This commit was generated by cvs2svn to compensate for changes in r167612,

which included commits to RCS files with non-trunk default branches.
2007-03-15 20:03:30 +00:00 · 2007-03-15 20:03:30 +00:00 · 03b688114f
commit 03b688114f
parent 4beb77e673 5471f83ea7
192 changed files with 4079 additions and 783 deletions
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@ -2,6 +2,47 @@
 OpenSSL CHANGES
 _______________
 Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
     a ciphersuite string such as "DEFAULT:RSA" cannot enable
     authentication-only ciphersuites.
     [Bodo Moeller]
  *) Since AES128 and AES256 (and similarly Camellia128 and
     Camellia256) share a single mask bit in the logic of
     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
     kludge to work properly if AES128 is available and AES256 isn't
     (or if Camellia128 is available and Camellia256 isn't).
     [Victor Duchovni]
  *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c
     (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):
     When a point or a seed is encoded in a BIT STRING, we need to
     prevent the removal of trailing zero bits to get the proper DER
     encoding.  (By default, crypto/asn1/a_bitstr.c assumes the case
     of a NamedBitList, for which trailing 0 bits need to be removed.)
     [Bodo Moeller]
  *) Have SSL/TLS server implementation tolerate "mismatched" record
     protocol version while receiving ClientHello even if the
     ClientHello is fragmented.  (The server can't insist on the
     particular protocol version it has chosen before the ServerHello
     message has informed the client about his choice.)
     [Bodo Moeller]
  *) Add RFC 3779 support.
     [Rob Austein for ARIN, Ben Laurie]
  *) Load error codes if they are not already present instead of using a
     static variable. This allows them to be cleanly unloaded and reloaded.
     Improve header file function name parsing.
     [Steve Henson]
  *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
     or CAPABILITY handshake as required by RFCs.
     [Goetz Babin-Ebell]
 Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]
  *) Introduce limits to prevent malicious keys being able to
@ -77,7 +118,7 @@
     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
     appear there.
-     Also deactive the remaining ciphersuites from
+     Also deactivate the remaining ciphersuites from
     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
     unofficial, and the ID has long expired.
     [Bodo Moeller]
@ -1006,7 +1047,48 @@
     differing sizes.
     [Richard Levitte]
- Changes between 0.9.7k and 0.9.7l  [xx XXX xxxx]
+ Changes between 0.9.7l and 0.9.7m  [xx XXX xxxx]
  *) Cleanse PEM buffers before freeing them since they may contain 
     sensitive data.
     [Benjamin Bennett <ben@psc.edu>]
  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
     a ciphersuite string such as "DEFAULT:RSA" cannot enable
     authentication-only ciphersuites.
     [Bodo Moeller]
  *) Since AES128 and AES256 share a single mask bit in the logic of
     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
     kludge to work properly if AES128 is available and AES256 isn't.
     [Victor Duchovni]
  *) Have SSL/TLS server implementation tolerate "mismatched" record
     protocol version while receiving ClientHello even if the
     ClientHello is fragmented.  (The server can't insist on the
     particular protocol version it has chosen before the ServerHello
     message has informed the client about his choice.)
     [Bodo Moeller]
  *) Load error codes if they are not already present instead of using a
     static variable. This allows them to be cleanly unloaded and reloaded.
     [Steve Henson]
 Changes between 0.9.7k and 0.9.7l  [28 Sep 2006]
  *) Introduce limits to prevent malicious keys being able to
     cause a denial of service.  (CVE-2006-2940)
     [Steve Henson, Bodo Moeller]
  *) Fix ASN.1 parsing of certain invalid structures that can result
     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
  *) Fix buffer overflow in SSL_get_shared_ciphers() function. 
     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
  *) Fix SSL client code which could crash if connecting to a
     malicious SSLv2 server.  (CVE-2006-4343)
     [Tavis Ormandy and Will Drewry, Google Security Team]
  *) Change ciphersuite string processing so that an explicit
     ciphersuite selects this one ciphersuite (so that "AES256-SHA"
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@ -568,6 +568,7 @@ my $threads=0;
 my $no_shared=0; # but "no-shared" is default
 my $zlib=1;      # but "no-zlib" is default
 my $no_krb5=0;   # but "no-krb5" is implied unless "--with-krb5-..." is used
 my $no_rfc3779=1; # but "no-rfc3779" is default
 my $no_asm=0;
 my $no_dso=0;
 my $no_gmp=0;
@ -604,6 +605,7 @@ my %disabled = ( # "what"         => "comment"
 		 "gmp"		  => "default",
                 "mdc2"           => "default",
                 "rc5"            => "default",
 		 "rfc3779"	  => "default",
                 "shared"         => "default",
                 "zlib"           => "default",
                 "zlib-dynamic"   => "default"
@ -614,7 +616,7 @@ my %disabled = ( # "what"         => "comment"
 # For symmetry, "disable-..." is a synonym for "no-...".
 # This is what $depflags will look like with the above default:
-my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 ";
+my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 ";
 my $no_sse2=0;
--- a/crypto/openssl/FAQ
+++ b/crypto/openssl/FAQ
@ -74,7 +74,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8d was released on September 28th, 2006.
+OpenSSL 0.9.8e was released on February 23rd, 2007.
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
--- a/crypto/openssl/INSTALL
+++ b/crypto/openssl/INSTALL
@ -302,10 +302,10 @@
 Note on shared libraries
 ------------------------
- Shared library is currently an experimental feature.  The only reason to
+ Shared libraries have certain caveats.  Binary backward compatibility
- have them would be to conserve memory on systems where several program
+ can't be guaranteed before OpenSSL version 1.0.  The only reason to
- are using OpenSSL.  Binary backward compatibility can't be guaranteed
+ use them would be to conserve memory on systems where several programs
- before OpenSSL version 1.0.
+ are using OpenSSL.
 For some systems, the OpenSSL Configure script knows what is needed to
 build shared libraries for libcrypto and libssl.  On these systems,
--- a/crypto/openssl/LICENSE
+++ b/crypto/openssl/LICENSE
@ -12,7 +12,7 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/crypto/openssl/Makefile
+++ b/crypto/openssl/Makefile
@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
-VERSION=0.9.8d
+VERSION=0.9.8e
 MAJOR=0
 MINOR=9.8
 SHLIB_VERSION_NUMBER=0.9.8
@ -13,7 +13,7 @@ SHLIB_MAJOR=0
 SHLIB_MINOR=9.8
 SHLIB_EXT=
 PLATFORM=dist
-OPTIONS= no-camellia no-gmp no-krb5 no-mdc2 no-rc5 no-shared no-zlib no-zlib-dynamic
+OPTIONS= no-camellia no-gmp no-krb5 no-mdc2 no-rc5 no-rfc3779 no-shared no-zlib no-zlib-dynamic
 CONFIGURE_ARGS=dist
 SHLIB_TARGET=
@ -61,14 +61,14 @@ OPENSSLDIR=/usr/local/ssl
 CC= cc
 CFLAG= -O
-DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 
+DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 
 PEX_LIBS= 
 EX_LIBS= 
 EXE_EXT= 
 ARFLAGS= 
 AR=ar $(ARFLAGS) r
 RANLIB= /usr/bin/ranlib
-PERL= /usr/local/bin/perl
+PERL= /usr/bin/perl
 TAR= tar
 TARFLAGS= --no-recursion
 MAKEDEPPROG=makedepend
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@ -5,7 +5,12 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
-  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.8d:
+  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e:
      o Various ciphersuite selection fixes.
      o RFC3779 support.
  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
@ -105,6 +110,11 @@
      o Added initial support for Win64.
      o Added alternate pkg-config files.
  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@ -1,7 +1,7 @@
- OpenSSL 0.9.8d 28 Sep 2006
+ OpenSSL 0.9.8e 23 Feb 2007
- Copyright (c) 1998-2006 The OpenSSL Project
+ Copyright (c) 1998-2007 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.
--- a/crypto/openssl/apps/CA.pl
+++ b/crypto/openssl/apps/CA.pl
@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
 #
 # CA - wrapper around ca to make it easier to use ... basically ca requires
 #      some setup stuff to be done before you can use it and this makes
--- a/crypto/openssl/apps/Makefile
+++ b/crypto/openssl/apps/Makefile
@ -290,14 +290,15 @@ dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
-dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c
+dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c
 dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@ -1520,6 +1520,7 @@ EF_ALIGNMENT=0;
 	if (x509) X509_free(x509);
 	X509_CRL_free(crl);
 	NCONF_free(conf);
 	NCONF_free(extconf);
 	OBJ_cleanup();
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@ -66,6 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/hmac.h>
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@ -75,7 +76,7 @@
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file);
+	  const char *file,BIO *bmd,const char *hmac_key);
 int MAIN(int, char **);
@ -104,6 +105,7 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
 	char *hmac_key=NULL;
 	apps_startup();
@ -188,6 +190,12 @@ int MAIN(int argc, char **argv)
 			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
 		else if (!strcmp(*argv,"-hmac"))
 			{
 			if (--argc < 1)
 				break;
 			hmac_key=*++argv;
 			}
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			md=m;
 		else
@ -261,7 +269,7 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_set_callback(in,BIO_debug_callback);
 		/* needed for windows 3.1 */
-		BIO_set_callback_arg(in,bio_err);
+		BIO_set_callback_arg(in,(char *)bio_err);
 		}
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
@ -358,7 +366,7 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
-			  siglen,"","(stdin)");
+			  siglen,"","(stdin)",bmd,hmac_key);
 		}
 	else
 		{
@ -376,14 +384,15 @@ int MAIN(int argc, char **argv)
 				}
 			if(!out_bin)
 				{
-				size_t len = strlen(name)+strlen(argv[i])+5;
+				size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
 				tmp=tofree=OPENSSL_malloc(len);
-				BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
+				BIO_snprintf(tmp,len,"%s%s(%s)= ",
 							 hmac_key ? "HMAC-" : "",name,argv[i]);
 				}
 			else
 				tmp="";
 			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
-				siglen,tmp,argv[i]);
+				siglen,tmp,argv[i],bmd,hmac_key);
 			if(r)
 			    err=r;
 			if(tofree)
@ -410,11 +419,23 @@ int MAIN(int argc, char **argv)
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file)
+	  const char *file,BIO *bmd,const char *hmac_key)
 	{
-	int len;
+	unsigned int len;
 	int i;
 	EVP_MD_CTX *md_ctx;
 	HMAC_CTX hmac_ctx;
 	if (hmac_key)
 		{
 		EVP_MD *md;
 		BIO_get_md(bmd,&md);
 		HMAC_CTX_init(&hmac_ctx);
 		HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
 		BIO_get_md_ctx(bmd,&md_ctx);
 		BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
 		}
 	for (;;)
 		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
@ -457,6 +478,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			return 1;
 			}
 		}
 	else if(hmac_key)
 		{
 		HMAC_Final(&hmac_ctx,buf,&len);
 		HMAC_CTX_cleanup(&hmac_ctx);
 		}
 	else
 		len=BIO_gets(bp,(char *)buf,BUFSIZE);
@ -464,7 +490,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	else 
 		{
 		BIO_write(out,title,strlen(title));
-		for (i=0; i<len; i++)
+		for (i=0; i<(int)len; i++)
 			{
 			if (sep && (i != 0))
 				BIO_printf(out, ":");
@ -472,6 +498,10 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			}
 		BIO_printf(out, "\n");
 		}
 	if (hmac_key)
 		{
 		BIO_set_md_ctx(bmd,md_ctx);
 		}
 	return 0;
 	}
--- a/crypto/openssl/apps/ec.c
+++ b/crypto/openssl/apps/ec.c
@ -347,7 +347,10 @@ int MAIN(int argc, char **argv)
 			}
 	if (noout) 
 		{
 		ret = 0;
 		goto end;
 		}
 	BIO_printf(bio_err, "writing EC key\n");
 	if (outformat == FORMAT_ASN1) 
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@ -365,8 +365,8 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_set_callback(in,BIO_debug_callback);
 		BIO_set_callback(out,BIO_debug_callback);
-		BIO_set_callback_arg(in,bio_err);
+		BIO_set_callback_arg(in,(char *)bio_err);
-		BIO_set_callback_arg(out,bio_err);
+		BIO_set_callback_arg(out,(char *)bio_err);
 		}
 	if (inf == NULL)
@ -453,7 +453,7 @@ int MAIN(int argc, char **argv)
 		if (debug)
 			{
 			BIO_set_callback(b64,BIO_debug_callback);
-			BIO_set_callback_arg(b64,bio_err);
+			BIO_set_callback_arg(b64,(char *)bio_err);
 			}
 		if (olb64)
 			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
@ -571,7 +571,7 @@ int MAIN(int argc, char **argv)
 		if (debug)
 			{
 			BIO_set_callback(benc,BIO_debug_callback);
-			BIO_set_callback_arg(benc,bio_err);
+			BIO_set_callback_arg(benc,(char *)bio_err);
 			}
 		if (printkey)
--- a/crypto/openssl/apps/ocsp.c
+++ b/crypto/openssl/apps/ocsp.c
@ -139,6 +139,7 @@ int MAIN(int argc, char **argv)
 	if (!load_config(bio_err, NULL))
 		goto end;
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 	args = argv + 1;
 	reqnames = sk_new_null();
 	ids = sk_OCSP_CERTID_new_null();
@ -726,6 +727,11 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err, "SSL is disabled\n");
 			goto end;
 #endif
 			if (ctx == NULL)
 				{
 				BIO_printf(bio_err, "Error creating SSL context.\n");
 				goto end;
 				}
 			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
 			sbio = BIO_new_ssl(ctx, 1);
 			cbio = BIO_push(sbio, cbio);
--- a/crypto/openssl/apps/pkcs12.c
+++ b/crypto/openssl/apps/pkcs12.c
@ -536,8 +536,11 @@ int MAIN(int argc, char **argv)
 		    X509_free(sk_X509_value(chain2, 0));
 		    sk_X509_free(chain2);
 		} else {
-			BIO_printf (bio_err, "Error %s getting chain.\n",
+			if (vret >= 0)
 				BIO_printf (bio_err, "Error %s getting chain.\n",
 					X509_verify_cert_error_string(vret));
 			else
 				ERR_print_errors(bio_err);
 			goto export_end;
 		}			
    	}
@ -811,7 +814,7 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 {
 	X509_STORE_CTX store_ctx;
 	STACK_OF(X509) *chn;
-	int i;
+	int i = 0;
 	/* FIXME: Should really check the return status of X509_STORE_CTX_init
 	 * for an error, but how that fits into the return value of this
@ -819,13 +822,17 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
 	if (X509_verify_cert(&store_ctx) <= 0) {
