcew libw";
 	$shlib_ex_obj="";
 #	$no_asm=1;
+	$out_def="out16dll";
+	$tmp_def="tmp16dll";
 	}
 else
 	{ $mlflags=''; }
@@ -106,6 +113,7 @@ sub do_lib_rule
 	$taget =~ s/\//$o/g if $o ne '/';
 	($Name=$name) =~ tr/a-z/A-Z/;
 
+#	$target="\$(LIB_D)$o$target";
 	$ret.="$target: $objs\n";
 #	$ret.="\t\$(RM) \$(O_$Name)\n";
 
@@ -126,7 +134,7 @@ sub do_lib_rule
 		}
 	else
 		{
-		local($ex)=($target eq '$(O_SSL)')?'$(L_CRYPTO)':"";
+		local($ex)=($target =~ /O_SSL/)?'$(L_CRYPTO)':"";
 		$ex.=' winsock';
 		$ret.="\t\$(LINK) \$(MLFLAGS) @<<\n";
 		$ret.=$dll_names;
diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl
index 12bc58e51..4e369f6f1 100644
--- a/util/pl/VC-32.pl
+++ b/util/pl/VC-32.pl
@@ -12,15 +12,21 @@ $rm='del';
 
 # C compiler stuff
 $cc='cl';
-$cflags='/W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN';
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN';
 $lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
 $mlflags='';
+
+$out_def="out32";
+$tmp_def="tmp32";
+$inc_def="inc32";
+
 if ($debug)
 	{
-	$cflags="/W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN";
+	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWINDOWS -DWIN32 -D_DEBUG -DL_ENDIAN";
 	$lflags.=" /debug";
 	$mlflags.=' /debug';
 	}
+
 $obj='.obj';
 $ofile="/Fo";
 
@@ -44,6 +50,7 @@ $shlib_ex_obj="";
 $app_ex_obj="setargv.obj";
 
 $asm='ml /Cp /coff /c /Cx';
+$asm.=" /Zi" if $debug;
 $afile='/Fo';
 
 $bn_mulw_obj='';
@@ -55,20 +62,34 @@ $bf_enc_src='';
 
 if (!$no_asm)
 	{
-	$bn_mulw_obj='crypto\bn\asm\x86nt32.obj';
-	$bn_mulw_src='crypto\bn\asm\x86nt32.asm';
-	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\c-win32.obj';
-	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\c-win32.asm';
+	$bn_mulw_obj='crypto\bn\asm\bn-win32.obj';
+	$bn_mulw_src='crypto\bn\asm\bn-win32.asm';
+	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
+	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
 	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
 	$bf_enc_src='crypto\bf\asm\b-win32.asm';
+	$cast_enc_obj='crypto\cast\asm\c-win32.obj';
+	$cast_enc_src='crypto\cast\asm\c-win32.asm';
+	$rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
+	$rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
+	$rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
+	$rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
+	$md5_asm_obj='crypto\md5\asm\m5-win32.obj';
+	$md5_asm_src='crypto\md5\asm\m5-win32.asm';
+	$sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
+	$sha1_asm_src='crypto\sha\asm\s1-win32.asm';
+	$rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
+	$rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
+	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
 	}
 
 if ($shlib)
 	{
 	$mlflags.=" $lflags /dll";
-	$cflags.=" /MD";
-	$cflags.="d" if ($debug);
-	$lib_cflag=" /GD";
+#	$cflags =~ s| /MD| /MT|;
+	$lib_cflag=" /GD -D_WINDLL -D_DLL";
+	$out_def="out32dll";
+	$tmp_def="tmp32dll";
 	}
 
 sub do_lib_rule
@@ -79,6 +100,7 @@ sub do_lib_rule
 	$taget =~ s/\//$o/g if $o ne '/';
 	($Name=$name) =~ tr/a-z/A-Z/;
 