 		i = X509_STORE_CTX_get_error (&store_ctx);
 		if (i == 0)
 			/* avoid returning 0 if X509_verify_cert() did not
 			 * set an appropriate error value in the context */
 			i = -1;
 		chn = NULL;
 		goto err;
-	}
+	} else
-	chn =  X509_STORE_CTX_get1_chain(&store_ctx);
+		chn = X509_STORE_CTX_get1_chain(&store_ctx);
 	i = 0;
 	*chain = chn;
 err:
 	X509_STORE_CTX_cleanup(&store_ctx);
 	*chain = chn;
 	return i;
 }	
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@ -226,7 +226,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
 	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
 	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
-	BIO_printf(bio_err,"                 only \"smtp\" and \"pop3\" are supported.\n");
+	BIO_printf(bio_err,"                 only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n");
 #ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 #endif
@ -234,6 +234,15 @@ static void sc_usage(void)
 	}
 enum
 {
 	PROTO_OFF	= 0,
 	PROTO_SMTP,
 	PROTO_POP3,
 	PROTO_IMAP,
 	PROTO_FTP
 };
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
@ -260,7 +269,7 @@ int MAIN(int argc, char **argv)
 	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
-	int starttls_proto = 0;
+	int starttls_proto = PROTO_OFF;
 	int prexit = 0, vflags = 0;
 	SSL_METHOD *meth=NULL;
 #ifdef sock_type
@ -269,6 +278,7 @@ int MAIN(int argc, char **argv)
 	int sock_type=SOCK_STREAM;
 	BIO *sbio;
 	char *inrand=NULL;
 	int mbuf_len=0;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
@ -466,9 +476,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			++argv;
 			if (strcmp(*argv,"smtp") == 0)
-				starttls_proto = 1;
+				starttls_proto = PROTO_SMTP;
 			else if (strcmp(*argv,"pop3") == 0)
-				starttls_proto = 2;
+				starttls_proto = PROTO_POP3;
 			else if (strcmp(*argv,"imap") == 0)
 				starttls_proto = PROTO_IMAP;
 			else if (strcmp(*argv,"ftp") == 0)
 				starttls_proto = PROTO_FTP;
 			else
 				goto bad;
 			}
@ -693,7 +707,7 @@ int MAIN(int argc, char **argv)
 		{
 		con->debug=1;
 		BIO_set_callback(sbio,bio_dump_callback);
-		BIO_set_callback_arg(sbio,bio_c_out);
+		BIO_set_callback_arg(sbio,(char *)bio_c_out);
 		}
 	if (c_msg)
 		{
@ -719,18 +733,93 @@ int MAIN(int argc, char **argv)
 	sbuf_off=0;
 	/* This is an ugly hack that does a lot of assumptions */
-	if (starttls_proto == 1)
+	/* We do have to handle multi-line responses which may come
 	   in a single packet or not. We therefore have to use
 	   BIO_gets() which does need a buffering BIO. So during
 	   the initial chitchat we do push a buffering BIO into the
 	   chain that is removed again later on to not disturb the
 	   rest of the s_client operation. */
 	if (starttls_proto == PROTO_SMTP)
 		{
-		BIO_read(sbio,mbuf,BUFSIZZ);
+		int foundit=0;
 		BIO *fbio = BIO_new(BIO_f_buffer());
 		BIO_push(fbio, sbio);
 		/* wait for multi-line response to end from SMTP */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			}
 		while (mbuf_len>3 && mbuf[3]=='-');
 		/* STARTTLS command requires EHLO... */
 		BIO_printf(fbio,"EHLO openssl.client.net\r\n");
 		BIO_flush(fbio);
 		/* wait for multi-line response to end EHLO SMTP response */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			if (strstr(mbuf,"STARTTLS"))
 				foundit=1;
 			}
 		while (mbuf_len>3 && mbuf[3]=='-');
 		BIO_flush(fbio);
 		BIO_pop(fbio);
 		BIO_free(fbio);
 		if (!foundit)
 			BIO_printf(bio_err,
 				   "didn't found starttls in server response,"
 				   " try anyway...\n");
 		BIO_printf(sbio,"STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
-	if (starttls_proto == 2)
+	else if (starttls_proto == PROTO_POP3)
 		{
 		BIO_read(sbio,mbuf,BUFSIZZ);
 		BIO_printf(sbio,"STLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
 	else if (starttls_proto == PROTO_IMAP)
 		{
 		int foundit=0;
 		BIO *fbio = BIO_new(BIO_f_buffer());
 		BIO_push(fbio, sbio);
 		BIO_gets(fbio,mbuf,BUFSIZZ);
 		/* STARTTLS command requires CAPABILITY... */
 		BIO_printf(fbio,". CAPABILITY\r\n");
 		BIO_flush(fbio);
 		/* wait for multi-line CAPABILITY response */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			if (strstr(mbuf,"STARTTLS"))
 				foundit=1;
 			}
 		while (mbuf_len>3 && mbuf[0]!='.');
 		BIO_flush(fbio);
 		BIO_pop(fbio);
 		BIO_free(fbio);
 		if (!foundit)
 			BIO_printf(bio_err,
 				   "didn't found STARTTLS in server response,"
 				   " try anyway...\n");
 		BIO_printf(sbio,". STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
 	else if (starttls_proto == PROTO_FTP)
 		{
 		BIO *fbio = BIO_new(BIO_f_buffer());
 		BIO_push(fbio, sbio);
 		/* wait for multi-line response to end from FTP */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			}
 		while (mbuf_len>3 && mbuf[3]=='-');
 		BIO_flush(fbio);
 		BIO_pop(fbio);
 		BIO_free(fbio);
 		BIO_printf(sbio,"AUTH TLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
 	for (;;)
 		{
@ -755,7 +844,7 @@ int MAIN(int argc, char **argv)
 					{
 					BIO_printf(bio_err,"%s",mbuf);
 					/* We don't need to know any more */
-					starttls_proto = 0;
+					starttls_proto = PROTO_OFF;
 					}
 				if (reconnect)
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@ -1234,7 +1234,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		{
 		con->debug=1;
 		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
-		BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
+		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
 		}
 	if (s_msg)
 		{
@ -1638,7 +1638,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 		{
 		con->debug=1;
 		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
-		BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
+		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
 		}
 	if (s_msg)
 		{
--- a/crypto/openssl/certs/aol1.pem
+++ b/crypto/openssl/certs/aol1.pem
@ -0,0 +1,22 @@
 -----BEGIN CERTIFICATE-----
 MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
 MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
 bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2
 MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
 ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
 Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk
 hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym
 1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW
 OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb
 2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko
 O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
 AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU
 AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
 BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
 Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb
 LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir
 oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C
 MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
 sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
 -----END CERTIFICATE-----
--- a/crypto/openssl/certs/aol2.pem
+++ b/crypto/openssl/certs/aol2.pem
@ -0,0 +1,33 @@
 -----BEGIN CERTIFICATE-----
 MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
 MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
 bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2
 MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
 ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
 Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
 ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC
 206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci
 KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2
 JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9
 BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e
 Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B
 PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
 Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq
 Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
 o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3
 +L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj
 YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj
 FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE
 AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn
 xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2
 LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
 obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8
 CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe
 IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA
 DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F
 AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX
 Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb
 AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl
 Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
 RY8mkaKO/qk=
 -----END CERTIFICATE-----
--- a/crypto/openssl/certs/aoltw1.pem
+++ b/crypto/openssl/certs/aoltw1.pem
@ -0,0 +1,23 @@
 -----BEGIN CERTIFICATE-----
 MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
 HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
 IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
 aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAwMFoXDTM3MTEyMDE1
 MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
 SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
 IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw
 DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U
 0pPlLYnKhHw/EEMbjIt8hFj4JHxIzyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItI
 TuLCxFlpMGK2MKKMCxGZYTVtfu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAf
 RC+iYkGzuxgh28pxPIzstrkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqF
 zQ6axOAAsNUl6twr5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqh
 BC4aMqiaILGcLCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEA
 AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jY
 PXy+XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/
 BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNMeUWn
 9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7CegCgTXT
 Ct8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77BfWgDrvq2g+EQF
 Z7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oTLW4jYYehY0KswsuX
 n2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCzvhGbRWeDhhmH05i9CBoW
 H1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmwX7A5KGgOc90lmt4S
 -----END CERTIFICATE-----
--- a/crypto/openssl/certs/aoltw2.pem
+++ b/crypto/openssl/certs/aoltw2.pem
@ -0,0 +1,34 @@
 -----BEGIN CERTIFICATE-----
 MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
 HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
 IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
 aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAwMFoXDTM3MDkyODIz
 NDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
 SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
 IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw
 DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ
 7ouZzU9AhqS2TcnZsdw8TQ2FTBVsRotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilb
 m2BPJoPRYxJWSXakFsKlnUWsi4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOY
 xFSMFkpBd4aVdQxHAWZg/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZ
 YYCLqJV+FNwSbKTQ2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbq
 JS5Gr42whTg0ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fx
 I2rSAG2X+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETz
 kxmlJ85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh
 EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNoKk/S
 Btc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJKg71ZDIM
 gtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1ExMVCgyhwn2RAu
 rda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
 FE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaAFE9pbQN+nZ8HGEO8txBO
 1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAO/Ouyugu
 h4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0cnAxa8cZmIDJgt43d15Ui47y6mdP
 yXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRFASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q
 7C+qPBR7V8F+GBRn7iTGvboVsNIYvbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKT
 RuidDV29rs4prWPVVRaAMCf/drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/
 ClTluUI8JPu3B5wwn3la5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyB
 M5kYJRF3p+v9WAksmWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQ
 my8YJPamTQr5O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xO
 AU++CrYD062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT
 9Y41xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H
 hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOLZ8/5
 fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=
 -----END CERTIFICATE-----
--- a/crypto/openssl/config
+++ b/crypto/openssl/config
@ -527,9 +527,9 @@ case "$GUESSOS" in
 	esac
 	if [ "$CC" = "gcc" ]; then
 	    case ${ISA:-generic} in
-	    EV5|EV45)		options="$options -mcpu=ev5";;
+	    EV5|EV45)		options="$options -march=ev5";;
-	    EV56|PCA56)		options="$options -mcpu=ev56";;
+	    EV56|PCA56)		options="$options -march=ev56";;
-	    *)			options="$options -mcpu=ev6";;
+	    *)			options="$options -march=ev6";;
 	    esac
 	fi
 	;;
@ -585,18 +585,21 @@ case "$GUESSOS" in
 	OUT="linux-generic32" ;;
  arm*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
  arm*l-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
  sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
  sh*-*-linux2)  OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
  m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
  s390*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;;
  x86_64-*-linux?) OUT="linux-x86_64" ;;
  *86-*-linux2) OUT="linux-elf"
 	if [ "$GCCVER" -gt 28 ]; then
          if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then
-	    options="$options -mcpu=pentium"
+	    options="$options -march=pentium"
          fi
          if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then
-	    options="$options -mcpu=pentiumpro"
+	    options="$options -march=pentiumpro"
          fi
          if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then
-	    options="$options -mcpu=k6"
+	    options="$options -march=k6"
          fi
        fi ;;
  *-*-linux1) OUT="linux-aout" ;;
@ -774,7 +777,7 @@ esac
 #  options="$options -DATALLA"
 #fi
-# gcc < 2.8 does not support -mcpu=ultrasparc
+# gcc < 2.8 does not support -march=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
 then
  echo "WARNING! Falling down to 'solaris-sparcv8-gcc'."