+#	$target="\$(LIB_D)$o$target";
 	$ret.="$target: $objs\n";
 	if (!$shlib)
 		{
@@ -87,7 +109,7 @@ sub do_lib_rule
 		}
 	else
 		{
-		local($ex)=($target eq '$(O_SSL)')?' $(L_CRYPTO)':'';
+		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
 		$ex.=' wsock32.lib gdi32.lib';
 		$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
 		}
diff --git a/util/pl/unix.pl b/util/pl/unix.pl
index 4c0c91a67..36311711c 100644
--- a/util/pl/unix.pl
+++ b/util/pl/unix.pl
@@ -59,6 +59,7 @@ sub do_lib_rule
 	local($ret,$_,$Name);
 
 	$target =~ s/\//$o/g if $o ne '/';
+	$target="\$(LIB_D)$o$target";
 	($Name=$name) =~ tr/a-z/A-Z/;
 
 	$ret.="$target: \$(${Name}OBJ)\n";
diff --git a/util/sp-diff.pl b/util/sp-diff.pl
index fbea9717e..f81e50201 100755
--- a/util/sp-diff.pl
+++ b/util/sp-diff.pl
@@ -12,7 +12,7 @@
 
 $line=0;
 foreach $a ("md2","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
-	"idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc")
+	"idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc")
 	{
 	if (defined($one{$a,8}) && defined($two{$a,8}))
 		{
diff --git a/util/speed.sh b/util/speed.sh
index e44f20c8a..f48970619 100755
--- a/util/speed.sh
+++ b/util/speed.sh
@@ -18,7 +18,7 @@ apps/ssleay version -v -b -f >speed.1
 apps/ssleay speed >speed.1l
 
 perl Configure bl-4c-2c
-/bin/rm -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md/md2_dgst.o
+/bin/rm -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md2/md2_dgst.o
 make
 apps/ssleay speed rc4 rsa md2 >speed.2l
 
diff --git a/util/ssleay.num b/util/ssleay.num
index 592de9bb0..359fa15df 100755
--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -15,9 +15,7 @@ SSL_CTX_set_cert_verify_cb		14
 SSL_CTX_set_cipher_list			15
 SSL_CTX_set_client_CA_list		16
 SSL_CTX_set_default_passwd_cb		17
-SSL_CTX_set_dh_params			18
 SSL_CTX_set_ssl_version			19
-SSL_CTX_set_tmp_rsa			20
 SSL_CTX_set_verify			21
 SSL_CTX_use_PrivateKey			22
 SSL_CTX_use_PrivateKey_ASN1		23
@@ -47,11 +45,7 @@ SSL_dup					46
 SSL_dup_CA_list				47
 SSL_free				48
 SSL_get_certificate			49
-#SSL_get_cipher				50
-#SSL_get_cipher_bits			51
 SSL_get_cipher_list			52
-#SSL_get_cipher_name			53
-#SSL_get_cipher_version			54
 SSL_get_ciphers				55
 SSL_get_client_CA_list			56
 SSL_get_default_timeout			57
@@ -59,13 +53,10 @@ SSL_get_error				58
 SSL_get_fd				59
 SSL_get_peer_cert_chain			60
 SSL_get_peer_certificate		61
-SSL_get_privatekey			62
 SSL_get_rbio				63
 SSL_get_read_ahead			64
 SSL_get_shared_ciphers			65
 SSL_get_ssl_method			66
-SSL_get_time				67
-SSL_get_timeout				68
 SSL_get_verify_callback			69
 SSL_get_verify_mode			70
 SSL_get_version				71
@@ -89,8 +80,6 @@ SSL_set_read_ahead			88
 SSL_set_rfd				89
 SSL_set_session				90
 SSL_set_ssl_method			91
-SSL_set_time				92
-SSL_set_timeout				93
 SSL_set_verify				94
 SSL_set_wfd				95
 SSL_shutdown				96
@@ -129,3 +118,39 @@ SSL_CIPHER_get_bits			128
 SSL_CIPHER_get_version			129
 SSL_CIPHER_get_name			130
 BIO_ssl_shutdown			131
+SSL_SESSION_cmp				132
+SSL_SESSION_hash			133
+SSL_SESSION_get_time			134
+SSL_SESSION_set_time			135
+SSL_SESSION_get_timeout			136
+SSL_SESSION_set_timeout			137
+SSL_CTX_get_ex_data			138
+SSL_CTX_get_quiet_shutdown		140
+SSL_CTX_load_verify_locations		141
+SSL_CTX_set_default_verify_paths	142
+SSL_CTX_set_ex_data			143
+SSL_CTX_set_quiet_shutdown		145
+SSL_SESSION_get_ex_data			146
+SSL_SESSION_set_ex_data			148
+SSL_get_SSL_CTX				150
+SSL_get_ex_data				151
+SSL_get_quiet_shutdown			153
+SSL_get_session				154
+SSL_get_shutdown			155
+SSL_get_verify_result			157
+SSL_set_ex_data				158
+SSL_set_info_callback			160
+SSL_set_quiet_shutdown			161
+SSL_set_shutdown			162
+SSL_set_verify_result			163
+SSL_version				164
+SSL_get_info_callback			165
+SSL_state				166
+SSL_CTX_get_ex_new_index		167
+SSL_SESSION_get_ex_new_index		168
+SSL_get_ex_new_index			169
+TLSv1_method				170
+TLSv1_server_method			171
+TLSv1_client_method			172
+BIO_new_buffer_ssl_connect		173
+BIO_new_ssl_connect			174
diff --git a/util/up_ver.pl b/util/up_ver.pl
index c2fc7c313..e4a13bf09 100755
--- a/util/up_ver.pl
+++ b/util/up_ver.pl
@@ -4,18 +4,22 @@
 #
 