--- a/crypto/openssl/crypto/aes/Makefile
+++ b/crypto/openssl/crypto/aes/Makefile
@ -105,6 +105,13 @@ aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
 aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
 aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h
 aes_ige.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 aes_ige.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 aes_ige.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 aes_ige.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 aes_ige.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h
 aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_misc.o: ../../include/openssl/opensslconf.h
 aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
--- a/crypto/openssl/crypto/aes/aes_misc.c
+++ b/crypto/openssl/crypto/aes/aes_misc.c
@ -53,7 +53,7 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"
-const char *AES_version="AES" OPENSSL_VERSION_PTEXT;
+const char AES_version[]="AES" OPENSSL_VERSION_PTEXT;
 const char *AES_options(void) {
 #ifdef FULL_UNROLL
--- a/crypto/openssl/crypto/asn1/a_strex.c
+++ b/crypto/openssl/crypto/asn1/a_strex.c
@ -170,7 +170,7 @@ static int do_buf(unsigned char *buf, int buflen,
 	q = buf + buflen;
 	outlen = 0;
 	while(p != q) {
-		if(p == buf) orflags = CHARTYPE_FIRST_ESC_2253;
+		if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253;
 		else orflags = 0;
 		switch(type & BUF_TYPE_WIDTH_MASK) {
 			case 4:
@ -197,7 +197,7 @@ static int do_buf(unsigned char *buf, int buflen,
 			default:
 			return -1;	/* invalid width */
 		}
-		if (p == q) orflags = CHARTYPE_LAST_ESC_2253;
+		if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253;
 		if(type & BUF_TYPE_CONVUTF8) {
 			unsigned char utfbuf[6];
 			int utflen;
--- a/crypto/openssl/crypto/asn1/asn1_err.c
+++ b/crypto/openssl/crypto/asn1/asn1_err.c
@ -123,7 +123,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I),	"ASN1_TEMPLATE_EX_D2I"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),	"ASN1_TEMPLATE_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),	"ASN1_TEMPLATE_NOEXP_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TIME_SET),	"ASN1_TIME_SET"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_SET),	"ASN1_TIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),	"ASN1_TYPE_get_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),	"ASN1_unpack_string"},
@ -168,10 +168,10 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_OID_MODULE_INIT),	"OID_MODULE_INIT"},
 {ERR_FUNC(ASN1_F_PARSE_TAGGING),	"PARSE_TAGGING"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),	"PKCS5_pbe2_set"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE_SET),	"PKCS5_PBE_SET"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE_SET),	"PKCS5_pbe_set"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),	"X509_CINF_NEW"},
-{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_ADD0_REVOKED"},
+{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_add0_revoked"},
-{ERR_FUNC(ASN1_F_X509_INFO_NEW),	"X509_INFO_NEW"},
+{ERR_FUNC(ASN1_F_X509_INFO_NEW),	"X509_INFO_new"},
 {ERR_FUNC(ASN1_F_X509_NAME_ENCODE),	"X509_NAME_ENCODE"},
 {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I),	"X509_NAME_EX_D2I"},
 {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW),	"X509_NAME_EX_NEW"},
@ -287,15 +287,12 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 void ERR_load_ASN1_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,ASN1_str_functs);
 		ERR_load_strings(0,ASN1_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/crypto/openssl/crypto/asn1/asn1_lib.c
@ -64,7 +64,7 @@
 static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max);
 static void asn1_put_length(unsigned char **pp, int length);
-const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT;
+const char ASN1_version[]="ASN.1" OPENSSL_VERSION_PTEXT;
 static int _asn1_check_infinite_end(const unsigned char **p, long len)
 	{
--- a/crypto/openssl/crypto/asn1/asn1t.h
+++ b/crypto/openssl/crypto/asn1/asn1t.h
@ -99,7 +99,7 @@ extern "C" {
 #define ASN1_ITEM_start(itname) \
 	const ASN1_ITEM * itname##_it(void) \
 	{ \
-		static const ASN1_ITEM local_it = { \
+		static const ASN1_ITEM local_it = { 
 #define ASN1_ITEM_end(itname) \
 		}; \
--- a/crypto/openssl/crypto/asn1/t_x509.c
+++ b/crypto/openssl/crypto/asn1/t_x509.c
@ -445,9 +445,9 @@ int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
 int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 	{
 	char *s,*c,*b;
-	int ret=0,l,ll,i,first=1;
+	int ret=0,l,i;
-	ll=80-2-obase;
+	l=80-2-obase;
 	b=s=X509_NAME_oneline(name,NULL,0);
 	if (!*s)
@ -457,7 +457,6 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 		}
 	s++; /* skip the first slash */
 	l=ll;
 	c=s;
 	for (;;)
 		{
@ -479,16 +478,6 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 			(*s == '\0'))
 #endif
 			{
 			if ((l <= 0) && !first)
 				{
 				first=0;
 				if (BIO_write(bp,"\n",1) != 1) goto err;
 				for (i=0; i<obase; i++)
 					{
 					if (BIO_write(bp," ",1) != 1) goto err;
 					}
 				l=ll;
 				}
 			i=s-c;
 			if (BIO_write(bp,c,i) != i) goto err;
 			c+=i;
--- a/crypto/openssl/crypto/asn1/tasn_dec.c
+++ b/crypto/openssl/crypto/asn1/tasn_dec.c
@ -93,7 +93,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
 				int tag, int aclass, char opt, ASN1_TLC *ctx);
 /* Table to convert tags to bit values, used for MSTRING type */
-static unsigned long tag2bit[32] = {
+static const unsigned long tag2bit[32] = {
 0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
 B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
 B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
--- a/crypto/openssl/crypto/asn1/x_x509.c
+++ b/crypto/openssl/crypto/asn1/x_x509.c
@ -94,6 +94,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 		ret->ex_pathlen = -1;
 		ret->skid = NULL;
 		ret->akid = NULL;
 #ifndef OPENSSL_NO_RFC3779
 		ret->rfc3779_addr = NULL;
 		ret->rfc3779_asid = NULL;
 #endif
 		ret->aux = NULL;
 		CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
 		break;
@ -109,6 +113,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 		ASN1_OCTET_STRING_free(ret->skid);
 		AUTHORITY_KEYID_free(ret->akid);
 		policy_cache_free(ret->policy_cache);
 #ifndef OPENSSL_NO_RFC3779
 		sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
 		ASIdentifiers_free(ret->rfc3779_asid);
 #endif
 		if (ret->name != NULL) OPENSSL_free(ret->name);
 		break;
--- a/crypto/openssl/crypto/bf/bf_ecb.c
+++ b/crypto/openssl/crypto/bf/bf_ecb.c
@ -65,7 +65,7 @@
 * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
 */
-const char *BF_version="Blowfish" OPENSSL_VERSION_PTEXT;
+const char BF_version[]="Blowfish" OPENSSL_VERSION_PTEXT;
 const char *BF_options(void)
 	{
--- a/crypto/openssl/crypto/bio/bio.h
+++ b/crypto/openssl/crypto/bio/bio.h
@ -196,28 +196,32 @@ extern "C" {
 */
 #define BIO_FLAGS_MEM_RDONLY	0x200
-#define BIO_set_flags(b,f) ((b)->flags|=(f))
+typedef struct bio_st BIO;
-#define BIO_get_flags(b) ((b)->flags)
+
 void BIO_set_flags(BIO *b, int flags);
 int  BIO_test_flags(const BIO *b, int flags);
 void BIO_clear_flags(BIO *b, int flags);
 #define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
 #define BIO_set_retry_special(b) \
-		((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+		BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
 #define BIO_set_retry_read(b) \
-		((b)->flags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+		BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
 #define BIO_set_retry_write(b) \
-		((b)->flags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+		BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
 /* These are normally used internally in BIOs */
 #define BIO_clear_flags(b,f) ((b)->flags&= ~(f))
 #define BIO_clear_retry_flags(b) \
-		((b)->flags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+		BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
 #define BIO_get_retry_flags(b) \
-		((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+		BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
 /* These should be used by the application to tell why we should retry */
-#define BIO_should_read(a)		((a)->flags & BIO_FLAGS_READ)
+#define BIO_should_read(a)		BIO_test_flags(a, BIO_FLAGS_READ)
-#define BIO_should_write(a)		((a)->flags & BIO_FLAGS_WRITE)
+#define BIO_should_write(a)		BIO_test_flags(a, BIO_FLAGS_WRITE)
-#define BIO_should_io_special(a)	((a)->flags & BIO_FLAGS_IO_SPECIAL)
+#define BIO_should_io_special(a)	BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
-#define BIO_retry_type(a)		((a)->flags & BIO_FLAGS_RWS)
+#define BIO_retry_type(a)		BIO_test_flags(a, BIO_FLAGS_RWS)
-#define BIO_should_retry(a)		((a)->flags & BIO_FLAGS_SHOULD_RETRY)
+#define BIO_should_retry(a)		BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
 /* The next three are used in conjunction with the
 * BIO_should_io_special() condition.  After this returns true,
@ -246,14 +250,14 @@ extern "C" {
 #define BIO_cb_pre(a)	(!((a)&BIO_CB_RETURN))
 #define BIO_cb_post(a)	((a)&BIO_CB_RETURN)
-#define BIO_set_callback(b,cb)		((b)->callback=(cb))
+long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long);
-#define BIO_set_callback_arg(b,arg)	((b)->cb_arg=(char *)(arg))
+void BIO_set_callback(BIO *b, 
-#define BIO_get_callback_arg(b)		((b)->cb_arg)
+	long (*callback)(struct bio_st *,int,const char *,int, long,long));
-#define BIO_get_callback(b)		((b)->callback)
+char *BIO_get_callback_arg(const BIO *b);
-#define BIO_method_name(b)		((b)->method->name)
+void BIO_set_callback_arg(BIO *b, char *arg);
 #define BIO_method_type(b)		((b)->method->type)
-typedef struct bio_st BIO;
+const char * BIO_method_name(const BIO *b);
 int BIO_method_type(const BIO *b);
 typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
@ -386,6 +390,7 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_C_NWRITE0				145
 #define BIO_C_NWRITE				146
 #define BIO_C_RESET_READ_REQUEST		147
 #define BIO_C_SET_MD_CTX			148
 #define BIO_set_app_data(s,arg)		BIO_set_ex_data(s,0,arg)
--- a/crypto/openssl/crypto/bio/bio_err.c
+++ b/crypto/openssl/crypto/bio/bio_err.c
@ -143,15 +143,12 @@ static ERR_STRING_DATA BIO_str_reasons[]=
 void ERR_load_BIO_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(BIO_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,BIO_str_functs);
 		ERR_load_strings(0,BIO_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/bio/bio_lib.c
+++ b/crypto/openssl/crypto/bio/bio_lib.c
@ -141,6 +141,52 @@ int BIO_free(BIO *a)
 void BIO_vfree(BIO *a)
    { BIO_free(a); }
 void BIO_clear_flags(BIO *b, int flags)
 	{
 	b->flags &= ~flags;
 	}
 int	BIO_test_flags(const BIO *b, int flags)
 	{
 	return (b->flags & flags);
 	}
 void	BIO_set_flags(BIO *b, int flags)
 	{
 	b->flags |= flags;
 	}
 long (*BIO_get_callback(const BIO *b))(struct bio_st *,int,const char *,int, long,long)
 	{
 	return b->callback;
 	}
 void BIO_set_callback(BIO *b, long (*cb)(struct bio_st *,int,const char *,int, long,long))
 	{
 	b->callback = cb;
 	}
 void BIO_set_callback_arg(BIO *b, char *arg)
 	{
 	b->cb_arg = arg;
 	}
 char * BIO_get_callback_arg(const BIO *b)
 	{
 	return b->cb_arg;
 	}
 const char * BIO_method_name(const BIO *b)
 	{
 	return b->method->name;
 	}
 int BIO_method_type(const BIO *b)
 	{
 	return b->method->type;
 	}
 int BIO_read(BIO *b, void *out, int outl)
 	{
 	int i;
--- a/crypto/openssl/crypto/bn/bn_err.c
+++ b/crypto/openssl/crypto/bn/bn_err.c
@ -137,15 +137,12 @@ static ERR_STRING_DATA BN_str_reasons[]=
 void ERR_load_BN_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(BN_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,BN_str_functs);
 		ERR_load_strings(0,BN_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/bn/bn_lib.c
+++ b/crypto/openssl/crypto/bn/bn_lib.c
@ -67,7 +67,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
-const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
+const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
 /* This stuff appears to be completely unused, so is deprecated */
 #ifndef OPENSSL_NO_DEPRECATED
--- a/crypto/openssl/crypto/bn/bn_print.c
+++ b/crypto/openssl/crypto/bn/bn_print.c
@ -62,7 +62,7 @@
 #include <openssl/buffer.h>
 #include "bn_lcl.h"
-static const char *Hex="0123456789ABCDEF";
+static const char Hex[]="0123456789ABCDEF";
 /* Must 'OPENSSL_free' the returned data */
 char *BN_bn2hex(const BIGNUM *a)
--- a/crypto/openssl/crypto/buffer/buf_err.c
+++ b/crypto/openssl/crypto/buffer/buf_err.c
@ -88,15 +88,12 @@ static ERR_STRING_DATA BUF_str_reasons[]=
 void ERR_load_BUF_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(BUF_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,BUF_str_functs);
 		ERR_load_strings(0,BUF_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/camellia/Makefile
+++ b/crypto/openssl/crypto/camellia/Makefile
@ -85,19 +85,19 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-camellia.o: ../../include/openssl/opensslconf.h camellia.c camellia.h
+camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-camellia.o: cmll_locl.h
+camellia.o: camellia.c camellia.h cmll_locl.h
-cmll_cbc.o: ../../include/openssl/camellia.h
+cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
 cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c cmll_locl.h
 cmll_cfb.o: ../../e_os.h ../../include/openssl/camellia.h
 cmll_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 cmll_cfb.o: cmll_cfb.c cmll_locl.h
-cmll_ctr.o: ../../include/openssl/camellia.h
+cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
 cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c cmll_locl.h
-cmll_ecb.o: ../../include/openssl/camellia.h
+cmll_ecb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
 cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h
-cmll_misc.o: ../../include/openssl/camellia.h
+cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
 cmll_misc.o: ../../include/openssl/opensslconf.h
 cmll_misc.o: ../../include/openssl/opensslv.h cmll_locl.h cmll_misc.c
-cmll_ofb.o: ../../include/openssl/camellia.h
+cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
 cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_locl.h cmll_ofb.c
--- a/crypto/openssl/crypto/camellia/camellia.c
+++ b/crypto/openssl/crypto/camellia/camellia.c
@ -76,12 +76,7 @@
 #include "camellia.h"
 #include "cmll_locl.h"
 /*
 * must be defined uint32_t
 */
 /* key constants */
 #define CAMELLIA_SIGMA1L (0xA09E667FL)
 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
 #define CAMELLIA_SIGMA2L (0xB67AE858L)
@ -100,18 +95,9 @@
 */
 /* e is pointer of subkey */
 #ifdef L_ENDIAN
 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2 + 1])
 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2])
 #else /* big endian */
 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
 #endif /* IS_LITTLE_ENDIAN */
 /* rotation right shift 1byte */
 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
 /* rotation left shift 1bit */
@ -170,44 +156,6 @@ do									\
 * for speed up
 *
 */
 #if !defined(_MSC_VER)
 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
 do									\
 	{								\
 	t0 = kll;							\
 	t2 = krr;							\
 	t0 &= ll;							\
 	t2 |= rr;							\
 	rl ^= t2;							\
 	lr ^= CAMELLIA_RL1(t0);						\
 	t3 = krl;							\
 	t1 = klr;							\
 	t3 &= rl;							\
 	t1 |= lr;							\
 	ll ^= t1;							\
 	rr ^= CAMELLIA_RL1(t3);						\
 	} while(0)
 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)	\
 do									\
 	{								\
 	ir =  CAMELLIA_SP1110(xr & 0xff);				\
 	il =  CAMELLIA_SP1110((xl>>24) & 0xff);				\
 	ir ^= CAMELLIA_SP0222((xr>>24) & 0xff);				\
 	il ^= CAMELLIA_SP0222((xl>>16) & 0xff);				\
 	ir ^= CAMELLIA_SP3033((xr>>16) & 0xff);				\
 	il ^= CAMELLIA_SP3033((xl>>8) & 0xff);				\
 	ir ^= CAMELLIA_SP4404((xr>>8) & 0xff);				\
 	il ^= CAMELLIA_SP4404(xl & 0xff);				\
 	il ^= kl;							\
 	ir ^= il ^ kr;							\
 	yl ^= ir;							\
 	yr ^= CAMELLIA_RR8(il) ^ ir;					\
 	} while(0)
 #else /* for MS-VC */
 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
 do									\
 	{								\
@ -249,9 +197,8 @@ do									\
 	yl ^= ir;							\
 	yr ^= il;							\
 	} while(0)
 #endif
-static const uint32_t camellia_sp1110[256] =
+static const u32 camellia_sp1110[256] =
 	{
 	0x70707000,0x82828200,0x2c2c2c00,0xececec00,
 	0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
@ -319,7 +266,7 @@ static const uint32_t camellia_sp1110[256] =
 	0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
 	};
-static const uint32_t camellia_sp0222[256] =
+static const u32 camellia_sp0222[256] =
 	{
 	0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
 	0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
@ -387,7 +334,7 @@ static const uint32_t camellia_sp0222[256] =
 	0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
 	};
-static const uint32_t camellia_sp3033[256] =
+static const u32 camellia_sp3033[256] =
 	{
 	0x38003838,0x41004141,0x16001616,0x76007676,
 	0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
@ -455,7 +402,7 @@ static const uint32_t camellia_sp3033[256] =
 	0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
 	};
-static const uint32_t camellia_sp4404[256] =
+static const u32 camellia_sp4404[256] =
 	{
 	0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
 	0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
@ -523,20 +470,19 @@ static const uint32_t camellia_sp4404[256] =
 	0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
 	};
 /**
 * Stuff related to the Camellia key schedule
 */
 #define subl(x) subL[(x)]
 #define subr(x) subR[(x)]
-void camellia_setup128(const unsigned char *key, uint32_t *subkey)
+void camellia_setup128(const u8 *key, u32 *subkey)
 	{
-	uint32_t kll, klr, krl, krr;
+	u32 kll, klr, krl, krr;
-	uint32_t il, ir, t0, t1, w0, w1;
+	u32 il, ir, t0, t1, w0, w1;
-	uint32_t kw4l, kw4r, dw, tl, tr;
+	u32 kw4l, kw4r, dw, tl, tr;
-	uint32_t subL[26];
+	u32 subL[26];
-	uint32_t subR[26];
+	u32 subR[26];
 	/**
 	 *  k == kll || klr || krl || krr (|| is concatination)
@ -833,14 +779,14 @@ void camellia_setup128(const unsigned char *key, uint32_t *subkey)
 	return;
 	}
-void camellia_setup256(const unsigned char *key, uint32_t *subkey)
+void camellia_setup256(const u8 *key, u32 *subkey)
 	{
-	uint32_t kll,klr,krl,krr;           /* left half of key */
+	u32 kll,klr,krl,krr;           /* left half of key */
-	uint32_t krll,krlr,krrl,krrr;       /* right half of key */
+	u32 krll,krlr,krrl,krrr;       /* right half of key */
-	uint32_t il, ir, t0, t1, w0, w1;    /* temporary variables */
+	u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
-	uint32_t kw4l, kw4r, dw, tl, tr;
+	u32 kw4l, kw4r, dw, tl, tr;
-	uint32_t subL[34];
+	u32 subL[34];
-	uint32_t subR[34];
+	u32 subR[34];
 	/**
 	 *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
@ -1245,18 +1191,18 @@ void camellia_setup256(const unsigned char *key, uint32_t *subkey)
 	return;
 	}
-void camellia_setup192(const unsigned char *key, uint32_t *subkey)
+void camellia_setup192(const u8 *key, u32 *subkey)
 	{
-	unsigned char kk[32];
+	u8 kk[32];
-	uint32_t krll, krlr, krrl,krrr;
+	u32 krll, krlr, krrl,krrr;
 	memcpy(kk, key, 24);
-	memcpy((unsigned char *)&krll, key+16,4);
+	memcpy((u8 *)&krll, key+16,4);
-	memcpy((unsigned char *)&krlr, key+20,4);
+	memcpy((u8 *)&krlr, key+20,4);
 	krrl = ~krll;
 	krrr = ~krlr;
-	memcpy(kk+24, (unsigned char *)&krrl, 4);
+	memcpy(kk+24, (u8 *)&krrl, 4);
-	memcpy(kk+28, (unsigned char *)&krrr, 4);
+	memcpy(kk+28, (u8 *)&krrr, 4);
 	camellia_setup256(kk, subkey);
 	return;
 	}
@ -1265,11 +1211,10 @@ void camellia_setup192(const unsigned char *key, uint32_t *subkey)
 /**
 * Stuff related to camellia encryption/decryption
 */
-void camellia_encrypt128(const uint32_t *subkey, uint32_t *io)
+void camellia_encrypt128(const u32 *subkey, u32 *io)
 	{
-	uint32_t il, ir, t0, t1;
+	u32 il, ir, t0, t1;
 	SWAP4WORD(io);
 	/* pre whitening but absorb kw2*/
 	io[0] ^= CamelliaSubkeyL(0);
 	io[1] ^= CamelliaSubkeyR(0);
@ -1352,16 +1297,13 @@ void camellia_encrypt128(const uint32_t *subkey, uint32_t *io)
 	io[1] = io[3];
 	io[2] = t0;
 	io[3] = t1;
-	SWAP4WORD(io);
+
 	return;
 	}
-void camellia_decrypt128(const uint32_t *subkey, uint32_t *io)
+void camellia_decrypt128(const u32 *subkey, u32 *io)
 	{
-	uint32_t il,ir,t0,t1;               /* temporary valiables */
+	u32 il,ir,t0,t1;               /* temporary valiables */
 	SWAP4WORD(io);
 	/* pre whitening but absorb kw2*/
 	io[0] ^= CamelliaSubkeyL(24);
@ -1445,7 +1387,6 @@ void camellia_decrypt128(const uint32_t *subkey, uint32_t *io)
 	io[1] = io[3];
 	io[2] = t0;
 	io[3] = t1;
 	SWAP4WORD(io);
 	return;
 	}
@ -1453,11 +1394,9 @@ void camellia_decrypt128(const uint32_t *subkey, uint32_t *io)
 /**
 * stuff for 192 and 256bit encryption/decryption
 */
-void camellia_encrypt256(const uint32_t *subkey, uint32_t *io)
+void camellia_encrypt256(const u32 *subkey, u32 *io)
 	{
-	uint32_t il,ir,t0,t1;           /* temporary valiables */
+	u32 il,ir,t0,t1;           /* temporary valiables */
 	SWAP4WORD(io);
 	/* pre whitening but absorb kw2*/
 	io[0] ^= CamelliaSubkeyL(0);
@ -1565,16 +1504,14 @@ void camellia_encrypt256(const uint32_t *subkey, uint32_t *io)
 	io[1] = io[3];
 	io[2] = t0;
 	io[3] = t1;
 	SWAP4WORD(io);
 	return;
 	}
-void camellia_decrypt256(const uint32_t *subkey, uint32_t *io)
+void camellia_decrypt256(const u32 *subkey, u32 *io)
 	{
-	uint32_t il,ir,t0,t1;           /* temporary valiables */
+	u32 il,ir,t0,t1;           /* temporary valiables */
 	SWAP4WORD(io);
 	/* pre whitening but absorb kw2*/
 	io[0] ^= CamelliaSubkeyL(32);
 	io[1] ^= CamelliaSubkeyR(32);
@ -1681,7 +1618,6 @@ void camellia_decrypt256(const uint32_t *subkey, uint32_t *io)
 	io[1] = io[3];
 	io[2] = t0;
 	io[3] = t1;
 	SWAP4WORD(io);
 	return;
 	}
--- a/crypto/openssl/crypto/camellia/cmll_cbc.c
+++ b/crypto/openssl/crypto/camellia/cmll_cbc.c
@ -67,25 +67,28 @@ void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
 	unsigned long n;
 	unsigned long len = length;
 	unsigned char tmp[CAMELLIA_BLOCK_SIZE];
 	const unsigned char *iv = ivec;
-	uint32_t t32[UNITSIZE];
+	union {	u32 t32[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
 		u8  t8 [CAMELLIA_BLOCK_SIZE]; } tmp;
 	const union { long one; char little; } camellia_endian = {1};
 	assert(in && out && key && ivec);
 	assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));
-	if(((size_t)in) % ALIGN == 0
+	if(((size_t)in|(size_t)out|(size_t)ivec) % sizeof(u32) == 0)
 		&& ((size_t)out) % ALIGN == 0
 		&& ((size_t)ivec) % ALIGN == 0)
 		{
 		if (CAMELLIA_ENCRYPT == enc)
 			{
 			while (len >= CAMELLIA_BLOCK_SIZE)
 				{
-				XOR4WORD2((uint32_t *)out,
+				XOR4WORD2((u32 *)out,
-					(uint32_t *)in, (uint32_t *)iv);
+					(u32 *)in, (u32 *)iv);
-				key->enc(key->rd_key, (uint32_t *)out);
+				if (camellia_endian.little)
 					SWAP4WORD((u32 *)out);
 				key->enc(key->rd_key, (u32 *)out);
 				if (camellia_endian.little)
 					SWAP4WORD((u32 *)out);
 				iv = out;
 				len -= CAMELLIA_BLOCK_SIZE;
 				in += CAMELLIA_BLOCK_SIZE;
@ -97,7 +100,11 @@ void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
 					out[n] = in[n] ^ iv[n];
 				for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
 					out[n] = iv[n];
-				key->enc(key->rd_key, (uint32_t *)out);
+				if (camellia_endian.little)
 					SWAP4WORD((u32 *)out);
 				key->enc(key->rd_key, (u32 *)out);
 				if (camellia_endian.little)
 					SWAP4WORD((u32 *)out);
 				iv = out;
 				}
 			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
@ -107,8 +114,12 @@ void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			while (len >= CAMELLIA_BLOCK_SIZE)