 @files=(
+	"crypto/crypto.h",
 	"crypto/des/ecb_enc.c",
 	"crypto/idea/i_ecb.c",
 	"crypto/lhash/lhash.c",
 	"crypto/conf/conf.c",
-	"crypto/md/md2_dgst.c",
-	"crypto/md/md5_dgst.c",
+	"crypto/md2/md2_dgst.c",
+	"crypto/md5/md5_dgst.c",
+	"crypto/ripemd/rmd_dgst.c",
 	"crypto/pem/pem_lib.c",
 	"crypto/bn/bn_lib.c",
 	"crypto/dh/dh_lib.c",
-	"crypto/rc4/rc4_enc.org",
 	"crypto/rc2/rc2_ecb.c",
+	"crypto/rc4/rc4_skey.c",
+	"crypto/rc5/rc5_ecb.c",
 	"crypto/bf/bf_ecb.c",
+	"crypto/cast/c_ecb.c",
 	"crypto/rsa/rsa_lib.c",
 	"crypto/dsa/dsa_lib.c",
 	"crypto/sha/sha1dgst.c",
@@ -30,6 +34,7 @@
 	"ssl/ssl_lib.c",
 	"ssl/s2_lib.c",
 	"ssl/s3_lib.c",
+	"ssl/t1_lib.c",
 	"README",
 	);
 
@@ -40,6 +45,9 @@ $time=sprintf("%02d-%s-%04d",$a[3],$month[$a[4]],$a[5]+1900);
 
 $ver=$ARGV[0];
 ($ver ne "") || die "no version number specified\n";
+($a,$b,$c,$d)=unpack('axaxac',$ver);
+$d=defined($d)?$d-96:0;
+$xver=sprintf("%x%x%x%x",$a,$b,$c,$d);
 
 foreach $file (@files)
 	{
@@ -51,7 +59,8 @@ foreach $file (@files)
 
 	while (<IN>)
 		{
-		if (s/SSLeay \d\.\d.\d[^"]*(\"|\s)/SSLeay $ver $time\1/)
+		if ((s/SSLeay \d\.\d.\d[^"]*(\"|\s)/SSLeay $ver $time\1/) ||
+			s/^(\#define\s+SSLEAY_VERSION_NUMBER\s+0x)[0-9a-zA-Z]+(.*)$/$1$xver$2/)
 			{
 			print STDERR " Done";
 			$found++;