 				{
 				memcpy(out,in,CAMELLIA_BLOCK_SIZE);
-				key->dec(key->rd_key,(uint32_t *)out);
+				if (camellia_endian.little)
-				XOR4WORD((uint32_t *)out, (uint32_t *)iv);
+					SWAP4WORD((u32 *)out);
 				key->dec(key->rd_key,(u32 *)out);
 				if (camellia_endian.little)
 					SWAP4WORD((u32 *)out);
 				XOR4WORD((u32 *)out, (u32 *)iv);
 				iv = in;
 				len -= CAMELLIA_BLOCK_SIZE;
 				in  += CAMELLIA_BLOCK_SIZE;
@ -116,10 +127,14 @@ void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
 				}
 			if (len)
 				{
-				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-				key->dec(key->rd_key, (uint32_t *)tmp);
+				if (camellia_endian.little)
 					SWAP4WORD(tmp.t32);
 				key->dec(key->rd_key, tmp.t32);
 				if (camellia_endian.little)
 					SWAP4WORD(tmp.t32);
 				for(n=0; n < len; ++n)
-					out[n] = tmp[n] ^ iv[n];
+					out[n] = tmp.t8[n] ^ iv[n];
 				iv = in;
 				}
 			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
@ -128,23 +143,31 @@ void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			{
 			while (len >= CAMELLIA_BLOCK_SIZE)
 				{
-				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-				key->dec(key->rd_key, (uint32_t *)out);
+				if (camellia_endian.little)
-				XOR4WORD((uint32_t *)out, (uint32_t *)ivec);
+					SWAP4WORD((u32 *)out);
-				memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key, (u32 *)out);
 				if (camellia_endian.little)
 					SWAP4WORD((u32 *)out);
 				XOR4WORD((u32 *)out, (u32 *)ivec);
 				memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
 				len -= CAMELLIA_BLOCK_SIZE;
 				in += CAMELLIA_BLOCK_SIZE;
 				out += CAMELLIA_BLOCK_SIZE;
 				}
 			if (len)
 				{
-				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-				key->dec(key->rd_key,(uint32_t *)out);
+				if (camellia_endian.little)
 					SWAP4WORD((u32 *)out);
 				key->dec(key->rd_key,(u32 *)out);
 				if (camellia_endian.little)
 					SWAP4WORD((u32 *)out);
 				for(n=0; n < len; ++n)
 					out[n] ^= ivec[n];
 				for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
-					out[n] = tmp[n];
+					out[n] = tmp.t8[n];
-				memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
+				memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
 				}
 			}
 		}
@ -155,10 +178,13 @@ void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			while (len >= CAMELLIA_BLOCK_SIZE)
 				{
 				for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
-					out[n] = in[n] ^ iv[n];
+					tmp.t8[n] = in[n] ^ iv[n];
-				memcpy(t32, out, CAMELLIA_BLOCK_SIZE);
+				if (camellia_endian.little)
-				key->enc(key->rd_key, t32);
+					SWAP4WORD(tmp.t32);
-				memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+				key->enc(key->rd_key, tmp.t32);
 				if (camellia_endian.little)
 					SWAP4WORD(tmp.t32);
 				memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
 				iv = out;
 				len -= CAMELLIA_BLOCK_SIZE;
 				in += CAMELLIA_BLOCK_SIZE;
@ -167,10 +193,15 @@ void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			if (len)
 				{
 				for(n=0; n < len; ++n)
-					out[n] = in[n] ^ iv[n];
+					tmp.t8[n] = in[n] ^ iv[n];
 				for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
-					out[n] = iv[n];
+					tmp.t8[n] = iv[n];
-				key->enc(key->rd_key, (uint32_t *)out);
+				if (camellia_endian.little)
 					SWAP4WORD(tmp.t32);
 				key->enc(key->rd_key, tmp.t32);
 				if (camellia_endian.little)
 					SWAP4WORD(tmp.t32);
 				memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
 				iv = out;
 				}
 			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
@ -179,11 +210,14 @@ void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			{
 			while (len >= CAMELLIA_BLOCK_SIZE)
 				{
-				memcpy(t32,in,CAMELLIA_BLOCK_SIZE);
+				memcpy(tmp.t8,in,CAMELLIA_BLOCK_SIZE);
-				key->dec(key->rd_key,t32);
+				if (camellia_endian.little)
-				memcpy(out,t32,CAMELLIA_BLOCK_SIZE);
+					SWAP4WORD(tmp.t32);
 				key->dec(key->rd_key,tmp.t32);
 				if (camellia_endian.little)
 					SWAP4WORD(tmp.t32);
 				for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
-					out[n] ^= iv[n];
+					out[n] = tmp.t8[n] ^ iv[n];
 				iv = in;
 				len -= CAMELLIA_BLOCK_SIZE;
 				in  += CAMELLIA_BLOCK_SIZE;
@ -191,12 +225,14 @@ void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
 				}
 			if (len)
 				{
-				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-				memcpy(t32, in, CAMELLIA_BLOCK_SIZE);
+				if (camellia_endian.little)
-				key->dec(key->rd_key, t32);
+					SWAP4WORD(tmp.t32);
-				memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key, tmp.t32);
 				if (camellia_endian.little)
 					SWAP4WORD(tmp.t32);
 				for(n=0; n < len; ++n)
-					out[n] = tmp[n] ^ iv[n];
+					out[n] = tmp.t8[n] ^ iv[n];
 				iv = in;
 				}
 			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
@ -205,30 +241,33 @@ void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			{
 			while (len >= CAMELLIA_BLOCK_SIZE)
 				{
-				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-				memcpy(t32, in, CAMELLIA_BLOCK_SIZE);
+				if (camellia_endian.little)
-				key->dec(key->rd_key, t32);
+					SWAP4WORD(tmp.t32);
-				memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key, tmp.t32);
 				if (camellia_endian.little)
 					SWAP4WORD(tmp.t32);
 				for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
-					out[n] ^= ivec[n];
+					tmp.t8[n] ^= ivec[n];
-				memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
+				memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
 				memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
 				len -= CAMELLIA_BLOCK_SIZE;
 				in += CAMELLIA_BLOCK_SIZE;
 				out += CAMELLIA_BLOCK_SIZE;
 				}
 			if (len)
 				{
-				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-				memcpy(t32, in, CAMELLIA_BLOCK_SIZE);
+				if (camellia_endian.little)
-				key->dec(key->rd_key,t32);
+					SWAP4WORD(tmp.t32);
-				memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key,tmp.t32);
 				if (camellia_endian.little)
 					SWAP4WORD(tmp.t32);
 				for(n=0; n < len; ++n)
-					out[n] ^= ivec[n];
+					tmp.t8[n] ^= ivec[n];
-				for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+				memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
-					out[n] = tmp[n];
+				memcpy(out,tmp.t8,len);
 				memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
 				}
 			}
 		}
 }
--- a/crypto/openssl/crypto/camellia/cmll_locl.h
+++ b/crypto/openssl/crypto/camellia/cmll_locl.h
@ -73,55 +73,42 @@
 #include <stdlib.h>
 #include <string.h>
-#if defined(_MSC_VER)
+typedef unsigned char u8;
-typedef unsigned char uint8_t;
+typedef unsigned int u32;
 typedef unsigned int uint32_t;
 typedef unsigned __int64 uint64_t;
 #else
 #include <inttypes.h>
 #endif
 #ifdef __cplusplus
 extern "C" {
 #endif
 #define ALIGN 4
 #define UNITSIZE 4
 #if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
 # define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 )
-# define GETU32(p) SWAP(*((uint32_t *)(p)))
+# define GETU32(p) SWAP(*((u32 *)(p)))
-# define PUTU32(ct, st) { *((uint32_t *)(ct)) = SWAP((st)); }
+# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
 # define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) )
 #else /* not windows */
-# define GETU32(pt) (((uint32_t)(pt)[0] << 24) \
+# define GETU32(pt) (((u32)(pt)[0] << 24) \
-	^ ((uint32_t)(pt)[1] << 16) \
+	^ ((u32)(pt)[1] << 16) \
-	^ ((uint32_t)(pt)[2] <<  8) \
+	^ ((u32)(pt)[2] <<  8) \
-	^ ((uint32_t)(pt)[3]))
+	^ ((u32)(pt)[3]))
-# define PUTU32(ct, st) { (ct)[0] = (uint8_t)((st) >> 24); \
+# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \
-	(ct)[1] = (uint8_t)((st) >> 16); \
+	(ct)[1] = (u8)((st) >> 16); \
-	(ct)[2] = (uint8_t)((st) >>  8); \
+	(ct)[2] = (u8)((st) >>  8); \
-	(ct)[3] = (uint8_t)(st); }
+	(ct)[3] = (u8)(st); }
-#ifdef L_ENDIAN
+#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64)))
 #if (defined (__GNUC__) && !defined(i386))
 #define CAMELLIA_SWAP4(x) \
  do{\
    asm("bswap %1" : "+r" (x));\
  }while(0)
-#else /* not gcc */
+#else
 #define CAMELLIA_SWAP4(x) \
   do{\
-     x = ((uint32_t)x << 16) + ((uint32_t)x >> 16);\
+     x = ((u32)x << 16) + ((u32)x >> 16);\
-     x = (((uint32_t)x & 0xff00ff) << 8) + (((uint32_t)x >> 8) & 0xff00ff);\
+     x = (((u32)x & 0xff00ff) << 8) + (((u32)x >> 8) & 0xff00ff);\
   } while(0)
-#endif /* not gcc */
+#endif
 #else /* big endian */
 #define CAMELLIA_SWAP4(x)
 #endif /* L_ENDIAN */
 #endif
 #define COPY4WORD(dst, src)	 \
@ -161,14 +148,14 @@ extern "C" {
 	}while(0)
-void camellia_setup128(const unsigned char *key, uint32_t *subkey);
+void camellia_setup128(const u8 *key, u32 *subkey);
-void camellia_setup192(const unsigned char *key, uint32_t *subkey);
+void camellia_setup192(const u8 *key, u32 *subkey);
-void camellia_setup256(const unsigned char *key, uint32_t *subkey);
+void camellia_setup256(const u8 *key, u32 *subkey);
-void camellia_encrypt128(const uint32_t *subkey, uint32_t *io);
+void camellia_encrypt128(const u32 *subkey, u32 *io);
-void camellia_decrypt128(const uint32_t *subkey, uint32_t *io);
+void camellia_decrypt128(const u32 *subkey, u32 *io);
-void camellia_encrypt256(const uint32_t *subkey, uint32_t *io);
+void camellia_encrypt256(const u32 *subkey, u32 *io);
-void camellia_decrypt256(const uint32_t *subkey, uint32_t *io);
+void camellia_decrypt256(const u32 *subkey, u32 *io);
 #ifdef __cplusplus
 }
--- a/crypto/openssl/crypto/camellia/cmll_misc.c
+++ b/crypto/openssl/crypto/camellia/cmll_misc.c
@ -53,7 +53,7 @@
 #include <openssl/camellia.h>
 #include "cmll_locl.h"
-const char *CAMELLIA_version="CAMELLIA" OPENSSL_VERSION_PTEXT;
+const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT;
 int Camellia_set_key(const unsigned char *userKey, const int bits,
 	CAMELLIA_KEY *key)
@ -91,20 +91,26 @@ int Camellia_set_key(const unsigned char *userKey, const int bits,
 void Camellia_encrypt(const unsigned char *in, unsigned char *out,
 	const CAMELLIA_KEY *key)
 	{
-	uint32_t tmp[UNITSIZE];
+	u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
 	const union { long one; char little; } camellia_endian = {1};
 	memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
 	if (camellia_endian.little) SWAP4WORD(tmp);
 	key->enc(key->rd_key, tmp);
 	if (camellia_endian.little) SWAP4WORD(tmp);
 	memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
 	}
 void Camellia_decrypt(const unsigned char *in, unsigned char *out,
 	const CAMELLIA_KEY *key)
 	{
-	uint32_t tmp[UNITSIZE];
+	u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
 	const union { long one; char little; } camellia_endian = {1};
 	memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
 	if (camellia_endian.little) SWAP4WORD(tmp);
 	key->dec(key->rd_key, tmp);
 	if (camellia_endian.little) SWAP4WORD(tmp);
 	memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
 	}
--- a/crypto/openssl/crypto/cast/c_ecb.c
+++ b/crypto/openssl/crypto/cast/c_ecb.c
@ -60,7 +60,7 @@
 #include "cast_lcl.h"
 #include <openssl/opensslv.h>
-const char *CAST_version="CAST" OPENSSL_VERSION_PTEXT;
+const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT;
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
 		      CAST_KEY *ks, int enc)
--- a/crypto/openssl/crypto/comp/c_zlib.c
+++ b/crypto/openssl/crypto/comp/c_zlib.c
@ -31,6 +31,24 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
 static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
 	unsigned int olen, unsigned char *in, unsigned int ilen);
 /* memory allocations functions for zlib intialization */
 static void* zlib_zalloc(void* opaque, unsigned int no, unsigned int size)
 {
 	void *p;
 	p=OPENSSL_malloc(no*size);
 	if (p)
 		memset(p, 0, no*size);
 	return p;
 }
 static void zlib_zfree(void* opaque, void* address)
 {
 	OPENSSL_free(address);
 }
 #if 0
 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
 	unsigned int olen, unsigned char *in, unsigned int ilen);
@ -133,8 +151,8 @@ static int zlib_stateful_init(COMP_CTX *ctx)
 	if (state == NULL)
 		goto err;
-	state->istream.zalloc = Z_NULL;
+	state->istream.zalloc = zlib_zalloc;
-	state->istream.zfree = Z_NULL;
+	state->istream.zfree = zlib_zfree;
 	state->istream.opaque = Z_NULL;
 	state->istream.next_in = Z_NULL;
 	state->istream.next_out = Z_NULL;
@ -145,8 +163,8 @@ static int zlib_stateful_init(COMP_CTX *ctx)
 	if (err != Z_OK)
 		goto err;
-	state->ostream.zalloc = Z_NULL;
+	state->ostream.zalloc = zlib_zalloc;
-	state->ostream.zfree = Z_NULL;
+	state->ostream.zfree = zlib_zfree;
 	state->ostream.opaque = Z_NULL;
 	state->ostream.next_in = Z_NULL;
 	state->ostream.next_out = Z_NULL;
@ -158,17 +176,6 @@ static int zlib_stateful_init(COMP_CTX *ctx)
 		goto err;
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
 	if (zlib_stateful_ex_idx == -1)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_COMP);
 		if (zlib_stateful_ex_idx == -1)
 			zlib_stateful_ex_idx =
 				CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
 					0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
 		CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
 		if (zlib_stateful_ex_idx == -1)
 			goto err;
 		}
 	CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state);
 	return 1;
 err:
@ -379,7 +386,25 @@ COMP_METHOD *COMP_zlib(void)
 	if (zlib_loaded)
 #endif
 #if defined(ZLIB) || defined(ZLIB_SHARED)
 		{
 		/* init zlib_stateful_ex_idx here so that in a multi-process
 		 * application it's enough to intialize openssl before forking
 		 * (idx will be inherited in all the children) */
 		if (zlib_stateful_ex_idx == -1)
 			{
 			CRYPTO_w_lock(CRYPTO_LOCK_COMP);
 			if (zlib_stateful_ex_idx == -1)
 				zlib_stateful_ex_idx =
 					CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
 						0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
 			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
 			if (zlib_stateful_ex_idx == -1)
 				goto err;
 			}
 		meth = &zlib_stateful_method;
 		}
 err:	
 #endif
 	return(meth);
--- a/crypto/openssl/crypto/comp/comp_err.c
+++ b/crypto/openssl/crypto/comp/comp_err.c
@ -82,15 +82,12 @@ static ERR_STRING_DATA COMP_str_reasons[]=
 void ERR_load_COMP_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(COMP_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,COMP_str_functs);
 		ERR_load_strings(0,COMP_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/conf/conf_def.c
+++ b/crypto/openssl/crypto/conf/conf_def.c
@ -88,7 +88,7 @@ static int def_dump(const CONF *conf, BIO *bp);
 static int def_is_number(const CONF *conf, char c);
 static int def_to_int(const CONF *conf, char c);
-const char *CONF_def_version="CONF_def" OPENSSL_VERSION_PTEXT;
+const char CONF_def_version[]="CONF_def" OPENSSL_VERSION_PTEXT;
 static CONF_METHOD default_method = {
 	"OpenSSL default",
--- a/crypto/openssl/crypto/conf/conf_err.c
+++ b/crypto/openssl/crypto/conf/conf_err.c
@ -118,15 +118,12 @@ static ERR_STRING_DATA CONF_str_reasons[]=
 void ERR_load_CONF_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(CONF_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,CONF_str_functs);
 		ERR_load_strings(0,CONF_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/conf/conf_lib.c
+++ b/crypto/openssl/crypto/conf/conf_lib.c
@ -63,7 +63,7 @@
 #include <openssl/conf_api.h>
 #include <openssl/lhash.h>
-const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
+const char CONF_version[]="CONF" OPENSSL_VERSION_PTEXT;
 static CONF_METHOD *default_CONF_method=NULL;
--- a/crypto/openssl/crypto/cpt_err.c
+++ b/crypto/openssl/crypto/cpt_err.c
@ -92,15 +92,12 @@ static ERR_STRING_DATA CRYPTO_str_reasons[]=
 void ERR_load_CRYPTO_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,CRYPTO_str_functs);
 		ERR_load_strings(0,CRYPTO_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/cryptlib.c
+++ b/crypto/openssl/crypto/cryptlib.c
@ -125,7 +125,7 @@ DECLARE_STACK_OF(CRYPTO_dynlock)
 IMPLEMENT_STACK_OF(CRYPTO_dynlock)
 /* real #defines in crypto.h, keep these upto date */
-static const char* lock_names[CRYPTO_NUM_LOCKS] =
+static const char* const lock_names[CRYPTO_NUM_LOCKS] =
 	{
 	"<<ERROR>>",
 	"err",
--- a/crypto/openssl/crypto/des/INSTALL
+++ b/crypto/openssl/crypto/des/INSTALL
@ -25,7 +25,7 @@ and then you can use the 'DES_PTR' option.
 The file options.txt has the options listed for best speed on quite a
 few systems.  Look and the options (UNROLL, PTR, RISC2 etc) and then
-turn on the relevent option in the Makefile
+turn on the relevant option in the Makefile.
 There are some special Makefile targets that make life easier.
 make cc		- standard cc build
--- a/crypto/openssl/crypto/des/des_ver.h
+++ b/crypto/openssl/crypto/des/des_ver.h
@ -67,5 +67,5 @@
 #define DES_version OSSL_DES_version
 #define libdes_version OSSL_libdes_version
-OPENSSL_EXTERN const char *OSSL_DES_version;	/* SSLeay version string */
+OPENSSL_EXTERN const char OSSL_DES_version[];	/* SSLeay version string */
-OPENSSL_EXTERN const char *OSSL_libdes_version;	/* old libdes version string */
+OPENSSL_EXTERN const char OSSL_libdes_version[];	/* old libdes version string */
--- a/crypto/openssl/crypto/des/ecb_enc.c
+++ b/crypto/openssl/crypto/des/ecb_enc.c
@ -62,8 +62,8 @@
 #include <openssl/opensslv.h>
 #include <openssl/bio.h>
-OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT;
-OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT;
 const char *DES_options(void)
 	{
--- a/crypto/openssl/crypto/dh/dh_err.c
+++ b/crypto/openssl/crypto/dh/dh_err.c
@ -93,15 +93,12 @@ static ERR_STRING_DATA DH_str_reasons[]=
 void ERR_load_DH_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,DH_str_functs);
 		ERR_load_strings(0,DH_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/dh/dh_lib.c
+++ b/crypto/openssl/crypto/dh/dh_lib.c
@ -64,7 +64,7 @@
 #include <openssl/engine.h>
 #endif
-const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 static const DH_METHOD *default_DH_method = NULL;
--- a/crypto/openssl/crypto/dsa/dsa_err.c
+++ b/crypto/openssl/crypto/dsa/dsa_err.c
@ -100,15 +100,12 @@ static ERR_STRING_DATA DSA_str_reasons[]=
 void ERR_load_DSA_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,DSA_str_functs);
 		ERR_load_strings(0,DSA_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/dsa/dsa_lib.c
+++ b/crypto/openssl/crypto/dsa/dsa_lib.c
@ -70,7 +70,7 @@
 #include <openssl/dh.h>
 #endif
-const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 static const DSA_METHOD *default_DSA_method = NULL;
--- a/crypto/openssl/crypto/dso/dso_err.c
+++ b/crypto/openssl/crypto/dso/dso_err.c
@ -136,15 +136,12 @@ static ERR_STRING_DATA DSO_str_reasons[]=
 void ERR_load_DSO_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(DSO_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,DSO_str_functs);
 		ERR_load_strings(0,DSO_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/ec/ec_asn1.c
+++ b/crypto/openssl/crypto/ec/ec_asn1.c
@ -529,6 +529,8 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
 				ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
 				goto err;
 				}
 		curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
 		curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
 		if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 
 		                         (int)group->seed_len))
 			{
@ -1291,6 +1293,8 @@ int	i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
 			goto err;
 			}
 		priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
 		priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
 		if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, 
 				buf_len))
 			{
--- a/crypto/openssl/crypto/ec/ec_err.c
+++ b/crypto/openssl/crypto/ec/ec_err.c
@ -227,15 +227,12 @@ static ERR_STRING_DATA EC_str_reasons[]=
 void ERR_load_EC_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(EC_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,EC_str_functs);
 		ERR_load_strings(0,EC_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/ecdh/ech_err.c
+++ b/crypto/openssl/crypto/ecdh/ech_err.c
@ -71,7 +71,7 @@
 static ERR_STRING_DATA ECDH_str_functs[]=
 	{
 {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY),	"ECDH_compute_key"},
-{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD),	"ECDH_DATA_new_method"},
+{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD),	"ECDH_DATA_NEW_METHOD"},
 {0,NULL}
 	};
@ -87,15 +87,12 @@ static ERR_STRING_DATA ECDH_str_reasons[]=
 void ERR_load_ECDH_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,ECDH_str_functs);
 		ERR_load_strings(0,ECDH_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/ecdh/ech_lib.c
+++ b/crypto/openssl/crypto/ecdh/ech_lib.c
@ -74,7 +74,7 @@
 #endif
 #include <openssl/err.h>
-const char *ECDH_version="ECDH" OPENSSL_VERSION_PTEXT;
+const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
 static const ECDH_METHOD *default_ECDH_method = NULL;
--- a/crypto/openssl/crypto/ecdsa/ecdsa.h
+++ b/crypto/openssl/crypto/ecdsa/ecdsa.h
@ -261,6 +261,7 @@ void ERR_load_ECDSA_strings(void);
 #define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 101
 #define ECDSA_R_ERR_EC_LIB				 102
 #define ECDSA_R_MISSING_PARAMETERS			 103
 #define ECDSA_R_NEED_NEW_SETUP_VALUES			 106
 #define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED		 104
 #define ECDSA_R_SIGNATURE_MALLOC_FAILED			 105
--- a/crypto/openssl/crypto/ecdsa/ecs_err.c
+++ b/crypto/openssl/crypto/ecdsa/ecs_err.c
@ -70,7 +70,7 @@
 static ERR_STRING_DATA ECDSA_str_functs[]=
 	{
-{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD),	"ECDSA_DATA_new_method"},
+{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD),	"ECDSA_DATA_NEW_METHOD"},
 {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN),	"ECDSA_do_sign"},
 {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY),	"ECDSA_do_verify"},
 {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP),	"ECDSA_sign_setup"},
@ -83,6 +83,7 @@ static ERR_STRING_DATA ECDSA_str_reasons[]=
 {ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
 {ERR_REASON(ECDSA_R_ERR_EC_LIB)          ,"err ec lib"},
 {ERR_REASON(ECDSA_R_MISSING_PARAMETERS)  ,"missing parameters"},
 {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"},
 {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"},
 {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"},
 {0,NULL}
@ -92,15 +93,12 @@ static ERR_STRING_DATA ECDSA_str_reasons[]=
 void ERR_load_ECDSA_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,ECDSA_str_functs);
 		ERR_load_strings(0,ECDSA_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/ecdsa/ecs_lib.c
+++ b/crypto/openssl/crypto/ecdsa/ecs_lib.c
@ -61,7 +61,7 @@
 #include <openssl/err.h>
 #include <openssl/bn.h>
-const char *ECDSA_version="ECDSA" OPENSSL_VERSION_PTEXT;
+const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
 static const ECDSA_METHOD *default_ECDSA_method = NULL;
--- a/crypto/openssl/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/openssl/crypto/ecdsa/ecs_ossl.c
@ -299,8 +299,21 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
 			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
 			goto err;
 		}
 		if (BN_is_zero(s))
 		{
 			/* if kinv and r have been supplied by the caller
 			 * don't to generate new kinv and r values */
 			if (in_kinv != NULL && in_r != NULL)
 			{
 				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES);
 				goto err;
 			}
 		}
 		else
 			/* s != 0 => we have a valid signature */
 			break;
 	}
-	while (BN_is_zero(s));
+	while (1);
 	ok = 1;
 err:
--- a/crypto/openssl/crypto/engine/eng_err.c
+++ b/crypto/openssl/crypto/engine/eng_err.c
@ -157,15 +157,12 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
 void ERR_load_ENGINE_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,ENGINE_str_functs);
 		ERR_load_strings(0,ENGINE_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/engine/tb_ecdh.c
+++ b/crypto/openssl/crypto/engine/tb_ecdh.c
@ -107,7 +107,7 @@ int ENGINE_set_default_ECDH(ENGINE *e)
 	{
 	if(e->ecdh_meth)
 		return engine_table_register(&ecdh_table,
-				engine_unregister_all_ECDH, e, &dummy_nid, 1, 0);
+				engine_unregister_all_ECDH, e, &dummy_nid, 1, 1);
 	return 1;
 	}
--- a/crypto/openssl/crypto/engine/tb_ecdsa.c
+++ b/crypto/openssl/crypto/engine/tb_ecdsa.c
@ -92,7 +92,7 @@ int ENGINE_set_default_ECDSA(ENGINE *e)
 	{
 	if(e->ecdsa_meth)
 		return engine_table_register(&ecdsa_table,
-				engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0);
+				engine_unregister_all_ECDSA, e, &dummy_nid, 1, 1);
 	return 1;
 	}
--- a/crypto/openssl/crypto/evp/bio_md.c
+++ b/crypto/openssl/crypto/evp/bio_md.c
@ -200,6 +200,12 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
 		else
 			ret=0;
 		break;
 	case BIO_C_SET_MD_CTX:
 		if (b->init)
 			b->ptr=ptr;
 		else
 			ret=0;
 		break;
 	case BIO_C_DO_STATE_MACHINE:
 		BIO_clear_retry_flags(b);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@ -66,7 +66,7 @@
 #endif
 #include "evp_locl.h"
-const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
+const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
 	{
--- a/crypto/openssl/crypto/evp/evp_err.c
+++ b/crypto/openssl/crypto/evp/evp_err.c
@ -163,15 +163,12 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 void ERR_load_EVP_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(EVP_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,EVP_str_functs);
 		ERR_load_strings(0,EVP_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/evp/evp_lib.c
+++ b/crypto/openssl/crypto/evp/evp_lib.c
@ -168,3 +168,112 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
 	}
 }
 int EVP_CIPHER_block_size(const EVP_CIPHER *e)
 	{
 	return e->block_size;
 	}
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
 	{
 	return ctx->cipher->block_size;
 	}
 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
 	{
 	return ctx->cipher->do_cipher(ctx,out,in,inl);
 	}
 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
 	{
 	return ctx->cipher;
 	}
 unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
 	{
 	return cipher->flags;
 	}
 unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
 	{
 	return ctx->cipher->flags;
 	}
 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
 	{
 	return ctx->app_data;
 	}
 void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
 	{
 	ctx->app_data = data;
 	}
 int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
 	{
 	return cipher->iv_len;
 	}
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
 	{
 	return ctx->cipher->iv_len;
 	}
 int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
 	{
 	return cipher->key_len;
 	}
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
 	{
 	return ctx->cipher->key_len;
 	}
 int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
 	{
 	return cipher->nid;
 	}
 int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
 	{
 	return ctx->cipher->nid;
 	}
 int EVP_MD_block_size(const EVP_MD *md) 
 	{
 	return md->block_size;
 	}
 int EVP_MD_type(const EVP_MD *md)
 	{
 	return md->type;
 	}
 int EVP_MD_pkey_type(const EVP_MD *md)
 	{
 	return md->pkey_type;
 	}
 int EVP_MD_size(const EVP_MD *md)
 	{
 	return md->md_size;
 	}
 const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
 	{
 	return ctx->digest;
 	}
 void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
 	{
 	ctx->flags |= flags;
 	}
 void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
 	{
 	ctx->flags &= ~flags;
 	}
 int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
 	{
 	return (ctx->flags & flags);
 	}
--- a/crypto/openssl/crypto/evp/evp_locl.h
+++ b/crypto/openssl/crypto/evp/evp_locl.h
@ -65,7 +65,7 @@
 	bl = ctx->cipher->block_size;\
 	if(inl < bl) return 1;\
 	inl -= bl; \
-	for(i=0; i <= inl; i+=bl) \
+	for(i=0; i <= inl; i+=bl) 
 #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
 static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
--- a/crypto/openssl/crypto/lhash/lhash.c
+++ b/crypto/openssl/crypto/lhash/lhash.c
@ -100,7 +100,7 @@
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
-const char *lh_version="lhash" OPENSSL_VERSION_PTEXT;
+const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT;
 #undef MIN_NODES 
 #define MIN_NODES	16
--- a/crypto/openssl/crypto/md2/md2.h
+++ b/crypto/openssl/crypto/md2/md2.h
@ -63,6 +63,7 @@
 #ifdef OPENSSL_NO_MD2
 #error MD2 is disabled.
 #endif
 #include <stddef.h>
 #define MD2_DIGEST_LENGTH	16
 #define MD2_BLOCK       	16
--- a/crypto/openssl/crypto/md2/md2_dgst.c
+++ b/crypto/openssl/crypto/md2/md2_dgst.c
@ -63,7 +63,7 @@
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
-const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
+const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
 /* Implemented from RFC1319 The MD2 Message-Digest Algorithm
 */
--- a/crypto/openssl/crypto/md4/md4.h
+++ b/crypto/openssl/crypto/md4/md4.h
@ -60,6 +60,7 @@
 #define HEADER_MD4_H
 #include <openssl/e_os2.h>
 #include <stddef.h>
 #ifdef  __cplusplus
 extern "C" {
--- a/crypto/openssl/crypto/md4/md4_dgst.c
+++ b/crypto/openssl/crypto/md4/md4_dgst.c
@ -60,7 +60,7 @@
 #include "md4_locl.h"
 #include <openssl/opensslv.h>
-const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT;
+const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
 /* Implemented from RFC1186 The MD4 Message-Digest Algorithm
 */
--- a/crypto/openssl/crypto/md5/md5.h
+++ b/crypto/openssl/crypto/md5/md5.h
@ -60,6 +60,7 @@
 #define HEADER_MD5_H
 #include <openssl/e_os2.h>
 #include <stddef.h>
 #ifdef  __cplusplus
 extern "C" {
--- a/crypto/openssl/crypto/md5/md5_dgst.c
+++ b/crypto/openssl/crypto/md5/md5_dgst.c
@ -60,7 +60,7 @@
 #include "md5_locl.h"
 #include <openssl/opensslv.h>
-const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT;
+const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
 /* Implemented from RFC1321 The MD5 Message-Digest Algorithm
 */
--- a/crypto/openssl/crypto/objects/obj_dat.h
+++ b/crypto/openssl/crypto/objects/obj_dat.h
@ -62,12 +62,12 @@
 * [including the GNU Public Licence.]
 */
-#define NUM_NID 769
+#define NUM_NID 772
-#define NUM_SN 765
+#define NUM_SN 768
-#define NUM_LN 765
+#define NUM_LN 768
-#define NUM_OBJ 721
+#define NUM_OBJ 724
-static unsigned char lvalues[5107]={
+static unsigned char lvalues[5116]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@ -789,6 +789,9 @@ static unsigned char lvalues[5107]={
 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,     /* [5082] OBJ_camellia_128_ofb128 */
 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,     /* [5090] OBJ_camellia_192_ofb128 */
 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,     /* [5098] OBJ_camellia_256_ofb128 */
 0x55,0x1D,0x09,                              /* [5106] OBJ_subject_directory_attributes */
 0x55,0x1D,0x1C,                              /* [5109] OBJ_issuing_distribution_point */
 0x55,0x1D,0x1D,                              /* [5112] OBJ_certificate_issuer */
 };
 static ASN1_OBJECT nid_objs[NUM_NID]={
@ -1987,6 +1990,12 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 	&(lvalues[5090]),0},
 {"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8,
 	&(lvalues[5098]),0},
 {"subjectDirectoryAttributes","X509v3 Subject Directory Attributes",
 	NID_subject_directory_attributes,3,&(lvalues[5106]),0},
 {"issuingDistributionPoint","X509v3 Issuing Distrubution Point",
 	NID_issuing_distribution_point,3,&(lvalues[5109]),0},
 {"certificateIssuer","X509v3 Certificate Issuer",
 	NID_certificate_issuer,3,&(lvalues[5112]),0},
 };
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@ -2203,6 +2212,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
 &(nid_objs[152]),/* "certBag" */
 &(nid_objs[677]),/* "certicom-arc" */
 &(nid_objs[771]),/* "certificateIssuer" */
 &(nid_objs[89]),/* "certificatePolicies" */
 &(nid_objs[54]),/* "challengePassword" */
 &(nid_objs[407]),/* "characteristic-two-field" */
@ -2442,6 +2452,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[295]),/* "ipsecTunnel" */
 &(nid_objs[296]),/* "ipsecUser" */
 &(nid_objs[86]),/* "issuerAltName" */
 &(nid_objs[770]),/* "issuingDistributionPoint" */
 &(nid_objs[492]),/* "janetMailbox" */
 &(nid_objs[150]),/* "keyBag" */
 &(nid_objs[83]),/* "keyUsage" */
@ -2723,6 +2734,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[387]),/* "snmpv2" */
 &(nid_objs[660]),/* "streetAddress" */
 &(nid_objs[85]),/* "subjectAltName" */
 &(nid_objs[769]),/* "subjectDirectoryAttributes" */
 &(nid_objs[398]),/* "subjectInfoAccess" */
 &(nid_objs[82]),/* "subjectKeyIdentifier" */
 &(nid_objs[498]),/* "subtreeMaximumQuality" */
@ -2852,11 +2864,13 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
 &(nid_objs[88]),/* "X509v3 CRL Number" */
 &(nid_objs[141]),/* "X509v3 CRL Reason Code" */
 &(nid_objs[771]),/* "X509v3 Certificate Issuer" */
 &(nid_objs[89]),/* "X509v3 Certificate Policies" */
 &(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
 &(nid_objs[126]),/* "X509v3 Extended Key Usage" */
 &(nid_objs[748]),/* "X509v3 Inhibit Any Policy" */
 &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
 &(nid_objs[770]),/* "X509v3 Issuing Distrubution Point" */
 &(nid_objs[83]),/* "X509v3 Key Usage" */
 &(nid_objs[666]),/* "X509v3 Name Constraints" */
 &(nid_objs[403]),/* "X509v3 No Revocation Available" */
@ -2864,6 +2878,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[747]),/* "X509v3 Policy Mappings" */
 &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
 &(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
 &(nid_objs[769]),/* "X509v3 Subject Directory Attributes" */
 &(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
 &(nid_objs[184]),/* "X9.57" */
 &(nid_objs[185]),/* "X9.57 CM ?" */
@ -3569,6 +3584,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[174]),/* OBJ_dnQualifier                  2 5 4 46 */
 &(nid_objs[510]),/* OBJ_pseudonym                    2 5 4 65 */
 &(nid_objs[400]),/* OBJ_role                         2 5 4 72 */
 &(nid_objs[769]),/* OBJ_subject_directory_attributes 2 5 29 9 */
 &(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
 &(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
 &(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
@ -3580,6 +3596,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[430]),/* OBJ_hold_instruction_code        2 5 29 23 */
 &(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
 &(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
 &(nid_objs[770]),/* OBJ_issuing_distribution_point   2 5 29 28 */
 &(nid_objs[771]),/* OBJ_certificate_issuer           2 5 29 29 */
 &(nid_objs[666]),/* OBJ_name_constraints             2 5 29 30 */
 &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
 &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
--- a/crypto/openssl/crypto/objects/obj_err.c
+++ b/crypto/openssl/crypto/objects/obj_err.c
@ -91,15 +91,12 @@ static ERR_STRING_DATA OBJ_str_reasons[]=
 void ERR_load_OBJ_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,OBJ_str_functs);
 		ERR_load_strings(0,OBJ_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/objects/obj_mac.h
+++ b/crypto/openssl/crypto/objects/obj_mac.h
@ -2044,6 +2044,11 @@
 #define NID_id_ce		81
 #define OBJ_id_ce		OBJ_X500,29L
 #define SN_subject_directory_attributes		"subjectDirectoryAttributes"
 #define LN_subject_directory_attributes		"X509v3 Subject Directory Attributes"
 #define NID_subject_directory_attributes		769
 #define OBJ_subject_directory_attributes		OBJ_id_ce,9L
 #define SN_subject_key_identifier		"subjectKeyIdentifier"
 #define LN_subject_key_identifier		"X509v3 Subject Key Identifier"
 #define NID_subject_key_identifier		82
@ -2094,6 +2099,16 @@
 #define NID_delta_crl		140
 #define OBJ_delta_crl		OBJ_id_ce,27L
 #define SN_issuing_distribution_point		"issuingDistributionPoint"
 #define LN_issuing_distribution_point		"X509v3 Issuing Distrubution Point"
 #define NID_issuing_distribution_point		770
 #define OBJ_issuing_distribution_point		OBJ_id_ce,28L
 #define SN_certificate_issuer		"certificateIssuer"
 #define LN_certificate_issuer		"X509v3 Certificate Issuer"
 #define NID_certificate_issuer		771
 #define OBJ_certificate_issuer		OBJ_id_ce,29L
 #define SN_name_constraints		"nameConstraints"
 #define LN_name_constraints		"X509v3 Name Constraints"
 #define NID_name_constraints		666
--- a/crypto/openssl/crypto/objects/obj_mac.num
+++ b/crypto/openssl/crypto/objects/obj_mac.num
@ -766,3 +766,6 @@ camellia_256_cfb8		765
 camellia_128_ofb128		766
 camellia_192_ofb128		767
 camellia_256_ofb128		768
 subject_directory_attributes		769
 issuing_distribution_point		770
 certificate_issuer		771
--- a/crypto/openssl/crypto/objects/objects.txt
+++ b/crypto/openssl/crypto/objects/objects.txt
@ -657,6 +657,8 @@ X500algorithms 3 100	: RSA-MDC2		: mdc2WithRSA
 X500algorithms 3 101	: MDC2			: mdc2
 X500 29			: id-ce
 !Cname subject-directory-attributes
 id-ce 9			: subjectDirectoryAttributes : X509v3 Subject Directory Attributes
 !Cname subject-key-identifier
 id-ce 14		: subjectKeyIdentifier	: X509v3 Subject Key Identifier
 !Cname key-usage
@ -677,6 +679,10 @@ id-ce 21		: CRLReason		: X509v3 CRL Reason Code
 id-ce 24		: invalidityDate	: Invalidity Date
 !Cname delta-crl
 id-ce 27		: deltaCRL		: X509v3 Delta CRL Indicator
 !Cname issuing-distribution-point
 id-ce 28		: issuingDistributionPoint : X509v3 Issuing Distrubution Point
 !Cname certificate-issuer
 id-ce 29		: certificateIssuer	: X509v3 Certificate Issuer
 !Cname name-constraints
 id-ce 30		: nameConstraints	: X509v3 Name Constraints
 !Cname crl-distribution-points
--- a/crypto/openssl/crypto/ocsp/ocsp_asn.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_asn.c
@ -62,7 +62,7 @@
 ASN1_SEQUENCE(OCSP_SIGNATURE) = {
 	ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
 	ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
-	ASN1_EXP_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509, 0)
+	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
 } ASN1_SEQUENCE_END(OCSP_SIGNATURE)
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
--- a/crypto/openssl/crypto/ocsp/ocsp_err.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_err.c
@ -129,15 +129,12 @@ static ERR_STRING_DATA OCSP_str_reasons[]=
 void ERR_load_OCSP_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,OCSP_str_functs);
 		ERR_load_strings(0,OCSP_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_vfy.c
@ -367,7 +367,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *st
 		return 0;
 		}
 	gen = req->tbsRequest->requestorName;
-	if (gen->type != GEN_DIRNAME)
+	if (!gen || gen->type != GEN_DIRNAME)
 		{
 		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
 		return 0;
--- a/crypto/openssl/crypto/opensslconf.h
+++ b/crypto/openssl/crypto/opensslconf.h
@ -19,6 +19,9 @@
 #ifndef OPENSSL_NO_RC5
 # define OPENSSL_NO_RC5
 #endif
 #ifndef OPENSSL_NO_RFC3779
 # define OPENSSL_NO_RFC3779
 #endif
 #endif /* OPENSSL_DOING_MAKEDEPEND */
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
@ -45,6 +48,9 @@
 # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
 #  define NO_RC5
 # endif
 # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
 #  define NO_RFC3779
 # endif
 #endif
 /* crypto/opensslconf.h.in */
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@ -25,11 +25,11 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x0090804f
+#define OPENSSL_VERSION_NUMBER	0x0090805fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8d-fips 28 Sep 2006"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8e-fips 23 Feb 2007"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8d 28 Sep 2006"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8e 23 Feb 2007"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
--- a/crypto/openssl/crypto/pem/pem.h
+++ b/crypto/openssl/crypto/pem/pem.h
@ -221,7 +221,7 @@ typedef struct pem_ctx_st
 type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
 { \
 return(((type *(*)(D2I_OF(type),char *,FILE *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read))(d2i_##asn1, str,fp,x,cb,u)); \
-} \
+} 
 #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
 int PEM_write_##name(FILE *fp, type *x) \
--- a/crypto/openssl/crypto/pem/pem_err.c
+++ b/crypto/openssl/crypto/pem/pem_err.c
@ -124,15 +124,12 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 void ERR_load_PEM_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(PEM_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,PEM_str_functs);
 		ERR_load_strings(0,PEM_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/pem/pem_lib.c
+++ b/crypto/openssl/crypto/pem/pem_lib.c
@ -69,7 +69,7 @@
 #include <openssl/des.h>
 #endif
-const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
+const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
 #define MIN_LENGTH	4
@ -579,6 +579,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
 		}
 	EVP_EncodeFinal(&ctx,buf,&outl);
 	if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
 	OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
 	OPENSSL_free(buf);
 	buf = NULL;
 	if (	(BIO_write(bp,"-----END ",9) != 9) ||
@ -587,8 +588,10 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
 		goto err;
 	return(i+outl);
 err:
-	if (buf)
+	if (buf) {
 		OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
 		OPENSSL_free(buf);
 	}
 	PEMerr(PEM_F_PEM_WRITE_BIO,reason);
 	return(0);
 	}
--- a/crypto/openssl/crypto/pem/pem_pkey.c
+++ b/crypto/openssl/crypto/pem/pem_pkey.c
@ -125,6 +125,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
 		PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
 err:
 	OPENSSL_free(nm);
 	OPENSSL_cleanse(data, len);
 	OPENSSL_free(data);
 	return(ret);
 	}
--- a/crypto/openssl/crypto/pkcs12/pk12err.c
+++ b/crypto/openssl/crypto/pkcs12/pk12err.c
@ -133,15 +133,12 @@ static ERR_STRING_DATA PKCS12_str_reasons[]=
 void ERR_load_PKCS12_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL)
 		{
 		ERR_load_strings(0,PKCS12_str_functs);
 		ERR_load_strings(0,PKCS12_str_reasons);
 #endif
 		}
 #endif
 	}
--- a/crypto/openssl/crypto/pkcs7/pk7_doit.c
+++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c
@ -217,7 +217,9 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 		keylen=EVP_CIPHER_key_length(evp_cipher);
 		ivlen=EVP_CIPHER_iv_length(evp_cipher);
 		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
-		if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
+		if (ivlen > 0)
 			if (RAND_pseudo_bytes(iv,ivlen) <= 0)
 				goto err;
 		if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0)
 			goto err;
 		if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
@ -226,10 +228,13 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 			goto err;
 		if (ivlen > 0) {
-			if (xalg->parameter == NULL) 
+			if (xalg->parameter == NULL) {
-						xalg->parameter=ASN1_TYPE_new();
+				xalg->parameter = ASN1_TYPE_new();
 				if (xalg->parameter == NULL)
 					goto err;
 			}
 			if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
-								       goto err;
+			       goto err;
 		}
 		/* Lets do the pub key stuff :-) */
@ -242,7 +247,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 				PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
 				goto err;
 				}
-			pkey=X509_get_pubkey(ri->cert);
+			if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
 				goto err;
 			jj=EVP_PKEY_size(pkey);
 			EVP_PKEY_free(pkey);
 			if (max < jj) max=jj;
@ -255,7 +261,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
 			{
 			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-			pkey=X509_get_pubkey(ri->cert);
+			if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
 				goto err;
 			jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
 			EVP_PKEY_free(pkey);
 			if (jj <= 0)
@ -291,6 +298,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 		if(bio == NULL)
 			{
 			bio=BIO_new(BIO_s_mem());
 			if (bio == NULL)
 				goto err;
 			BIO_set_mem_eof_return(bio,0);
 			}
 		}
@ -541,6 +550,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 			bio=BIO_new(BIO_s_mem());
 			BIO_set_mem_eof_return(bio,0);
 		}
 		if (bio == NULL)
 			goto err;
 #endif
 		}
 	BIO_push(out,bio);
@ -695,9 +706,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 							ERR_R_MALLOC_FAILURE);
 						goto err;
 						}
-					PKCS7_add_signed_attribute(si,
+					if (!PKCS7_add_signed_attribute(si,
 						NID_pkcs9_signingTime,
-						V_ASN1_UTCTIME,sign_time);
+						V_ASN1_UTCTIME,sign_time))
 						{
 						M_ASN1_UTCTIME_free(sign_time);
 						goto err;
 						}
 					}
 				/* Add digest */
@ -714,11 +729,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 					{
 					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
 						ERR_R_MALLOC_FAILURE);
 					M_ASN1_OCTET_STRING_free(digest);
 					goto err;
 					}
-				PKCS7_add_signed_attribute(si,
+				if (!PKCS7_add_signed_attribute(si,
 					NID_pkcs9_messageDigest,
-					V_ASN1_OCTET_STRING,digest);
+					V_ASN1_OCTET_STRING,digest))
 					{
 					M_ASN1_OCTET_STRING_free(digest);
 					goto err;
 					}
 				/* Now sign the attributes */
 				EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
@ -976,8 +996,13 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
 	int i;
 	i=OBJ_obj2nid(p7->type);
-	if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
+	if (i != NID_pkcs7_signedAndEnveloped)
 		return NULL;
 	if (p7->d.signed_and_enveloped == NULL)
 		return NULL;
 	rsk=p7->d.signed_and_enveloped->recipientinfo;
 	if (rsk == NULL)
 		return NULL;
 	ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
 	if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
 	ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
@ -1031,6 +1056,8 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
 	if (p7si->auth_attr != NULL)
 		sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
 	p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
 	if (p7si->auth_attr == NULL)
 		return 0;
 	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
 		{
 		if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
@ -1049,6 +1076,8 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
 		sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
 					   X509_ATTRIBUTE_free);
 	p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
 	if (p7si->unauth_attr == NULL)
 		return 0;
 	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
 		{
 		if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
@ -1078,10 +1107,16 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
 	if (*sk == NULL)
 		{
-		*sk = sk_X509_ATTRIBUTE_new_null();
+		if (!(*sk = sk_X509_ATTRIBUTE_new_null()))
 			return 0;
 new_attrib:
-		attr=X509_ATTRIBUTE_create(nid,atrtype,value);
+		if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value)))
-		sk_X509_ATTRIBUTE_push(*sk,attr);
+			return 0;
 		if (!sk_X509_ATTRIBUTE_push(*sk,attr))
 			{
 			X509_ATTRIBUTE_free(attr);
 			return 0;
 			}
 		}
 	else
 		{
@ -1094,7 +1129,13 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
 				{
 				X509_ATTRIBUTE_free(attr);
 				attr=X509_ATTRIBUTE_create(nid,atrtype,value);
-				sk_X509_ATTRIBUTE_set(*sk,i,attr);
+				if (attr == NULL)
 					return 0;
 				if (!sk_X509_ATTRIBUTE_set(*sk,i,attr))
 					{
 					X509_ATTRIBUTE_free(attr);
 					return 0;
 					}
 				goto end;
 				}
 			}
--- a/Show More
+++ b/Show More